Ir ao conteúdo
  • Cadastre-se
andrepmster

remover malware adnxs

Recommended Posts

Pessoal bom dia,

Fui infectado com um malware que eu não sei bem o que pode fazer, mas ele exibe ads no google, youtube e twitter por exemplo, e de vez em quando abre uma janela pop-up.

Alguém poderia me ajuda a remover ele por favor?

Segue o log do GMER:

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-08-26 11:51:40

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 465,76GB

Running: wk8vxc8b.exe; Driver: C:\Users\ANDRME~1\AppData\Local\Temp\uwdciaob.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 544 fffff80003406000 45 bytes [00, 00, 10, 02, 4D, 6D, 43, ...]

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 591 fffff8000340602f 16 bytes [00, 02, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\kernel32.dll!FreeLibrary 0000000075ac34a8 5 bytes JMP 000000013c2ac3f4

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\kernel32.dll!FreeLibraryAndExitThread 0000000075add56a 5 bytes JMP 000000013c2ac36c

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075e91401 2 bytes JMP 000000010679a47b

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075e91419 2 bytes JMP 000000010679a493

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075e91431 2 bytes JMP 000000010679a4ab

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075e9144a 2 bytes JMP 0000000075f5fcc4

.text ... * 9

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075e914dd 2 bytes JMP 000000010679a557

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075e914f5 2 bytes JMP 000000010679a56f

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075e9150d 2 bytes JMP 000000010679a587

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075e91525 2 bytes JMP 000000010679a59f

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075e9153d 2 bytes JMP 000000010679a5b7

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075e91555 2 bytes JMP 000000010679a5cf

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075e9156d 2 bytes JMP 000000010679a5e7

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075e91585 2 bytes JMP 000000010679a5ff

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075e9159d 2 bytes JMP 000000010679a617

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075e915b5 2 bytes JMP 000000010679a62f

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075e915cd 2 bytes JMP 000000015c37ce47

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075e916b2 2 bytes JMP 000000010679a72c

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[788] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075e916bd 2 bytes JMP 000000010679a737

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e91401 2 bytes JMP 000000010679a47b

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1264] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e91419 2 bytes JMP 000000010679a493

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e91431 2 bytes JMP 000000010679a4ab

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1264] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e9144a 2 bytes JMP 0000000075f5fcc4

.text ... * 9

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1264] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e914dd 2 bytes JMP 000000010679a557

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e914f5 2 bytes JMP 000000010679a56f

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e9150d 2 bytes JMP 000000010679a587

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1264] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e91525 2 bytes JMP 000000010679a59f

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e9153d 2 bytes JMP 000000010679a5b7

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1264] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e91555 2 bytes JMP 000000010679a5cf

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1264] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e9156d 2 bytes JMP 000000010679a5e7

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1264] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e91585 2 bytes JMP 000000010679a5ff

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1264] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e9159d 2 bytes JMP 000000010679a617

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1264] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e915b5 2 bytes JMP 000000010679a62f

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1264] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e915cd 2 bytes JMP 000000015c37ce47

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e916b2 2 bytes JMP 000000010679a72c

.text C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe[1264] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e916bd 2 bytes JMP 000000010679a737

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e91401 2 bytes JMP 000000010679a47b

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe[1572] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e91419 2 bytes JMP 000000010679a493

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e91431 2 bytes JMP 000000010679a4ab

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e9144a 2 bytes JMP 0000000075f5fcc4

.text ... * 9

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe[1572] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e914dd 2 bytes JMP 000000010679a557

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e914f5 2 bytes JMP 000000010679a56f

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe[1572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e9150d 2 bytes JMP 000000010679a587

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e91525 2 bytes JMP 000000010679a59f

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e9153d 2 bytes JMP 000000010679a5b7

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe[1572] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e91555 2 bytes JMP 000000010679a5cf

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e9156d 2 bytes JMP 000000010679a5e7

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e91585 2 bytes JMP 000000010679a5ff

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe[1572] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e9159d 2 bytes JMP 000000010679a617

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e915b5 2 bytes JMP 000000010679a62f

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e915cd 2 bytes JMP 000000015c37ce47

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e916b2 2 bytes JMP 000000010679a72c

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe[1572] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e916bd 2 bytes JMP 000000010679a737

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\fccomint.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e91401 2 bytes JMP 000000010679a47b

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\fccomint.exe[1992] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e91419 2 bytes JMP 000000010679a493

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\fccomint.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e91431 2 bytes JMP 000000010679a4ab

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\fccomint.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e9144a 2 bytes JMP 0000000075f5fcc4

.text ... * 9

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\fccomint.exe[1992] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e914dd 2 bytes JMP 000000010679a557

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\fccomint.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e914f5 2 bytes JMP 000000010679a56f

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\fccomint.exe[1992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e9150d 2 bytes JMP 000000010679a587

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\fccomint.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e91525 2 bytes JMP 000000010679a59f

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\fccomint.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e9153d 2 bytes JMP 000000010679a5b7

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\fccomint.exe[1992] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e91555 2 bytes JMP 000000010679a5cf

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\fccomint.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e9156d 2 bytes JMP 000000010679a5e7

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\fccomint.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e91585 2 bytes JMP 000000010679a5ff

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\fccomint.exe[1992] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e9159d 2 bytes JMP 000000010679a617

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\fccomint.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e915b5 2 bytes JMP 000000010679a62f

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\fccomint.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e915cd 2 bytes JMP 000000015c37ce47

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\fccomint.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e916b2 2 bytes JMP 000000010679a72c

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\fccomint.exe[1992] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e916bd 2 bytes JMP 000000010679a737

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e91401 2 bytes JMP 000000010679a47b

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e91419 2 bytes JMP 000000010679a493

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e91431 2 bytes JMP 000000010679a4ab

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e9144a 2 bytes JMP 0000000075f5fcc4

.text ... * 9

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e914dd 2 bytes JMP 000000010679a557

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e914f5 2 bytes JMP 000000010679a56f

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e9150d 2 bytes JMP 000000010679a587

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e91525 2 bytes JMP 000000010679a59f

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e9153d 2 bytes JMP 000000010679a5b7

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e91555 2 bytes JMP 000000010679a5cf

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e9156d 2 bytes JMP 000000010679a5e7

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e91585 2 bytes JMP 000000010679a5ff

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e9159d 2 bytes JMP 000000010679a617

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e915b5 2 bytes JMP 000000010679a62f

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e915cd 2 bytes JMP 000000015c37ce47

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e916b2 2 bytes JMP 000000010679a72c

.text C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2752] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e916bd 2 bytes JMP 000000010679a737

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e91401 2 bytes JMP 000000010679a47b

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe[3268] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e91419 2 bytes JMP 000000010679a493

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e91431 2 bytes JMP 000000010679a4ab

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e9144a 2 bytes JMP 0000000075f5fcc4

.text ... * 9

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe[3268] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e914dd 2 bytes JMP 000000010679a557

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e914f5 2 bytes JMP 000000010679a56f

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe[3268] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e9150d 2 bytes JMP 000000010679a587

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e91525 2 bytes JMP 000000010679a59f

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e9153d 2 bytes JMP 000000010679a5b7

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe[3268] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e91555 2 bytes JMP 000000010679a5cf

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e9156d 2 bytes JMP 000000010679a5e7

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e91585 2 bytes JMP 000000010679a5ff

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe[3268] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e9159d 2 bytes JMP 000000010679a617

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e915b5 2 bytes JMP 000000010679a62f

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e915cd 2 bytes JMP 000000015c37ce47

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e916b2 2 bytes JMP 000000010679a72c

.text C:\Program Files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe[3268] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e916bd 2 bytes JMP 000000010679a737

.text C:\Program Files (x86)\Steam\Steam.exe[3320] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000075a6549c 5 bytes JMP 00000001000f0800

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e91401 2 bytes JMP 000000010679a47b

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6120] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e91419 2 bytes JMP 000000010679a493

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e91431 2 bytes JMP 000000010679a4ab

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e9144a 2 bytes JMP 0000000075f5fcc4

.text ... * 9

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6120] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e914dd 2 bytes JMP 000000010679a557

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e914f5 2 bytes JMP 000000010679a56f

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e9150d 2 bytes JMP 000000010679a587

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e91525 2 bytes JMP 000000010679a59f

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e9153d 2 bytes JMP 000000010679a5b7

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6120] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e91555 2 bytes JMP 000000010679a5cf

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e9156d 2 bytes JMP 000000010679a5e7

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e91585 2 bytes JMP 000000010679a5ff

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6120] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e9159d 2 bytes JMP 000000010679a617

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e915b5 2 bytes JMP 000000010679a62f

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e915cd 2 bytes JMP 000000015c37ce47

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e916b2 2 bytes JMP 000000010679a72c

.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe[6120] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e916bd 2 bytes JMP 000000010679a737

.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e91401 2 bytes JMP 000000010679a47b

.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4364] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e91419 2 bytes JMP 000000010679a493

.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e91431 2 bytes JMP 000000010679a4ab

.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e9144a 2 bytes JMP 0000000075f5fcc4

.text ... * 9

.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4364] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e914dd 2 bytes JMP 000000010679a557

.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e914f5 2 bytes JMP 000000010679a56f

.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e9150d 2 bytes JMP 000000010679a587

.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e91525 2 bytes JMP 000000010679a59f

.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e9153d 2 bytes JMP 000000010679a5b7

.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4364] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e91555 2 bytes JMP 000000010679a5cf

.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e9156d 2 bytes JMP 000000010679a5e7

.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e91585 2 bytes JMP 000000010679a5ff

.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e9159d 2 bytes JMP 000000010679a617

.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e915b5 2 bytes JMP 000000010679a62f

.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e915cd 2 bytes JMP 000000015c37ce47

.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e916b2 2 bytes JMP 000000010679a72c

.text C:\Program Files (x86)\AVG\AVG2013\avgui.exe[4364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e916bd 2 bytes JMP 000000010679a737

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e91401 2 bytes JMP 000000010679a47b

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5444] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e91419 2 bytes JMP 000000010679a493

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e91431 2 bytes JMP 000000010679a4ab

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e9144a 2 bytes JMP 0000000075f5fcc4

.text ... * 9

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5444] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e914dd 2 bytes JMP 000000010679a557

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e914f5 2 bytes JMP 000000010679a56f

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e9150d 2 bytes JMP 000000010679a587

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e91525 2 bytes JMP 000000010679a59f

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e9153d 2 bytes JMP 000000010679a5b7

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5444] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e91555 2 bytes JMP 000000010679a5cf

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e9156d 2 bytes JMP 000000010679a5e7

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e91585 2 bytes JMP 000000010679a5ff

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5444] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e9159d 2 bytes JMP 000000010679a617

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e915b5 2 bytes JMP 000000010679a62f

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e915cd 2 bytes JMP 000000015c37ce47

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e916b2 2 bytes JMP 000000010679a72c

.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5444] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e916bd 2 bytes JMP 000000010679a737

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e91401 2 bytes JMP 000000010679a47b

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3408] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e91419 2 bytes JMP 000000010679a493

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e91431 2 bytes JMP 000000010679a4ab

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e9144a 2 bytes JMP 0000000075f5fcc4

.text ... * 9

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3408] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e914dd 2 bytes JMP 000000010679a557

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e914f5 2 bytes JMP 000000010679a56f

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e9150d 2 bytes JMP 000000010679a587

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e91525 2 bytes JMP 000000010679a59f

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e9153d 2 bytes JMP 000000010679a5b7

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3408] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e91555 2 bytes JMP 000000010679a5cf

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e9156d 2 bytes JMP 000000010679a5e7

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e91585 2 bytes JMP 000000010679a5ff

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3408] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e9159d 2 bytes JMP 000000010679a617

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e915b5 2 bytes JMP 000000010679a62f

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e915cd 2 bytes JMP 000000015c37ce47

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e916b2 2 bytes JMP 000000010679a72c

.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3408] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e916bd 2 bytes JMP 000000010679a737

.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1436] C:\Windows\syswow64\KERNELBASE.dll!HeapCreate 0000000075a6549c 5 bytes JMP 00000001001d0800

.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e91401 2 bytes JMP 000000010679a47b

.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1436] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e91419 2 bytes JMP 000000010679a493

.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e91431 2 bytes JMP 000000010679a4ab

.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1436] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e9144a 2 bytes JMP 0000000075f5fcc4

.text ... * 9

.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1436] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e914dd 2 bytes JMP 000000010679a557

.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e914f5 2 bytes JMP 000000010679a56f

.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e9150d 2 bytes JMP 000000010679a587

.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1436] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e91525 2 bytes JMP 000000010679a59f

.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e9153d 2 bytes JMP 000000010679a5b7

.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1436] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e91555 2 bytes JMP 000000010679a5cf

.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1436] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e9156d 2 bytes JMP 000000010679a5e7

.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1436] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e91585 2 bytes JMP 000000010679a5ff

.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1436] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e9159d 2 bytes JMP 000000010679a617

.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1436] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e915b5 2 bytes JMP 000000010679a62f

.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1436] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e915cd 2 bytes JMP 000000015c37ce47

.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e916b2 2 bytes JMP 000000010679a72c

.text C:\Program Files (x86)\Common Files\Steam\SteamService.exe[1436] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e916bd 2 bytes JMP 000000010679a737

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075e91401 2 bytes JMP 000000010679a47b

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3216] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075e91419 2 bytes JMP 000000010679a493

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075e91431 2 bytes JMP 000000010679a4ab

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075e9144a 2 bytes JMP 0000000075f5fcc4

.text ... * 9

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3216] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075e914dd 2 bytes JMP 000000010679a557

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075e914f5 2 bytes JMP 000000010679a56f

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075e9150d 2 bytes JMP 000000010679a587

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075e91525 2 bytes JMP 000000010679a59f

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075e9153d 2 bytes JMP 000000010679a5b7

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3216] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075e91555 2 bytes JMP 000000010679a5cf

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075e9156d 2 bytes JMP 000000010679a5e7

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075e91585 2 bytes JMP 000000010679a5ff

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075e9159d 2 bytes JMP 000000010679a617

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075e915b5 2 bytes JMP 000000010679a62f

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075e915cd 2 bytes JMP 000000015c37ce47

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075e916b2 2 bytes JMP 000000010679a72c

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075e916bd 2 bytes JMP 000000010679a737

---- Threads - GMER 2.1 ----

Thread C:\Windows\SysWOW64\ntdll.dll [2016:2020] 0000000001645fc9

Thread C:\Windows\SysWOW64\ntdll.dll [2016:2108] 0000000071494240

Thread C:\Windows\SysWOW64\ntdll.dll [2016:2160] 0000000071494240

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3859f93eb7bc

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3859f93eb7bc@945103df7e06 0x86 0xDC 0xF1 0x2E ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3859f93eb7bc (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3859f93eb7bc@945103df7e06 0x86 0xDC 0xF1 0x2E ...

---- EOF - GMER 2.1 ----

Segue log DDS:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16660 BrowserJavaVersion: 10.21.2

Run by André Mendes at 10:58:11 on 2013-08-26

.

============== Running Processes ================

.

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Dell Wireless\Ath_CoexAgent.exe

C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe

C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe

C:\Program Files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe

C:\Program Files (x86)\Fortinet\FortiClient VPN\fccomint.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe

C:\Program Files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe

C:\ProgramData\DatacardService\DCSHelper.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe

C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe

C:\Program Files (x86)\Samsung\Kies\Kies.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe

C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe

C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe

C:\Program Files (x86)\AVG\AVG2013\avgui.exe

C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Common Files\Steam\SteamService.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Windows Live\Mail\wlmail.exe

C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

C:\Users\André Mendes\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\André Mendes\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\André Mendes\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\André Mendes\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\André Mendes\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\André Mendes\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\André Mendes\AppData\Local\Google\Chrome\Application\chrome.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://br.hao123.com/?tn=4shared_hp_hao123_br

uSearch Bar = hxxp://www.google.com/ie

uSearch Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

uURLSearchHooks: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - <orphaned>

mWinlogon: Userinit = userinit.exe

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

BHO: LyricXeeker: {e1190605-0ea7-41fd-8bfb-628630435d22} - C:\Program Files (x86)\LyriXeeker\130.dll

uRun: [Google Update] "C:\Users\André Mendes\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

uRun: [chromium] C:\Users\André Mendes\AppData\Local\Google\Chrome\Application\chrome.exe --no-startup-window

uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload

uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup

uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [steam] "C:\Program Files (x86)\Steam\steam.exe" -silent

mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"

mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"

mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

mRun: [Dell Registration] C:\Program Files (x86)\System Registration\prodreg.exe /boot

mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [RoxWatchTray] "C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe"

mRun: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe"

mRun: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup

mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY

mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 201.17.0.53 201.17.0.83 201.6.4.116

TCP: Interfaces\{C7EA0D63-7AED-4611-88A4-99D20824556D} : DHCPNameServer = 201.17.0.53 201.17.0.83 201.6.4.116

TCP: Interfaces\{C7EA0D63-7AED-4611-88A4-99D20824556D}\2456C696E68616 : DHCPNameServer = 201.17.0.84 201.17.0.52

TCP: Interfaces\{C7EA0D63-7AED-4611-88A4-99D20824556D}\36963736F6 : DHCPNameServer = 201.17.0.84 201.17.0.52

TCP: Interfaces\{C7EA0D63-7AED-4611-88A4-99D20824556D}\55E494355514D4F575966496F564275656A5F6E656 : DHCPNameServer = 10.110.0.1

TCP: Interfaces\{C7EA0D63-7AED-4611-88A4-99D20824556D}\55E494355514D4F57596669664275656A5F6E656 : DHCPNameServer = 10.110.0.1

TCP: Interfaces\{C7EA0D63-7AED-4611-88A4-99D20824556D}\56163797E656470323 : DHCPNameServer = 192.168.0.200

TCP: Interfaces\{C7EA0D63-7AED-4611-88A4-99D20824556D}\C696E6B6379737 : DHCPNameServer = 201.17.0.53 201.17.0.63 201.17.0.45

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: scriptproxy: {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"

x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"

x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup

x64-Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\André Mendes\AppData\Roaming\Mozilla\Firefox\Profiles\v5y60ulx.default\

.

============= SERVICES / DRIVERS ===============

.

.

=============== File Associations ===============

.

FileExt: .chm: Applications\wordpad.exe="C:\Program Files (x86)\Windows NT\Accessories\WORDPAD.EXE" "%1" [userChoice]

.

=============== Created Last 30 ================

.

2013-08-26 13:26:35 -------- d-----w- C:\Program Files\CCleaner

2013-08-26 12:57:04 -------- d-----w- C:\Program Files (x86)\LyriXeeker

2013-08-24 20:15:59 -------- d-----w- C:\Users\André Mendes\Avantasia Mystery of Time

2013-08-24 20:15:51 -------- d-----w- C:\Users\André Mendes\Ze Ramalho - Grandes Sucessos

2013-08-23 19:27:55 3913664 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-08-23 19:27:54 3968960 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-08-23 19:27:53 5550528 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-08-23 19:27:53 243712 ----a-w- C:\Windows\System32\wow64.dll

2013-08-23 19:27:53 1732032 ----a-w- C:\Windows\System32\ntdll.dll

2013-08-23 19:27:53 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll

2013-08-23 19:27:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-08-23 19:27:51 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-08-23 19:27:51 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-08-23 19:27:51 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-08-23 19:27:51 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-08-22 03:28:53 -------- d-----w- C:\Program Files\Enigma Software Group

2013-08-22 03:28:18 -------- d-----w- C:\Windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP

2013-08-22 03:28:17 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard

2013-08-21 19:26:56 -------- d-----w- C:\Users\André Mendes\AppData\Roaming\Ashampoo

2013-08-21 19:26:44 -------- d-----w- C:\ProgramData\ashampoo

2013-08-19 14:58:11 -------- d-----w- C:\Users\André Mendes\Krisiun Discography

2013-08-17 12:07:47 -------- d-----w- C:\Users\André Mendes\AppData\Roaming\Command & Conquer 3 Kane's Wrath

2013-08-17 08:16:37 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2013-08-17 08:16:35 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2013-08-17 08:09:15 1643520 ----a-w- C:\Windows\System32\DWrite.dll

2013-08-17 08:09:14 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll

2013-08-17 06:35:38 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-16 20:29:49 -------- d-----w- C:\Users\André Mendes\BSG-season 1

2013-08-16 20:25:42 -------- d-----w- C:\Users\André Mendes\Breaking.Bad.S01.Season.1.720p.BRRip.x264-Visionx

2013-08-16 20:25:22 -------- d-----w- C:\Users\André Mendes\Breaking.Bad.S03.Season.3.720p.BRRip.x264-VisionX

2013-08-16 20:25:15 -------- d-----w- C:\Users\André Mendes\Breaking.Bad.S04.Season.4.720p.WEB-DL.x264.MIKY

2013-08-16 20:24:56 -------- d-----w- C:\Users\André Mendes\Breaking.Bad.S02.Season.2.720p.BRrip.x264-VisionX

2013-08-16 15:06:46 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll

2013-08-16 15:05:57 39936 ----a-w- C:\Windows\System32\drivers\tssecsrv.sys

2013-08-16 15:05:28 751104 ----a-w- C:\Windows\System32\win32spl.dll

2013-08-16 15:05:28 492544 ----a-w- C:\Windows\SysWow64\win32spl.dll

2013-08-16 15:05:25 3153920 ----a-w- C:\Windows\System32\win32k.sys

2013-08-16 15:05:07 30720 ----a-w- C:\Windows\System32\cryptdlg.dll

2013-08-16 15:05:07 24576 ----a-w- C:\Windows\SysWow64\cryptdlg.dll

2013-08-16 15:04:45 1367040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\journal.dll

2013-08-16 15:04:44 936448 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-08-16 15:04:41 1910208 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-08-16 15:04:33 1192448 ----a-w- C:\Windows\System32\certutil.exe

2013-08-16 15:04:32 903168 ----a-w- C:\Windows\SysWow64\certutil.exe

2013-08-16 15:04:31 52224 ----a-w- C:\Windows\System32\certenc.dll

2013-08-16 15:04:31 43008 ----a-w- C:\Windows\SysWow64\certenc.dll

2013-08-16 15:03:27 1887232 ----a-w- C:\Windows\System32\d3d11.dll

2013-08-16 15:03:24 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll

2013-08-04 13:49:55 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service

2013-08-03 10:44:16 -------- d-----w- C:\Users\André Mendes\AppData\Roaming\Red Alert 3

2013-07-30 02:21:33 -------- d-----w- C:\Users\André Mendes\AppData\Roaming\Command & Conquer 3 Tiberium Wars

.

==================== Find3M ====================

.

2013-08-26 12:46:27 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys

2013-08-20 19:52:29 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-20 19:52:29 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2013-08-17 06:35:38 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-07-25 09:25:54 1888768 ----a-w- C:\Windows\System32\WMVDECOD.DLL

2013-07-25 08:57:27 1620992 ----a-w- C:\Windows\SysWow64\WMVDECOD.DLL

2013-07-20 04:51:00 311608 ----a-w- C:\Windows\System32\drivers\avgloga.sys

2013-07-20 04:50:56 71480 ----a-w- C:\Windows\System32\drivers\avgidsha.sys

2013-07-20 04:50:56 246072 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys

2013-07-20 04:50:50 206648 ----a-w- C:\Windows\System32\drivers\avgldx64.sys

2013-07-19 01:58:42 2048 ----a-w- C:\Windows\System32\tzres.dll

2013-07-19 01:41:01 2048 ----a-w- C:\Windows\SysWow64\tzres.dll

2013-07-10 04:32:38 45880 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys

2013-07-09 05:52:52 224256 ----a-w- C:\Windows\System32\wintrust.dll

2013-07-09 05:51:16 1217024 ----a-w- C:\Windows\System32\rpcrt4.dll

2013-07-09 05:46:20 184320 ----a-w- C:\Windows\System32\cryptsvc.dll

2013-07-09 05:46:20 1472512 ----a-w- C:\Windows\System32\crypt32.dll

2013-07-09 05:46:20 139776 ----a-w- C:\Windows\System32\cryptnet.dll

2013-07-09 04:52:33 663552 ----a-w- C:\Windows\SysWow64\rpcrt4.dll

2013-07-09 04:52:10 175104 ----a-w- C:\Windows\SysWow64\wintrust.dll

2013-07-09 04:46:31 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll

2013-07-09 04:46:31 1166848 ----a-w- C:\Windows\SysWow64\crypt32.dll

2013-07-09 04:46:31 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll

2013-07-09 04:45:07 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2013-07-01 04:45:28 116536 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys

2013-06-08 21:15:11 107368 ----a-w- C:\Windows\System32\LMIRfsClientNP.dll

2013-06-08 21:15:09 35656 ----a-w- C:\Windows\System32\LMIport.dll

2013-06-08 21:15:09 100680 ----a-w- C:\Windows\System32\LMIinit.dll

2013-06-04 06:00:13 624128 ----a-w- C:\Windows\System32\qedit.dll

2013-06-04 04:53:07 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

.

============= FINISH: 10:58:32,96 ===============

Segue o log attach:

.

==== Installed Programs ======================

.

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4) MUI

Advanced Audio FX Engine

Age of Empires II: HD Edition

µTorrent

AVG 2013

Beyond Compare Version 3.3.7

Bluetooth Win7 Suite (64)

Camtasia Studio 8

CCleaner

Cisco WebEx Meetings

Command and Conquer 3: Kane's Wrath

Command and Conquer 3: Tiberium Wars

Command and Conquer: Red Alert 3

Command and Conquer: Red Alert 3 - Uprising

Controle ActiveX do Windows Live Mesh para Conexões Remotas

Counter-Strike: Global Offensive

CyberLink PowerDVD 9.5

D3DX10

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Dell Bluetooth Installation

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell DataSafe Online

Dell Edoc Viewer

Dell Getting Started Guide

Dell PhotoStage

Dell Product Registration

Dell Support Center

Dell Touchpad

Dell VideoStage

Dell Webcam Central

Dev-C++ 5 beta 9 release (4.9.9.2)

DirectX 9 Runtime

Dota 2

Facebook Video Calling 1.2.0.287

Football Manager 2013

FortiClient VPN

GameRanger

Google Chrome

Google Drive

Google Update Helper

Half-Life 2

IDT Audio

Intel® Processor Graphics

Intel® SDK for OpenCL - CPU Only Runtime Package

Java 7 Update 10 (64-bit)

Java 7 Update 21

Java Auto Updater

Java 6 Update 24 (64-bit)

Java 6 Update 29

Java SE Development Kit 7 Update 1 (64-bit)

JavaFX 2.1.1

Junk Mail filter update

K-Lite Codec Pack 7.9.0 (Full)

Kies Air Discovery Service

LogMeIn

LyricXeeker

Módulo de Proteção Santander 3.2.0.2

Mesh Runtime

Messenger Plus! 5

Microsoft .NET Framework 1.1

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Office Access MUI (English) 2010

Microsoft Office Access Setup Metadata MUI (English) 2010

Microsoft Office Excel MUI (English) 2010

Microsoft Office Groove MUI (English) 2010

Microsoft Office InfoPath MUI (English) 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (English) 2010

Microsoft Office Outlook MUI (English) 2010

Microsoft Office PowerPoint MUI (English) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (French) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (English) 2010

Microsoft Office Publisher MUI (English) 2010

Microsoft Office Shared 64-bit MUI (English) 2010

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010

Microsoft Office Shared MUI (English) 2010

Microsoft Office Shared Setup Metadata MUI (English) 2010

Microsoft Office Word MUI (English) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable - KB2467175

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106

Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106

Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106

Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106

Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106

Mozilla Firefox 23.0.1 (x86 pt-BR)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MyFreeCodec

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Palco de Música da Dell

Palco Dell

Pando Media Booster

PhotoShowExpress

Picasa 3

Portal

Portal 2

Quickset64

RaidCall

RBVirtualFolder64Inst

Real Alternative 2.0.2

Revo Uninstaller 1.94

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Samsung Kies

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Extended (KB2416472)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Shared C Run-time for x64

Sid Meier's Civilization V

Skype™ 6.6

Sonic CinePlayer Decoder Pack

Spybot - Search & Destroy

StarUML 5.0.2.1570

Steam

TeamViewer 8

Torchlight II

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2473228)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2836939)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Visual Studio 2008 x64 Redistributables

Visual Studio 2010 x64 Redistributables

Visualizador do Microsoft PowerPoint

Vivo - Guia Vivo Internet versão 1.0

VIVO INTERNET

Winamp

Winamp Detectar Aplicação

Windows 7 USB/DVD Download Tool

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinPcap 4.1.1

WinRAR 4.01 (64-bit)

Worms Revolution

XviD Video Codec (remove only)

.

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Depois,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Segue log do Malwarebytes Anti-Malware:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.08.26.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

André Mendes :: ANDRÉMENDES-PC [limitado]

28/08/2013 09:50:15

mbam-log-2013-08-28 (09-50-15).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 258209

Tempo decorrido: 8 minuto(s), 35 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

Segue o log do ComboFix:

ComboFix 13-08-28.02 - André Mendes 28/08/2013 10:05:47.1.4 - x64

Executando de: c:\users\AndrÚ Mendes\Downloads\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\_ctypes.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\_elementtree.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\_hashlib.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\_multiprocessing.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\_socket.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\_ssl.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\msvcp100.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\msvcr100.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\pyexpat.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\pysqlite2._sqlite.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\python27.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\pythoncom27.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\PyWinTypes27.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\select.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\unicodedata.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\win32api.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\win32com.shell.shell.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\win32crypt.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\win32event.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\win32file.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\win32inet.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\win32pdh.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\win32process.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\win32profile.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\win32security.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\win32ts.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\windows._cacheinvalidation.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\wx._controls_.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\wx._core_.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\wx._gdi_.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\wx._html2.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\wx._misc_.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\wx._windows_.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\wx._wizard.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\wxbase294u_net_vc90.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\wxbase294u_vc90.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\wxmsw294u_adv_vc90.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\wxmsw294u_core_vc90.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\wxmsw294u_html_vc90.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI58322\wxmsw294u_webview_vc90.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\_ctypes.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\_elementtree.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\_hashlib.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\_multiprocessing.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\_socket.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\_ssl.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\msvcp100.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\msvcr100.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\pyexpat.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\pysqlite2._sqlite.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\python27.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\pythoncom27.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\PyWinTypes27.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\select.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\unicodedata.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\win32api.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\win32com.shell.shell.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\win32crypt.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\win32event.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\win32file.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\win32inet.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\win32pdh.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\win32process.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\win32profile.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\win32security.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\win32ts.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\windows._cacheinvalidation.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\wx._controls_.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\wx._core_.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\wx._gdi_.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\wx._html2.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\wx._misc_.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\wx._windows_.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\wx._wizard.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\wxbase294u_net_vc90.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\wxbase294u_vc90.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\wxmsw294u_adv_vc90.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\wxmsw294u_core_vc90.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\wxmsw294u_html_vc90.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI58322\wxmsw294u_webview_vc90.dll

c:\windows\SysWow64\Packet.dll

c:\windows\SysWow64\pthreadVC.dll

c:\windows\SysWow64\wpcap.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_NPF

-------\Service_npf

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-07-28 to 2013-08-28 ))))))))))))))))))))))))))))

.

.

2013-08-28 13:15 . 2013-08-28 13:15 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-08-28 13:15 . 2013-08-28 13:15 -------- d-----w- c:\users\Administrador\AppData\Local\temp

2013-08-28 13:11 . 2013-08-28 13:11 0 ----a-w- c:\windows\SysWow64\drivers\SROUTE.SYS

2013-08-28 13:11 . 2013-08-28 13:11 0 ----a-w- c:\windows\SysWow64\drivers\MRXDAVV.SYS

2013-08-28 13:11 . 2013-08-28 13:11 0 ----a-w- c:\windows\SysWow64\drivers\tcpv6srv.sys

2013-08-28 10:57 . 2013-08-28 11:00 -------- d-----w- c:\users\André Mendes\The.Godfather.Trilogy.[ I. II. III ].1080p.BluRay.x264.anoXmous

2013-08-28 10:05 . 2013-08-28 10:05 -------- d-----w- c:\users\André Mendes\AppData\Local\{F4A89A89-8AE4-45D2-A3BF-85D7FC3C940D}

2013-08-27 15:18 . 2013-08-27 15:18 -------- d-----w- c:\users\André Mendes\Doctor.Strange-The.Sorcerer.Supreme[2007]DvDrip.AC3[Eng]-aXXo

2013-08-27 14:11 . 2013-08-27 14:11 -------- d-----w- c:\users\André Mendes\AppData\Local\{04860B68-677D-45DC-B434-9F57484D7423}

2013-08-27 01:20 . 2013-08-27 01:21 -------- d-----w- c:\users\André Mendes\AppData\Local\{3D327CC2-D1F6-4E8B-B55A-29C1555C2B6A}

2013-08-26 17:28 . 2013-08-26 17:28 -------- d-----w- c:\windows\ERUNT

2013-08-26 17:19 . 2013-08-26 17:20 -------- d-----w- C:\AdwCleaner

2013-08-26 15:45 . 2013-08-26 15:45 -------- d-----w- c:\users\André Mendes\AppData\Roaming\Malwarebytes

2013-08-26 15:44 . 2013-08-26 15:44 -------- d-----w- c:\programdata\Malwarebytes

2013-08-26 15:44 . 2013-08-26 15:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-08-26 15:44 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-26 15:44 . 2013-08-26 15:44 -------- d-----w- c:\users\André Mendes\AppData\Local\Programs

2013-08-26 13:26 . 2013-08-26 13:26 -------- d-----w- c:\program files\CCleaner

2013-08-24 20:15 . 2013-08-24 20:16 -------- d-----w- c:\users\André Mendes\Avantasia Mystery of Time

2013-08-24 20:15 . 2013-08-24 20:16 -------- d-----w- c:\users\André Mendes\Ze Ramalho - Grandes Sucessos

2013-08-23 19:27 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-08-23 19:27 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-08-23 19:27 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-23 19:27 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll

2013-08-23 19:27 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll

2013-08-23 19:27 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll

2013-08-23 19:27 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-08-23 19:27 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-08-23 19:27 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-08-23 19:27 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-08-23 19:27 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-08-22 03:28 . 2013-08-22 03:28 -------- d-----w- c:\program files\Enigma Software Group

2013-08-22 03:28 . 2013-08-22 03:38 -------- d-----w- c:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP

2013-08-22 03:28 . 2013-08-22 03:28 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2013-08-21 19:26 . 2013-08-21 19:26 -------- d-----w- c:\users\André Mendes\AppData\Roaming\Ashampoo

2013-08-21 19:26 . 2013-08-21 19:26 -------- d-----w- c:\users\André Mendes\AppData\Local\ashampoo

2013-08-21 19:26 . 2013-08-21 19:26 -------- d-----w- c:\programdata\ashampoo

2013-08-19 14:58 . 2013-08-19 21:25 -------- d-----w- c:\users\André Mendes\Krisiun Discography

2013-08-17 12:07 . 2013-08-17 12:09 -------- d-----w- c:\users\André Mendes\AppData\Roaming\Command & Conquer 3 Kane's Wrath

2013-08-17 08:16 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-08-17 08:16 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2013-08-17 08:09 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll

2013-08-17 08:09 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-08-17 06:35 . 2013-08-17 06:35 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-17 00:56 . 2013-08-17 00:56 -------- d-----w- c:\users\Default\AppData\Local\Google

2013-08-16 20:29 . 2013-08-16 21:25 -------- d-----w- c:\users\André Mendes\BSG-season 1

2013-08-16 20:25 . 2013-08-16 20:49 -------- d-----w- c:\users\André Mendes\Breaking.Bad.S01.Season.1.720p.BRRip.x264-Visionx

2013-08-16 20:25 . 2013-08-17 03:18 -------- d-----w- c:\users\André Mendes\Breaking.Bad.S03.Season.3.720p.BRRip.x264-VisionX

2013-08-16 20:25 . 2013-08-17 03:03 -------- d-----w- c:\users\André Mendes\Breaking.Bad.S04.Season.4.720p.WEB-DL.x264.MIKY

2013-08-16 20:24 . 2013-08-17 03:13 -------- d-----w- c:\users\André Mendes\Breaking.Bad.S02.Season.2.720p.BRrip.x264-VisionX

2013-08-16 15:06 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-08-16 15:05 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2013-08-16 15:05 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll

2013-08-16 15:05 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-08-16 15:05 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-08-16 15:05 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll

2013-08-16 15:05 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll

2013-08-16 15:04 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-08-16 15:04 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-08-16 15:04 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-16 15:04 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe

2013-08-16 15:04 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe

2013-08-16 15:04 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll

2013-08-16 15:04 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll

2013-08-16 15:03 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll

2013-08-16 15:03 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll

2013-08-04 13:50 . 2013-08-04 13:50 -------- d-----w- c:\users\André Mendes\AppData\Local\Macromedia

2013-08-04 13:50 . 2013-08-04 13:50 -------- d-----w- c:\users\André Mendes\AppData\Local\Mozilla

2013-08-04 13:49 . 2013-08-21 13:15 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

2013-08-03 10:44 . 2013-08-03 10:44 -------- d-----w- c:\users\André Mendes\AppData\Roaming\Red Alert 3

2013-07-30 02:21 . 2013-08-03 14:10 -------- d-----w- c:\users\André Mendes\AppData\Roaming\Command & Conquer 3 Tiberium Wars

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-08-28 13:18 . 2013-07-22 21:50 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys

2013-08-20 19:52 . 2013-02-23 18:12 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-08-20 19:52 . 2011-08-13 01:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-20 04:51 . 2013-07-20 04:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys

2013-07-20 04:50 . 2013-07-20 04:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2013-07-20 04:50 . 2013-07-20 04:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2013-07-20 04:50 . 2013-07-20 04:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2013-07-10 04:32 . 2013-07-10 04:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2013-07-09 04:45 . 2013-08-23 19:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-07-01 04:45 . 2013-07-01 04:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2013-06-08 21:15 . 2013-04-02 23:53 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2013-06-08 21:15 . 2013-04-02 23:53 35656 ----a-w- c:\windows\system32\LMIport.dll

2013-06-08 21:15 . 2013-04-02 23:53 100680 ----a-w- c:\windows\system32\LMIinit.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-23 3077528]

"chromium"="c:\users\André Mendes\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-08-16 829392]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-02-13 1509232]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-07-26 1807272]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-08-14 800768]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2013-06-28 19:33 1529976 ----a-w- c:\program files (x86)\GbPlugin\gbiehabn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]

R3 cpuz136;cpuz136;c:\users\ANDRME~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\ANDRME~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys;c:\windows\SYSNATIVE\DRIVERS\ssudobex.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]

S2 avgwd;Watchdog do AVG;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]

S2 FA_MINISCH;FortiClient Mini Scheduler;c:\program files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe;c:\program files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe [x]

S2 Fortips;Fortips;c:\windows\system32\drivers\fortips.sys;c:\windows\SYSNATIVE\drivers\fortips.sys [x]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

S3 Fortidrv2;Fortinet Fortinet Packet Filter Service;c:\windows\system32\DRIVERS\fortidrv.sys;c:\windows\SYSNATIVE\DRIVERS\fortidrv.sys [x]

S3 ft_vnic;Fortinet network virtual adapter;c:\windows\system32\DRIVERS\ftvnic.sys;c:\windows\SYSNATIVE\DRIVERS\ftvnic.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

--- =Outros Serviços/Drivers Na Memória ---

.

*NewlyCreated* - WS2IFSL

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-08-28 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 19:52]

.

2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-13 01:40]

.

2013-08-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-13 01:40]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]

"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-03-31 617120]

"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-03-31 379552]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-11-29 57928]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-15 171064]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-15 399416]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-15 441912]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santanderempresarial.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: santandernet.com.br\wwws

Trusted Zone: santandernet.com.br\wwws2

Trusted Zone: santandernetibe.com.br\www

Trusted Zone: secureweb.com.br\www

TCP: DhcpNameServer = 201.17.0.53 201.17.0.83 201.6.4.116

FF - ProfilePath - c:\users\André Mendes\AppData\Roaming\Mozilla\Firefox\Profiles\v5y60ulx.default\

.

- - - - ORFÃOS REMOVIDOS - - - -

.

URLSearchHooks-{e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start

Toolbar-Locked - (no file)

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Fortinet\FortiClient VPN\fccomint.exe

c:\program files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\TeamViewer\Version8\tv_w32.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-08-28 10:28:19 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-08-28 13:28

.

Pré-execução: 87.391.092.736 bytes disponíveis

Pós execução: 87.078.551.552 bytes disponíveis

.

- - End Of File - - 2FE47BFA1B4F960EA113DFB8CAF2CD8E

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá,

Acabei pegando mais malwares em algum lugar e resolvi rodar o MBAM novamente, posso devo rodar o combofix novamente também?

Segue log do Malwarebytes Anti-Malware:

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.08.26.04

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 10.0.9200.16660

André Mendes :: ANDRÉMENDES-PC [administrador]

29/08/2013 14:05:22

mbam-log-2013-08-29 (14-05-22).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 257287

Tempo decorrido: 6 minuto(s), 18 segundo(s)

Processos de Memória Detectados: 1

C:\Users\André Mendes\AppData\Local\Lollipop\Lollipop.exe (Adware.LolliPop.IT) -> 6908 -> Será deletado na próxima inicialização.

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 48

HKCR\CLSID\{9cf699ca-2174-4ed8-bec1-ba82095edce0} (PUP.DealPly) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9CF699CA-2174-4ED8-BEC1-BA82095EDCE0} (PUP.DealPly) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FAC62512-B68A-508A-FE4D-F37181875758} (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8DF2AE0C-081C-E339-3F96-2EDB225ECDF6} (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dealply (PUP.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\lollipop (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly (PUP.Optional.DealPly) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLive.OneClickCtrl.9 (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLive.OneClickProcessLauncherMachine (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLive.OneClickProcessLauncherMachine.1.0 (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLive.Update3WebControl.3 (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.CoCreateAsync (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.CoCreateAsync.1.0 (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.CoreClass (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.CoreClass.1 (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.CoreMachineClass (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.CoreMachineClass.1 (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.CredentialDialogMachine (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.CredentialDialogMachine.1.0 (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachine (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachine.1.0 (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.OnDemandCOMClassMachineFallback.1.0 (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.OnDemandCOMClassSvc (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.OnDemandCOMClassSvc.1.0 (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.ProcessLauncher (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.ProcessLauncher.1.0 (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.Update3COMClassService (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.Update3COMClassService.1.0 (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.Update3WebMachine (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.Update3WebMachine.1.0 (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.Update3WebMachineFallback (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.Update3WebMachineFallback.1.0 (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.Update3WebSvc (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\DealPlyLiveUpdate.Update3WebSvc.1.0 (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SYSTEM\CurrentControlSet\Services\dealplylive (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DEALPLYLIVE.EXE (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SYSTEM\CurrentControlSet\Services\dealplylivem (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\CLSID\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80} (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

HKCR\CLSID\{0D89DE71-3D99-4288-84DC-F18F1047A7D8} (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 16

C:\Users\André Mendes\AppData\Local\Lollipop (Adware.LolliPop.IT) -> Será deletado na próxima inicialização.

C:\Program Files (x86)\DealPly (PUP.Optional.DealPly) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly (PUP.OPtional.Dealply) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\DealPlyLive (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\DealPlyLive\Update (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\DealPlyLive\Update\Log (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Roaming\Dealply (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Roaming\Dealply\UpdateProc (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\CrashReports (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0 (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\Download (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\Install (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\Offline (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\Offline\{CB5FD469-81B8-4CE9-A703-C3C1A9C3A72C} (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

Arquivos Detectados: 116

C:\Program Files (x86)\DealPly\DealPlyIE.dll (PUP.DealPly) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\InstallMate\{5088DEF2-940C-4966-AB8D-DC2E8B6BFC04}\Setup.exe (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\InstallMate\{5088DEF2-940C-4966-AB8D-DC2E8B6BFC04}\TsuDll.dll (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\InstallMate\{60425393-8D44-4B5D-A9B6-C566BBA17165}\Setup.exe (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\InstallMate\{60425393-8D44-4B5D-A9B6-C566BBA17165}\TsuDll.dll (PUP.Optional.Tarma.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Roaming\Dealply\UpdateProc\UpdateTask.exe (PUP.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Temp\ALLPlayer53__2303_il186147.exe (PUP.Optional.Amonetize) -> Enviado para a Quarentena e deletado com sucesso.

C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Enviado para a Quarentena e deletado com sucesso.

C:\Windows\System32\drivers\MRXDAVV.SYS (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.

C:\Windows\SysWOW64\drivers\MRXDAVV.SYS (Trojan.Agent) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop.bat (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\logo.ico (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\Lollipop.exe (Adware.LolliPop.IT) -> Será deletado na próxima inicialização.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop.lpd (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_08282117.exe (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_08282217.exe (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_08282318.exe (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_08290018.exe (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_08290256.exe (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_08290419.exe (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_08290519.exe (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_08290620.exe (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_08290720.exe (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_08290820.exe (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_08290920.exe (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_08291020.exe (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_08291121.exe (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_08291221.exe (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_08291321.exe (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_08291421.exe (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_08291521.exe (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_08291621.exe (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_cfg.lpd (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Local\Lollipop\lollipop_ps.lpd (Adware.LolliPop.IT) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPly\DealPly.crx (PUP.Optional.DealPly) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPly\DealPly.xpi (PUP.Optional.DealPly) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPly\DealPlyIE64.dll (PUP.Optional.DealPly) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPly\DealPlyUpdate.exe (PUP.Optional.DealPly) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPly\DealPlyUpdateRun.exe (PUP.Optional.DealPly) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPly\DealPlyUpdateVer.exe (PUP.Optional.DealPly) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPly\icon.ico (PUP.Optional.DealPly) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPly\uninst.exe (PUP.Optional.DealPly) -> Enviado para a Quarentena e deletado com sucesso.

C:\Windows\Tasks\DealPlyLiveUpdateTaskMachineCore.job (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk (PUP.OPtional.Dealply) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.url (PUP.OPtional.Dealply) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.url (PUP.OPtional.Dealply) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\DealPlyLive.exe (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\ProgramData\DealPlyLive\Update\Log\DealPlyLive.log (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Roaming\Dealply\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Roaming\Dealply\UpdateProc\STTL.DAT (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Users\André Mendes\AppData\Roaming\Dealply\UpdateProc\TTL.DAT (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLive.exe (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveBroker.exe (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHandler.exe (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveHelper.msi (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\DealPlyLiveOnDemand.exe (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdate.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_am.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ar.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bg.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_bn.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ca.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_cs.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_da.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_de.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_el.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en-GB.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_en.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es-419.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_es.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_et.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fa.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fi.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fil.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_fr.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_gu.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hi.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hr.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_hu.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_id.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_is.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_it.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_iw.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ja.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_kn.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ko.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lt.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_lv.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ml.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_mr.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ms.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_nl.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_no.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pl.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-BR.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_pt-PT.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ro.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ru.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sk.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sl.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sr.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sv.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_sw.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ta.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_te.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_th.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_tr.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_uk.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_ur.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_vi.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-CN.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\goopdateres_zh-TW.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\npGoogleUpdate3.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psmachine.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

C:\Program Files (x86)\DealPlyLive\Update\1.3.23.0\psuser.dll (PUP.Optional.DealPly.A) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tem usado mídias removíveis?

Use novamente o ComboFix e poste o log.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Só o meu pendrive e celular ultimamente.

Segue log do Combofix:

ComboFix 13-08-28.02 - André Mendes 03/09/2013 6:47.2.4 - x64

Executando de: c:\users\AndrÚ Mendes\Desktop\ComboFix.exe

.

- MODO DE FUNCIONALIDADE REDUZIDA -

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\0

c:\programdata\idt

c:\programdata\ntuser.dat

c:\windows\SysWow64\drivers\SROUTE.SYS

c:\windows\SysWow64\drivers\tcpv6srv.sys

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-08-03 to 2013-09-03 ))))))))))))))))))))))))))))

.

.

2013-09-03 09:51 . 2013-09-03 09:51 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-03 09:51 . 2013-09-03 09:51 -------- d-----w- c:\users\Administrador\AppData\Local\temp

2013-09-03 09:45 . 2013-09-03 09:45 0 ----a-w- c:\windows\SysWow64\drivers\AFD.SYS

2013-09-03 01:00 . 2013-09-03 01:01 -------- d-----w- c:\users\André Mendes\AppData\Local\{7E4CE529-CCF0-499E-9AF0-14AB609DFFD5}

2013-09-03 00:08 . 2013-09-03 00:08 -------- d-----w- c:\users\André Mendes\AppData\Local\{4BD6A01B-BBC1-4DB2-AB50-116BE616CA04}

2013-09-02 11:32 . 2013-09-02 11:32 -------- d-----w- c:\users\André Mendes\AppData\Local\{86F32264-BA4E-4425-87F2-7435B8E6707B}

2013-09-01 13:10 . 2013-09-01 13:10 -------- d-----w- c:\users\André Mendes\AppData\Local\{09F10931-5ADB-4907-8288-0FF0EE6D0D1A}

2013-09-01 11:40 . 2013-09-01 11:40 -------- d-----w- c:\users\André Mendes\AppData\Local\{5918E8BF-1D0F-469A-8331-6A5CDBB5B96B}

2013-08-31 23:39 . 2013-08-31 23:39 -------- d-----w- c:\users\André Mendes\AppData\Local\{6C4542B8-54BD-4C26-8BCF-FCB5FC8692E6}

2013-08-30 22:14 . 2013-08-30 22:14 -------- d-----w- c:\users\André Mendes\AppData\Local\{F1A63CFA-E324-4A36-9761-DE346D3A0A49}

2013-08-30 10:14 . 2013-08-30 10:14 -------- d-----w- c:\users\André Mendes\AppData\Local\{D36828A0-8404-4AD1-8CA3-DC5FD63164AB}

2013-08-29 10:28 . 2013-08-29 10:29 -------- d-----w- c:\users\André Mendes\AppData\Local\{3F68A639-6FEF-4BB1-BFF2-2E83D6276759}

2013-08-28 22:05 . 2013-08-28 22:05 -------- d-----w- c:\users\André Mendes\AppData\Local\{15C2E4F2-1424-4BF3-BAC8-B7968C4FF903}

2013-08-28 14:18 . 2009-09-28 01:02 797184 ----a-w- c:\windows\SysWow64\ac3filter.ax

2013-08-28 14:18 . 2007-10-07 16:36 258048 ----a-w- c:\windows\SysWow64\libFLAC.dll

2013-08-28 14:18 . 2013-08-28 14:18 -------- d-----w- c:\users\André Mendes\AppData\Local\ALLPlayer

2013-08-28 14:18 . 2013-08-28 14:18 -------- d-----w- c:\program files (x86)\ALLPlayer

2013-08-28 14:17 . 2013-08-28 14:17 -------- d-----w- c:\users\André Mendes\AppData\Local\DealPlyLive

2013-08-28 14:16 . 2013-08-29 17:23 -------- d-----w- c:\users\André Mendes\AppData\Local\SwvUpdater

2013-08-28 14:15 . 2013-08-28 14:15 -------- d-----w- c:\programdata\SummerSoft

2013-08-28 14:14 . 2013-08-28 14:20 -------- d-----w- c:\program files (x86)\Legendas-2.30

2013-08-28 14:14 . 2013-08-28 14:21 -------- d-----w- c:\programdata\InstallMate

2013-08-28 10:57 . 2013-08-28 11:00 -------- d-----w- c:\users\André Mendes\The.Godfather.Trilogy.[ I. II. III ].1080p.BluRay.x264.anoXmous

2013-08-28 10:05 . 2013-08-28 10:05 -------- d-----w- c:\users\André Mendes\AppData\Local\{F4A89A89-8AE4-45D2-A3BF-85D7FC3C940D}

2013-08-27 15:18 . 2013-08-27 15:18 -------- d-----w- c:\users\André Mendes\Doctor.Strange-The.Sorcerer.Supreme[2007]DvDrip.AC3[Eng]-aXXo

2013-08-27 14:11 . 2013-08-27 14:11 -------- d-----w- c:\users\André Mendes\AppData\Local\{04860B68-677D-45DC-B434-9F57484D7423}

2013-08-27 01:20 . 2013-08-27 01:21 -------- d-----w- c:\users\André Mendes\AppData\Local\{3D327CC2-D1F6-4E8B-B55A-29C1555C2B6A}

2013-08-26 17:28 . 2013-08-26 17:28 -------- d-----w- c:\windows\ERUNT

2013-08-26 17:19 . 2013-08-26 17:20 -------- d-----w- C:\AdwCleaner

2013-08-26 15:45 . 2013-08-26 15:45 -------- d-----w- c:\users\André Mendes\AppData\Roaming\Malwarebytes

2013-08-26 15:44 . 2013-08-26 15:44 -------- d-----w- c:\programdata\Malwarebytes

2013-08-26 15:44 . 2013-08-26 15:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-08-26 15:44 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-26 15:44 . 2013-08-26 15:44 -------- d-----w- c:\users\André Mendes\AppData\Local\Programs

2013-08-26 13:26 . 2013-08-26 13:26 -------- d-----w- c:\program files\CCleaner

2013-08-24 20:15 . 2013-08-24 20:16 -------- d-----w- c:\users\André Mendes\Avantasia Mystery of Time

2013-08-24 20:15 . 2013-08-24 20:16 -------- d-----w- c:\users\André Mendes\Ze Ramalho - Grandes Sucessos

2013-08-23 19:27 . 2013-07-09 05:03 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-08-23 19:27 . 2013-07-09 05:03 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-08-23 19:27 . 2013-07-09 06:03 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-23 19:27 . 2013-07-09 05:54 1732032 ----a-w- c:\windows\system32\ntdll.dll

2013-08-23 19:27 . 2013-07-09 05:53 243712 ----a-w- c:\windows\system32\wow64.dll

2013-08-23 19:27 . 2013-07-09 04:53 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll

2013-08-23 19:27 . 2013-07-09 02:49 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-08-23 19:27 . 2013-07-09 04:52 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-08-23 19:27 . 2013-07-09 02:49 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-08-23 19:27 . 2013-07-09 02:49 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-08-23 19:27 . 2013-07-09 02:49 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-08-22 03:28 . 2013-08-22 03:28 -------- d-----w- c:\program files\Enigma Software Group

2013-08-22 03:28 . 2013-08-22 03:38 -------- d-----w- c:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP

2013-08-22 03:28 . 2013-08-22 03:28 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2013-08-21 19:26 . 2013-08-21 19:26 -------- d-----w- c:\users\André Mendes\AppData\Roaming\Ashampoo

2013-08-21 19:26 . 2013-08-21 19:26 -------- d-----w- c:\users\André Mendes\AppData\Local\ashampoo

2013-08-21 19:26 . 2013-08-21 19:26 -------- d-----w- c:\programdata\ashampoo

2013-08-19 14:58 . 2013-08-19 21:25 -------- d-----w- c:\users\André Mendes\Krisiun Discography

2013-08-17 12:07 . 2013-08-17 12:09 -------- d-----w- c:\users\André Mendes\AppData\Roaming\Command & Conquer 3 Kane's Wrath

2013-08-17 08:16 . 2013-04-17 06:24 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll

2013-08-17 08:16 . 2013-04-17 07:02 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll

2013-08-17 08:09 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll

2013-08-17 08:09 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll

2013-08-17 06:35 . 2013-08-17 06:35 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-17 00:56 . 2013-08-17 00:56 -------- d-----w- c:\users\Default\AppData\Local\Google

2013-08-16 20:29 . 2013-08-16 21:25 -------- d-----w- c:\users\André Mendes\BSG-season 1

2013-08-16 20:25 . 2013-08-28 14:43 -------- d-----w- c:\users\André Mendes\Breaking.Bad.S01.Season.1.720p.BRRip.x264-Visionx

2013-08-16 20:25 . 2013-08-28 15:06 -------- d-----w- c:\users\André Mendes\Breaking.Bad.S03.Season.3.720p.BRRip.x264-VisionX

2013-08-16 20:25 . 2013-08-28 15:06 -------- d-----w- c:\users\André Mendes\Breaking.Bad.S04.Season.4.720p.WEB-DL.x264.MIKY

2013-08-16 20:24 . 2013-08-28 15:05 -------- d-----w- c:\users\André Mendes\Breaking.Bad.S02.Season.2.720p.BRrip.x264-VisionX

2013-08-16 15:06 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll

2013-08-16 15:05 . 2013-06-15 04:32 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys

2013-08-16 15:05 . 2013-04-26 05:51 751104 ----a-w- c:\windows\system32\win32spl.dll

2013-08-16 15:05 . 2013-04-26 04:55 492544 ----a-w- c:\windows\SysWow64\win32spl.dll

2013-08-16 15:05 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys

2013-08-16 15:05 . 2013-05-10 05:49 30720 ----a-w- c:\windows\system32\cryptdlg.dll

2013-08-16 15:05 . 2013-05-10 03:20 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll

2013-08-16 15:04 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2013-08-16 15:04 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2013-08-16 15:04 . 2013-07-06 06:03 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-08-16 15:04 . 2013-05-13 03:43 1192448 ----a-w- c:\windows\system32\certutil.exe

2013-08-16 15:04 . 2013-05-13 03:08 903168 ----a-w- c:\windows\SysWow64\certutil.exe

2013-08-16 15:04 . 2013-05-13 05:50 52224 ----a-w- c:\windows\system32\certenc.dll

2013-08-16 15:04 . 2013-05-13 03:08 43008 ----a-w- c:\windows\SysWow64\certenc.dll

2013-08-16 15:03 . 2013-03-31 22:52 1887232 ----a-w- c:\windows\system32\d3d11.dll

2013-08-16 15:03 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll

2013-08-04 13:50 . 2013-08-04 13:50 -------- d-----w- c:\users\André Mendes\AppData\Local\Macromedia

2013-08-04 13:50 . 2013-08-04 13:50 -------- d-----w- c:\users\André Mendes\AppData\Local\Mozilla

2013-08-04 13:49 . 2013-08-21 13:15 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-02 22:43 . 2013-07-22 21:50 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys

2013-08-20 19:52 . 2013-02-23 18:12 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-08-20 19:52 . 2011-08-13 01:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-07-20 04:51 . 2013-07-20 04:51 311608 ----a-w- c:\windows\system32\drivers\avgloga.sys

2013-07-20 04:50 . 2013-07-20 04:50 71480 ----a-w- c:\windows\system32\drivers\avgidsha.sys

2013-07-20 04:50 . 2013-07-20 04:50 246072 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys

2013-07-20 04:50 . 2013-07-20 04:50 206648 ----a-w- c:\windows\system32\drivers\avgldx64.sys

2013-07-10 04:32 . 2013-07-10 04:32 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2013-07-09 04:45 . 2013-08-23 19:27 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2013-07-01 04:45 . 2013-07-01 04:45 116536 ----a-w- c:\windows\system32\drivers\avgmfx64.sys

2013-06-08 21:15 . 2013-04-02 23:53 107368 ----a-w- c:\windows\system32\LMIRfsClientNP.dll

2013-06-08 21:15 . 2013-04-02 23:53 35656 ----a-w- c:\windows\system32\LMIport.dll

2013-06-08 21:15 . 2013-04-02 23:53 100680 ----a-w- c:\windows\system32\LMIinit.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-23 3077528]

"chromium"="c:\users\André Mendes\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-08-16 829392]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-02-13 1509232]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-08-28 1811880]

"ALLUpdate"="c:\program files (x86)\ALLPlayer\ALLUpdate.exe" [2013-01-11 2995712]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-08-14 800768]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-07-01 4411440]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2013-06-28 19:33 1529976 ----a-w- c:\program files (x86)\GbPlugin\gbiehabn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]

R3 cpuz136;cpuz136;c:\users\ANDRME~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\ANDRME~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys;c:\windows\SYSNATIVE\DRIVERS\ssudobex.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]

S2 avgwd;Watchdog do AVG;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]

S2 FA_MINISCH;FortiClient Mini Scheduler;c:\program files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe;c:\program files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe [x]

S2 Fortips;Fortips;c:\windows\system32\drivers\fortips.sys;c:\windows\SYSNATIVE\drivers\fortips.sys [x]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

S3 Fortidrv2;Fortinet Fortinet Packet Filter Service;c:\windows\system32\DRIVERS\fortidrv.sys;c:\windows\SYSNATIVE\DRIVERS\fortidrv.sys [x]

S3 ft_vnic;Fortinet network virtual adapter;c:\windows\system32\DRIVERS\ftvnic.sys;c:\windows\SYSNATIVE\DRIVERS\ftvnic.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 19:52]

.

2013-09-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-13 01:40]

.

2013-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-13 01:40]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]

"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-03-31 617120]

"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-03-31 379552]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-11-29 57928]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-15 171064]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-15 399416]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-15 441912]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santanderempresarial.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: santandernet.com.br\wwws

Trusted Zone: santandernet.com.br\wwws2

Trusted Zone: santandernetibe.com.br\www

Trusted Zone: secureweb.com.br\www

TCP: DhcpNameServer = 201.17.0.53 201.17.0.83 201.6.4.116

FF - ProfilePath - c:\users\André Mendes\AppData\Roaming\Mozilla\Firefox\Profiles\v5y60ulx.default\

FF - ExtSQL: 2013-08-28 11:17; {e53a26f5-7199-4a5b-86f5-d2e86854b979}; c:\users\André Mendes\AppData\Roaming\Mozilla\Firefox\Profiles\v5y60ulx.default\extensions\{e53a26f5-7199-4a5b-86f5-d2e86854b979}

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-09-03 06:53:44

ComboFix-quarantined-files.txt 2013-09-03 09:53

ComboFix2.txt 2013-08-28 13:28

.

Pré-execução: 88.677.376.000 bytes disponíveis

Pós execução: 88.799.129.600 bytes disponíveis

.

- - End Of File - - D0A267A76899314C7CC21F7EAB7FABF1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Infelizmente seu pendrive aparenta estar infectado.

Poderia executar novamente o ComboFix, porém dessa vez com o pendrive conectado?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Depois que eu rodei o combofix com o pendrive, parece que o computador ficou bichado de novo.

segue log do combofix:

ComboFix 13-08-28.02 - André Mendes 16/09/2013 21:49:10.3.4 - x64

Executando de: c:\users\AndrÚ Mendes\Desktop\ComboFix.exe

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\_ctypes.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\_elementtree.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\_hashlib.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\_multiprocessing.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\_socket.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\_ssl.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\msvcp100.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\msvcr100.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\pyexpat.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\pysqlite2._sqlite.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\python27.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\pythoncom27.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\PyWinTypes27.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\select.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\unicodedata.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\win32api.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\win32com.shell.shell.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\win32crypt.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\win32event.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\win32file.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\win32inet.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\win32pdh.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\win32process.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\win32profile.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\win32security.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\win32ts.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\windows._cacheinvalidation.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\wx._controls_.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\wx._core_.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\wx._gdi_.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\wx._html2.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\wx._misc_.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\wx._windows_.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\wx._wizard.pyd

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\wxbase294u_net_vc90.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\wxbase294u_vc90.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\wxmsw294u_adv_vc90.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\wxmsw294u_core_vc90.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\wxmsw294u_html_vc90.dll

c:\users\ANDRME~1\AppData\Local\Temp\_MEI37762\wxmsw294u_webview_vc90.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\_ctypes.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\_elementtree.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\_hashlib.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\_multiprocessing.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\_socket.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\_ssl.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\msvcp100.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\msvcr100.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\pyexpat.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\pysqlite2._sqlite.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\python27.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\pythoncom27.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\PyWinTypes27.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\select.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\unicodedata.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\win32api.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\win32com.shell.shell.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\win32crypt.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\win32event.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\win32file.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\win32inet.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\win32pdh.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\win32process.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\win32profile.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\win32security.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\win32ts.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\windows._cacheinvalidation.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\wx._controls_.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\wx._core_.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\wx._gdi_.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\wx._html2.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\wx._misc_.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\wx._windows_.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\wx._wizard.pyd

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\wxbase294u_net_vc90.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\wxbase294u_vc90.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\wxmsw294u_adv_vc90.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\wxmsw294u_core_vc90.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\wxmsw294u_html_vc90.dll

c:\users\André Mendes\AppData\Local\Temp\_MEI37762\wxmsw294u_webview_vc90.dll

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-08-17 to 2013-09-17 ))))))))))))))))))))))))))))

.

.

2013-09-17 01:00 . 2013-09-17 01:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-09-17 01:00 . 2013-09-17 01:00 -------- d-----w- c:\users\Administrador\AppData\Local\temp

2013-09-17 00:42 . 2013-09-17 00:43 -------- d-----w- c:\users\André Mendes\AppData\Local\{A03F0355-DD92-4AF3-9A8A-BA462B74BE1C}

2013-09-15 19:07 . 2013-09-15 19:07 -------- d-----w- c:\users\André Mendes\AppData\Local\{37551444-19BE-4E3C-8920-669BA1385D20}

2013-09-15 07:06 . 2013-09-15 07:06 -------- d-----w- c:\users\André Mendes\AppData\Local\{748A0A13-41CD-4915-9C76-C215C82DB8CD}

2013-09-14 03:42 . 2013-09-14 03:42 -------- d-----w- c:\users\André Mendes\AppData\Local\{2AC51126-A0F7-4EC0-ACB1-A48843BEB8E3}

2013-09-14 02:12 . 2013-09-14 02:26 -------- d-----w- c:\users\André Mendes\.android

2013-09-13 00:35 . 2013-09-13 00:35 -------- d-----w- c:\users\André Mendes\AppData\Local\{A0583FA7-1A86-4C43-BAEE-5C08B8AAAE72}

2013-09-12 01:14 . 2013-09-12 01:28 -------- d-----w- c:\users\André Mendes\The Offspring

2013-09-11 23:02 . 2013-09-11 23:02 -------- d-----w- c:\users\André Mendes\AppData\Local\{A38EAD27-D7A1-4492-8ABB-59E2F5FD9EDC}

2013-09-11 06:05 . 2013-08-10 03:58 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-09-11 01:56 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys

2013-09-11 01:56 . 2013-08-02 01:59 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-09-10 22:33 . 2013-09-10 22:33 -------- d-----w- c:\users\André Mendes\AppData\Local\{A28D866B-C21E-4330-9A43-72BAEE7B766C}

2013-09-10 01:31 . 2013-09-10 01:31 -------- d-----w- c:\users\André Mendes\AppData\Local\{6E01419E-CEA0-4CDD-9183-132FBB31736B}

2013-09-09 08:42 . 2013-09-09 08:43 -------- d-----w- c:\users\André Mendes\AppData\Local\{949E1973-FD0A-4A51-9F64-B3E41056DDF3}

2013-09-08 18:27 . 2013-09-08 18:27 -------- d-----w- c:\users\André Mendes\AppData\Local\{5D2A00D6-92F6-4BE5-BE43-4CC8B312367E}

2013-09-08 02:20 . 2013-09-08 02:20 -------- d-----w- c:\users\André Mendes\AppData\Local\{874DC258-4032-481F-BA71-7A1E23106516}

2013-09-07 02:39 . 2013-09-07 02:39 -------- d-----w- c:\users\André Mendes\AppData\Local\{ED74A44B-1BB9-481E-8487-37BDCDB9E801}

2013-09-05 22:42 . 2013-09-05 22:42 -------- d-----w- c:\users\André Mendes\AppData\Local\{23EABC01-F88F-440A-92CF-A6E8093C732A}

2013-09-05 04:43 . 2013-09-05 04:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2013-09-05 02:08 . 2013-09-05 02:08 -------- d-----w- c:\users\André Mendes\AppData\Local\{8B655122-D701-47AE-BC17-6D7C34EA4C66}

2013-09-03 14:39 . 2013-09-03 14:39 -------- d-----w- c:\users\André Mendes\AppData\Local\{BB080255-C0DA-49E8-89F0-60E1DCDC4877}

2013-09-03 09:45 . 2013-09-03 09:45 0 ----a-w- c:\windows\SysWow64\drivers\AFD.SYS

2013-09-03 01:00 . 2013-09-03 01:01 -------- d-----w- c:\users\André Mendes\AppData\Local\{7E4CE529-CCF0-499E-9AF0-14AB609DFFD5}

2013-09-03 00:08 . 2013-09-03 00:08 -------- d-----w- c:\users\André Mendes\AppData\Local\{4BD6A01B-BBC1-4DB2-AB50-116BE616CA04}

2013-09-02 11:32 . 2013-09-02 11:32 -------- d-----w- c:\users\André Mendes\AppData\Local\{86F32264-BA4E-4425-87F2-7435B8E6707B}

2013-09-01 13:10 . 2013-09-01 13:10 -------- d-----w- c:\users\André Mendes\AppData\Local\{09F10931-5ADB-4907-8288-0FF0EE6D0D1A}

2013-09-01 11:40 . 2013-09-01 11:40 -------- d-----w- c:\users\André Mendes\AppData\Local\{5918E8BF-1D0F-469A-8331-6A5CDBB5B96B}

2013-08-31 23:39 . 2013-08-31 23:39 -------- d-----w- c:\users\André Mendes\AppData\Local\{6C4542B8-54BD-4C26-8BCF-FCB5FC8692E6}

2013-08-30 22:14 . 2013-08-30 22:14 -------- d-----w- c:\users\André Mendes\AppData\Local\{F1A63CFA-E324-4A36-9761-DE346D3A0A49}

2013-08-30 10:14 . 2013-08-30 10:14 -------- d-----w- c:\users\André Mendes\AppData\Local\{D36828A0-8404-4AD1-8CA3-DC5FD63164AB}

2013-08-29 10:28 . 2013-08-29 10:29 -------- d-----w- c:\users\André Mendes\AppData\Local\{3F68A639-6FEF-4BB1-BFF2-2E83D6276759}

2013-08-28 22:05 . 2013-08-28 22:05 -------- d-----w- c:\users\André Mendes\AppData\Local\{15C2E4F2-1424-4BF3-BAC8-B7968C4FF903}

2013-08-28 14:18 . 2009-09-28 01:02 797184 ----a-w- c:\windows\SysWow64\ac3filter.ax

2013-08-28 14:18 . 2007-10-07 16:36 258048 ----a-w- c:\windows\SysWow64\libFLAC.dll

2013-08-28 14:18 . 2013-08-28 14:18 -------- d-----w- c:\users\André Mendes\AppData\Local\ALLPlayer

2013-08-28 14:18 . 2013-08-28 14:18 -------- d-----w- c:\program files (x86)\ALLPlayer

2013-08-28 14:17 . 2013-08-28 14:17 -------- d-----w- c:\users\André Mendes\AppData\Local\DealPlyLive

2013-08-28 14:16 . 2013-08-29 17:23 -------- d-----w- c:\users\André Mendes\AppData\Local\SwvUpdater

2013-08-28 14:15 . 2013-08-28 14:15 -------- d-----w- c:\programdata\SummerSoft

2013-08-28 14:14 . 2013-08-28 14:20 -------- d-----w- c:\program files (x86)\Legendas-2.30

2013-08-28 14:14 . 2013-08-28 14:21 -------- d-----w- c:\programdata\InstallMate

2013-08-28 10:57 . 2013-08-28 11:00 -------- d-----w- c:\users\André Mendes\The.Godfather.Trilogy.[ I. II. III ].1080p.BluRay.x264.anoXmous

2013-08-28 10:05 . 2013-08-28 10:05 -------- d-----w- c:\users\André Mendes\AppData\Local\{F4A89A89-8AE4-45D2-A3BF-85D7FC3C940D}

2013-08-27 15:18 . 2013-08-27 15:18 -------- d-----w- c:\users\André Mendes\Doctor.Strange-The.Sorcerer.Supreme[2007]DvDrip.AC3[Eng]-aXXo

2013-08-27 14:11 . 2013-08-27 14:11 -------- d-----w- c:\users\André Mendes\AppData\Local\{04860B68-677D-45DC-B434-9F57484D7423}

2013-08-27 01:20 . 2013-08-27 01:21 -------- d-----w- c:\users\André Mendes\AppData\Local\{3D327CC2-D1F6-4E8B-B55A-29C1555C2B6A}

2013-08-26 17:28 . 2013-08-26 17:28 -------- d-----w- c:\windows\ERUNT

2013-08-26 17:19 . 2013-08-26 17:20 -------- d-----w- C:\AdwCleaner

2013-08-26 15:45 . 2013-08-26 15:45 -------- d-----w- c:\users\André Mendes\AppData\Roaming\Malwarebytes

2013-08-26 15:44 . 2013-08-26 15:44 -------- d-----w- c:\programdata\Malwarebytes

2013-08-26 15:44 . 2013-08-26 15:45 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2013-08-26 15:44 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-08-26 15:44 . 2013-08-26 15:44 -------- d-----w- c:\users\André Mendes\AppData\Local\Programs

2013-08-26 13:26 . 2013-08-26 13:26 -------- d-----w- c:\program files\CCleaner

2013-08-24 20:15 . 2013-08-24 20:16 -------- d-----w- c:\users\André Mendes\Avantasia Mystery of Time

2013-08-24 20:15 . 2013-08-24 20:16 -------- d-----w- c:\users\André Mendes\Ze Ramalho - Grandes Sucessos

2013-08-22 03:28 . 2013-08-22 03:28 -------- d-----w- c:\program files\Enigma Software Group

2013-08-22 03:28 . 2013-08-22 03:38 -------- d-----w- c:\windows\8AE3CFB678B24F55A7BE618FCFF43A03.TMP

2013-08-22 03:28 . 2013-08-22 03:28 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard

2013-08-21 19:26 . 2013-08-21 19:26 -------- d-----w- c:\users\André Mendes\AppData\Roaming\Ashampoo

2013-08-21 19:26 . 2013-08-21 19:26 -------- d-----w- c:\users\André Mendes\AppData\Local\ashampoo

2013-08-21 19:26 . 2013-08-21 19:26 -------- d-----w- c:\programdata\ashampoo

2013-08-19 14:58 . 2013-08-19 21:25 -------- d-----w- c:\users\André Mendes\Krisiun Discography

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-09-17 01:02 . 2013-07-22 21:50 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys

2013-09-13 09:52 . 2013-02-23 18:12 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-09-13 09:52 . 2011-08-13 01:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-17 06:38 . 2013-08-17 06:38 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-08-17 06:38 . 2013-08-17 06:38 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-08-17 06:38 . 2013-08-17 06:38 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-08-17 06:38 . 2013-08-17 06:38 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-08-17 06:38 . 2013-08-17 06:38 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-08-17 06:38 . 2013-08-17 06:38 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-08-17 06:38 . 2013-08-17 06:38 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-08-17 06:38 . 2013-08-17 06:38 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-08-17 06:38 . 2013-08-17 06:38 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-08-17 06:38 . 2013-08-17 06:38 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-08-17 06:38 . 2013-08-17 06:38 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-08-17 06:38 . 2013-08-17 06:38 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-08-17 06:38 . 2013-08-17 06:38 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-08-17 06:38 . 2013-08-17 06:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-08-17 06:38 . 2013-08-17 06:38 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-08-17 06:38 . 2013-08-17 06:38 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-08-17 06:38 . 2013-08-17 06:38 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-08-17 06:38 . 2013-08-17 06:38 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-08-17 06:38 . 2013-08-17 06:38 441856 ----a-w- c:\windows\system32\html.iec

2013-08-17 06:38 . 2013-08-17 06:38 216064 ----a-w- c:\windows\system32\msls31.dll

2013-08-17 06:38 . 2013-08-17 06:38 197120 ----a-w- c:\windows\system32\msrating.dll

2013-08-17 06:38 . 2013-08-17 06:38 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-08-17 06:38 . 2013-08-17 06:38 81408 ----a-w- c:\windows\system32\icardie.dll

2013-08-17 06:38 . 2013-08-17 06:38 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-08-17 06:38 . 2013-08-17 06:38 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-08-17 06:38 . 2013-08-17 06:38 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-08-17 06:38 . 2013-08-17 06:38 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-08-17 06:38 . 2013-08-17 06:38 235008 ----a-w- c:\windows\system32\url.dll

2013-08-17 06:38 . 2013-08-17 06:38 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-08-17 06:38 . 2013-08-17 06:38 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-08-17 06:38 . 2013-08-17 06:38 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-08-17 06:38 . 2013-08-17 06:38 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-08-17 06:38 . 2013-08-17 06:38 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-08-17 06:38 . 2013-08-17 06:38 102912 ----a-w- c:\windows\system32\inseng.dll

2013-08-17 06:38 . 2013-08-17 06:38 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-08-17 06:38 . 2013-08-17 06:38 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-08-17 06:38 . 2013-08-17 06:38 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-08-17 06:38 . 2013-08-17 06:38 144896 ----a-w- c:\windows\system32\wextract.exe

2013-08-17 06:38 . 2013-08-17 06:38 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-08-17 06:38 . 2013-08-17 06:38 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-08-17 06:38 . 2013-08-17 06:38 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-08-17 06:38 . 2013-08-17 06:38 149504 ----a-w- c:\windows\system32\occache.dll

2013-08-17 06:38 . 2013-08-17 06:38 13824 ----a-w- c:\windows\system32\mshta.exe

2013-08-17 06:38 . 2013-08-17 06:38 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-08-17 06:38 . 2013-08-17 06:38 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-08-17 06:38 . 2013-08-17 06:38 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-08-17 06:38 . 2013-08-17 06:38 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-08-17 06:38 . 2013-08-17 06:38 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-08-17 06:38 . 2013-08-17 06:38 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-08-17 06:35 . 2013-08-17 06:35 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-08-17 06:35 . 2013-08-17 06:35 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-08-17 06:35 . 2013-08-17 06:35 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

2013-08-17 06:35 . 2013-08-17 06:35 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2013-08-17 06:35 . 2013-08-17 06:35 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-08-17 06:35 . 2013-08-17 06:35 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-08-17 06:35 . 2013-08-17 06:35 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2013-08-17 06:35 . 2013-08-17 06:35 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-08-17 06:35 . 2013-08-17 06:35 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-08-17 06:35 . 2013-08-17 06:35 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-08-17 06:35 . 2013-08-17 06:35 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-08-17 06:35 . 2013-08-17 06:35 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-08-17 06:35 . 2013-08-17 06:35 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll

2013-08-17 06:35 . 2013-08-17 06:35 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-08-17 06:35 . 2013-08-17 06:35 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2013-08-17 06:35 . 2013-08-17 06:35 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2013-08-17 06:35 . 2013-08-17 06:35 1175552 ----a-w- c:\windows\system32\FntCache.dll

2013-08-17 06:35 . 2013-08-17 06:35 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-08-17 06:35 . 2013-08-17 06:35 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-08-17 06:35 . 2013-08-17 06:35 296960 ----a-w- c:\windows\system32\d3d10core.dll

2013-08-17 06:35 . 2013-08-17 06:35 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-08-17 06:35 . 2013-08-17 06:35 194560 ----a-w- c:\windows\system32\d3d10_1.dll

2013-08-17 06:35 . 2013-08-17 06:35 1238528 ----a-w- c:\windows\system32\d3d10.dll

2013-08-17 06:35 . 2013-08-17 06:35 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2013-08-17 06:35 . 2013-08-17 06:35 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-08-17 06:35 . 2013-08-17 06:35 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

2013-08-17 06:35 . 2013-08-17 06:35 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2013-08-17 06:35 . 2013-08-17 06:35 221184 ----a-w- c:\windows\system32\UIAnimation.dll

2013-08-17 06:35 . 2013-08-17 06:35 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll

2013-08-02 01:48 . 2013-09-11 01:55 44032 ----a-w- c:\windows\apppatch\acwow64.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-23 3077528]

"chromium"="c:\users\André Mendes\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-08-16 829392]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-02-13 1509232]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-09-06 1811368]

"ALLUpdate"="c:\program files (x86)\ALLPlayer\ALLUpdate.exe" [2013-01-11 2995712]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-08-14 800768]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2013-06-28 19:33 1529976 ----a-w- c:\program files (x86)\GbPlugin\gbiehabn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]

R3 cpuz136;cpuz136;c:\users\ANDRME~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\ANDRME~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys;c:\windows\SYSNATIVE\DRIVERS\ssudobex.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]

S2 avgwd;Watchdog do AVG;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]

S2 FA_MINISCH;FortiClient Mini Scheduler;c:\program files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe;c:\program files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe [x]

S2 Fortips;Fortips;c:\windows\system32\drivers\fortips.sys;c:\windows\SYSNATIVE\drivers\fortips.sys [x]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

S3 Fortidrv2;Fortinet Fortinet Packet Filter Service;c:\windows\system32\DRIVERS\fortidrv.sys;c:\windows\SYSNATIVE\DRIVERS\fortidrv.sys [x]

S3 ft_vnic;Fortinet network virtual adapter;c:\windows\system32\DRIVERS\ftvnic.sys;c:\windows\SYSNATIVE\DRIVERS\ftvnic.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-09-17 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 09:52]

.

2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-13 01:40]

.

2013-09-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-13 01:40]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]

"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-03-31 617120]

"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-03-31 379552]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-11-29 57928]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-15 171064]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-15 399416]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-15 441912]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santanderempresarial.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: santandernet.com.br\wwws

Trusted Zone: santandernet.com.br\wwws2

Trusted Zone: santandernetibe.com.br\www

Trusted Zone: secureweb.com.br\www

TCP: DhcpNameServer = 201.17.0.53 201.17.0.83 201.6.4.116

FF - ProfilePath - c:\users\André Mendes\AppData\Roaming\Mozilla\Firefox\Profiles\v5y60ulx.default\

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_174_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_174_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_174.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Fortinet\FortiClient VPN\fccomint.exe

c:\program files (x86)\Fortinet\FortiClient VPN\FortiClientVPN.exe

c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

c:\program files (x86)\TeamViewer\Version8\TeamViewer.exe

c:\program files (x86)\TeamViewer\Version8\tv_w32.exe

.

**************************************************************************

.

Tempo para conclusão: 2013-09-16 22:12:43 - Máquina reiniciou

ComboFix-quarantined-files.txt 2013-09-17 01:12

ComboFix2.txt 2013-09-03 09:53

ComboFix3.txt 2013-08-28 13:28

.

Pré-execução: 79.881.068.544 bytes disponíveis

Pós execução: 79.877.423.104 bytes disponíveis

.

- - End Of File - - 6EAE057B4F7B94AE30BE236F21BB9128

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você pode formatar o seu pendrive?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Nova execução do ComboFix para termos certeza.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desculpa a demora.

Segue o log do que foi orientado:

ComboFix 13-08-28.02 - André Mendes 06/10/2013 23:10:39.4.4 - x64

Executando de: c:\users\AndrÚ Mendes\Desktop\ComboFix.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-09-07 to 2013-10-07 ))))))))))))))))))))))))))))

.

.

2013-10-07 09:25 . 2013-10-07 09:25 -------- d-----w- c:\users\Public\AppData\Local\temp

2013-10-07 09:25 . 2013-10-07 09:25 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-10-07 09:25 . 2013-10-07 09:25 -------- d-----w- c:\users\Administrador\AppData\Local\temp

2013-10-07 02:07 . 2013-10-07 02:07 0 ----a-w- c:\windows\SysWow64\drivers\PROCEXP113.SYS

2013-10-07 00:42 . 2013-10-07 00:42 -------- d-----w- c:\users\André Mendes\AppData\Local\{0E6FA841-89A7-436C-80BF-DEC2D3376BCF}

2013-10-06 22:34 . 2013-10-06 22:36 -------- d-----w- c:\users\André Mendes\Falling.Skies.S03.HDTV.XviD-AFG

2013-10-06 12:41 . 2013-10-06 12:42 -------- d-----w- c:\users\André Mendes\AppData\Local\{80191474-5D64-4479-A119-7F2B8FC7A29F}

2013-10-04 22:50 . 2013-10-04 22:50 -------- d-----w- c:\users\André Mendes\AppData\Local\{3A0E4182-2E39-4D9E-A238-62D26CF33B6F}

2013-10-03 22:08 . 2013-10-03 22:09 -------- d-----w- c:\users\André Mendes\AppData\Local\{A0621D17-94C3-436F-874E-97A3689286DC}

2013-10-02 22:06 . 2013-10-02 22:06 -------- d-----w- c:\users\André Mendes\AppData\Local\{EC20FEFA-1F3C-4E94-951B-563F464819F3}

2013-10-02 00:11 . 2013-10-02 00:11 -------- d-----w- c:\users\André Mendes\AppData\Local\{3545815A-A311-4B65-AEBB-086E927A9C04}

2013-09-30 23:58 . 2013-09-30 23:59 -------- d-----w- c:\users\André Mendes\AppData\Local\{05A05952-A703-4FED-B961-F7A096008E63}

2013-09-30 09:30 . 2013-09-30 09:31 -------- d-----w- c:\users\André Mendes\AppData\Local\{80780963-D863-4483-9D02-526ECB9600C1}

2013-09-29 18:05 . 2013-09-29 18:05 -------- d-----w- c:\users\André Mendes\AppData\Local\{9C6DC4CE-BE62-4956-B9BF-EDAA183AEDA2}

2013-09-28 21:30 . 2013-09-28 21:30 -------- d-----w- c:\users\André Mendes\AppData\Roaming\Command and Conquer 4

2013-09-28 21:30 . 2013-09-28 21:30 -------- d-----w- c:\users\André Mendes\AppData\Local\Electronic_Arts_Inc

2013-09-28 16:15 . 2013-09-28 16:15 -------- d-----w- c:\users\Andr‚ Mendes

2013-09-28 15:45 . 2013-09-28 15:45 -------- d-----w- c:\users\André Mendes\AppData\Local\{DAF71220-8E9D-46A6-B92A-06F8193BDEDF}

2013-09-28 01:28 . 2013-09-28 01:29 -------- d-----w- c:\users\André Mendes\AppData\Local\{384ACD68-0641-4CB1-8962-89622B4E823F}

2013-09-28 00:00 . 2013-09-28 00:00 -------- d-----w- c:\users\André Mendes\AppData\Local\{40412BA8-C984-4BAB-93A0-E88C09FB8292}

2013-09-27 23:36 . 2013-09-28 09:46 -------- d-----w- c:\users\André Mendes\AppData\Local\AVG Nation toolbar

2013-09-27 23:36 . 2013-09-28 11:04 -------- d-----w- c:\programdata\AVG Security Toolbar

2013-09-27 23:36 . 2013-10-02 21:58 46368 ----a-w- c:\windows\system32\drivers\avgtpx64.sys

2013-09-27 23:36 . 2013-09-27 23:36 -------- d-----w- c:\programdata\AVG Nation toolbar

2013-09-27 23:36 . 2013-09-27 23:36 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search

2013-09-27 23:36 . 2013-10-02 21:58 -------- d-----w- c:\program files (x86)\AVG Nation toolbar

2013-09-27 00:03 . 2013-09-27 00:03 -------- d-----w- c:\users\André Mendes\AppData\Local\{932219B8-89A8-42C3-A104-9FEB4EA739F6}

2013-09-26 02:04 . 2013-09-26 02:04 -------- d-----w- c:\users\André Mendes\AppData\Local\{07433C62-CE2F-47C5-A791-6D3955318494}

2013-09-24 22:54 . 2013-09-24 22:54 -------- d-----w- c:\users\André Mendes\AppData\Local\{E4E4B71B-BEF3-450F-B6B1-B48D4FE62A83}

2013-09-24 02:10 . 2013-09-24 02:10 -------- d-----w- c:\users\André Mendes\AppData\Local\{91D04D4D-BD7C-4489-9D9E-6701DBEF72FC}

2013-09-23 06:50 . 2013-09-23 06:50 -------- d-----w- c:\users\André Mendes\AppData\Local\{959D156F-E7EF-4931-8526-3082185A4EC1}

2013-09-22 10:16 . 2013-09-22 10:17 -------- d-----w- c:\users\André Mendes\AppData\Local\{3AE0443B-D9E7-41A5-B059-BB3433C82C68}

2013-09-21 17:07 . 2013-09-21 17:08 -------- d-----w- c:\users\André Mendes\AppData\Local\{8ABE89BF-DFAB-427D-8878-220FCFC6AD1A}

2013-09-20 22:59 . 2013-09-20 22:59 -------- d-----w- c:\users\André Mendes\AppData\Local\{9A64B9A7-A254-408B-AE1A-238B6F25BBB6}

2013-09-20 10:52 . 2013-09-20 10:52 -------- d-----w- c:\users\André Mendes\AppData\Local\{A903DBC1-18A2-45DD-9B86-BD093900749F}

2013-09-18 23:17 . 2013-09-18 23:18 -------- d-----w- c:\users\André Mendes\AppData\Local\{2E65E732-1B17-4FBB-BE33-163F4C97231D}

2013-09-17 22:57 . 2013-09-17 22:57 -------- d-----w- c:\users\André Mendes\AppData\Local\{154E899D-E5F9-4C38-B48E-37FED1145F8E}

2013-09-17 00:42 . 2013-09-17 00:43 -------- d-----w- c:\users\André Mendes\AppData\Local\{A03F0355-DD92-4AF3-9A8A-BA462B74BE1C}

2013-09-15 19:07 . 2013-09-15 19:07 -------- d-----w- c:\users\André Mendes\AppData\Local\{37551444-19BE-4E3C-8920-669BA1385D20}

2013-09-15 07:06 . 2013-09-15 07:06 -------- d-----w- c:\users\André Mendes\AppData\Local\{748A0A13-41CD-4915-9C76-C215C82DB8CD}

2013-09-14 03:42 . 2013-09-14 03:42 -------- d-----w- c:\users\André Mendes\AppData\Local\{2AC51126-A0F7-4EC0-ACB1-A48843BEB8E3}

2013-09-14 02:12 . 2013-09-14 02:26 -------- d-----w- c:\users\André Mendes\.android

2013-09-13 00:35 . 2013-09-13 00:35 -------- d-----w- c:\users\André Mendes\AppData\Local\{A0583FA7-1A86-4C43-BAEE-5C08B8AAAE72}

2013-09-12 01:14 . 2013-09-12 01:28 -------- d-----w- c:\users\André Mendes\The Offspring

2013-09-11 23:02 . 2013-09-11 23:02 -------- d-----w- c:\users\André Mendes\AppData\Local\{A38EAD27-D7A1-4492-8ABB-59E2F5FD9EDC}

2013-09-11 06:05 . 2013-08-10 03:58 2876928 ----a-w- c:\windows\SysWow64\jscript9.dll

2013-09-11 01:56 . 2013-08-05 02:25 155584 ----a-w- c:\windows\system32\drivers\ataport.sys

2013-09-11 01:56 . 2013-08-02 01:59 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-09-10 22:33 . 2013-09-10 22:33 -------- d-----w- c:\users\André Mendes\AppData\Local\{A28D866B-C21E-4330-9A43-72BAEE7B766C}

2013-09-10 01:31 . 2013-09-10 01:31 -------- d-----w- c:\users\André Mendes\AppData\Local\{6E01419E-CEA0-4CDD-9183-132FBB31736B}

2013-09-09 08:42 . 2013-09-09 08:43 -------- d-----w- c:\users\André Mendes\AppData\Local\{949E1973-FD0A-4A51-9F64-B3E41056DDF3}

2013-09-08 18:27 . 2013-09-08 18:27 -------- d-----w- c:\users\André Mendes\AppData\Local\{5D2A00D6-92F6-4BE5-BE43-4CC8B312367E}

2013-09-08 02:20 . 2013-09-08 02:20 -------- d-----w- c:\users\André Mendes\AppData\Local\{874DC258-4032-481F-BA71-7A1E23106516}

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-05 21:24 . 2013-07-22 21:50 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys

2013-09-20 07:52 . 2013-02-23 18:12 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2013-09-20 07:52 . 2011-08-13 01:13 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-09-05 04:43 . 2013-09-05 04:43 45880 ----a-w- c:\windows\system32\drivers\avgrkx64.sys

2013-09-03 09:45 . 2013-09-03 09:45 0 ----a-w- c:\windows\SysWow64\drivers\AFD.SYS

2013-08-17 06:38 . 2013-08-17 06:38 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe

2013-08-17 06:38 . 2013-08-17 06:38 226304 ----a-w- c:\windows\system32\elshyph.dll

2013-08-17 06:38 . 2013-08-17 06:38 185344 ----a-w- c:\windows\SysWow64\elshyph.dll

2013-08-17 06:38 . 2013-08-17 06:38 158720 ----a-w- c:\windows\SysWow64\msls31.dll

2013-08-17 06:38 . 2013-08-17 06:38 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll

2013-08-17 06:38 . 2013-08-17 06:38 150528 ----a-w- c:\windows\SysWow64\iexpress.exe

2013-08-17 06:38 . 2013-08-17 06:38 138752 ----a-w- c:\windows\SysWow64\wextract.exe

2013-08-17 06:38 . 2013-08-17 06:38 523264 ----a-w- c:\windows\SysWow64\vbscript.dll

2013-08-17 06:38 . 2013-08-17 06:38 38400 ----a-w- c:\windows\SysWow64\imgutil.dll

2013-08-17 06:38 . 2013-08-17 06:38 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe

2013-08-17 06:38 . 2013-08-17 06:38 12800 ----a-w- c:\windows\SysWow64\mshta.exe

2013-08-17 06:38 . 2013-08-17 06:38 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll

2013-08-17 06:38 . 2013-08-17 06:38 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe

2013-08-17 06:38 . 2013-08-17 06:38 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll

2013-08-17 06:38 . 2013-08-17 06:38 61952 ----a-w- c:\windows\SysWow64\tdc.ocx

2013-08-17 06:38 . 2013-08-17 06:38 361984 ----a-w- c:\windows\SysWow64\html.iec

2013-08-17 06:38 . 2013-08-17 06:38 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll

2013-08-17 06:38 . 2013-08-17 06:38 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2013-08-17 06:38 . 2013-08-17 06:38 441856 ----a-w- c:\windows\system32\html.iec

2013-08-17 06:38 . 2013-08-17 06:38 216064 ----a-w- c:\windows\system32\msls31.dll

2013-08-17 06:38 . 2013-08-17 06:38 197120 ----a-w- c:\windows\system32\msrating.dll

2013-08-17 06:38 . 2013-08-17 06:38 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll

2013-08-17 06:38 . 2013-08-17 06:38 81408 ----a-w- c:\windows\system32\icardie.dll

2013-08-17 06:38 . 2013-08-17 06:38 762368 ----a-w- c:\windows\system32\ieapfltr.dll

2013-08-17 06:38 . 2013-08-17 06:38 452096 ----a-w- c:\windows\system32\dxtmsft.dll

2013-08-17 06:38 . 2013-08-17 06:38 281600 ----a-w- c:\windows\system32\dxtrans.dll

2013-08-17 06:38 . 2013-08-17 06:38 270848 ----a-w- c:\windows\system32\iedkcs32.dll

2013-08-17 06:38 . 2013-08-17 06:38 235008 ----a-w- c:\windows\system32\url.dll

2013-08-17 06:38 . 2013-08-17 06:38 1400416 ----a-w- c:\windows\system32\ieapfltr.dat

2013-08-17 06:38 . 2013-08-17 06:38 97280 ----a-w- c:\windows\system32\mshtmled.dll

2013-08-17 06:38 . 2013-08-17 06:38 27648 ----a-w- c:\windows\system32\licmgr10.dll

2013-08-17 06:38 . 2013-08-17 06:38 247296 ----a-w- c:\windows\system32\webcheck.dll

2013-08-17 06:38 . 2013-08-17 06:38 1509376 ----a-w- c:\windows\system32\inetcpl.cpl

2013-08-17 06:38 . 2013-08-17 06:38 102912 ----a-w- c:\windows\system32\inseng.dll

2013-08-17 06:38 . 2013-08-17 06:38 599552 ----a-w- c:\windows\system32\vbscript.dll

2013-08-17 06:38 . 2013-08-17 06:38 173568 ----a-w- c:\windows\system32\ieUnatt.exe

2013-08-17 06:38 . 2013-08-17 06:38 167424 ----a-w- c:\windows\system32\iexpress.exe

2013-08-17 06:38 . 2013-08-17 06:38 144896 ----a-w- c:\windows\system32\wextract.exe

2013-08-17 06:38 . 2013-08-17 06:38 62976 ----a-w- c:\windows\system32\pngfilt.dll

2013-08-17 06:38 . 2013-08-17 06:38 52224 ----a-w- c:\windows\system32\msfeedsbs.dll

2013-08-17 06:38 . 2013-08-17 06:38 51200 ----a-w- c:\windows\system32\imgutil.dll

2013-08-17 06:38 . 2013-08-17 06:38 149504 ----a-w- c:\windows\system32\occache.dll

2013-08-17 06:38 . 2013-08-17 06:38 13824 ----a-w- c:\windows\system32\mshta.exe

2013-08-17 06:38 . 2013-08-17 06:38 136192 ----a-w- c:\windows\system32\iepeers.dll

2013-08-17 06:38 . 2013-08-17 06:38 12800 ----a-w- c:\windows\system32\msfeedssync.exe

2013-08-17 06:38 . 2013-08-17 06:38 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe

2013-08-17 06:38 . 2013-08-17 06:38 48640 ----a-w- c:\windows\system32\mshtmler.dll

2013-08-17 06:38 . 2013-08-17 06:38 135680 ----a-w- c:\windows\system32\IEAdvpack.dll

2013-08-17 06:38 . 2013-08-17 06:38 77312 ----a-w- c:\windows\system32\tdc.ocx

2013-08-17 06:35 . 2013-08-17 06:35 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll

2013-08-17 06:35 . 2013-08-17 06:35 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll

2013-08-17 06:35 . 2013-08-17 06:35 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 2560 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 2560 ---ha-w- c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 1682432 ----a-w- c:\windows\system32\XpsPrint.dll

2013-08-17 06:35 . 2013-08-17 06:35 1158144 ----a-w- c:\windows\SysWow64\XpsPrint.dll

2013-08-17 06:35 . 2013-08-17 06:35 10752 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 10752 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll

2013-08-17 06:35 . 2013-08-17 06:35 465920 ----a-w- c:\windows\system32\WMPhoto.dll

2013-08-17 06:35 . 2013-08-17 06:35 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll

2013-08-17 06:35 . 2013-08-17 06:35 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll

2013-08-17 06:35 . 2013-08-17 06:35 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll

2013-08-17 06:35 . 2013-08-17 06:35 3928064 ----a-w- c:\windows\system32\d2d1.dll

2013-08-17 06:35 . 2013-08-17 06:35 2565120 ----a-w- c:\windows\system32\d3d10warp.dll

2013-08-17 06:35 . 2013-08-17 06:35 363008 ----a-w- c:\windows\system32\dxgi.dll

2013-08-17 06:35 . 2013-08-17 06:35 220160 ----a-w- c:\windows\SysWow64\d3d10core.dll

2013-08-17 06:35 . 2013-08-17 06:35 1080832 ----a-w- c:\windows\SysWow64\d3d10.dll

2013-08-17 06:35 . 2013-08-17 06:35 249856 ----a-w- c:\windows\SysWow64\d3d10_1core.dll

2013-08-17 06:35 . 2013-08-17 06:35 207872 ----a-w- c:\windows\SysWow64\WindowsCodecsExt.dll

2013-08-17 06:35 . 2013-08-17 06:35 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll

2013-08-17 06:35 . 2013-08-17 06:35 1175552 ----a-w- c:\windows\system32\FntCache.dll

2013-08-17 06:35 . 2013-08-17 06:35 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll

2013-08-17 06:35 . 2013-08-17 06:35 333312 ----a-w- c:\windows\system32\d3d10_1core.dll

2013-08-17 06:35 . 2013-08-17 06:35 296960 ----a-w- c:\windows\system32\d3d10core.dll

2013-08-17 06:35 . 2013-08-17 06:35 245248 ----a-w- c:\windows\system32\WindowsCodecsExt.dll

2013-08-17 06:35 . 2013-08-17 06:35 194560 ----a-w- c:\windows\system32\d3d10_1.dll

2013-08-17 06:35 . 2013-08-17 06:35 1238528 ----a-w- c:\windows\system32\d3d10.dll

2013-08-17 06:35 . 2013-08-17 06:35 648192 ----a-w- c:\windows\system32\d3d10level9.dll

2013-08-17 06:35 . 2013-08-17 06:35 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll

2013-08-17 06:35 . 2013-08-17 06:35 293376 ----a-w- c:\windows\SysWow64\dxgi.dll

2013-08-17 06:35 . 2013-08-17 06:35 1988096 ----a-w- c:\windows\SysWow64\d3d10warp.dll

2013-08-17 06:35 . 2013-08-17 06:35 221184 ----a-w- c:\windows\system32\UIAnimation.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2011-10-23 3077528]

"chromium"="c:\users\André Mendes\AppData\Local\Google\Chrome\Application\chrome.exe" [2013-08-16 829392]

"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-02-13 1509232]

"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]

"Steam"="c:\program files (x86)\Steam\steam.exe" [2013-09-21 1814440]

"ALLUpdate"="c:\program files (x86)\ALLPlayer\ALLUpdate.exe" [2013-01-11 2995712]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]

"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-04-29 50472]

"Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2011-04-13 503942]

"Dell Registration"="c:\program files (x86)\System Registration\prodreg.exe" [2010-11-10 4144448]

"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-25 1117528]

"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-07-27 35768]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]

"RoxWatchTray"="c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" [2010-11-25 240112]

"Desktop Disc Tool"="c:\program files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" [2010-11-17 514544]

"PlusService"="c:\program files (x86)\Yuna Software\Messenger Plus!\PlusService.exe" [2011-08-14 800768]

"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]

"AccuWeatherWidget"="c:\program files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" [2011-05-30 885760]

"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-01-21 91520]

"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2013-08-15 4411440]

"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-02-13 310128]

"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

"vProt"="c:\program files (x86)\AVG Nation toolbar\vprot.exe" [2013-10-02 2403144]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2013-06-28 19:33 1529976 ----a-w- c:\program files (x86)\GbPlugin\gbiehabn.dll

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]

R3 cpuz136;cpuz136;c:\users\ANDRME~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\ANDRME~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x]

R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys;c:\windows\SYSNATIVE\DRIVERS\ew_usbenumfilter.sys [x]

R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jucdcacm.sys [x]

R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]

R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]

R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]

R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys;c:\windows\SYSNATIVE\DRIVERS\ssudobex.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsha.sys [x]

S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys;c:\windows\SYSNATIVE\DRIVERS\avgloga.sys [x]

S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgmfx64.sys [x]

S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgrkx64.sys [x]

S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys;c:\windows\SYSNATIVE\DRIVERS\avgidsdrivera.sys [x]

S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys;c:\windows\SYSNATIVE\DRIVERS\avgldx64.sys [x]

S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]

S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Ath_CoexAgent.exe [x]

S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]

S2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [x]

S2 avgwd;Watchdog do AVG;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [x]

S2 FA_MINISCH;FortiClient Mini Scheduler;c:\program files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe;c:\program files (x86)\Fortinet\FortiClient VPN\FCMiniSch.exe [x]

S2 Fortips;Fortips;c:\windows\system32\drivers\fortips.sys;c:\windows\SYSNATIVE\drivers\fortips.sys [x]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x]

S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [x]

S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [x]

S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]

S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]

S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]

S2 vToolbarUpdater17.0.12;vToolbarUpdater17.0.12;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.0.12\ToolbarUpdater.exe [x]

S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]

S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]

S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]

S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]

S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]

S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]

S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]

S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]

S3 Fortidrv2;Fortinet Fortinet Packet Filter Service;c:\windows\system32\DRIVERS\fortidrv.sys;c:\windows\SYSNATIVE\DRIVERS\fortidrv.sys [x]

S3 ft_vnic;Fortinet network virtual adapter;c:\windows\system32\DRIVERS\ftvnic.sys;c:\windows\SYSNATIVE\DRIVERS\ftvnic.sys [x]

S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys;c:\windows\SYSNATIVE\DRIVERS\ew_jubusenum.sys [x]

S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-23 07:52]

.

2013-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-13 01:40]

.

2013-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-13 01:40]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]

"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-17 1128448]

"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-03-31 617120]

"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-03-31 379552]

"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-05-30 2055816]

"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2012-11-29 57928]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-11-15 171064]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-11-15 399416]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-11-15 441912]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com

uDefault_Search_URL = hxxp://www.google.com/ie

mLocal Page = c:\windows\SysWOW64\blank.htm

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

Trusted Zone: realsecureweb.com.br\wwws

Trusted Zone: santander.com.br\www

Trusted Zone: santanderempresarial.com.br\www

Trusted Zone: santandernet.com.br\www

Trusted Zone: santandernet.com.br\wwws

Trusted Zone: santandernet.com.br\wwws2

Trusted Zone: santandernetibe.com.br\www

Trusted Zone: secureweb.com.br\www

TCP: DhcpNameServer = 201.17.0.83 201.17.0.53 201.6.4.116

Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.0.12\ViProtocol.dll

FF - ProfilePath - c:\users\André Mendes\AppData\Roaming\Mozilla\Firefox\Profiles\v5y60ulx.default\

FF - prefs.js: browser.search.selectedEngine - AVG Nation Search

FF - prefs.js: browser.startup.homepage - hxxp://avg.nation.com/avgtbavg/search/home?pid=nation&sg=0&cid={AE9459BA-F8D4-4DAC-B1CD-CC2EE8C14577}&mid=063767654a0247d0bb13e910bfda5e4f-279e2c729adf2b9713cccd3003f7e3f6bfb42b06&ds=AVG&coid=avgtbavg&v=17.0.1.7〈=pt-br&pr=fr&d=2013-09-27%2020%3A36%3A49&sap=hp&cmpid=0913b

FF - prefs.js: keyword.URL -

FF - ExtSQL: 2013-09-27 20:36; avg@toolbar; c:\programdata\AVG Nation toolbar\FireFoxExt\17.0.1.12

.

- - - - ORFÃOS REMOVIDOS - - - -

.

BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

Toolbar-Locked - (no file)

Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)

Wow6432Node-HKCU-Run-AVG-Secure-Search-Update_0913b - c:\users\André Mendes\AppData\Roaming\AVG 0913b Campaign\AVG-Secure-Search-Update-0913b.exe

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-2479762097-497562999-694029573-500\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (Administrator)

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,14,c9,

06,93,bc,ea,0d,b9,94,bf,17,88,64,ff,da

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,3b,1b,71,2d,93,

6c,fb,64,4b,02,ab,fb,4e,fc,19,72,e1,67

"{7DB2D5A0-7241-4E79-B68D-6309F01C5231}"=hex:51,66,7a,6c,4c,1d,3b,1b,b0,c9,a4,

63,7f,26,10,01,aa,8f,26,49,f4,56,10,28

"{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}"=hex:51,66,7a,6c,4c,1d,3b,1b,d4,ea,06,

93,3f,5a,bd,04,9a,03,54,ec,1b,95,c3,3f

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,c8,26,

8e,3c,18,d6,05,92,ce,14,24,72,42,21,df

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b4,e5,

aa,1f,5a,30,06,a6,20,07,f3,04,c4,40,e6

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1c,de,

c5,7b,f0,32,0c,a0,76,d9,65,c5,8f,ca,b0

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,3b,1b,f1,06,42,

34,c8,0f,0c,09,b4,a1,8a,e9,63,64,00,88

.

[HKEY_USERS\S-1-5-21-2479762097-497562999-694029573-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (Administrator)

"Timestamp"=hex:4c,90,ef,0f,26,1b,cd,01

.

[HKEY_USERS\S-1-5-21-2479762097-497562999-694029573-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,db,6b,80,09,ec,75,4c,ba,44,22,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,db,6b,80,09,ec,75,4c,ba,44,22,\

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_175_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_175_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_175.ocx, 1"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\software\McAfee]

"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,

00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-10-07 06:29:21

ComboFix-quarantined-files.txt 2013-10-07 09:29

ComboFix2.txt 2013-09-17 01:12

ComboFix3.txt 2013-09-03 09:53

ComboFix4.txt 2013-08-28 13:28

.

Pré-execução: 65.125.228.544 bytes disponíveis

Pós execução: 63.196.274.688 bytes disponíveis

.

- - End Of File - - 74EA6473BD3AA48421C103A79A73A1AB

Compartilhar este post


Link para o post
Compartilhar em outros sites

Após essa execução, como tem se comportado o computador?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada. Clique no botão Download

Salve-o em sua área de trabalho.

Execute o arquivo e aguarde a instalação.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar como administrador

Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

KRT_install2_.png

De volta à tela inicial do programa, clique no botão Start scanning

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

Escolha um local de fácil acesso e salve como log.txt

Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

Para sair do programa, basta clicar no X no canto superior direito.

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×