Ir para conteúdo

  • Entrar usando o Facebook Entrar usando o Twitter Entrar usando o Windows Live Login com Steam Login com Google      Entrar   
  • Cadastre-se

Ícone Classificados

Adicionar um Anúncio

Membros VIP mais recentes

Redes Sociais

Membros mais bem avaliados

Atualizações recentes de status

  • Foto
    Algus

    Aécio acaba de assumir que contará com Armínio Fraga na política econômica. Já sabemos quais "medidas impopulares" ele falava. Depois vai aparecer gente chorando as pitangas aqui por causa de salário e desemprego.

Visualizar Todas Atualizações

Aniversariantes de Hoje


Foto
- - - - -

[RESOLVIDO] Windows impedido de funcionar


  • Este tópico está fechado Este tópico está fechado
13 respostas neste tópico

#1 dougmafe

dougmafe
  • Membros Juniores
  • 15 posts
  • Membro desde 12/12/2013
0
Neutra
  • Jaboticabal, SP

Postado 20 de fevereiro de 2014 - 22h27min

Olá, boa noite! Novamente, venho pedir a ajuda de vocês. O Windows Explorer pára de funcionar quando tento acessar o painel de controle ou configurações da tela. O Windows também me informa constantemente que meu Firewall está desativado. Seguem logs. Agradeço desde já!

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 19/06/2011 16:07:09
System Uptime: 20/02/2014 22:32:04 (-1 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | P8P67 PRO
Processor: Intel® Core™ i5-2300 CPU @ 2.80GHz | LGA1155 | 2884/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 372,916 GiB free.
D: is FIXED (NTFS) - 466 GiB total, 130,8 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: avast! Revert
Device ID: ROOT\LEGACY_ASWRVRT\0000
Manufacturer: 
Name: avast! Revert
PNP Device ID: ROOT\LEGACY_ASWRVRT\0000
Service: aswRvrt
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: avast! VM Monitor
Device ID: ROOT\LEGACY_ASWVMM\0000
Manufacturer: 
Name: avast! VM Monitor
PNP Device ID: ROOT\LEGACY_ASWVMM\0000
Service: aswVmm
.
Class GUID: 
Description: pcouffin device ...
Device ID: ROOT\PCOUFFIN\0000
Manufacturer: 
Name: pcouffin device ...
PNP Device ID: ROOT\PCOUFFIN\0000
Service: 
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer: 
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP403: 17/02/2014 01:40:56 - Windows Update
RP404: 17/02/2014 12:21:31 - Instalado CALL Vs.5
RP405: 18/02/2014 20:34:45 - avast! antivirus system restore point
RP406: 18/02/2014 20:36:53 - Instalação de Pacote de Driver de Dispositivo: Avast Serviço de Rede
RP407: 20/02/2014 21:37:07 - Instalado USB FireWall 1.1.3
RP408: 20/02/2014 22:11:28 - Removido USB FireWall 1.1.3
.
==== Installed Programs ======================
.
Acrobat.com
Adobe Flash Player 12 ActiveX
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
AI Suite II
Ashampoo Burning Studio 2010 Advanced
ATI AVIVO64 Codecs
ATI Catalyst Install Manager
ATI Problem Report Wizard
avast! Internet Security
AviSynth 2.5
BitTorrent
Bluetooth Win7 Suite (64)
CALL - Vs5
CALL Vs.5
Canopus Codec Option 6.01
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center Graphics Previews Vista
Catalyst Control Center HydraVision Full
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CloneDVD 5.5.0.0
CutePDF Writer 2.8
D3DX10
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
DVD Decrypter (Remove Only)
EDIUS 6.01
FormatFactory 2.70
Free DVD Ripper Platinum 3.0.1
Google Chrome
Google Earth
Google Update Helper
Google+ Auto Backup
HydraVision
Intel® Management Engine Components
Intel® Network Connections 15.6.25.0
Intel® Watchdog Timer Driver (Intel® WDT)
Interlok driver setup x64
IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País
Java 7 Update 51
Java Auto Updater
JMicron JMB36X Driver
K-Lite Codec Pack 5.4.4 (Full)
Lexmark 3300 Series
LG Internet Kit
LG MC USB Modem driver
LG PC Suite II
LG USB Modem Driver
marvell 91xx driver
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft IntelliType Pro 8.2
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Silverlight
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
PC Camera
Photo Common
Picasa 3
PxMergeModule
RAF
Realtek High Definition Audio Driver
Receitanet
Renesas Electronics USB 3.0 Host Controller Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition
Skype™ 6.3
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2810071) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2837583) 64-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2553145) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2775360) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2810066) 64-Bit Edition
Update for Microsoft Word 2010 (KB2837593) 64-Bit Edition
videopower
WinAVI Video Converter
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinPcap 4.1.1
WinRAR 5.01 (64-bit)
WinRAR archiver
Yahoo! Detect
.
==== End Of File ===========================
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 MINIMAL
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Douglas at 21:32:59 on 2014-02-20
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.4073.2838 [GMT -3:00]
.
AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Auxiliar de Conexão de Conta da Microsoft: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [9bc7] C:\Users\Douglas\AppData\Roaming\8dd18\9bc7.js
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cf86c.js
StartupFolder: C:\Users\Douglas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\cf86c.js
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoWindowsUpdate = 1
uPolicies-Explorer: NoControlPanel = 1
uPolicies-Explorer: NofolderOptions = 1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{96B240B2-2DF3-4DB5-ACF4-15E3B282F59E} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
SSODL: WebCheck - <orphaned>
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
x64-Run: [lxccmon.exe] "C:\Program Files (x86)\Lexmark 3300 Series\lxccmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 3300 Series\ezprint.exe"
x64-Run: [LXCCCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXCCtime.dll,RunDLLEntry
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-11-22 303408]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-12-10 55280]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-12-18 28184]
R1 cdrblock;cdrblock;C:\Windows\System32\drivers\cdrblock.sys [2008-5-30 34360]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-10-27 31080]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
S0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-12-18 65776]
S0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-12-18 207904]
S1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswNdisFlt.sys [2013-12-18 440672]
S1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-12-18 1038072]
S1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-12-18 421704]
S1 MpKsl53a72a40;MpKsl53a72a40;C:\Windows\System32\MpEngineStore\MpKsl53a72a40.sys [2013-11-12 46768]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-9-18 202752]
S2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
S2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-1 915584]
S2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-6-19 586880]
S2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-12-18 78648]
S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
S2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-18 50344]
S2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-2-18 113704]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-10-19 452136]
S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-6-19 133800]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-2 80184]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-10-27 38248]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-10-27 55336]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-10-27 301680]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-10-27 203624]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-10-27 58992]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-10-27 156520]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-10-27 279152]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-15 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-15 57856]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-22 1255736]
.
=============== Created Last 30 ================
.
2014-02-20 23:59:38 -------- d-----w- C:\USB_FW
2014-02-20 23:37:25 -------- d-----w- C:\Program Files (x86)\Net Studio
2014-02-20 00:17:21 -------- d-sh--w- C:\Users\Douglas\AppData\Roaming\8dd18
2014-02-20 00:17:21 -------- d-sh--w- C:\Program Files\92d
2014-02-20 00:17:21 -------- d-sh--w- C:\8ca9
2014-02-18 16:30:40 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D7769686-E70C-4ACC-8917-7B403B97975A}\mpengine.dll
2014-02-17 14:22:21 -------- d-----w- C:\Program Files (x86)\CCLS
2014-02-12 13:57:11 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-12 13:57:11 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-12 13:57:11 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-12 13:57:11 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-05 23:27:45 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
.
==================== Find3M  ====================
.
2014-02-21 00:28:56 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys
2014-02-18 22:36:04 80184 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-02-18 22:36:04 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-18 22:36:04 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-02-18 22:36:03 43152 ----a-w- C:\Windows\avastSS.scr
2014-02-18 22:35:54 440672 ----a-w- C:\Windows\System32\drivers\aswNdisFlt.sys
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-06 00:17:02 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-06 00:17:02 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2014-01-02 21:55:43 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-18 23:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 21:57:34 18432 ----a-w- C:\Windows\SysWow64\corpol.dll
2013-12-18 21:57:31 73216 ----a-w- C:\Windows\SysWow64\admparse.dll
2013-12-18 15:58:01 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-12-18 15:58:01 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-12-18 15:57:56 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2013-12-18 09:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-12 13:44:44 63088 ----a-w- C:\Windows\System32\vsocklib.dll
2013-12-12 13:44:41 50800 ----a-w- C:\Windows\System32\vmhgfs.dll
2013-12-12 13:44:37 34416 ----a-w- C:\Windows\System32\vmGuestLibJava.dll
2013-12-12 13:44:35 53360 ----a-w- C:\Windows\System32\vmGuestLib.dll
2013-12-12 13:36:27 63088 ----a-w- C:\Windows\SysWow64\vsocklib.dll
2013-12-12 13:36:25 50800 ----a-w- C:\Windows\SysWow64\vmhgfs.dll
2013-12-12 13:36:21 34416 ----a-w- C:\Windows\SysWow64\vmGuestLibJava.dll
2013-12-12 13:36:18 53360 ----a-w- C:\Windows\SysWow64\vmGuestLib.dll
2013-12-12 13:32:52 219248 ----a-w- C:\Windows\SysWow64\vm3dum.dll
2013-12-12 13:32:49 3223152 ----a-w- C:\Windows\SysWow64\vm3dgl.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
2013-11-27 01:41:37 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-11-27 01:41:15 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-11-27 01:41:11 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-11-27 01:41:11 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-11-27 01:41:09 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-11-27 01:41:06 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-11-27 01:41:03 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-11-26 11:40:00 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-26 10:32:56 3156480 ----a-w- C:\Windows\System32\win32k.sys
2013-11-26 08:16:50 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
.
============= FINISH: 21:34:19,36 ===============
 

 


GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-02-20 22:01:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST3500418AS rev.CC38 465,76GB
Running: gmer.exe; Driver: C:\Users\Douglas\AppData\Local\Temp\pwtiifod.sys
 
 
---- Registry - GMER 2.1 ----
 
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00268315a620                                         
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00268315a620@0021fbb0dbb9                            0x32 0xF8 0x67 0xBE ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00268315a620@549b12e3e313                            0x7B 0x7F 0x67 0x91 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00268315a620@549b12e3e29f                            0xBA 0xBE 0xE5 0x2B ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00268315a620@10d5421b7b32                            0x4F 0xEC 0xBA 0x0F ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00268315a620@a826d9ad86f8                            0xFF 0xB7 0x7F 0x69 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\00268315a620@28d1afecd6b7                            0xCB 0x6E 0x37 0x8A ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0x5A 0x81 0x59 0xD6 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0x60 0x03 0x4A 0xE8 ...
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg  HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x53 0x9C 0x99 0x0C ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00268315a620 (not active ControlSet)                     
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00268315a620@0021fbb0dbb9                                0x32 0xF8 0x67 0xBE ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00268315a620@549b12e3e313                                0x7B 0x7F 0x67 0x91 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00268315a620@549b12e3e29f                                0xBA 0xBE 0xE5 0x2B ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00268315a620@10d5421b7b32                                0x4F 0xEC 0xBA 0x0F ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00268315a620@a826d9ad86f8                                0xFF 0xB7 0x7F 0x69 ...
Reg  HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\00268315a620@28d1afecd6b7                                0xCB 0x6E 0x37 0x8A ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Lite\
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0x5A 0x81 0x59 0xD6 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0xA0 0x02 0x00 0x00 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0x60 0x03 0x4A 0xE8 ...
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg  HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x53 0x9C 0x99 0x0C ...
 
---- EOF - GMER 2.1 ----


#2 diego_moicano

diego_moicano
  • Analistas de Segurança
  • 9.227 posts
  • Membro desde 08/09/2007
197
Excepcional
  • São Sebastião - SP

Postado 23 de fevereiro de 2014 - 09h57min

Olá
 
Desculpe a demora :)
 
Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico
 
ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!
ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!
ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!
ATENÇÃO 4: Não anexe os logs, obrigado!
 
Abraços :D

Analista de Remoção de Malware | Especialista em Segurança de Redes

TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira. Download aqui

Membro UNITE & ASAP & ARIS-LD

#3 dougmafe

dougmafe
  • Membros Juniores
  • 15 posts
  • Membro desde 12/12/2013
0
Neutra
  • Jaboticabal, SP

Postado 25 de fevereiro de 2014 - 22h59min

Olá, Diego! Desculpa pela demora. O Windows Explorer voltou a funcionar, mas a Central de Segurança não pára de avisar que o Firewall do Avast não está ativo. Além disso, ao iniciar aparece o "erro de compilação do Microsoft JScript, código 800A03F7". Seguem logs atualizados. Muito obrigado!

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Douglas at 0:07:26 on 2014-02-25
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.4073.3009 [GMT -3:00]
.
AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Windows\system32\lxcccoms.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files (x86)\Lexmark 3300 Series\lxccmon.exe
C:\Program Files (x86)\Lexmark 3300 Series\ezprint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Auxiliar de Conexão de Conta da Microsoft: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [9bc7] C:\Users\Douglas\AppData\Roaming\8dd18\9bc7.js
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cf86c.js
StartupFolder: C:\Users\Douglas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\cf86c.js
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoWindowsUpdate = 1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{96B240B2-2DF3-4DB5-ACF4-15E3B282F59E} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
SSODL: WebCheck - <orphaned>
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
x64-Run: [lxccmon.exe] "C:\Program Files (x86)\Lexmark 3300 Series\lxccmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 3300 Series\ezprint.exe"
x64-Run: [LXCCCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXCCtime.dll,RunDLLEntry
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-12-18 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-12-18 207904]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-11-22 303408]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-12-10 55280]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-12-18 28184]
R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswndisflt.sys [2013-12-18 440672]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-12-18 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-12-18 421704]
R1 cdrblock;cdrblock;C:\Windows\System32\drivers\cdrblock.sys [2008-5-30 34360]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-9-18 202752]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-1 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-6-19 586880]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-12-18 78648]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-18 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-2-18 113704]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-10-19 452136]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-6-19 133800]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-10-27 38248]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-10-27 301680]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-10-27 31080]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-10-27 203624]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-10-27 58992]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-10-27 156520]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-10-27 279152]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
S1 MpKsl53a72a40;MpKsl53a72a40;C:\Windows\System32\MpEngineStore\MpKsl53a72a40.sys [2013-11-12 46768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-2 80184]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-10-27 55336]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-15 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-15 57856]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-22 1255736]
.
=============== Created Last 30 ================
.
2014-02-21 13:51:58 22 ----a-w- C:\Windows\SysWow64\systeminfo3.dll
2014-02-21 12:10:45 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{48E5ACF8-8191-4824-90E7-A00CC0801D84}\mpengine.dll
2014-02-20 23:37:25 -------- d-----w- C:\Program Files (x86)\Net Studio
2014-02-20 00:17:21 -------- d-sh--w- C:\Users\Douglas\AppData\Roaming\8dd18
2014-02-20 00:17:21 -------- d-sh--w- C:\Program Files\92d
2014-02-20 00:17:21 -------- d-sh--w- C:\8ca9
2014-02-17 14:22:21 -------- d-----w- C:\Program Files (x86)\CCLS
2014-02-12 13:57:11 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-12 13:57:11 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-12 13:57:11 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-12 13:57:11 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-05 23:27:45 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
.
==================== Find3M  ====================
.
2014-02-24 23:30:39 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys
2014-02-21 18:35:08 440672 ----a-w- C:\Windows\System32\drivers\aswndisflt.sys
2014-02-21 12:17:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 12:17:17 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-18 22:36:04 80184 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-02-18 22:36:04 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-18 22:36:04 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-02-18 22:36:03 43152 ----a-w- C:\Windows\avastSS.scr
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2014-01-02 21:55:43 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-18 23:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 21:57:34 18432 ----a-w- C:\Windows\SysWow64\corpol.dll
2013-12-18 21:57:31 73216 ----a-w- C:\Windows\SysWow64\admparse.dll
2013-12-18 15:58:01 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-12-18 15:58:01 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-12-18 15:57:56 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2013-12-18 09:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-12 13:44:44 63088 ----a-w- C:\Windows\System32\vsocklib.dll
2013-12-12 13:44:41 50800 ----a-w- C:\Windows\System32\vmhgfs.dll
2013-12-12 13:44:37 34416 ----a-w- C:\Windows\System32\vmGuestLibJava.dll
2013-12-12 13:44:35 53360 ----a-w- C:\Windows\System32\vmGuestLib.dll
2013-12-12 13:36:27 63088 ----a-w- C:\Windows\SysWow64\vsocklib.dll
2013-12-12 13:36:25 50800 ----a-w- C:\Windows\SysWow64\vmhgfs.dll
2013-12-12 13:36:21 34416 ----a-w- C:\Windows\SysWow64\vmGuestLibJava.dll
2013-12-12 13:36:18 53360 ----a-w- C:\Windows\SysWow64\vmGuestLib.dll
2013-12-12 13:32:52 219248 ----a-w- C:\Windows\SysWow64\vm3dum.dll
2013-12-12 13:32:49 3223152 ----a-w- C:\Windows\SysWow64\vm3dgl.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
.
============= FINISH:  0:08:14,29 ===============
 
 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.16518  BrowserJavaVersion: 10.51.2
Run by Douglas at 0:07:26 on 2014-02-25
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.4073.3009 [GMT -3:00]
.
AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\atieclxx.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe
C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe
C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe
C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe
C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\system32\IProsetMonitor.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Windows\system32\lxcccoms.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\PixArt\PAC7302\Monitor.exe
C:\Program Files (x86)\Lexmark 3300 Series\lxccmon.exe
C:\Program Files (x86)\Lexmark 3300 Series\ezprint.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.bing.com/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Auxiliar de Conexão de Conta da Microsoft: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [9bc7] C:\Users\Douglas\AppData\Roaming\8dd18\9bc7.js
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
mRun: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
StartupFolder: C:\Users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cf86c.js
StartupFolder: C:\Users\Douglas\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\cf86c.js
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
uPolicies-Explorer: NoWindowsUpdate = 1
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
DPF: {4B54A9DE-EF1C-4EBE-A328-7C28EA3B433A} - hxxp://quickscan.bitdefender.com/qsax/qsax.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{96B240B2-2DF3-4DB5-ACF4-15E3B282F59E} : DHCPNameServer = 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
SSODL: WebCheck - <orphaned>
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
x64-TB: avast! Online Security: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [PAC7302_Monitor] C:\Windows\PixArt\PAC7302\Monitor.exe
x64-Run: [lxccmon.exe] "C:\Program Files (x86)\Lexmark 3300 Series\lxccmon.exe"
x64-Run: [EzPrint] "C:\Program Files (x86)\Lexmark 3300 Series\ezprint.exe"
x64-Run: [LXCCCATS] rundll32 C:\Windows\System32\spool\DRIVERS\x64\3\LXCCtime.dll,RunDLLEntry
x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2013-12-18 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2013-12-18 207904]
R0 mv91xx;mv91xx;C:\Windows\System32\drivers\mv91xx.sys [2010-11-22 303408]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-12-10 55280]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-12-18 28184]
R1 aswNdisFlt;Avast! Firewall Driver;C:\Windows\System32\drivers\aswndisflt.sys [2013-12-18 440672]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-12-18 1038072]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-12-18 421704]
R1 cdrblock;cdrblock;C:\Windows\System32\drivers\cdrblock.sys [2008-5-30 34360]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-9-18 202752]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [2010-11-3 918144]
R2 asHmComSvc;ASUS HM Com Service;C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [2010-12-1 915584]
R2 AsSysCtrlService;ASUS System Control Service;C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [2011-6-19 586880]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-12-18 78648]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2010-10-27 52896]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-2-18 50344]
R2 avast! Firewall;avast! Firewall;C:\Program Files\AVAST Software\Avast\afwServ.exe [2014-2-18 113704]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-10-19 452136]
R2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;C:\Windows\System32\IPROSetMonitor.exe [2011-6-19 133800]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2010-10-27 38248]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2010-10-27 301680]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2010-10-27 31080]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2010-10-27 203624]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2010-10-27 58992]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2010-10-27 156520]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2010-10-27 279152]
R3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);C:\Windows\System32\drivers\ICCWDT.sys [2010-8-17 26136]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
S1 MpKsl53a72a40;MpKsl53a72a40;C:\Windows\System32\MpEngineStore\MpKsl53a72a40.sys [2013-11-12 46768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-4-19 161384]
S3 aswStm;aswStm;C:\Windows\System32\drivers\aswstm.sys [2014-1-2 80184]
S3 ATHDFU;Atheros Valkyrie USB BootROM;C:\Windows\System32\drivers\AthDfu.sys [2010-10-27 55336]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-2-13 111616]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-6-15 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-6-15 57856]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-6-22 1255736]
.
=============== Created Last 30 ================
.
2014-02-21 13:51:58 22 ----a-w- C:\Windows\SysWow64\systeminfo3.dll
2014-02-21 12:10:45 10536864 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{48E5ACF8-8191-4824-90E7-A00CC0801D84}\mpengine.dll
2014-02-20 23:37:25 -------- d-----w- C:\Program Files (x86)\Net Studio
2014-02-20 00:17:21 -------- d-sh--w- C:\Users\Douglas\AppData\Roaming\8dd18
2014-02-20 00:17:21 -------- d-sh--w- C:\Program Files\92d
2014-02-20 00:17:21 -------- d-sh--w- C:\8ca9
2014-02-17 14:22:21 -------- d-----w- C:\Program Files (x86)\CCLS
2014-02-12 13:57:11 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2014-02-12 13:57:11 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2014-02-12 13:57:11 1882112 ----a-w- C:\Windows\System32\msxml3.dll
2014-02-12 13:57:11 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2014-02-05 23:27:45 -------- d-----w- C:\Program Files\Microsoft IntelliType Pro
.
==================== Find3M  ====================
.
2014-02-24 23:30:39 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys
2014-02-21 18:35:08 440672 ----a-w- C:\Windows\System32\drivers\aswndisflt.sys
2014-02-21 12:17:17 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 12:17:17 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-02-18 22:36:04 80184 ----a-w- C:\Windows\System32\drivers\aswstm.sys
2014-02-18 22:36:04 78648 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-02-18 22:36:04 1038072 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-02-18 22:36:03 43152 ----a-w- C:\Windows\avastSS.scr
2014-02-06 11:30:46 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-02-06 11:30:12 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-02-06 11:07:39 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-02-06 11:06:47 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-02-06 10:49:03 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-02-06 10:48:45 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-02-06 10:48:11 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-02-06 10:20:26 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-02-06 10:11:37 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-02-06 10:01:36 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-02-06 09:50:32 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-02-06 09:47:22 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-02-06 09:46:27 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-02-06 09:24:52 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-02-06 09:09:30 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-01-06 19:23:36 4558848 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2014-01-02 21:55:43 207904 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2013-12-24 23:09:41 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2013-12-24 22:48:32 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2013-12-21 09:53:45 548864 ----a-w- C:\Windows\System32\vbscript.dll
2013-12-21 08:56:47 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2013-12-18 23:09:39 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-12-18 21:57:34 18432 ----a-w- C:\Windows\SysWow64\corpol.dll
2013-12-18 21:57:31 73216 ----a-w- C:\Windows\SysWow64\admparse.dll
2013-12-18 15:58:01 92544 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2013-12-18 15:58:01 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2013-12-18 15:57:56 28184 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2013-12-18 09:13:56 270496 ------w- C:\Windows\System32\MpSigStub.exe
2013-12-12 13:44:44 63088 ----a-w- C:\Windows\System32\vsocklib.dll
2013-12-12 13:44:41 50800 ----a-w- C:\Windows\System32\vmhgfs.dll
2013-12-12 13:44:37 34416 ----a-w- C:\Windows\System32\vmGuestLibJava.dll
2013-12-12 13:44:35 53360 ----a-w- C:\Windows\System32\vmGuestLib.dll
2013-12-12 13:36:27 63088 ----a-w- C:\Windows\SysWow64\vsocklib.dll
2013-12-12 13:36:25 50800 ----a-w- C:\Windows\SysWow64\vmhgfs.dll
2013-12-12 13:36:21 34416 ----a-w- C:\Windows\SysWow64\vmGuestLibJava.dll
2013-12-12 13:36:18 53360 ----a-w- C:\Windows\SysWow64\vmGuestLib.dll
2013-12-12 13:32:52 219248 ----a-w- C:\Windows\SysWow64\vm3dum.dll
2013-12-12 13:32:49 3223152 ----a-w- C:\Windows\SysWow64\vm3dgl.dll
2013-12-04 02:27:33 485888 ----a-w- C:\Windows\System32\secproc_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp_isv.dll
2013-12-04 02:27:33 123392 ----a-w- C:\Windows\System32\secproc_ssp.dll
2013-12-04 02:27:16 488448 ----a-w- C:\Windows\System32\secproc.dll
2013-12-04 02:26:32 528384 ----a-w- C:\Windows\System32\msdrm.dll
2013-12-04 02:16:51 658432 ----a-w- C:\Windows\System32\RMActivate_isv.exe
2013-12-04 02:16:51 626176 ----a-w- C:\Windows\System32\RMActivate.exe
2013-12-04 02:16:50 552960 ----a-w- C:\Windows\System32\RMActivate_ssp_isv.exe
2013-12-04 02:16:48 553984 ----a-w- C:\Windows\System32\RMActivate_ssp.exe
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp_isv.dll
2013-12-04 02:03:20 87040 ----a-w- C:\Windows\SysWow64\secproc_ssp.dll
2013-12-04 02:03:20 423936 ----a-w- C:\Windows\SysWow64\secproc_isv.dll
2013-12-04 02:03:08 428032 ----a-w- C:\Windows\SysWow64\secproc.dll
2013-12-04 02:02:06 390144 ----a-w- C:\Windows\SysWow64\msdrm.dll
2013-12-04 01:54:14 510976 ----a-w- C:\Windows\SysWow64\RMActivate_ssp.exe
2013-12-04 01:54:10 594944 ----a-w- C:\Windows\SysWow64\RMActivate_isv.exe
2013-12-04 01:54:09 572416 ----a-w- C:\Windows\SysWow64\RMActivate.exe
2013-12-04 01:54:06 508928 ----a-w- C:\Windows\SysWow64\RMActivate_ssp_isv.exe
.
============= FINISH:  0:08:14,29 ===============
 

Tentei dividir o post do GMER em 5 partes, mas mesmo assim ocorre o erro de post muito longo. Com devo postá-lo? Obrigado!



#4 diego_moicano

diego_moicano
  • Analistas de Segurança
  • 9.227 posts
  • Membro desde 08/09/2007
197
Excepcional
  • São Sebastião - SP

Postado 26 de fevereiro de 2014 - 10h51min

Caro dougmafe

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!
  • # Etapa nº 1 #
     
    Faça o download Junkware Removal Tool e salve em seu Desktop.
    • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
    • Clique duas vezes JRT.exe
      • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.
    • Seja paciente e aguarde o scan terminar.
    • Abra o log JRT.txt que está em seu Desktop.
    • Copie todo conteúdo e cole em sua próximo mensagem.
     
    # Etapa nº 2 #
     
    • Clique duas vezes no adwcleaner.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
    • Clique em Pesquisar
  • No final do scan será aberto um log com o resultado.
  • Caso algo seja detectado, clique então no botão Remover.
  • Novamente, no final do scan será aberto um log com o resultado.
  • Copie todo seu conteúdo e cole em sua próxima resposta.
  •  
    # Etapa nº 3 #
     
    Leia as instruções contidas neste link:
     
     
     
     
    Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"
  • Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:
  • Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
  • Duplo clique no icone desktopicon.png que está no desktop.
  • Leia e aceite as condições, digitando 1 e enter.
  • Computadores com Windows XP deverão instalar o Console de Recuperação:
  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.
  • O ComboFix será executado, por favor seja paciente e aguarde.
  • Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
  • Poderá surgir o aviso que é necessário reiniciar o computador.
  • NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
  • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

  • NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.
  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.
  • Abraços :D

    Analista de Remoção de Malware | Especialista em Segurança de Redes

    TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira. Download aqui

    Membro UNITE & ASAP & ARIS-LD

    #5 dougmafe

    dougmafe
    • Membros Juniores
    • 15 posts
    • Membro desde 12/12/2013
    0
    Neutra
    • Jaboticabal, SP

    Postado 26 de fevereiro de 2014 - 14h07min

    Obrigado, Diego! A Central de Segurança já voltou ao normal. Só resta o erro ao iniciar. Seguem novos logs (Junk e Ad):

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.1.2 (02.20.2014:1)
    OS: Windows 7 Ultimate x64
    Ran by Douglas on 26/02/2014 at 13:24:17,97
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
     
     
    ~~~ Registry Keys
     
     
     
    ~~~ Files
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] "C:\Users\Douglas\AppData\Roaming\getrighttogo"
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 26/02/2014 at 13:28:40,65
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
    # AdwCleaner v3.019 - Relatório criado 26/02/2014 às 13:31:41
    # Atualizado 17/02/2014 por Xplode
    # Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
    # Usuário : Douglas - DOUGLAS-PC
    # Executando de : C:\Users\Douglas\Desktop\adwcleaner.exe
    # Opção : Limpar
     
    ***** [ Serviços ] *****
     
     
    ***** [ Arquivos / Pastas ] *****
     
     
    ***** [ Atalhos ] *****
     
     
    ***** [ Registro ] *****
     
    Valor Deletedo : HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel [Homepage]
    Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
     
    ***** [ Navegadores ] *****
     
    -\\ Internet Explorer v11.0.9600.16518
     
     
    -\\ Google Chrome v33.0.1750.117
     
    [ Arquivo : C:\Users\Douglas\AppData\Local\Google\Chrome\User Data\Default\preferences ]
     
     
    *************************
     
    AdwCleaner[R0].txt - [18736 octets] - [18/12/2013 12:04:49]
    AdwCleaner[R1].txt - [1099 octets] - [26/02/2014 13:30:18]
    AdwCleaner[S0].txt - [17973 octets] - [18/12/2013 12:06:55]
    AdwCleaner[S1].txt - [1010 octets] - [26/02/2014 13:31:41]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1070 octets] ##########
     

    Segue log Combofix:

     

     

    ComboFix 14-02-24.02 - Douglas 26/02/2014  13:39:47.3.4 - x64
    Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.4073.2524 [GMT -3:00]
    Executando de: c:\users\Douglas\Desktop\ComboFix.exe
    AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\programdata\SPL1A06.tmp
    c:\users\Douglas\AppData\Roaming\Microsoft\Windows\Recent\Outlook - [email protected]
    c:\windows\SysWow64\systeminfo3.dll
    .
    .
    ((((((((((((((((   Arquivos/Ficheiros criados de 2014-01-26 to 2014-02-26  ))))))))))))))))))))))))))))
    .
    .
    2014-02-26 16:45 . 2014-02-26 16:45 -------- d-----w- c:\users\Public\AppData\Local\temp
    2014-02-26 16:45 . 2014-02-26 16:45 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-02-25 18:33 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BE6931DA-8381-497A-840D-18DE12258812}\mpengine.dll
    2014-02-21 00:09 . 2014-02-21 00:23 44638 ----a-w- c:\users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cf86c.js
    2014-02-21 00:09 . 2014-02-21 00:23 44638 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\cf86c.js
    2014-02-20 23:37 . 2014-02-21 00:11 -------- d-----w- c:\program files (x86)\Net Studio
    2014-02-20 00:17 . 2014-02-20 00:17 -------- d-----w- C:\8ca9
    2014-02-20 00:17 . 2014-02-20 00:17 -------- d-sh--w- c:\users\Douglas\AppData\Roaming\8dd18
    2014-02-20 00:17 . 2014-02-20 00:17 -------- d-sh--w- c:\program files\92d
    2014-02-17 14:22 . 2014-02-17 14:22 -------- d-----w- c:\program files (x86)\CCLS
    2014-02-12 13:57 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2014-02-12 13:57 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
    2014-02-12 13:57 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2014-02-12 13:57 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
    2014-02-05 23:27 . 2014-02-05 23:27 -------- d-----w- c:\program files\Microsoft IntelliType Pro
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-02-26 16:46 . 2013-07-11 14:02 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys
    2014-02-21 18:35 . 2013-12-18 15:57 440672 ----a-w- c:\windows\system32\drivers\aswndisflt.sys
    2014-02-21 12:17 . 2012-05-08 20:52 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-02-21 12:17 . 2011-07-12 21:30 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-18 22:36 . 2014-01-02 21:55 80184 ----a-w- c:\windows\system32\drivers\aswstm.sys
    2014-02-18 22:36 . 2013-12-18 15:58 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-02-18 22:36 . 2013-12-18 15:58 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2014-02-18 22:36 . 2013-12-18 15:58 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-02-18 22:36 . 2011-09-21 01:55 334136 ----a-w- c:\windows\system32\aswBoot.exe
    2014-02-18 22:36 . 2013-12-18 15:58 43152 ----a-w- c:\windows\avastSS.scr
    2014-02-17 03:41 . 2011-06-22 17:39 88567024 ----a-w- c:\windows\system32\MRT.exe
    2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr
    2014-01-02 21:55 . 2013-12-18 15:58 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-12-18 23:09 . 2014-01-15 11:28 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-12-18 21:57 . 2013-12-12 13:29 18432 ----a-w- c:\windows\SysWow64\corpol.dll
    2013-12-18 21:57 . 2013-12-12 13:29 73216 ----a-w- c:\windows\SysWow64\admparse.dll
    2013-12-18 15:58 . 2013-12-18 15:58 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-12-18 15:58 . 2013-12-18 15:58 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-12-18 15:57 . 2013-12-18 15:58 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2013-12-18 09:13 . 2011-08-19 21:27 270496 ------w- c:\windows\system32\MpSigStub.exe
    2013-12-12 13:44 . 2013-12-12 13:44 63088 ----a-w- c:\windows\system32\vsocklib.dll
    2013-12-12 13:44 . 2013-12-12 13:44 50800 ----a-w- c:\windows\system32\vmhgfs.dll
    2013-12-12 13:44 . 2013-12-12 13:44 34416 ----a-w- c:\windows\system32\vmGuestLibJava.dll
    2013-12-12 13:44 . 2013-12-12 13:44 53360 ----a-w- c:\windows\system32\vmGuestLib.dll
    2013-12-12 13:36 . 2013-12-12 13:30 63088 ----a-w- c:\windows\SysWow64\vsocklib.dll
    2013-12-12 13:36 . 2013-12-12 13:30 50800 ----a-w- c:\windows\SysWow64\vmhgfs.dll
    2013-12-12 13:36 . 2013-12-12 13:30 34416 ----a-w- c:\windows\SysWow64\vmGuestLibJava.dll
    2013-12-12 13:36 . 2013-12-12 13:30 53360 ----a-w- c:\windows\SysWow64\vmGuestLib.dll
    2013-12-12 13:32 . 2013-12-12 13:32 219248 ----a-w- c:\windows\SysWow64\vm3dum.dll
    2013-12-12 13:32 . 2013-12-12 13:32 3223152 ----a-w- c:\windows\SysWow64\vm3dgl.dll
    .
    .
    ((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas. 
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "9bc7"="c:\users\Douglas\AppData\Roaming\8dd18\9bc7.js" [X]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-09-28 252544]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-19 98304]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-18 3767096]
    .
    c:\users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    cf86c.js [2014-2-20 44638]
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 246472]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    cf86c.js [2014-2-20 44638]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
    2013-10-07 14:32 1487912 ------w- c:\program files (x86)\GbPlugin\gbieh.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux7"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ   autocheck autochk *\0sdnclean64.exe
    .
    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys;c:\windows\SYSNATIVE\drivers\gbpkm.sys [x]
    R1 MpKsl53a72a40;MpKsl53a72a40;c:\windows\system32\MpEngineStore\MpKsl53a72a40.sys;c:\windows\SYSNATIVE\MpEngineStore\MpKsl53a72a40.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
    S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
    S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys;c:\windows\SYSNATIVE\DRIVERS\cdrblock.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [x]
    S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [x]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
    S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
    S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
    S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-02-20 22:16 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2014-02-26 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 12:17]
    .
    2014-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-27 21:46]
    .
    2014-02-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-27 21:46]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-02-18 22:36 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
    "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
    "lxccmon.exe"="c:\program files (x86)\Lexmark 3300 Series\lxccmon.exe" [2007-05-11 205744]
    "EzPrint"="c:\program files (x86)\Lexmark 3300 Series\ezprint.exe" [2007-05-11 103344]
    "LXCCCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCCtime.dll" [2007-02-22 28672]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
    .
    ------- Scan Suplementar -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.bing.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    Trusted Zone: bancobrasil.com.br\www
    Trusted Zone: bancobrasil.com.br\www14
    Trusted Zone: bancobrasil.com.br\www2
    Trusted Zone: bb.com.br\www
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    Toolbar-10 - (no file)
    .
    .
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.12"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Outros Processos em Execução ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
    c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe
    c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
    c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
    c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
    .
    **************************************************************************
    .
    Tempo para conclusão: 2014-02-26  13:51:23 - Máquina reiniciou
    ComboFix-quarantined-files.txt  2014-02-26 16:51
    ComboFix2.txt  2013-12-23 16:26
    .
    Pré-execução: 411.614.572.544 bytes disponíveis
    Pós execução: 411.280.269.312 bytes disponíveis
    .
    - - End Of File - - 4871BDC120FF9B2F5112DF17DE3DC1B7
    A36C5E4F47E84449FF07ED3517B43A31


    #6 diego_moicano

    diego_moicano
    • Analistas de Segurança
    • 9.227 posts
    • Membro desde 08/09/2007
    197
    Excepcional
    • São Sebastião - SP

    Postado 28 de fevereiro de 2014 - 09h15min

    Caro dougmafe

     

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
    Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":
    File::
    c:\users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cf86c.js
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\cf86c.js
     
    Folder::
    C:\8ca9
    c:\users\Douglas\AppData\Roaming\8dd18
    c:\program files\92d
     
    Registry::
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "9bc7"=-
     
    Reglock::
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
    • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.
  • 2872959479_997d4500c4_o.gif
     
    Abraços :D

    Analista de Remoção de Malware | Especialista em Segurança de Redes

    TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira. Download aqui

    Membro UNITE & ASAP & ARIS-LD

    #7 dougmafe

    dougmafe
    • Membros Juniores
    • 15 posts
    • Membro desde 12/12/2013
    0
    Neutra
    • Jaboticabal, SP

    Postado 28 de fevereiro de 2014 - 13h55min

    Segue novo log Combofix... Os problemas no pc desapareceram! Há mais algum passo???  Muito obrigado pelo profissionalismo! Vida longa ao Clube do Hardware!

     

     

    ComboFix 14-02-24.02 - Douglas 28/02/2014  13:37:50.4.4 - x64
    Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.4073.2425 [GMT -3:00]
    Executando de: c:\users\Douglas\Desktop\ComboFix.exe
    Comandos utilizados :: c:\users\Douglas\Desktop\CFScript.txt
    AV: avast! Internet Security *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    FW: avast! Internet Security *Disabled* {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}
    SP: avast! Internet Security *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\cf86c.js"
    "c:\users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cf86c.js"
    .
    .
    (((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\8ca9
    c:\8ca9\8282
    c:\8ca9\86868
    c:\8ca9\91b8
    c:\8ca9\9a
    c:\8ca9\9ac
    c:\program files\92d
    c:\program files\92d\93.js
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\cf86c.js
    c:\users\Douglas\AppData\Roaming\8dd18
    c:\users\Douglas\AppData\Roaming\8dd18\9bc7.js
    c:\users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cf86c.js
    c:\windows\SysWow64\systeminfo3.dll
    .
    .
    ((((((((((((((((   Arquivos/Ficheiros criados de 2014-01-28 to 2014-02-28  ))))))))))))))))))))))))))))
    .
    .
    2014-02-28 16:43 . 2014-02-28 16:43 -------- d-----w- c:\users\Public\AppData\Local\temp
    2014-02-28 16:43 . 2014-02-28 16:43 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-02-28 13:17 . 2014-02-06 09:01 10536864 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2BD7E20F-6675-49CD-B7E2-0FFEED8F619A}\mpengine.dll
    2014-02-20 23:37 . 2014-02-21 00:11 -------- d-----w- c:\program files (x86)\Net Studio
    2014-02-17 14:22 . 2014-02-17 14:22 -------- d-----w- c:\program files (x86)\CCLS
    2014-02-12 13:57 . 2013-12-06 02:30 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2014-02-12 13:57 . 2013-12-06 02:30 1882112 ----a-w- c:\windows\system32\msxml3.dll
    2014-02-12 13:57 . 2013-12-06 02:02 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2014-02-12 13:57 . 2013-12-06 02:02 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
    2014-02-05 23:27 . 2014-02-05 23:27 -------- d-----w- c:\program files\Microsoft IntelliType Pro
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-02-28 16:44 . 2013-07-11 14:02 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys
    2014-02-21 18:35 . 2013-12-18 15:57 440672 ----a-w- c:\windows\system32\drivers\aswndisflt.sys
    2014-02-21 12:17 . 2012-05-08 20:52 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-02-21 12:17 . 2011-07-12 21:30 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-02-18 22:36 . 2014-01-02 21:55 80184 ----a-w- c:\windows\system32\drivers\aswstm.sys
    2014-02-18 22:36 . 2013-12-18 15:58 78648 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
    2014-02-18 22:36 . 2013-12-18 15:58 421704 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2014-02-18 22:36 . 2013-12-18 15:58 1038072 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2014-02-18 22:36 . 2011-09-21 01:55 334136 ----a-w- c:\windows\system32\aswBoot.exe
    2014-02-18 22:36 . 2013-12-18 15:58 43152 ----a-w- c:\windows\avastSS.scr
    2014-02-17 03:41 . 2011-06-22 17:39 88567024 ----a-w- c:\windows\system32\MRT.exe
    2014-01-06 19:23 . 2014-01-06 19:23 4558848 ----a-w- c:\windows\SysWow64\GPhotos.scr
    2014-01-02 21:55 . 2013-12-18 15:58 207904 ----a-w- c:\windows\system32\drivers\aswVmm.sys
    2013-12-18 23:09 . 2014-01-15 11:28 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
    2013-12-18 21:57 . 2013-12-12 13:29 18432 ----a-w- c:\windows\SysWow64\corpol.dll
    2013-12-18 21:57 . 2013-12-12 13:29 73216 ----a-w- c:\windows\SysWow64\admparse.dll
    2013-12-18 15:58 . 2013-12-18 15:58 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
    2013-12-18 15:58 . 2013-12-18 15:58 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
    2013-12-18 15:57 . 2013-12-18 15:58 28184 ----a-w- c:\windows\system32\drivers\aswKbd.sys
    2013-12-18 09:13 . 2011-08-19 21:27 270496 ------w- c:\windows\system32\MpSigStub.exe
    2013-12-12 13:44 . 2013-12-12 13:44 63088 ----a-w- c:\windows\system32\vsocklib.dll
    2013-12-12 13:44 . 2013-12-12 13:44 50800 ----a-w- c:\windows\system32\vmhgfs.dll
    2013-12-12 13:44 . 2013-12-12 13:44 34416 ----a-w- c:\windows\system32\vmGuestLibJava.dll
    2013-12-12 13:44 . 2013-12-12 13:44 53360 ----a-w- c:\windows\system32\vmGuestLib.dll
    2013-12-12 13:36 . 2013-12-12 13:30 63088 ----a-w- c:\windows\SysWow64\vsocklib.dll
    2013-12-12 13:36 . 2013-12-12 13:30 50800 ----a-w- c:\windows\SysWow64\vmhgfs.dll
    2013-12-12 13:36 . 2013-12-12 13:30 34416 ----a-w- c:\windows\SysWow64\vmGuestLibJava.dll
    2013-12-12 13:36 . 2013-12-12 13:30 53360 ----a-w- c:\windows\SysWow64\vmGuestLib.dll
    2013-12-12 13:32 . 2013-12-12 13:32 219248 ----a-w- c:\windows\SysWow64\vm3dum.dll
    2013-12-12 13:32 . 2013-12-12 13:32 3223152 ----a-w- c:\windows\SysWow64\vm3dgl.dll
    .
    .
    ((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas. 
    REGEDIT4
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-08-01 3673696]
    "RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
    "JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
    "ASUS ShellProcess Execute"="c:\program files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe" [2010-09-28 252544]
    "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-19 98304]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-02-18 3767096]
    .
    c:\users\Douglas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 246472]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
    2013-10-07 14:32 1487912 ------w- c:\program files (x86)\GbPlugin\gbieh.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux7"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ   autocheck autochk *\0sdnclean64.exe
    .
    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys;c:\windows\SYSNATIVE\drivers\gbpkm.sys [x]
    R1 MpKsl53a72a40;MpKsl53a72a40;c:\windows\system32\MpEngineStore\MpKsl53a72a40.sys;c:\windows\SYSNATIVE\MpEngineStore\MpKsl53a72a40.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\system32\Drivers\AthDfu.sys;c:\windows\SYSNATIVE\Drivers\AthDfu.sys [x]
    R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv91xx.sys [x]
    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
    S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
    S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
    S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys;c:\windows\SYSNATIVE\drivers\aswKbd.sys [x]
    S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys;c:\windows\SYSNATIVE\DRIVERS\cdrblock.sys [x]
    S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
    S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [x]
    S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe [x]
    S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
    S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x]
    S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
    S2 Intel® PROSet Monitoring Service;Intel® PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe;c:\windows\SYSNATIVE\IProsetMonitor.exe [x]
    S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
    S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
    S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
    S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
    S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
    S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
    S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
    S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
    S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
    S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
    S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-02-20 22:16 1150280 ----a-w- c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2014-02-28 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-08 12:17]
    .
    2014-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-27 21:46]
    .
    2014-02-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-27 21:46]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-02-18 22:36 287280 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-11-02 11545192]
    "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2010-10-27 613536]
    "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2010-10-27 379040]
    "BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 108144]
    "PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
    "lxccmon.exe"="c:\program files (x86)\Lexmark 3300 Series\lxccmon.exe" [2007-05-11 205744]
    "EzPrint"="c:\program files (x86)\Lexmark 3300 Series\ezprint.exe" [2007-05-11 103344]
    "LXCCCATS"="c:\windows\system32\spool\DRIVERS\x64\3\LXCCtime.dll" [2007-02-22 28672]
    "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256]
    .
    ------- Scan Suplementar -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.bing.com/
    uDefault_Search_URL = hxxp://www.google.com/ie
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uSearchAssistant = hxxp://www.google.com
    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
    IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
    IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
    Trusted Zone: bancobrasil.com.br\www
    Trusted Zone: bancobrasil.com.br\www14
    Trusted Zone: bancobrasil.com.br\www2
    Trusted Zone: bb.com.br\www
    TCP: DhcpNameServer = 192.168.0.1
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    Toolbar-10 - (no file)
    .
    .
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_70_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_70_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.12"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_70.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Outros Processos em Execução ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    c:\program files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe
    c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
    c:\program files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
    c:\program files (x86)\ASUS\AI Suite II\AI Suite II.exe
    c:\program files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
    .
    **************************************************************************
    .
    Tempo para conclusão: 2014-02-28  13:49:50 - Máquina reiniciou
    ComboFix-quarantined-files.txt  2014-02-28 16:49
    ComboFix2.txt  2014-02-26 16:51
    ComboFix3.txt  2013-12-23 16:26
    .
    Pré-execução: 406.911.086.592 bytes disponíveis
    Pós execução: 406.732.898.304 bytes disponíveis
    .
    - - End Of File - - 3154FA7E14FD69EBB3798DAC41682182
    A36C5E4F47E84449FF07ED3517B43A31


    #8 diego_moicano

    diego_moicano
    • Analistas de Segurança
    • 9.227 posts
    • Membro desde 08/09/2007
    197
    Excepcional
    • São Sebastião - SP

    Postado 04 de março de 2014 - 10h19min

    Caro dougmafe

     

    Faça o download do Malwarebytes Anti-Malware:

    • Link1
    • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.
    Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

     

    Abraços :D


    Analista de Remoção de Malware | Especialista em Segurança de Redes

    TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira. Download aqui

    Membro UNITE & ASAP & ARIS-LD

    #9 dougmafe

    dougmafe
    • Membros Juniores
    • 15 posts
    • Membro desde 12/12/2013
    0
    Neutra
    • Jaboticabal, SP

    Postado 05 de março de 2014 - 19h28min

    Olá! Boa noite! Executada última orientação. PC funcionando perfeitamente. Segue novo log. Agradeço imensamente pela ajuda! Obrigado!

     

    Malwarebytes Anti-Malware 1.75.0.1300
    www.malwarebytes.org
     
    Versão da Base de Dados:  v2014.01.01.06
     
    Windows 7 Service Pack 1 x64 NTFS
    Internet Explorer 11.0.9600.16476
    Douglas :: DOUGLAS-PC [administrador]
     
     
    02/01/2014 00:42:27
    mbam-log-2014-01-02 (00-42-27).txt
     
    Tipo de Verificação:  Verificação Rápida 
    Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
    Opções de verificação desativadas: P2P
    Objetos escaneados:  215525
    Tempo decorrido: 2 minuto(s), 43 segundo(s)
     
    Processos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)
     
    Módulos de Memória Detectados: 0
    (Não foram detectados ítens maliciosos)
     
    Chaves de Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)
     
    Valores de Registro Detectadas: 0
    (Não foram detectados ítens maliciosos)
     
    Itens de Dados no Registro Detectadas: 1
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel|HomePage (PUM.Hijack.HomePageControl) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso.
     
    Pastas Detectadas: 0
    (Não foram detectados ítens maliciosos)
     
    Arquivos Detectados: 1
    C:\$RECYCLE.BIN\S-1-5-21-2101424412-1034267760-677314011-1000\$RT7XNWI.exe (PUP.Optional.Spigot.A) -> Enviado para a Quarentena e deletado com sucesso.
     
    (fim)
     
     
     
     
    2014/03/05 19:14:24 -0300 DOUGLAS-PC Douglas MESSAGE Executing scheduled update:  Daily
    2014/03/05 19:14:26 -0300 DOUGLAS-PC Douglas MESSAGE Starting protection
    2014/03/05 19:14:26 -0300 DOUGLAS-PC Douglas MESSAGE Protection started successfully
    2014/03/05 19:14:26 -0300 DOUGLAS-PC Douglas MESSAGE Starting IP protection
    2014/03/05 19:14:34 -0300 DOUGLAS-PC Douglas MESSAGE IP Protection started successfully
    2014/03/05 19:17:50 -0300 DOUGLAS-PC Douglas MESSAGE Starting database refresh
    2014/03/05 19:17:50 -0300 DOUGLAS-PC Douglas MESSAGE Stopping IP protection
    2014/03/05 19:17:51 -0300 DOUGLAS-PC Douglas MESSAGE IP Protection stopped successfully
    2014/03/05 19:17:52 -0300 DOUGLAS-PC Douglas MESSAGE Scheduled update executed successfully:  database updated from version v2013.04.04.07 to version v2014.03.05.11
    2014/03/05 19:17:53 -0300 DOUGLAS-PC Douglas MESSAGE Database refreshed successfully
    2014/03/05 19:17:53 -0300 DOUGLAS-PC Douglas MESSAGE Starting IP protection
    2014/03/05 19:17:54 -0300 DOUGLAS-PC Douglas MESSAGE IP Protection started successfully
    2014/03/05 19:17:57 -0300 DOUGLAS-PC Douglas MESSAGE Starting database refresh
    2014/03/05 19:17:57 -0300 DOUGLAS-PC Douglas MESSAGE Stopping IP protection
    2014/03/05 19:17:57 -0300 DOUGLAS-PC Douglas MESSAGE IP Protection stopped successfully
    2014/03/05 19:17:59 -0300 DOUGLAS-PC Douglas MESSAGE Database refreshed successfully
    2014/03/05 19:17:59 -0300 DOUGLAS-PC Douglas MESSAGE Starting IP protection
    2014/03/05 19:18:00 -0300 DOUGLAS-PC Douglas MESSAGE IP Protection started successfully
     


    #10 diego_moicano

    diego_moicano
    • Analistas de Segurança
    • 9.227 posts
    • Membro desde 08/09/2007
    197
    Excepcional
    • São Sebastião - SP

    Postado 09 de março de 2014 - 09h42min

    Caro dougmafe

     

    # Etapa nº 1 #
     
    Faça o download do Kaspersky AVP Tool de um desses links:
     
  • Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. 
  • Somente o campo "email" é obrigatório.
  • Informe seu email depois clique no botão Submit Form.
  • A página será recarregada. Clique no botão Download
  • Salve-o em sua área de trabalho (Desktop).
  • Execute o arquivo e aguarde a instalação.
  • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador
    • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
  • Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:
  •  
    KRT_settings.png
     
    Nesta tela, marque a caixa ao lado de:
  • Meu Computador; 
  • Disco local (C:);
  • Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
  • Depois clique na aba Automatic Scan.
  •  
    KRT_install2_.png
     
  • De volta à tela inicial do programa, clique no botão Start scanning;
  • Tenha paciência, é um pouco demorado;
  • Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
  • Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).
  •  
    KRT_detection_.png
     
    Uma vez finalizado o scan, proceda da seguinte forma:
  • Na tela principal, caso tenha sido detectado algo, então salve o log
  • Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
  • Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). 
  • Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
  • Escolha um local de fácil acesso e salve como log.txt
  • Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
  • Se nada for detectado, então não precisa salvar o log, apenas avise.
  • Para sair do programa, basta clicar no X no canto superior direito.
  •  

    Observações: Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado; e na cor vermelha, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

     
    # Etapa nº 2 #
     
    Faça o download do SecurityCheck e salve em seu Desktop
  • Clique duas vezes no SecurityCheck.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
  • Pressione qualquer tecla para continuar... será aberto um relatório
  • Copie todo seu conteúdo e cole em sua próxima resposta
  • Abraços :D

    Analista de Remoção de Malware | Especialista em Segurança de Redes

    TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira. Download aqui

    Membro UNITE & ASAP & ARIS-LD

    #11 dougmafe

    dougmafe
    • Membros Juniores
    • 15 posts
    • Membro desde 12/12/2013
    0
    Neutra
    • Jaboticabal, SP

    Postado 12 de março de 2014 - 18h53min

    Ola, caro Diego! Desculpa pela demora... Feito o scan com a ferramenta do Kaspersky e nada foi encontrado. Segue log do SecurityCheck. Fico no aguardo dos próximos passos e agradeço imensamente pela orientação!

     

     Results of screen317's Security Check version 0.99.80  
     Windows 7 Service Pack 1 x64 (UAC is disabled!)
     Internet Explorer 11  
    ``````````````Antivirus/Firewall Check:``````````````
     Windows Security Center service is not running! This report may not be accurate!
    avast! Internet Security   
     Antivirus out of date!
    `````````Anti-malware/Other Utilities Check:`````````
     Java 7 Update 51  
     Adobe Flash Player 12.0.0.70  
     Adobe Reader XI  
     Google Chrome 33.0.1750.117  
     Google Chrome 33.0.1750.146  
    ````````Process Check: objlist.exe by Laurent````````
     AVAST Software Avast AvastSvc.exe  
     AVAST Software Avast afwServ.exe  
     AVAST Software Avast AvastUI.exe  
    `````````````````System Health check`````````````````
     Total Fragmentation on Drive C: = 
    ````````````````````End of Log``````````````````````

     

    Ah, embora não constasse em sua orientação, desliguei a proteção do Avast Internet Security para fazer o último scan. Obrigado!


    Editado por dougmafe, 12 de março de 2014 - 18h53min.


    #12 diego_moicano

    diego_moicano
    • Analistas de Segurança
    • 9.227 posts
    • Membro desde 08/09/2007
    197
    Excepcional
    • São Sebastião - SP

    Postado 17 de março de 2014 - 17h01min

    Caro dougmafe

     

    >>>> Como está o computador?

     

    # Etapa nº 1 #
     
    Ative a UAC (User Account Control - Controle da Conta de Usuário)
     
    Acesse o vídeo tutorial.
     

    # Etapa nº 2 #
     
    Vamos desinstalar o ComboFix:
     
    Renomeie o combofix.exe para uninstall.exe, clique duas vezes nele e aguarde o programa ser removido. 
     
    Ou se preferir vá em,
     
    iniciar > executar e digite  Combofix /Uninstall e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido.
     
    # Etapa nº 3 #
     
    Faça download do OTC by OldTimer e salve em seu desktop.
    • Clique duas vezes no ícone 4142006426_4719050954_o.gif
    • Clique em executar;
    • Clique em seu único botão (imagem abaixo):
    4141259853_5a542d5908_o.jpg
  • Permita que seu computador seja reiniciado.
  •  
    # Etapa nº 4 #
     
    • Novamente: clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png
    • Clique em Desinstalar
    • Clique em Sim, aguarde.
     
    # Etapa nº 5 #
     
    <<@>> Instale o CCleaner
     
    O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner
    IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
  • Abra o programa e clique em Executar Limpeza;
  • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
  •  
    Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!
    <<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!
     
    Abraços :D

    Analista de Remoção de Malware | Especialista em Segurança de Redes

    TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira. Download aqui

    Membro UNITE & ASAP & ARIS-LD

    #13 dougmafe

    dougmafe
    • Membros Juniores
    • 15 posts
    • Membro desde 12/12/2013
    0
    Neutra
    • Jaboticabal, SP

    Postado 18 de março de 2014 - 00h29min

    Limpezas e desinstalações executadas com sucesso! Computador funcionando perfeitamente. Problemas 100% resolvidos. Obrigado, caro diego_moicano e vida longa ao Clube!!!



    #14 diego_moicano

    diego_moicano
    • Analistas de Segurança
    • 9.227 posts
    • Membro desde 08/09/2007
    197
    Excepcional
    • São Sebastião - SP

    Postado 20 de março de 2014 - 09h24min

    Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

    Analista de Remoção de Malware | Especialista em Segurança de Redes

    TCC: Análise Descritiva dos Efeitos do Banker: a praga virtual brasileira. Download aqui

    Membro UNITE & ASAP & ARIS-LD




    0 usuário(s) está(ão) lendo este tópico

    0 membros, 0 visitantes, 0 membros anônimos