Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Brudovalle

Virus que impede acesso a painel de controle, acessorios e programas de "limpeza"

Recommended Posts

Meu pc esta infectado e não consigo rodar nenhum programa que supostamente me ajudaria a limpar minha máquina: Ccleaner, Combofix, etc...

Meu Chrome esta iniciando junto com o windows na pagina pesquisa-brasil e junto abre uma janela do Windows Script Host com a seguinte mensagem:

Script: C:\Users\Bruna\AppData\Roaming\25\33.js

Line:1

Char: 36427

Error: Unterminated string constant

code: 800A03F7

Source: Microsoft JScript compilation error

Esta janela de erro aparece apenas quando eu inicio o computador.

Também não consigo abrir painel de controle e pasta acessorios.

O antivirus acusou por alguns dias a presença do autorun, mas não foi capaz de remove-lo... e também não esta mais acusando.

Abaixo segue o meu log do DDS e logo após o do GMER (Obrigada!):

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16635 BrowserJavaVersion: 10.21.2

Run by Bruna at 20:44:24 on 2013-07-28

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1017 [GMT -3:00]

.

AV: AVG AntiVirus Free Edition 2013 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}

.

============== Running Processes ===============

.

C:\PROGRA~2\AVG\AVG2013\avgrsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgcsrva.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\WLANExt.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

C:\ProgramData\IBUpdaterService\ibsvc.exe

C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe

C:\Program Files (x86)\AVG\AVG2013\avgnsa.exe

C:\Program Files (x86)\AVG\AVG2013\avgemca.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Dell\QuickSet\quickset.exe

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Windows\WindowsMobile\wmdcBase.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Windows\System32\StikyNot.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Windows\system32\svchost.exe -k WindowsMobile

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe

C:\Users\Bruna\Desktop\gmer.exe

C:\Windows\servicing\TrustedInstaller.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://brasil-pesquisa.pw/r.asp#

uDefault_Page_URL = hxxp://www.22find.com/newtab?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545050B9A300_101208PBN408X7GNEX0LX&ts=1361537916

mWinlogon: Userinit = userinit.exe

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

uRun: [Google Update] "C:\Users\Bruna\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

uRun: [AdobeBridge] "C:\Program Files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" -stealth

uRun: [Facebook Update] "C:\Users\Bruna\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

uRun: [33] C:\Users\Bruna\AppData\Roaming\25\33.js

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\Bruna\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Bruna\AppData\Roaming\Dropbox\bin\Dropbox.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

uPolicies-Explorer: NoControlPanel = 1

uPolicies-Explorer: NofolderOptions = 1

uPolicies-Explorer: NoWindowsUpdate = 1

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

TCP: NameServer = 192.168.10.1

TCP: Interfaces\{92E531DA-3242-4F10-AF23-A7254EA653D8} : NameServer = 200.235.128.2,200.235.129.2

TCP: Interfaces\{EF132211-1FF6-4D2C-AE78-066592A68EB6} : DHCPNameServer = 192.168.10.1

TCP: Interfaces\{EF132211-1FF6-4D2C-AE78-066592A68EB6}\3514C4351423 : DHCPNameServer = 192.168.137.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll

AppInit_DLLs= c:\progra~3\browse~1\261339~1.144\{c16c1~1\browse~1.dll

SSODL: WebCheck - <orphaned>

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://brasil-pesquisa.pw/r.asp#

x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

============= SERVICES / DRIVERS ===============

.

R0 AVGIDSHA;AVGIDSHA;C:\Windows\System32\drivers\avgidsha.sys [2013-2-8 71480]

R0 Avgloga;AVG Logging Driver;C:\Windows\System32\drivers\avgloga.sys [2013-2-8 311096]

R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\System32\drivers\avgmfx64.sys [2013-2-8 116536]

R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\System32\drivers\avgrkx64.sys [2013-2-8 45880]

R1 AVGIDSDriver;AVGIDSDriver;C:\Windows\System32\drivers\avgidsdrivera.sys [2013-3-29 246072]

R1 Avgldx64;AVG AVI Loader Driver;C:\Windows\System32\drivers\avgldx64.sys [2013-2-8 206136]

R1 Avgtdia;AVG TDI Driver;C:\Windows\System32\drivers\avgtdia.sys [2013-3-21 240952]

R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-12-11 98208]

R2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2013-5-14 4937264]

R2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2013-4-18 283136]

R2 BrowserProtect;BrowserProtect;C:\ProgramData\BrowserProtect\2.6.1339.144\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [2013-6-4 3085264]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-6-1 410152]

R2 IBUpdaterService;Updater Service;C:\ProgramData\IBUpdaterService\ibsvc.exe [2012-12-10 592640]

R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-7-12 3289472]

R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-12-10 2533400]

R2 Virtual Router;VirtualRouterService;C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe [2009-11-9 12288]

R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2012-12-10 56344]

R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2012-12-10 158976]

R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-12-10 271872]

R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2012-12-10 74280]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]

S3 BcmVWL;Broadcom Virtual Wireless;C:\Windows\System32\drivers\bcmvwl64.sys [2012-12-10 20984]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-2-6 102936]

S3 HPx9G+;HPx9G+ Device USB Driver;C:\Windows\System32\drivers\HPx9G2k.sys [2009-11-12 32056]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-10 19456]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-2-6 203544]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-10 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-12-10 30208]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-12-10 1255736]

.

=============== File Associations ===============

.

FileExt: .chm: PDFlite.Document="C:\Program Files (x86)\PDFlite\pdflite.exe" "%1"

.

=============== Created Last 30 ================

.

2013-07-28 06:00:59 -------- d-----w- C:\Program Files (x86)\MSXML 4.0

2013-07-27 13:29:35 -------- d-----w- C:\Program Files (x86)\ArcGIS

2013-07-27 11:28:50 -------- d-----w- C:\Program Files (x86)\Common Files\ArcGIS

2013-07-24 23:04:03 -------- d-----w- C:\Program Files (x86)\ESET

2013-07-19 18:28:02 -------- d-----w- C:\Windows\System32\MRT

2013-07-17 02:41:47 -------- d--h--w- C:\Users\Bruna\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2013-07-16 00:16:02 4188160 ----a-w- C:\Program Files (x86)\GUTAE30.tmp

2013-07-16 00:16:02 -------- d-----w- C:\Program Files (x86)\GUMAE1F.tmp

2013-07-15 19:16:33 0 ----a-w- C:\Program Files (x86)\GUT7F6D.tmp

2013-07-15 19:16:33 -------- d-----w- C:\Program Files (x86)\GUM7F6C.tmp

2013-07-13 15:20:10 4188160 ----a-w- C:\Program Files (x86)\GUTE07F.tmp

2013-07-13 15:20:10 -------- d-----w- C:\Program Files (x86)\GUMDF75.tmp

2013-07-12 20:20:30 0 ----a-w- C:\Program Files (x86)\GUT54B6.tmp

2013-07-12 20:20:30 -------- d-----w- C:\Program Files (x86)\GUM54B5.tmp

2013-07-11 16:36:33 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys

2013-07-11 13:04:59 817664 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-07-11 13:04:59 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-07-11 13:04:59 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll

2013-07-11 13:04:58 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-07-11 13:04:57 2241024 ----a-w- C:\Windows\System32\wininet.dll

2013-07-11 04:27:59 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-07-10 20:39:24 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-07-10 20:39:24 1732608 ----a-w- C:\Program Files\Windows Journal\NBDoc.DLL

2013-07-10 20:39:24 1402880 ----a-w- C:\Program Files\Windows Journal\JNWDRV.dll

2013-07-10 20:39:24 1393152 ----a-w- C:\Program Files\Windows Journal\JNTFiltr.dll

2013-07-10 20:39:24 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-10 20:33:01 9216 ----a-w- C:\Program Files (x86)\Windows Defender\MpAsDesc.dll

2013-07-10 20:33:01 571904 ----a-w- C:\Program Files\Windows Defender\MpClient.dll

2013-07-10 20:33:01 54784 ----a-w- C:\Program Files (x86)\Windows Defender\MpOAV.dll

2013-07-10 20:33:01 4608 ----a-w- C:\Program Files (x86)\Windows Defender\MsMpLics.dll

2013-07-10 20:33:01 392704 ----a-w- C:\Program Files (x86)\Windows Defender\MpClient.dll

2013-07-10 20:33:01 314880 ----a-w- C:\Program Files\Windows Defender\MpCommu.dll

2013-07-10 20:33:01 1011712 ----a-w- C:\Program Files\Windows Defender\MpSvc.dll

2013-07-10 20:32:59 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-07-10 20:32:59 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2013-07-10 20:32:58 1887744 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-10 20:32:58 1620480 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-10 05:29:45 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-07-10 05:29:44 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-07-06 03:15:27 4249600 ----a-w- C:\Program Files (x86)\GUTE6.tmp

2013-07-06 03:15:27 -------- d-----w- C:\Program Files (x86)\GUME5.tmp

2013-07-02 19:50:40 -------- d-----w- C:\Arquivos de programas

2013-06-29 20:06:29 -------- d-sh--w- C:\Users\Bruna\AppData\Roaming\25

2013-06-29 20:06:29 -------- d-sh--w- C:\Program Files\3a2

2013-06-29 20:06:29 -------- d-sh--w- C:\243

.

==================== Find3M ====================

.

2013-07-16 13:29:53 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-16 13:29:53 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-06-11 23:43:00 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-06-11 23:42:58 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll

2013-06-11 23:42:58 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll

2013-06-11 23:25:16 3958784 ----a-w- C:\Windows\System32\jscript9.dll

2013-06-11 23:25:13 67072 ----a-w- C:\Windows\System32\iesetup.dll

2013-06-11 23:25:13 136704 ----a-w- C:\Windows\System32\iesysprep.dll

2013-06-11 22:51:45 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe

2013-06-11 22:50:58 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-07 03:22:18 2706432 ----a-w- C:\Windows\System32\mshtml.tlb

2013-06-07 02:37:52 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-05-13 05:51:01 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-05-13 05:51:00 1464320 ----a-w- C:\Windows\System32\crypt32.dll

2013-05-13 05:51:00 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-05-13 05:50:40 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-05-13 04:45:55 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-05-13 04:45:55 1160192 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-05-13 04:45:55 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-05-13 03:43:55 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-05-13 03:08:10 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-05-13 03:08:06 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-05-10 05:49:27 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-05-10 03:20:54 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-05-08 06:39:01 1910632 ----a-w- C:\Windows\System32\drivers\tcpip.sys

.

============= FINISH: 20:44:56.89 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume2

Install Date: 12/10/2012 5:57:20 PM

System Uptime: 7/28/2013 7:58:20 PM (1 hours ago)

.

Motherboard: Dell Inc. | | 021CN3

Processor: Intel® Core i3 CPU M 370 @ 2.40GHz | U2E1 | 1583/133mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 451 GiB total, 336.649 GiB free.

D: is CDROM ()

E: is Removable

F: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP75: 7/11/2013 3:00:16 AM - Windows Update

RP76: 7/11/2013 9:56:01 AM - Windows Update

RP77: 7/19/2013 6:25:03 AM - Scheduled Checkpoint

RP78: 7/19/2013 3:27:39 PM - Windows Update

RP79: 7/27/2013 8:26:17 AM - Installed ArcGIS 10.1 for Desktop

RP80: 7/27/2013 10:27:27 AM - Installed ArcGIS 10.1 for Desktop

RP81: 7/28/2013 3:00:13 AM - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Reader XI (11.0.03)

Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver

AVG 2013

BrowserProtect

CCleaner

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dropbox

Facebook Video Calling 1.2.0.287

File Association Manager 0.2

Google Chrome

Google Drive

Google Talk Plugin

Google Update Helper

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Components

Java 7 Update 21

Java Auto Updater

K-Lite Codec Pack 9.7.5 (Full)

Microsoft .NET Framework 4 Client Profile

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Notepad++

PDF Reader

PDF Settings CS5

PDFlite 0.9.0.0

Quickset64

Realtek High Definition Audio Driver

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687276) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

SisCAH 1.0

Skype Click to Call

Skype™ 6.5

Synaptics Pointing Device Driver

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Updater Service

Virtual Router v0.8 Beta

Visual Studio 2010 x64 Redistributables

VLC media player 2.0.2

WinRAR 4.20 (64-bit)

XAMPP 1.7.4

.

==== Event Viewer Messages From Past Week ========

.

7/28/2013 7:59:44 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.

7/28/2013 7:59:22 PM, Error: Service Control Manager [7024] - The Windows Firewall service terminated with service-specific error The data is invalid..

7/28/2013 7:53:11 AM, Error: Service Control Manager [7023] - The Windows Time service terminated with the following error: A system shutdown is in progress.

7/24/2013 7:10:20 AM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR2.

7/24/2013 7:09:13 AM, Error: Service Control Manager [7022] - The VirtualRouterService service hung on starting.

7/21/2013 12:43:08 PM, Error: Service Control Manager [7031] - The BrowserProtect service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

7/21/2013 12:43:02 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).

7/21/2013 1:43:50 PM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-07-28 20:37:31

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050B9A300 rev.PB4OC60S 465.76GB

Running: gmer.exe; Driver: C:\Users\Bruna\AppData\Local\Temp\kwddyaow.sys

---- Kernel code sections - GMER 2.1 ----

.text C:\Windows\system32\DRIVERS\USBPORT.SYS!DllUnload fffff8800439dd64 12 bytes {MOV RAX, 0xfffffa80052782a0; JMP RAX}

---- User code sections - GMER 2.1 ----

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[692] C:\Windows\syswow64\kernel32.dll!FreeLibrary 0000000075a434a8 5 bytes JMP 000000013b6a7121

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[692] C:\Windows\syswow64\kernel32.dll!FreeLibraryAndExitThread 0000000075a5d56a 5 bytes JMP 000000013b6a7099

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[692] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076562c91 4 bytes CALL 71af0000

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[692] C:\Windows\syswow64\ole32.dll!CoUnmarshalInterface 000000007621f150 6 bytes JMP 71ab000a

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[692] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[692] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]

.text ... * 2

.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]

.text C:\Program Files (x86)\Skype\Phone\Skype.exe[3532] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]

.text ... * 2

? C:\Windows\system32\mssprxy.dll [3764] entry point in ".rdata" section 00000000712471e6

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3712] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3712] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0xe4628; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0xe4668; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0xe45a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0xe4528; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0xe4728; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0xe4768; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0xe46e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0xe46a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0xe4468; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0xe44a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0xe4428; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0xe45e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0xe4568; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0xe44e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4380] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0xe7ea28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0xe7ea68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0xe7e9a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0xe7e928; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0xe7eb28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0xe7eb68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0xe7eae8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0xe7eaa8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0xe7e868; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0xe7e8a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0xe7e828; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0xe7e9e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0xe7e968; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0xe7e8e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0x1059628; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0x1059668; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0x10595a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0x1059528; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0x1059728; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0x1059768; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0x10596e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0x10596a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0x1059468; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0x10594a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0x1059428; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0x10595e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0x1059568; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0x10594e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2824] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0x76b628; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0x76b668; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0x76b5a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0x76b528; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0x76b728; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0x76b768; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0x76b6e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0x76b6a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0x76b468; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0x76b4a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0x76b428; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0x76b5e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0x76b568; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0x76b4e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4164] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0x8aae28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4164] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0x8aae68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4164] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0x8aada8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4164] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0x8aad28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4164] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0x8aaf28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4164] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0x8aaf68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4164] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0x8aaee8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4164] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0x8aaea8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4164] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0x8aac68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4164] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0x8aaca8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4164] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0x8aac28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4164] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0x8aade8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4164] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0x8aad68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4164] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0x8aace8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4164] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0xa05a28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0xa05a68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0xa059a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0xa05928; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0xa05b28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0xa05b68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0xa05ae8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0xa05aa8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0xa05868; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0xa058a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0xa05828; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0xa059e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0xa05968; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4564] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0xa058e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0xf0ba28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0xf0ba68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0xf0b9a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0xf0b928; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0xf0bb28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0xf0bb68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0xf0bae8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0xf0baa8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0xf0b868; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0xf0b8a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0xf0b828; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0xf0b9e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0xf0b968; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0xf0b8e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4860] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0xa06a28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0xa06a68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0xa069a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0xa06928; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0xa06b28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0xa06b68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0xa06ae8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0xa06aa8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0xa06868; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0xa068a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0xa06828; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0xa069e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0xa06968; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0xa068e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5060] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0x8a7a28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0x8a7a68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0x8a79a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0x8a7928; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0x8a7b28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0x8a7b68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0x8a7ae8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0x8a7aa8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0x8a7868; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0x8a78a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0x8a7828; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0x8a79e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0x8a7968; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0x8a78e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0x718a28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0x718a68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0x7189a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0x718928; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0x718b28; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0x718b68; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0x718ae8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0x718aa8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0x718868; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0x7188a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0x718828; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0x7189e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0x718968; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4900] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0x7188e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4900] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0x28d628; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0x28d668; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0x28d5a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0x28d528; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0x28d728; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0x28d768; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0x28d6e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0x28d6a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0x28d468; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0x28d4a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0x28d428; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0x28d5e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0x28d568; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5452] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0x28d4e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]

.text ... * 2

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 0000000077d3f991 7 bytes {MOV EDX, 0xa25228; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 0000000077d3fbd5 7 bytes {MOV EDX, 0xa25268; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 0000000077d3fc05 7 bytes {MOV EDX, 0xa251a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 0000000077d3fc1d 7 bytes {MOV EDX, 0xa25128; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 0000000077d3fc35 7 bytes {MOV EDX, 0xa25328; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 0000000077d3fc65 7 bytes {MOV EDX, 0xa25368; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 0000000077d3fce5 7 bytes {MOV EDX, 0xa252e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 0000000077d3fcfd 7 bytes {MOV EDX, 0xa252a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 0000000077d3fd49 7 bytes {MOV EDX, 0xa25068; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 0000000077d3fe41 7 bytes {MOV EDX, 0xa250a8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077d40099 7 bytes {MOV EDX, 0xa25028; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077d410a5 7 bytes {MOV EDX, 0xa251e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 0000000077d4111d 7 bytes {MOV EDX, 0xa25168; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5524] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077d41321 7 bytes {MOV EDX, 0xa250e8; JMP RDX}

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000765a1465 2 bytes [5A, 76]

.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5524] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765a14bb 2 bytes [5A, 76]

.text ... * 2

---- Kernel IAT/EAT - GMER 2.1 ----

IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort] [fffff880010aef1c] \SystemRoot\System32\Drivers\sptd.sys [.text]

IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar] [fffff880010aecc0] \SystemRoot\System32\Drivers\sptd.sys [.text]

IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar] [fffff880010af69c] \SystemRoot\System32\Drivers\sptd.sys [.text]

IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong] [fffff880010afa98] \SystemRoot\System32\Drivers\sptd.sys [.text]

IAT C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort] [fffff880010af8f4] \SystemRoot\System32\Drivers\sptd.sys [.text]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortCopyMemory] [?]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortGetPhysicalAddress] [?]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortReadRegisterUlong] [?]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortInitializeEx] [?]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortDeviceStateChange] [?]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortEtwTraceLog] [?]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortRegistryFreeBuffer] [?]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortGetBusData] [?]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortRegistryRead] [?]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortRequestCallback] [?]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortStallExecution] [ffffb0a015ff5024] [unknown section]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortGetUnCachedExtension] [fffffa60e8cb8b48] [unknown section]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortReadRegisterUchar] [?]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortBuildRequestSenseIrb] [fff9c3e8d2330000] [unknown section]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortReleaseRequestSenseIrb] [fffa47e8cb8b48ff] [unknown section]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortCompleteRequest] [?]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortNotification] [?]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortGetDeviceBase] [?]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortGetScatterGatherList] [?]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortRegistryAllocateBuffer] [?]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[PCIIDEX.SYS!AtaPortWriteRegisterUlong] [?]

IAT C:\Windows\System32\Drivers\azuii5yd.SYS[NTOSKRNL.exe!KeBugCheckEx] [?]

---- Devices - GMER 2.1 ----

Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-0 fffffa8003b242c0

Device \Driver\atapi \Device\Ide\IdePort0 fffffa8003b242c0

Device \Driver\atapi \Device\Ide\IdePort1 fffffa8003b242c0

Device \Driver\atapi \Device\Ide\IdePort2 fffffa8003b242c0

Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-1 fffffa8003b242c0

Device \Driver\azuii5yd \Device\Scsi\azuii5yd1 fffffa80053022c0

Device \Driver\azuii5yd \Device\Scsi\azuii5yd1Port3Path0Target0Lun0 fffffa80053022c0

Device \FileSystem\Ntfs \Ntfs fffffa8003b2c2c0

Device \FileSystem\fastfat \Fat fffffa8006feb2c0

Device \Driver\usbehci \Device\USBPDO-1 fffffa80052822c0

Device \Driver\cdrom \Device\CdRom0 fffffa80050b02c0

Device \Driver\cdrom \Device\CdRom1 fffffa80050b02c0

Device \Driver\NetBT \Device\NetBT_Tcpip_{92E531DA-3242-4F10-AF23-A7254EA653D8} fffffa80050aa2c0

Device \Driver\usbehci \Device\USBFDO-0 fffffa80052822c0

Device \Driver\USBSTOR \Device\0000007c fffffa8005c452c0

Device \Driver\usbehci \Device\USBFDO-1 fffffa80052822c0

Device \Driver\NetBT \Device\NetBT_Tcpip_{61C37C2A-FEE8-4AEF-BE89-4B29D6078E76} fffffa80050aa2c0

Device \Driver\NetBT \Device\NetBT_Tcpip_{EF132211-1FF6-4D2C-AE78-066592A68EB6} fffffa80050aa2c0

Device \Driver\USBSTOR \Device\0000007d fffffa8005c452c0

Device \Driver\NetBT \Device\NetBt_Wins_Export fffffa80050aa2c0

Device \Driver\atapi \Device\ScsiPort0 fffffa8003b242c0

Device \Driver\usbehci \Device\USBPDO-0 fffffa80052822c0

Device \Driver\atapi \Device\ScsiPort1 fffffa8003b242c0

Device \Driver\atapi \Device\ScsiPort2 fffffa8003b242c0

Device \Driver\azuii5yd \Device\ScsiPort3 fffffa80053022c0

---- Trace I/O - GMER 2.1 ----

Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8003b242c0]<< sptd.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys fffffa8003b242c0

Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004c08060] fffffa8004c08060

Trace 3 CLASSPNP.SYS[fffff880013b543f] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004960060] fffffa8004960060

Trace \Driver\atapi[0xfffffa8004920d30] -> IRP_MJ_CREATE -> 0xfffffa8003b242c0 fffffa8003b242c0

---- Modules - GMER 2.1 ----

Module \SystemRoot\System32\Drivers\azuii5yd.SYS (MS AHCI 1.0 Standard Driver/Microsoft Corporation SIGNED)(2010-11-21 03:23:47) fffff88004176000-fffff880041c7000 (331776 bytes)

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCD 0xBB 0x39 0xD5 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCC 0x2F 0x2B 0x92 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0

Reg HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x79 0x3B 0x38 0x44 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files (x86)\DAEMON Tools Lite\

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0x00 0x00 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 0

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xCD 0xBB 0x39 0xD5 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0xA0 0x02 0x00 0x00 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0xCC 0x2F 0x2B 0x92 ...

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x79 0x3B 0x38 0x44 ...

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Estou com outro caso semelhante e o usuário conseguiu baixar o ComboFix sem problemas. Qual site você está usando para baixá-lo?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bleeping Computer é o local oficial.

Poderia baixar de outro computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Posso sim! Acho que vai soar ****** pra você (rs), mas eu tenho que perguntar! Como vou fazer para o programa limpar o meu computador?!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Acho que não te entendi.... se você baixar de outro computador, salvar em um pendrive e depois passar para o SEU computador, não terá problema nenhum, certo?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não tinha ideia de que o programa poderia funcionar desta forma (através do pen-drive)... por isso não estava entendo o que você esta querendo =)

Bom, deu certo! Eu já consigo acessar meu painel de controle, pasta acessórios, o IE reapareceu na lista de programas... MAAASSS... meu Chrome continua inicializando automaticamente na página do "http://brasil-pesquisa.pw/" e o meu IE não esta funcionado, apenas aparece na barra de endereço "http://www.22find.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545050B9A300_101208PBN408X7GNEX0LX&ts=1361537866" e um campo para pesquisa no meio da tela.

Segue o log fornecido pelo Combofix:

ComboFix 13-08-04.01 - Bruna 08/04/2013 19:21:45.1.4 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3893.1876 [GMT -3:00]

Running from: G:\ComboFix.exe

AV: AVG AntiVirus Free Edition 2013 *Enabled/Outdated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}

SP: AVG AntiVirus Free Edition 2013 *Enabled/Outdated* {B5F5C120-2089-702E-0001-553BB0D5A664}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\install.exe

c:\users\Bruna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\22find.lnk

c:\windows\SysWow64\drivers\ati0qaxx.sys

c:\windows\SysWow64\drivers\ati2xhxx.sys

c:\windows\XSxS

.

.

((((((((((((((((((((((((( Files Created from 2013-07-04 to 2013-08-04 )))))))))))))))))))))))))))))))

.

.

2013-07-28 06:00 . 2013-07-28 06:00 -------- d-----w- c:\program files (x86)\MSXML 4.0

2013-07-27 13:29 . 2013-07-27 13:29 -------- d-----w- c:\program files (x86)\ArcGIS

2013-07-27 11:48 . 2013-07-27 11:48 -------- d-----w- c:\programdata\FLEXnet

2013-07-27 11:28 . 2013-07-28 10:08 -------- d-----w- c:\program files (x86)\Common Files\ArcGIS

2013-07-24 23:04 . 2013-07-24 23:04 -------- d-----w- c:\program files (x86)\ESET

2013-07-20 04:51 . 2013-07-20 04:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys

2013-07-20 04:50 . 2013-07-20 04:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2013-07-20 04:50 . 2013-07-20 04:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2013-07-20 04:50 . 2013-07-20 04:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2013-07-19 18:28 . 2013-07-19 18:29 -------- d-----w- c:\windows\system32\MRT

2013-07-17 02:41 . 2013-07-17 02:41 -------- d--h--w- c:\users\Bruna\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1

2013-07-16 00:16 . 2013-07-16 00:16 4188160 ----a-w- c:\program files (x86)\GUTAE30.tmp

2013-07-16 00:16 . 2013-07-16 00:16 -------- d-----w- c:\program files (x86)\GUMAE1F.tmp

2013-07-15 19:16 . 2013-07-15 19:16 0 ----a-w- c:\program files (x86)\GUT7F6D.tmp

2013-07-15 19:16 . 2013-07-15 19:16 -------- d-----w- c:\program files (x86)\GUM7F6C.tmp

2013-07-13 15:20 . 2013-07-13 15:21 4188160 ----a-w- c:\program files (x86)\GUTE07F.tmp

2013-07-13 15:20 . 2013-07-13 15:20 -------- d-----w- c:\program files (x86)\GUMDF75.tmp

2013-07-12 20:20 . 2013-07-12 20:20 0 ----a-w- c:\program files (x86)\GUT54B6.tmp

2013-07-12 20:20 . 2013-07-12 20:20 -------- d-----w- c:\program files (x86)\GUM54B5.tmp

2013-07-11 16:36 . 2013-08-04 22:29 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys

2013-07-11 13:04 . 2013-06-11 23:43 817664 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-07-11 13:04 . 2013-06-11 23:43 108032 ----a-w- c:\program files (x86)\Internet Explorer\jsdebuggeride.dll

2013-07-11 13:04 . 2013-06-11 23:26 1084928 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-07-11 13:04 . 2013-06-11 23:26 1365504 ----a-w- c:\windows\system32\urlmon.dll

2013-07-11 13:04 . 2013-06-11 23:43 1767936 ----a-w- c:\windows\SysWow64\wininet.dll

2013-07-11 13:04 . 2013-06-11 23:25 53248 ----a-w- c:\windows\system32\jsproxy.dll

2013-07-11 13:04 . 2013-06-11 23:26 2241024 ----a-w- c:\windows\system32\wininet.dll

2013-07-11 13:04 . 2013-06-11 23:25 15404032 ----a-w- c:\windows\system32\ieframe.dll

2013-07-11 13:04 . 2013-06-11 23:25 19238912 ----a-w- c:\windows\system32\mshtml.dll

2013-07-11 04:27 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-07-10 20:39 . 2013-04-10 05:48 1732608 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2013-07-10 20:39 . 2013-04-10 05:46 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2013-07-10 20:39 . 2013-04-10 05:46 1393152 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2013-07-10 20:39 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-07-10 20:39 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-07-10 20:33 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll

2013-07-10 20:33 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll

2013-07-10 20:33 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll

2013-07-10 20:33 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll

2013-07-10 20:33 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll

2013-07-10 20:33 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll

2013-07-10 20:33 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll

2013-07-10 20:32 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll

2013-07-10 20:32 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll

2013-07-10 20:32 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL

2013-07-10 20:32 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL

2013-07-10 05:29 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll

2013-07-10 05:29 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-07-10 04:32 . 2013-07-10 04:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2013-07-06 03:15 . 2013-07-06 03:15 4249600 ----a-w- c:\program files (x86)\GUTE6.tmp

2013-07-06 03:15 . 2013-07-06 03:15 -------- d-----w- c:\program files (x86)\GUME5.tmp

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-07-16 13:29 . 2012-12-23 13:10 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-07-16 13:29 . 2012-12-23 13:10 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-01 04:45 . 2013-07-01 04:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2013-06-24 03:57 . 2012-12-10 21:40 78277128 ----a-w- c:\windows\system32\MRT.exe

2013-05-13 05:51 . 2013-06-12 10:01 184320 ----a-w- c:\windows\system32\cryptsvc.dll

2013-05-13 05:51 . 2013-06-12 10:01 1464320 ----a-w- c:\windows\system32\crypt32.dll

2013-05-13 05:51 . 2013-06-12 10:01 139776 ----a-w- c:\windows\system32\cryptnet.dll

2013-05-13 05:50 . 2013-06-12 10:01 52224 ----a-w- c:\windows\system32\certenc.dll

2013-05-13 04:45 . 2013-06-12 10:01 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll

2013-05-13 04:45 . 2013-06-12 10:01 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll

2013-05-13 04:45 . 2013-06-12 10:01 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll

2013-05-13 03:43 . 2013-06-12 10:01 1192448 ----a-w- c:\windows\system32\certutil.exe

2013-05-13 03:08 . 2013-06-12 10:01 903168 ----a-w- c:\windows\SysWow64\certutil.exe

2013-05-13 03:08 . 2013-06-12 10:01 43008 ----a-w- c:\windows\SysWow64\certenc.dll

2013-05-10 05:49 . 2013-06-12 10:01 30720 ----a-w- c:\windows\system32\cryptdlg.dll

2013-05-10 03:20 . 2013-06-12 10:01 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll

2013-05-08 06:39 . 2013-06-12 10:03 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ---ha-w- c:\users\Bruna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ---ha-w- c:\users\Bruna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ---ha-w- c:\users\Bruna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 130736 ---ha-w- c:\users\Bruna\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-07 19676256]

"AdobeBridge"="c:\program files (x86)\Adobe\Adobe Bridge CS5\Bridge.exe" [2010-03-09 11989960]

"Facebook Update"="c:\users\Bruna\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-06-05 138096]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

c:\users\Bruna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Bruna\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2013-07-15 14:23 1410088 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginCef]

2012-12-26 15:03 1652584 ----a-w- c:\program files (x86)\GbPlugin\gbiehcef.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll c:\progra~3\browse~1\261519~1.190\{c16c1~1\browserprotect.dll

"LoadAppInit_DLLs"=1 (0x1)

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys;c:\windows\SYSNATIVE\drivers\GbpKm.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys;c:\windows\SYSNATIVE\DRIVERS\bcmvwl64.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe;c:\program files (x86)\Google\Update\GoogleUpdate.exe [x]

R3 HPx9G+;HPx9G+ Device USB Driver;c:\windows\system32\DRIVERS\HPx9G2k.sys;c:\windows\SYSNATIVE\DRIVERS\HPx9G2k.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys;c:\windows\SYSNATIVE\DRIVERS\avgtdia.sys [x]

S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]

S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]

S2 BrowserProtect;BrowserProtect;c:\programdata\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe;c:\programdata\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe [x]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe;c:\programdata\IBUpdaterService\ibsvc.exe [x]

S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]

S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

S2 Virtual Router;VirtualRouterService;c:\program files (x86)\Virtual Router\VirtualRouterService.exe;c:\program files (x86)\Virtual Router\VirtualRouterService.exe [x]

S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

2013-07-31 00:21 1173456 ----a-w- c:\program files (x86)\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe

.

Contents of the 'Scheduled Tasks' folder

.

2013-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-23 13:29]

.

2013-08-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2708133366-2409928266-3073261000-1000Core.job

- c:\users\Bruna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-05 22:27]

.

2013-08-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2708133366-2409928266-3073261000-1000UA.job

- c:\users\Bruna\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-06-05 22:27]

.

2013-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-10 21:01]

.

2013-08-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-10 21:01]

.

2013-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2708133366-2409928266-3073261000-1000Core.job

- c:\users\Bruna\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-09 21:01]

.

2013-08-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2708133366-2409928266-3073261000-1000UA.job

- c:\users\Bruna\AppData\Local\Google\Update\GoogleUpdate.exe [2013-01-09 21:01]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ---ha-w- c:\users\Bruna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ---ha-w- c:\users\Bruna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ---ha-w- c:\users\Bruna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2013-05-25 00:36 164016 ---ha-w- c:\users\Bruna\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-07 166424]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-07 391192]

"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-07 413720]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-14 10144288]

"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]

"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-06-01 660360]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

Trusted Zone: caixa.gov.br\imagem

Trusted Zone: caixa.gov.br\internetbanking

Trusted Zone: caixa.gov.br\www

TCP: DhcpNameServer = 192.168.10.1

TCP: Interfaces\{92E531DA-3242-4F10-AF23-A7254EA653D8}: NameServer = 200.235.128.2,200.235.129.2

.

- - - - ORPHANS REMOVED - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Google\Chrome\Application\chrome.exe

c:\program files (x86)\Google\Chrome\Application\chrome.exe

c:\program files (x86)\Google\Chrome\Application\chrome.exe

c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

c:\program files (x86)\Google\Chrome\Application\chrome.exe

c:\program files (x86)\Google\Chrome\Application\chrome.exe

c:\program files (x86)\Common Files\Java\Java Update\jucheck.exe

.

**************************************************************************

.

Completion time: 2013-08-04 19:40:26 - machine was rebooted

ComboFix-quarantined-files.txt 2013-08-04 22:40

.

Pre-Run: 361,605,328,896 bytes free

Post-Run: 361,251,012,608 bytes free

.

- - End Of File - - 7E61CBFCE998E5F886DBB3095EAE6D33

A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

Renato, não me abandone, pfv =)

Você acha que pode me ajudar a retirar o pesquisa-brasil e o 22find?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Este é o log do malwarebytes. Mas o ainda não consigo acessar alguns sites utilizando o internet explorer :-(

E o find22 continua inicializando no IE. (http://www.22find.com/?utm_source=b&utm_medium=cor&from=cor&uid=HitachiXHTS545050B9A300_101208PBN408X7GNEX0LX&ts=1361537866)

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.08.18.05

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

Bruna :: BRUNA-NOTEBOOK [administrador]

Proteção: Permitir

8/18/2013 10:41:13 PM

mbam-log-2013-08-18 (22-41-13).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 230617

Tempo decorrido: 5 minuto(s), 17 segundo(s)

Processos de Memória Detectados: 3

C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (PUP.Optional.BrowserDefender.A) -> 2460 -> Será deletado na próxima inicialização.

C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (PUP.Optional.BrowserDefender.A) -> 2556 -> Será deletado na próxima inicialização.

C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.Optional.InstallBrain) -> 2592 -> Será deletado na próxima inicialização.

Módulos de Memória Detectados: 1

C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll (PUP.Optional.BrowserDefender.A) -> Será deletado na próxima inicialização.

Chaves de Registro Detectadas: 6

HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.Optional.InstallBrain) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service (PUP.Optional.InstallBrain) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\DataMngr_Toolbar (PUP.Optional.DataMngr) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\InstallCore\funmoods (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 1

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main|bProtector Start Page (PUP.BProtector) -> Data: -> Enviado para a Quarentena e deletado com sucesso.

Itens de Dados no Registro Detectadas: 2

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|AppInit_DLLs (PUP.Optional.BrowserDefender.A) -> Ruim: (c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll) Bom: () -> Será deletado na próxima inicialização.

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel|HomePage (PUM.Hijack.HomePageControl) -> Ruim: (1) Bom: (0) -> Enviado para a Quarentena e reparado com sucesso.

Pastas Detectadas: 38

C:\ProgramData\IBUpdaterService (PUP.InstallBrain) -> Será deletado na próxima inicialização.

C:\Users\Bruna\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365 (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\components (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\desk_bkg (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)AVGAVG2013avgui (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)CommonFilesAppleMobileDeviceSupportSyncServer (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)GoogleChromeApplicationchrome (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)GoogleDrivegoogledrivesync (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)InternetExploreriexplore (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)iTunesiTunesHelper (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14EXCEL (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14MSACCESS (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14OUTLOOK (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14POWERPNT (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14WINWORD (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)RealAlternativeMediaPlayerClassicmplayerc (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)SkypePhoneSkype (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFilesAdobeAdobePhotoshopCS5(64Bit)Photoshop (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CUsersBrunaAppDataLocalGoogleGoogleTalkPlugingoogletalkplugin (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CUsersBrunaAppDataLocalTemp1 (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CUsersBrunaAppDataLocalTempICReinstall_itunes-1100163-baixaki-32-bits (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CUsersBrunaAppDataRoamingDropboxbinDropbox (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CWindowsexplorer (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CWindowsInstaller{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}SkypeIcon (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CWindowsSystem32dwm (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CWindowsSystem32mspaint (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CWindowsSystem32taskhost (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\Cxamppapachebinhttpd (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\promote (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\sysicons (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\Desk 365 (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Iminent\Mediator (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Iminent\Mediator\Datas (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\Tarma Installer (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504} (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Cache (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 143

C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll (PUP.Optional.BrowserDefender.A) -> Será deletado na próxima inicialização.

C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe (PUP.Optional.BrowserDefender.A) -> Será deletado na próxima inicialização.

C:\ProgramData\IBUpdaterService\ibsvc.exe (PUP.Optional.InstallBrain) -> Será deletado na próxima inicialização.

C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\File Scout\filescout.exe (Trojan.PUP.Optional.FileScout.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\Downloads\ccleaner-4034151-baixaki-32-bits.exe (PUP.Optional.InstallCore) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\Downloads\daemon-tools-lite-44610327-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\Downloads\DTLite4461-0327.exe (PUP.Optional.OpenCandy) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\Downloads\eTypeSetup.exe (PUP.Optional.InstallBrain) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\Downloads\rcpsetupdsnr_ds54790.exe (PUP.Optional.RegCleanerPro) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\Downloads\Update.exe (PUP.Optional.Ibryte) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\Downloads\VideoPerformerSetup.exe (PUP.Optional.InstallBrain) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\Downloads\VLCMediaPlayerSetup-fFZlHrJ.exe (PUP.Optional.Somoto) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\IBUpdaterService\repository.xml (PUP.InstallBrain) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\promote.xml (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\accelerate (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\desk_bkg_list.xml (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\desk_list.xml (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\desk_settings.ini (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\dl_1361537925.exe (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\process_mgr.xml (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\recent.xml (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\components\component_libcef_1.963.439.exe (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_1.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_2.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_3.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_4.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_5.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\desk_bkg\desk_bkg_default.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\angrybirds_32_32.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\angrybirds_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\sys_computer_20_20.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\sys_computer_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\sys_control_panel_20_20.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\sys_downloads_20_20.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\sys_my_documents_20_20.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\wallpaper_32_32.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\wallpaper_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)AVGAVG2013avgui\AVG User Interface.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)AVGAVG2013avgui\AVG User Interface_16_16.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)AVGAVG2013avgui\AVG User Interface_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)CommonFilesAppleMobileDeviceSupportSyncServer\SyncServer_16_16.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)CommonFilesAppleMobileDeviceSupportSyncServer\SyncServer_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)GoogleChromeApplicationchrome\chrome.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)GoogleChromeApplicationchrome\Chrome_32_32.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)GoogleChromeApplicationchrome\chrome_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)GoogleChromeApplicationchrome\Google Chrome.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)GoogleChromeApplicationchrome\Google Chrome_16_16.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)GoogleChromeApplicationchrome\Google Chrome_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)GoogleDrivegoogledrivesync\Google Drive.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)GoogleDrivegoogledrivesync\Google Drive_16_16.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)GoogleDrivegoogledrivesync\Google Drive_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)GoogleDrivegoogledrivesync\googledrivesync.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)GoogleDrivegoogledrivesync\googledrivesync_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)InternetExploreriexplore\IE.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)InternetExploreriexplore\iexplore.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)InternetExploreriexplore\iexplore_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)InternetExploreriexplore\IE_32_32.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)InternetExploreriexplore\IE_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)iTunesiTunesHelper\iTunesHelper.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)iTunesiTunesHelper\iTunesHelper_16_16.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)iTunesiTunesHelper\iTunesHelper_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14EXCEL\EXCEL.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14EXCEL\EXCEL_32_32.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14EXCEL\EXCEL_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14MSACCESS\MSACCESS.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14MSACCESS\MSACCESS_32_32.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14MSACCESS\MSACCESS_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14OUTLOOK\OUTLOOK.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14OUTLOOK\OUTLOOK_32_32.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14OUTLOOK\OUTLOOK_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14POWERPNT\POWERPNT.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14POWERPNT\POWERPNT_32_32.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14POWERPNT\POWERPNT_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14WINWORD\Microsoft Word.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14WINWORD\Microsoft Word_16_16.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14WINWORD\Microsoft Word_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14WINWORD\WINWORD.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14WINWORD\WINWORD_32_32.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)MicrosoftOfficeOffice14WINWORD\WINWORD_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)RealAlternativeMediaPlayerClassicmplayerc\mplayerc.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)RealAlternativeMediaPlayerClassicmplayerc\mplayerc_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)SkypePhoneSkype\Skype .ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)SkypePhoneSkype\Skype _16_16.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFiles(x86)SkypePhoneSkype\Skype _48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFilesAdobeAdobePhotoshopCS5(64Bit)Photoshop\Adobe Photoshop CS5.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFilesAdobeAdobePhotoshopCS5(64Bit)Photoshop\Adobe Photoshop CS5_16_16.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CProgramFilesAdobeAdobePhotoshopCS5(64Bit)Photoshop\Adobe Photoshop CS5_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CUsersBrunaAppDataLocalGoogleGoogleTalkPlugingoogletalkplugin\Google Talk Plugin.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CUsersBrunaAppDataLocalGoogleGoogleTalkPlugingoogletalkplugin\Google Talk Plugin_16_16.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CUsersBrunaAppDataLocalGoogleGoogleTalkPlugingoogletalkplugin\Google Talk Plugin_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CUsersBrunaAppDataLocalTemp1\1_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CUsersBrunaAppDataLocalTempICReinstall_itunes-1100163-baixaki-32-bits\ICReinstall_i.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CUsersBrunaAppDataLocalTempICReinstall_itunes-1100163-baixaki-32-bits\ICReinstall_i_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CUsersBrunaAppDataRoamingDropboxbinDropbox\Dropbox.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CUsersBrunaAppDataRoamingDropboxbinDropbox\Dropbox_16_16.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CUsersBrunaAppDataRoamingDropboxbinDropbox\Dropbox_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CWindowsexplorer\Windows Explorer.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CWindowsexplorer\Windows Explorer_16_16.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CWindowsexplorer\Windows Explorer_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CWindowsInstaller{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}SkypeIcon\SkypeIcon.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CWindowsInstaller{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}SkypeIcon\SkypeIcon_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CWindowsSystem32dwm\Desktop Window Manager_16_16.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CWindowsSystem32dwm\Desktop Window Manager_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CWindowsSystem32mspaint\Paint.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CWindowsSystem32mspaint\Paint_16_16.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CWindowsSystem32mspaint\Paint_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CWindowsSystem32taskhost\Host Process for Windows Tasks_16_16.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\CWindowsSystem32taskhost\Host Process for Windows Tasks_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\Cxamppapachebinhttpd\Apache HTTP Server.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\Cxamppapachebinhttpd\Apache HTTP Server_16_16.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\icons\Cxamppapachebinhttpd\Apache HTTP Server_48_48.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\promote\computer_32_32.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\promote\control_panel_32_32.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\promote\facebook.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\promote\facebook_32_32.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\promote\GameCenter.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\promote\google.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\promote\google_32_32.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\promote\my_document_32_32.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\promote\twitter.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\promote\twitter_32_32.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\promote\v9.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\promote\youtube.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\promote\youtube_32_32.png (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\sysicons\imageres.dll_104.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\sysicons\imageres.dll_107.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\sysicons\imageres.dll_11.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\sysicons\imageres.dll_175.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Desk 365\sysicons\shell32.dll_21.ico (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\Desk 365\promote.xml (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\Desk 365\desk_bkg_list.xml (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\Desk 365\desk_list.xml (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\Desk 365\desk_settings.ini (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\Desk 365\process_mgr.xml (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\Desk 365\recent.xml (PUP.Optional.Desk365.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Iminent\Mediator\Datas\globalcache.dat (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\Bruna\AppData\Roaming\Iminent\Mediator\Datas\user.dat (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpe a demora, problemas pessoais.

Preciso de novo log do DDS.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×