Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
guilhermeigs

Notebook demorando demais para iniciar e outros problemas

Recommended Posts

Olá, estou com alguns problemas no meu notebook e agora tá piorando, pois o antivirus desliga sozinho.

Gostaria que vocês dessem uma olhada.

Seguem os logs:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 10.0.9200.16537 BrowserJavaVersion: 10.25.2

Run by Guilherme at 1:23:11 on 2013-09-01

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.4001.1949 [GMT -3:00]

.

AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\windows\system32\lsm.exe

C:\windows\system32\svchost.exe -k DcomLaunch

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\windows\system32\svchost.exe -k RPCSS

C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\windows\system32\svchost.exe -k LocalService

C:\windows\system32\svchost.exe -k netsvcs

C:\windows\system32\svchost.exe -k GPSvcGroup

C:\windows\system32\svchost.exe -k NetworkService

C:\windows\System32\spoolsv.exe

C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Bonjour\mDNSResponder.exe

C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe

C:\windows\system32\svchost.exe -k imgsvc

C:\windows\System32\svchost.exe -k secsvcs

C:\windows\system32\taskhost.exe

C:\windows\system32\Dwm.exe

C:\windows\Explorer.EXE

C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

C:\Program Files (x86)\BisonCam\Monitor.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe

C:\Windows\System32\igfxtray.exe

C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Users\Guilherme\AppData\Local\Google\Update\GoogleUpdate.exe

C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe

C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

C:\Program Files (x86)\Winamp\winampa.exe

C:\Windows\SysWOW64\aetcrss1.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

C:\windows\system32\SearchIndexer.exe

C:\windows\system32\svchost.exe -k bthsvcs

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\windows\servicing\TrustedInstaller.exe

C:\windows\SysWOW64\RunDll32.exe

C:\Program Files\Lenovo\Bluetooth Software\BtStackServer.exe

C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\windows\System32\svchost.exe -k LocalServicePeerNet

C:\Program Files\Lenovo\Bluetooth Software\BluetoothHeadsetProxy.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\windows\system32\taskmgr.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\windows\system32\SearchProtocolHost.exe

C:\windows\system32\SearchFilterHost.exe

C:\windows\system32\wbem\wmiprvse.exe

C:\windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = about:blank

uDefault_Search_URL = hxxp://www.google.com/ie

uProxyOverride = <local>

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Auxiliar de Conexão do Windows Live ID: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

uRun: [Google Update] "C:\Users\Guilherme\AppData\Local\Google\Update\GoogleUpdate.exe" /c

uRun: [Akamai NetSession Interface] "C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe"

mRun: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe

mRun: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe

mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"

mRun: [CertificateRegistration] aetcrss1.exe

mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

mRun: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

StartupFolder: C:\Users\GUILHE~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr/200

IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

TCP: NameServer = 192.168.25.1

TCP: Interfaces\{F853AA43-4C9D-4692-AC8F-5CBC11972CB8} : DHCPNameServer = 192.168.25.1

TCP: Interfaces\{F853AA43-4C9D-4692-AC8F-5CBC11972CB8}\2544F594E6475627E6F6 : DHCPNameServer = 192.168.2.11

TCP: Interfaces\{F853AA43-4C9D-4692-AC8F-5CBC11972CB8}\34253433 : DHCPNameServer = 192.168.25.1

TCP: Interfaces\{F853AA43-4C9D-4692-AC8F-5CBC11972CB8}\746545C4966727562544 : DHCPNameServer = 192.168.3.1

TCP: Interfaces\{F853AA43-4C9D-4692-AC8F-5CBC11972CB8}\A4D4F444543545F4 : DHCPNameServer = 8.8.8.8 192.168.0.1

TCP: Interfaces\{FB1478B6-05C1-4204-8263-9163AEE71611} : DHCPNameServer = 201.6.2.152 201.6.2.32 201.6.2.220

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll

SSODL: WebCheck - <orphaned>

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files (x86)\GbPlugin\gbieh.dll

mASetup: aetsprov - C:\windows\System32\regsvr32.exe /s C:\windows\System32\aetsprov.dll

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s

x64-Run: [s_Monitor] C:\Program Files (x86)\BisonCam\Monitor.exe

x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe

x64-Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe

x64-Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

x64-Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe

x64-Run: [XboxStat] "C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe" silentrun

x64-Run: [updatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\OneKey Recovery" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"

x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\windows\System32\igfxpers.exe

x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Lenovo\Bluetooth Software\btsendto_ie.htm

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\xa2ooawv.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll

FF - plugin: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Users\Guilherme\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll

FF - plugin: C:\Users\Guilherme\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll

FF - plugin: C:\Users\Guilherme\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll

FF - plugin: C:\Users\Guilherme\AppData\Roaming\Mozilla\plugins\npo1d.dll

FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll

FF - ExtSQL: 2013-07-20 15:54; {87F8774F-B485-47E2-A755-A40A8A5E886C}; C:\Users\Guilherme\AppData\Local\GAS Tecnologia\GBBD\bb\xpi

.

============= SERVICES / DRIVERS ===============

.

R0 LHDmgr;LHDmgr;C:\windows\System32\drivers\LhdX64.sys [2012-5-7 39008]

R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2013-5-20 55280]

R1 avkmgr;avkmgr;C:\windows\System32\drivers\avkmgr.sys [2013-5-13 28600]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\windows\System32\drivers\dtsoftbus01.sys [2012-3-18 283200]

R2 AntiVirSchedulerService;Avira Scheduler;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2013-5-13 84024]

R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2013-5-13 108088]

R2 avgntflt;avgntflt;C:\windows\System32\drivers\avgntflt.sys [2013-5-13 105344]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2013-7-20 410152]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-6-13 2655768]

R3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\windows\System32\drivers\AcpiVpc.sys [2010-10-25 29792]

R3 BTWAMPFL;BTWAMPFL;C:\windows\System32\drivers\btwampfl.sys [2011-6-13 349224]

R3 btwl2cap;Bluetooth L2CAP Service;C:\windows\System32\drivers\btwl2cap.sys [2011-6-13 39464]

R3 IntcDAud;Áudio do vídeo Intel®;C:\windows\System32\drivers\IntcDAud.sys [2011-3-4 317440]

R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 SPUVCbv;SPUVCb Driver Service;C:\windows\System32\drivers\usbvideo.sys [2010-11-21 184960]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-8-30 418376]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-8-30 701512]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-21 162408]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2013-6-4 103448]

S3 GemCCID;GemCCID;C:\windows\System32\drivers\GemCCID.sys [2012-3-28 126720]

S3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2013-8-30 25928]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2013-1-23 19456]

S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\rtsuvstor.sys [2011-6-13 311400]

S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2013-1-23 57856]

S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2013-1-23 30208]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\windows\System32\Wat\WatAdminSvc.exe [2012-3-17 1255736]

S3 WDC_SAM;WD SCSI Pass Thru driver;C:\windows\System32\drivers\wdcsam64.sys [2012-1-18 14464]

S3 WSDScan;Suporte de Digitalização WSD via UMB;C:\windows\System32\drivers\WSDScan.sys [2009-7-13 25088]

S3 wsvd;wsvd;C:\windows\System32\drivers\wsvd.sys [2009-7-21 121840]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== File Associations ===============

.

FileExt: .scr: DWGTrueViewScriptFile=C:\windows\System32\notepad.exe "%1"

.

=============== Created Last 30 ================

.

2013-08-30 22:45:07 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0285CD8C-C8DC-40FA-B918-FE32FD96B569}\offreg.dll

2013-08-30 10:49:57 25928 ----a-w- C:\windows\System32\drivers\mbam.sys

2013-08-30 10:49:57 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware

2013-08-30 02:39:34 9515512 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{0285CD8C-C8DC-40FA-B918-FE32FD96B569}\mpengine.dll

2013-08-15 17:53:17 -------- d-----w- C:\Users\Guilherme\AppData\Local\Autodesk

2013-08-15 17:53:17 -------- d-----w- C:\Program Files\Common Files\Autodesk Shared

2013-08-15 17:53:17 -------- d-----w- C:\Program Files\Autodesk

2013-08-15 17:53:17 -------- d-----w- C:\Program Files (x86)\DWG TrueView 2014

2013-08-15 17:53:17 -------- d-----w- C:\Program Files (x86)\Common Files\Autodesk Shared

2013-08-15 16:13:13 -------- d-----w- C:\Users\Guilherme\AppData\Roaming\Autodesk

2013-08-15 16:09:59 -------- d-----w- C:\Autodesk

2013-08-15 15:29:46 -------- d-----w- C:\Users\Guilherme\AppData\Local\Akamai

.

==================== Find3M ====================

.

2013-09-01 04:12:10 31088 ----a-w- C:\windows\SysWow64\drivers\gbpndisrd.sys

2013-08-29 09:43:15 81112 ----a-w- C:\windows\System32\drivers\avnetflt.sys

2013-08-29 09:43:15 105344 ----a-w- C:\windows\System32\drivers\avgntflt.sys

2013-08-21 01:11:27 71048 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-08-21 01:11:27 692104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe

2013-08-07 07:22:02 278800 ------w- C:\windows\System32\MpSigStub.exe

2013-07-20 18:54:39 720082 ----a-w- C:\Users\Guilherme\AppData\Roaming\unins000.exe

2013-06-25 00:18:17 96168 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll

2013-06-25 00:18:16 867240 ----a-w- C:\windows\SysWow64\npDeployJava1.dll

2013-06-25 00:18:16 789416 ----a-w- C:\windows\SysWow64\deployJava1.dll

2013-06-04 12:15:02 103448 ----a-w- C:\windows\System32\drivers\ssudbus.sys

2013-06-04 12:15:00 203672 ----a-w- C:\windows\System32\drivers\ssudmdm.sys

.

============= FINISH: 1:33:24,88 ===============

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Premium

Boot Device: \Device\HarddiskVolume1

Install Date: 16/03/2012 20:23:34

System Uptime: 01/09/2013 01:12:06 (0 hours ago)

.

Motherboard: LENOVO | | KL5

Processor: Intel® Core i3-2310M CPU @ 2.10GHz | CPU | 2100/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 420 GiB total, 135,703 GiB free.

D: is FIXED (NTFS) - 30 GiB total, 28,219 GiB free.

E: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {8496e87e-c0a1-4102-9d8d-bd9a9b8b07a9}

Description: WD SES Device

Device ID: ROOT\UNKNOWN\0000

Manufacturer: Western Digital Technologies

Name: WD SES Device

PNP Device ID: ROOT\UNKNOWN\0000

Service: WDC_SAM

.

==== System Restore Points ===================

.

RP253: 11/08/2013 14:39:27 - Ponto de Verificação Agendado

RP254: 15/08/2013 13:15:23 - DirectX instalado

RP255: 15/08/2013 14:52:04 - DirectX instalado

RP256: 22/08/2013 19:45:16 - Ponto de Verificação Agendado

RP257: 29/08/2013 23:38:51 - Windows Update

.

==== Installed Programs ======================

.

Adobe AIR

Adobe Community Help

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Media Player

Adobe Photoshop CS5

Adobe Photoshop Lightroom 4.2 64-bit

Adobe Premiere Pro CS5.5

Adobe Reader X (10.1.7) - Português

Adobe Story

Akamai NetSession Interface

Atheros Client Installation Program

µTorrent

Autodesk DWG TrueView 2014

Avira Free Antivirus

Bonjour

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon Utilities Digital Photo Professional 3.10

Canon Utilities EOS Sample Music

Canon Utilities EOS Utility

Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX

Canon Utilities Movie Uploader for YouTube

Canon Utilities PhotoStitch

Canon Utilities Picture Style Editor

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

CCleaner

ChromecastApp

Controle ActiveX do Windows Live Mesh para Conexões Remotas

D3DX10

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

DVD Shrink 3.2

DWG TrueView 2014

Energy Management

ffdshow v1.2.4422 [2012-04-09]

Flickr Uploadr 3.2.1

Garmin BlueChart Americas 2008.5

Garmin HomePort

Garmin USB Drivers

Google Chrome

Google Drive

Google SketchUp 8

Google Talk Plugin

Google Toolbar for Internet Explorer

Google Update Helper

Guia de Usuário

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP Deskjet 3050 J610 series Ajuda

Intel® Control Center

Intel® Management Engine Components

Intel® Processor Graphics

Intel® Rapid Storage Technology

IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País

Java 7 Update 11 (64-bit)

Java 7 Update 25

Java Auto Updater

Junk Mail filter update

Kindle Auto eBook Converter 0.4.50

Lenovo Bluetooth with Enhanced Data Rate Software

Lenovo DirectShare

Lenovo EasyCamera

Lenovo MuteSync

Lenovo OneKey Recovery

Lyrics Plugin for Winamp

Módulo de Segurança - Banco do Brasil

Malwarebytes Anti-Malware versão 1.75.0.1300

Media Player Classic - Home Cinema 1.6.0.4014 x64

Mesh Runtime

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft .NET Framework 4 Extended

Microsoft .NET Framework 4 Extended PTB Language Pack

Microsoft Application Error Reporting

Microsoft Office 2010

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Home and Business 2010

Microsoft Office Office 64-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Single Image 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft WSE 3.0 Runtime

Microsoft Xbox 360 Accessories 1.2

Microsoft_VC100_CRT_SP1_x64

Microsoft_VC100_CRT_SP1_x86

Microsoft_VC80_ATL_x86

Microsoft_VC80_ATL_x86_x64

Microsoft_VC80_CRT_x86

Microsoft_VC80_CRT_x86_x64

Microsoft_VC80_MFC_x86

Microsoft_VC80_MFC_x86_x64

Microsoft_VC80_MFCLOC_x86

Microsoft_VC80_MFCLOC_x86_x64

Microsoft_VC90_ATL_x86

Microsoft_VC90_ATL_x86_x64

Microsoft_VC90_CRT_x86

Microsoft_VC90_CRT_x86_x64

Microsoft_VC90_MFC_x86

Microsoft_VC90_MFC_x86_x64

Microsoft_VC90_MFCLOC_x86

Mozilla Firefox 15.0.1 (x86 pt-BR)

Mozilla Firefox 17.0.1 (x86 pt-BR)

Mozilla Maintenance Service

MSVC80_x64_v2

MSVC80_x86_v2

MSVC90_x64

MSVC90_x86

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Onekey Theater

Pacote de Driver do Windows - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1)

Pacote de Driver do Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Pacote de Idiomas do Microsoft .NET Framework 4 Extended - Português (Brasil)

PC-CCID

PC Connectivity Solution

PDF Settings CS5

PDF Split And Merge Basic

Picasa 3

Power2Go

PxMergeModule

Realtek Ethernet Controller Driver For Windows 7

Realtek High Definition Audio Driver

Realtek USB 2.0 Reader Driver

Receitanet

Receitanet BX

RemoteControl for Winamp

SafeSign

SAMSUNG USB Driver for Mobile Phones

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition

Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553091)

Security Update for Microsoft Office 2010 (KB2553096)

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition

Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition

Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition

Security Update for Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil) (KB2518870)

Skype™ 6.6

Software básico do dispositivo HP Deskjet 3050 J610 series

SRS Premium Sound Control Panel

StreamTransport version: 1.0.2.2171

Synaptics Pointing Device Driver

System Requirements Lab CYRI

TagScanner 5.1.625

The Sims™ 3

The Sims™ 3 Ambições

The Sims™ 3 Vida em Alto Estilo Coleção de Objetos

Theme Hospital

Unified Remote

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

UserGuide

VeriFace

Winamp

Winamp Detectar Aplicação

Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Galeria de Fotos

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

WinRAR 4.11 (64-bit)

.

==== End Of File ===========================

GMER 2.1.19163 - http://www.gmer.net

Rootkit scan 2013-09-01 11:16:50

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 HITACHI_ rev.JE3Z 465,76GB

Running: gmer.exe; Driver: C:\Users\GUILHE~1\AppData\Local\Temp\pwddqpow.sys

---- User code sections - GMER 2.1 ----

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[852] C:\windows\syswow64\kernel32.dll!FreeLibrary 00000000773d34a8 5 bytes JMP 000000013b0ab2ec

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[852] C:\windows\syswow64\kernel32.dll!FreeLibraryAndExitThread 00000000773ed56a 5 bytes JMP 000000013b0ab264

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[852] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077071465 2 bytes [07, 77]

.text C:\PROGRA~2\GbPlugin\GbpSv.exe[852] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770714bb 2 bytes [07, 77]

.text ... * 2

.text C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe[1660] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077071465 2 bytes [07, 77]

.text C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe[1660] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770714bb 2 bytes [07, 77]

.text ... * 2

.text C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe[3204] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077071465 2 bytes [07, 77]

.text C:\Users\Guilherme\AppData\Local\Akamai\netsession_win.exe[3204] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770714bb 2 bytes [07, 77]

.text ... * 2

.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3228] C:\windows\system32\KERNEL32.dll!LoadLibraryW 00000000776e6f80 5 bytes JMP 0000000169ff0038

.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3228] C:\windows\system32\KERNELBASE.dll!LoadLibraryExW 000007fefd6a9940 5 bytes JMP 000007fffd6900b8

.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3228] C:\windows\system32\KERNELBASE.dll!LoadLibraryExA 000007fefd6abbb0 5 bytes JMP 000007fffd690038

.text C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe[3228] C:\windows\system32\ole32.dll!CoCreateInstance 000007fefe5e7490 5 bytes JMP 000007fffd690138

.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3256] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077071465 2 bytes [07, 77]

.text C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe[3256] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770714bb 2 bytes [07, 77]

.text ... * 2

.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3396] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000773d48fb 5 bytes JMP 0000000110002710

.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3396] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000773d4913 5 bytes JMP 00000001100027f0

.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3396] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000773d4945 5 bytes JMP 0000000110002780

.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3396] C:\windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493 0000000076cd2c91 4 bytes CALL 71af0000

.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3396] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076e49d0b 5 bytes JMP 0000000110002850

.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3396] C:\windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000077071465 2 bytes [07, 77]

.text C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe[3396] C:\windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000770714bb 2 bytes [07, 77]

.text ... * 2

? C:\windows\system32\mssprxy.dll [3396] entry point in ".rdata" section 00000000742471e6

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3708] C:\windows\syswow64\kernel32.dll!LoadLibraryExA 00000000773d48fb 5 bytes JMP 00000001059b2710

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3708] C:\windows\syswow64\kernel32.dll!LoadLibraryW 00000000773d4913 5 bytes JMP 00000001059b27f0

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3708] C:\windows\syswow64\kernel32.dll!LoadLibraryExW 00000000773d4945 5 bytes JMP 00000001059b2780

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3708] C:\windows\syswow64\ole32.dll!CoCreateInstance 0000000076e49d0b 5 bytes JMP 00000001059b2850

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077071465 2 bytes [07, 77]

.text C:\Program Files (x86)\Google\Drive\googledrivesync.exe[3708] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770714bb 2 bytes [07, 77]

.text ... * 2

.text C:\windows\SysWOW64\RunDll32.exe[3788] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000077071465 2 bytes [07, 77]

.text C:\windows\SysWOW64\RunDll32.exe[3788] C:\windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000770714bb 2 bytes [07, 77]

.text ... * 2

---- Registry - GMER 2.1 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076fc1a13

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3859f9d22823

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3859f9d22823@e0d7ba5ae4fb 0xE4 0x9C 0xFF 0x5B ...

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\3859f9d22823@18461739250d 0x81 0xD6 0x91 0x11 ...

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\c0f8dac555ac

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076fc1a13 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3859f9d22823 (not active ControlSet)

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3859f9d22823@e0d7ba5ae4fb 0xE4 0x9C 0xFF 0x5B ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\3859f9d22823@18461739250d 0x81 0xD6 0x91 0x11 ...

Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\c0f8dac555ac (not active ControlSet)

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro guilhermeigs

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.

Por favor, atente para o seguinte:

  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Sempre coloque suas respostas neste tópico... Não abra outro!
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

Faça o download Junkware Removal Tool e salve em seu Desktop.

  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

# Etapa nº 2 #

  • Clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
  • No final do scan será aberto um log com o resultado.
  • Caso algo seja detectado, clique então no botão Remover.
  • Novamente, no final do scan será aberto um log com o resultado.
  • Copie todo seu conteúdo e cole em sua próxima resposta.

# Etapa nº 3 #

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Autor do tópico
  • Olá, Diego,

    Obrigado pelo acompanhamento.

    Não consegui realizar a etapa 2

    Parece o seguinte erro:

    Line 3162 (Flie "C:\Users\Guilherme\Desktop\AdwCleaner.exe"):

    Error: Variable used without being declared.

    De qualquer maneira, segue o LOG da etapa 1:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Thisisu

    Version: 5.5.7 (09.01.2013:1)

    OS: Windows 7 Home Premium x64

    Ran by Guilherme on 02/09/2013 at 12:19:47,64

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    ~~~ Services

    ~~~ Registry Values

    ~~~ Registry Keys

    Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32

    Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs

    ~~~ Files

    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

    Successfully deleted: [Folder] "C:\ProgramData\partner"

    ~~~ FireFox

    Emptied folder: C:\Users\Guilherme\AppData\Roaming\mozilla\firefox\profiles\xa2ooawv.default\minidumps [1 files]

    ~~~ Event Viewer Logs were cleared

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on 02/09/2013 at 12:38:30,83

    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Atenciosamente,

    Guilherme

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Obrigado pelo acompanhamento. Eu não havia feito logo a terceira etapa porque foi muito recomendado só fazer o que o analista recomendar.

    Já adianto que o Avira sumiu da barra de tarefas e o scroll do touchpad não está funcionando.

    Muito obrigado pela ajuda.

    Atenciosamente,

    Guilherme

    LOG COMBOFIX:

    ComboFix 13-09-04.04 - Guilherme 04/09/2013 19:01:02.2.4 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.4001.2433 [GMT -3:00]

    Executando de: c:\users\Guilherme\Desktop\ComboFix.exe

    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\users\Convidado\AppData\Roaming\unins000.exe

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\_ctypes.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\_elementtree.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\_hashlib.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\_multiprocessing.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\_socket.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\_ssl.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\msvcp100.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\msvcr100.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\pyexpat.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\pysqlite2._sqlite.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\python27.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\pythoncom27.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\PyWinTypes27.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\select.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\unicodedata.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\win32api.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\win32com.shell.shell.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\win32crypt.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\win32event.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\win32file.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\win32inet.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\win32pdh.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\win32process.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\win32profile.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\win32security.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\win32ts.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\windows._cacheinvalidation.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\wx._controls_.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\wx._core_.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\wx._gdi_.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\wx._html2.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\wx._misc_.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\wx._windows_.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\wx._wizard.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\wxbase294u_net_vc90.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\wxbase294u_vc90.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\wxmsw294u_adv_vc90.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\wxmsw294u_core_vc90.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\wxmsw294u_html_vc90.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI30642\wxmsw294u_webview_vc90.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\_ctypes.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\_elementtree.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\_hashlib.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\_multiprocessing.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\_socket.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\_ssl.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\msvcp100.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\msvcr100.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\pyexpat.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\pysqlite2._sqlite.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\python27.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\pythoncom27.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\PyWinTypes27.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\select.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\unicodedata.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\win32api.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\win32com.shell.shell.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\win32crypt.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\win32event.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\win32file.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\win32inet.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\win32pdh.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\win32process.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\win32profile.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\win32security.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\win32ts.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\windows._cacheinvalidation.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\wx._controls_.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\wx._core_.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\wx._gdi_.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\wx._html2.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\wx._misc_.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\wx._windows_.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\wx._wizard.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\wxbase294u_net_vc90.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\wxbase294u_vc90.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\wxmsw294u_adv_vc90.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\wxmsw294u_core_vc90.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\wxmsw294u_html_vc90.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI30642\wxmsw294u_webview_vc90.dll

    c:\users\Guilherme\AppData\Roaming\unins000.exe

    .

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2013-08-04 to 2013-09-04 ))))))))))))))))))))))))))))

    .

    .

    2013-09-04 22:13 . 2013-09-04 22:13 -------- d-----w- c:\users\Public\AppData\Local\temp

    2013-09-04 22:13 . 2013-09-04 22:13 -------- d-----w- c:\users\Default\AppData\Local\temp

    2013-09-04 22:13 . 2013-09-04 22:13 -------- d-----w- c:\users\Convidado\AppData\Local\temp

    2013-09-02 15:41 . 2013-09-02 15:41 -------- d-----w- C:\AdwCleaner

    2013-09-02 15:19 . 2013-09-02 15:19 -------- d-----w- c:\windows\ERUNT

    2013-09-02 07:29 . 2013-08-20 03:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E85D6473-8CFE-4A2A-A0DB-A79AA451456B}\mpengine.dll

    2013-08-28 15:49 . 2013-08-28 15:49 -------- d-----w- c:\users\Convidado\AppData\Local\GAS Tecnologia

    2013-08-15 17:53 . 2013-08-15 17:54 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared

    2013-08-15 17:53 . 2013-08-15 17:53 -------- d-----w- c:\program files\Common Files\Autodesk Shared

    2013-08-15 17:53 . 2013-08-15 17:53 -------- d-----w- c:\users\Guilherme\AppData\Local\Autodesk

    2013-08-15 17:53 . 2013-08-15 17:53 -------- d-----w- c:\program files\Autodesk

    2013-08-15 17:53 . 2013-08-15 17:53 -------- d-----w- c:\program files (x86)\DWG TrueView 2014

    2013-08-15 16:13 . 2013-08-15 17:54 -------- d-----w- c:\users\Guilherme\AppData\Roaming\Autodesk

    2013-08-15 16:13 . 2013-08-15 17:53 -------- d-----w- c:\programdata\Autodesk

    2013-08-15 16:09 . 2013-08-15 16:09 -------- d-----w- C:\Autodesk

    2013-08-15 15:29 . 2013-08-15 15:30 -------- d-----w- c:\users\Guilherme\AppData\Local\Akamai

    2013-08-14 13:45 . 2013-08-14 13:45 -------- d-----w- c:\users\Convidado\AppData\Local\Macromedia

    2013-08-14 13:44 . 2013-08-14 13:44 -------- d-----w- c:\users\Convidado\AppData\Local\Mozilla

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2013-09-04 22:14 . 2013-07-20 18:59 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys

    2013-08-29 09:43 . 2013-05-14 01:59 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys

    2013-08-29 09:43 . 2013-05-14 01:57 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys

    2013-08-29 09:43 . 2013-05-14 01:57 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys

    2013-08-21 01:11 . 2012-07-11 01:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2013-08-21 01:11 . 2012-07-11 01:44 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2013-08-07 07:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

    2013-06-25 00:18 . 2013-06-25 00:18 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

    2013-06-25 00:18 . 2012-05-30 14:44 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

    2013-06-25 00:18 . 2012-03-23 12:30 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

    .

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por padrão não são apresentadas.

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]

    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]

    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-13 39408]

    "Akamai NetSession Interface"="c:\users\Guilherme\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "MuteSync"="c:\progra~2\Lenovo\LENOVO~1\MuteSync.exe" [2009-12-28 336384]

    "VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-06-13 329056]

    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]

    "CertificateRegistration"="aetcrss1.exe" [2011-03-24 151552]

    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

    "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-29 347192]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

    .

    c:\users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files (x86)\GbPlugin\gbiehuni.dll" [2012-10-15 655552]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    2013-05-23 13:47 1389096 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

    2012-10-15 18:50 655552 ------w- c:\program files (x86)\GbPlugin\gbiehuni.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "mixer3"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

    BootExecute REG_MULTI_SZ autocheck autochk *\0FbDefrag

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    @=""

    .

    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys;c:\windows\SYSNATIVE\drivers\gbpkm.sys [x]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

    R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

    R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys;c:\windows\SYSNATIVE\Drivers\GemCCID.sys [x]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]

    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

    R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

    R3 WSDScan;Suporte de Digitalização WSD via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]

    R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]

    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

    S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

    S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

    S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

    S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]

    S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]

    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

    S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

    S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys;c:\windows\SYSNATIVE\Drivers\usbvideo.sys [x]

    .

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\aetsprov]

    2010-08-01 01:55 81920 ----a-w- c:\windows\System32\aetsprov.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

    2013-08-31 23:06 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.62\Installer\chrmstp.exe

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    .

    2013-09-04 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 01:11]

    .

    2013-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 19:46]

    .

    2013-09-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 19:46]

    .

    2013-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2928619703-465327513-828500892-1001Core.job

    - c:\users\Guilherme\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-29 14:34]

    .

    2013-09-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2928619703-465327513-828500892-1001UA.job

    - c:\users\Guilherme\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-29 14:34]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

    2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

    2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

    2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

    2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

    2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

    2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]

    @="{771C7324-DA80-49D3-8017-753B0AF60951}"

    [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]

    2011-06-13 19:44 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]

    "S_Monitor"="c:\program files (x86)\BisonCam\Monitor.exe" [2011-01-03 258936]

    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

    "OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-06-13 789920]

    "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-05-08 9745312]

    "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-05-08 5374880]

    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

    "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]

    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]

    .

    ------- Scan Suplementar -------

    .

    uStart Page = about:blank

    uLocal Page = c:\windows\system32\blank.htm

    uDefault_Search_URL = hxxp://www.google.com/ie

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = <local>

    uSearchAssistant = hxxp://www.google.com/ie

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

    IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

    IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

    IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm

    Trusted Zone: bancobrasil.com.br\www

    Trusted Zone: bancobrasil.com.br\www14

    Trusted Zone: bancobrasil.com.br\www2

    Trusted Zone: bb.com.br\www

    TCP: DhcpNameServer = 192.168.25.1

    FF - ProfilePath - c:\users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\xa2ooawv.default\

    FF - ExtSQL: 2013-07-20 15:54; {87F8774F-B485-47E2-A755-A40A8A5E886C}; c:\users\Guilherme\AppData\Local\GAS Tecnologia\GBBD\bb\xpi

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    .

    Toolbar-Locked - (no file)

    AddRemove-EC016E3C-26D1-4DC8-9D8A-6AC06B3005A5 - c:\users\Guilherme\Desktop\Desinstalador.exe

    AddRemove-TagScanner_is1 - c:\program files (x86)\TagScanner\unins000.exe

    AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Guilherme\AppData\Roaming\unins000.exe

    .

    .

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

    @Denied: (A) (Everyone)

    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

    @Denied: (A) (Everyone)

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

    "Key"="ActionsPane3"

    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

    c:\program files (x86)\Bonjour\mDNSResponder.exe

    c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

    c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2013-09-04 19:22:56 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2013-09-04 22:22

    ComboFix2.txt 2013-05-13 23:48

    .

    Pré-execução: 154.834.915.328 bytes disponíveis

    Pós execução: 156.430.872.576 bytes disponíveis

    .

    - - End Of File - - E21937D5A2F202BEDB892CFF713448A3

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro guilhermeigs

    Já adianto que o Avira sumiu da barra de tarefas e o scroll do touchpad não está funcionando.
    Você chegou a reiniciar o PC? Ainda não estão funcionando?

    Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).

    • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":

    Reglock::
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]


    • Salve este arquivo como: CFScript.txt
    • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

    2872959479_997d4500c4_o.gif

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Diego,

    Obrigado pelo acompanhamento.

    Na verdade, após reiniciar o computador (após o reinício que o combofix executou sozinho) tudo voltou a funcionar.

    O computador já está limpo?

    Muito obrigado!!!

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
    O computador já está limpo?
    Meu amigo, temos que continuar até o fim para afirmar isso... continue com o ComboFix e o script passado acima ;)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Certinho, fiz como você orientou no script, segue o log:

    ComboFix 13-09-06.01 - Guilherme 07/09/2013 11:05:53.3.4 - x64

    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1046.18.4001.2423 [GMT -3:00]

    Executando de: c:\users\Guilherme\Desktop\ComboFix.exe

    Comandos utilizados :: c:\users\Guilherme\Desktop\CFScript.txt

    AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}

    SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\_ctypes.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\_elementtree.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\_hashlib.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\_multiprocessing.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\_socket.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\_ssl.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\msvcp100.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\msvcr100.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\pyexpat.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\pysqlite2._sqlite.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\python27.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\pythoncom27.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\PyWinTypes27.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\select.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\unicodedata.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\win32api.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\win32com.shell.shell.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\win32crypt.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\win32event.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\win32file.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\win32inet.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\win32pdh.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\win32process.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\win32profile.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\win32security.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\win32ts.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\windows._cacheinvalidation.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\wx._controls_.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\wx._core_.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\wx._gdi_.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\wx._html2.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\wx._misc_.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\wx._windows_.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\wx._wizard.pyd

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\wxbase294u_net_vc90.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\wxbase294u_vc90.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\wxmsw294u_adv_vc90.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\wxmsw294u_core_vc90.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\wxmsw294u_html_vc90.dll

    c:\users\GUILHE~1\AppData\Local\Temp\_MEI34482\wxmsw294u_webview_vc90.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\_ctypes.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\_elementtree.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\_hashlib.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\_multiprocessing.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\_socket.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\_ssl.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\msvcp100.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\msvcr100.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\pyexpat.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\pysqlite2._sqlite.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\python27.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\pythoncom27.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\PyWinTypes27.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\select.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\unicodedata.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\win32api.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\win32com.shell.shell.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\win32crypt.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\win32event.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\win32file.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\win32inet.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\win32pdh.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\win32process.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\win32profile.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\win32security.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\win32ts.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\windows._cacheinvalidation.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\wx._controls_.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\wx._core_.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\wx._gdi_.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\wx._html2.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\wx._misc_.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\wx._windows_.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\wx._wizard.pyd

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\wxbase294u_net_vc90.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\wxbase294u_vc90.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\wxmsw294u_adv_vc90.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\wxmsw294u_core_vc90.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\wxmsw294u_html_vc90.dll

    c:\users\Guilherme\AppData\Local\Temp\_MEI34482\wxmsw294u_webview_vc90.dll

    c:\windows\SysWow64\drivers\ati0qaxx.sys

    c:\windows\SysWow64\drivers\tcpv6srv.sys

    .

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2013-08-07 to 2013-09-07 ))))))))))))))))))))))))))))

    .

    .

    2013-09-07 14:20 . 2013-09-07 14:20 -------- d-----w- c:\users\Public\AppData\Local\temp

    2013-09-07 14:20 . 2013-09-07 14:20 -------- d-----w- c:\users\Default\AppData\Local\temp

    2013-09-07 14:20 . 2013-09-07 14:20 -------- d-----w- c:\users\Convidado\AppData\Local\temp

    2013-09-02 15:41 . 2013-09-02 15:41 -------- d-----w- C:\AdwCleaner

    2013-09-02 15:19 . 2013-09-02 15:19 -------- d-----w- c:\windows\ERUNT

    2013-09-02 07:29 . 2013-08-20 03:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E85D6473-8CFE-4A2A-A0DB-A79AA451456B}\mpengine.dll

    2013-08-28 15:49 . 2013-08-28 15:49 -------- d-----w- c:\users\Convidado\AppData\Local\GAS Tecnologia

    2013-08-15 17:53 . 2013-08-15 17:54 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared

    2013-08-15 17:53 . 2013-08-15 17:53 -------- d-----w- c:\program files\Common Files\Autodesk Shared

    2013-08-15 17:53 . 2013-08-15 17:53 -------- d-----w- c:\users\Guilherme\AppData\Local\Autodesk

    2013-08-15 17:53 . 2013-08-15 17:53 -------- d-----w- c:\program files\Autodesk

    2013-08-15 17:53 . 2013-08-15 17:53 -------- d-----w- c:\program files (x86)\DWG TrueView 2014

    2013-08-15 16:13 . 2013-08-15 17:54 -------- d-----w- c:\users\Guilherme\AppData\Roaming\Autodesk

    2013-08-15 16:13 . 2013-08-15 17:53 -------- d-----w- c:\programdata\Autodesk

    2013-08-15 16:09 . 2013-08-15 16:09 -------- d-----w- C:\Autodesk

    2013-08-15 15:29 . 2013-08-15 15:30 -------- d-----w- c:\users\Guilherme\AppData\Local\Akamai

    2013-08-14 13:45 . 2013-08-14 13:45 -------- d-----w- c:\users\Convidado\AppData\Local\Macromedia

    2013-08-14 13:44 . 2013-08-14 13:44 -------- d-----w- c:\users\Convidado\AppData\Local\Mozilla

    .

    .

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2013-09-07 14:21 . 2013-07-20 18:59 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys

    2013-09-05 21:00 . 2013-05-14 01:57 105344 ----a-w- c:\windows\system32\drivers\avgntflt.sys

    2013-08-29 09:43 . 2013-05-14 01:59 81112 ----a-w- c:\windows\system32\drivers\avnetflt.sys

    2013-08-29 09:43 . 2013-05-14 01:57 132088 ----a-w- c:\windows\system32\drivers\avipbb.sys

    2013-08-21 01:11 . 2012-07-11 01:44 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2013-08-21 01:11 . 2012-07-11 01:44 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2013-08-07 07:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe

    2013-06-25 00:18 . 2013-06-25 00:18 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

    2013-06-25 00:18 . 2012-05-30 14:44 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

    2013-06-25 00:18 . 2012-03-23 12:30 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll

    .

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por padrão não são apresentadas.

    REGEDIT4

    .

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]

    "GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]

    "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-06-13 39408]

    "Akamai NetSession Interface"="c:\users\Guilherme\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "MuteSync"="c:\progra~2\Lenovo\LENOVO~1\MuteSync.exe" [2009-12-28 336384]

    "VeriFaceManager"="c:\program files (x86)\Lenovo\VeriFace\PManage.exe" [2011-06-13 329056]

    "WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-12-09 74752]

    "CertificateRegistration"="aetcrss1.exe" [2011-03-24 151552]

    "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

    "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

    "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-08-29 347192]

    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

    "AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]

    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]

    .

    c:\users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

    OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-1-8 228448]

    .

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

    Bluetooth.lnk - c:\program files\Lenovo\Bluetooth Software\BTTray.exe [2010-12-14 1133856]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files (x86)\GbPlugin\gbiehuni.dll" [2012-10-15 655552]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    2013-05-23 13:47 1389096 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

    2012-10-15 18:50 655552 ------w- c:\program files (x86)\GbPlugin\gbiehuni.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "mixer3"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

    BootExecute REG_MULTI_SZ autocheck autochk *\0FbDefrag

    .

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

    @=""

    .

    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys;c:\windows\SYSNATIVE\drivers\gbpkm.sys [x]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

    R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c:\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]

    R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]

    R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]

    R3 GemCCID;GemCCID;c:\windows\system32\Drivers\GemCCID.sys;c:\windows\SYSNATIVE\Drivers\GemCCID.sys [x]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

    R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]

    R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]

    R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]

    R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]

    R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]

    R3 WSDScan;Suporte de Digitalização WSD via UMB;c:\windows\system32\DRIVERS\WSDScan.sys;c:\windows\SYSNATIVE\DRIVERS\WSDScan.sys [x]

    R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys;c:\windows\SYSNATIVE\DRIVERS\wsvd.sys [x]

    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]

    S0 LHDmgr;LHDmgr;c:\windows\System32\DRIVERS\LhdX64.sys;c:\windows\SYSNATIVE\DRIVERS\LhdX64.sys [x]

    S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]

    S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]

    S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]

    S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]

    S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

    S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]

    S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiVpc.sys [x]

    S3 BTWAMPFL;BTWAMPFL;c:\windows\system32\DRIVERS\btwampfl.sys;c:\windows\SYSNATIVE\DRIVERS\btwampfl.sys [x]

    S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys;c:\windows\SYSNATIVE\DRIVERS\btwl2cap.sys [x]

    S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

    S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

    S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\usbvideo.sys;c:\windows\SYSNATIVE\Drivers\usbvideo.sys [x]

    .

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\aetsprov]

    2010-08-01 01:55 81920 ----a-w- c:\windows\System32\aetsprov.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

    2013-09-04 23:06 1177552 ----a-w- c:\program files (x86)\Google\Chrome\Application\29.0.1547.66\Installer\chrmstp.exe

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    .

    2013-09-07 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-11 01:11]

    .

    2013-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 19:46]

    .

    2013-09-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-06-13 19:46]

    .

    2013-09-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2928619703-465327513-828500892-1001Core.job

    - c:\users\Guilherme\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-29 14:34]

    .

    2013-09-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2928619703-465327513-828500892-1001UA.job

    - c:\users\Guilherme\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-29 14:34]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

    2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

    2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]

    2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

    2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

    2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

    @="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

    [HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

    2013-06-27 19:11 778704 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\VeriFace Enc]

    @="{771C7324-DA80-49D3-8017-753B0AF60951}"

    [HKEY_CLASSES_ROOT\CLSID\{771C7324-DA80-49D3-8017-753B0AF60951}]

    2011-06-13 19:44 1508192 ----a-w- c:\windows\System32\IcnOvrly.dll

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]

    "S_Monitor"="c:\program files (x86)\BisonCam\Monitor.exe" [2011-01-03 258936]

    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]

    "OnekeyStudio"="c:\program files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe" [2011-06-13 789920]

    "Energy Management"="c:\program files (x86)\Lenovo\Energy Management\Energy Management.exe" [2012-05-08 9745312]

    "EnergyUtility"="c:\program files (x86)\Lenovo\Energy Management\Utility.exe" [2012-05-08 5374880]

    "XboxStat"="c:\program files\Microsoft Xbox 360 Accessories\XboxStat.exe" [2009-09-30 825184]

    "UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]

    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-12-14 172144]

    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-12-14 399984]

    "Persistence"="c:\windows\system32\igfxpers.exe" [2012-12-14 441968]

    "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-09-20 444904]

    .

    ------- Scan Suplementar -------

    .

    uStart Page = about:blank

    uLocal Page = c:\windows\system32\blank.htm

    uDefault_Search_URL = hxxp://www.google.com/ie

    mLocal Page = c:\windows\SysWOW64\blank.htm

    uInternet Settings,ProxyOverride = <local>

    uSearchAssistant = hxxp://www.google.com/ie

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105

    IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

    IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000

    IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm

    IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\Lenovo\Bluetooth Software\btsendto_ie.htm

    Trusted Zone: bancobrasil.com.br\www

    Trusted Zone: bancobrasil.com.br\www14

    Trusted Zone: bancobrasil.com.br\www2

    Trusted Zone: bb.com.br\www

    TCP: DhcpNameServer = 192.168.25.1

    FF - ProfilePath - c:\users\Guilherme\AppData\Roaming\Mozilla\Firefox\Profiles\xa2ooawv.default\

    FF - ExtSQL: 2013-07-20 15:54; {87F8774F-B485-47E2-A755-A40A8A5E886C}; c:\users\Guilherme\AppData\Local\GAS Tecnologia\GBBD\bb\xpi

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    .

    Toolbar-Locked - (no file)

    AddRemove-EC016E3C-26D1-4DC8-9D8A-6AC06B3005A5 - c:\users\Guilherme\Desktop\Desinstalador.exe

    AddRemove-TagScanner_is1 - c:\program files (x86)\TagScanner\unins000.exe

    AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Guilherme\AppData\Roaming\unins000.exe

    .

    .

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.11"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker5"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

    @Denied: (A) (Everyone)

    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

    @Denied: (A) (Everyone)

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

    "Key"="ActionsPane3"

    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    ------------------------ Outros Processos em Execução ------------------------

    .

    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe

    c:\program files (x86)\Bonjour\mDNSResponder.exe

    c:\program files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe

    c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    .

    **************************************************************************

    .

    Tempo para conclusão: 2013-09-07 11:28:29 - Máquina reiniciou

    ComboFix-quarantined-files.txt 2013-09-07 14:28

    ComboFix2.txt 2013-09-04 22:22

    ComboFix3.txt 2013-05-13 23:48

    .

    Pré-execução: 157.463.097.344 bytes disponíveis

    Pós execução: 157.041.344.512 bytes disponíveis

    .

    - - End Of File - - A4D0C8E40D4A677E743F827696B63772

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro guilhermeigs

    Faça o download do Malwarebytes Anti-Malware:

    • Link1
    • Link alternativo
      • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
      • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
      • Se existirem atualizações, elas serão baixadas e instaladas.
      • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
      • O scan iniciará e poderá ser demorado. Por favor seja paciente.
      • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
      • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
      • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
      • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
      • Copie e cole o conteúdo desse log na sua próxima resposta.

    Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Segue log do Malwarebytes

    Malwarebytes Anti-Malware 1.75.0.1300

    www.malwarebytes.org

    Versão da Base de Dados: v2013.09.09.10

    Windows 7 Service Pack 1 x64 NTFS

    Internet Explorer 10.0.9200.16540

    Guilherme :: GUI-LENOVO [administrador]

    09/09/2013 20:41:11

    mbam-log-2013-09-09 (20-41-11).txt

    Tipo de Verificação: Verificação Rápida

    Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

    Opções de verificação desativadas: P2P

    Objetos escaneados: 254555

    Tempo decorrido: 7 minuto(s), 50 segundo(s)

    Processos de Memória Detectados: 0

    (Não foram detectados ítens maliciosos)

    Módulos de Memória Detectados: 0

    (Não foram detectados ítens maliciosos)

    Chaves de Registro Detectadas: 0

    (Não foram detectados ítens maliciosos)

    Valores de Registro Detectadas: 0

    (Não foram detectados ítens maliciosos)

    Itens de Dados no Registro Detectadas: 0

    (Não foram detectados ítens maliciosos)

    Pastas Detectadas: 0

    (Não foram detectados ítens maliciosos)

    Arquivos Detectados: 0

    (Não foram detectados ítens maliciosos)

    (fim)

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro guilhermeigs

    Faça o download do Kaspersky AVP Tool de um desses links:

    Alternativa 1

    Alternativa 2

    • Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome.
    • Somente o campo "email" é obrigatório.
    • Informe seu email depois clique no botão Submit Form.
    • A página será recarregada. Clique no botão Download
    • Salve-o em sua área de trabalho (Desktop).
    • Execute o arquivo e aguarde a instalação.
      • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

    • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
    • Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

    KRT_settings.png

    Nesta tela, marque a caixa ao lado de:

    • Meu Computador;
    • Disco local (C:);
    • Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
    • Depois clique na aba Automatic Scan.

    KRT_install2_.png

    • De volta à tela inicial do programa, clique no botão Start scanning;
    • Tenha paciência, é um pouco demorado;
    • Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
    • Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

    KRT_detection_.png

    Uma vez finalizado o scan, proceda da seguinte forma:

    1. Na tela principal, caso tenha sido detectado algo, então salve o log.
    2. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
    3. Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings").
    4. Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
    5. Escolha um local de fácil acesso e salve como log.txt
    6. Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
    7. Se nada for detectado, então não precisa salvar o log, apenas avise.
    8. Para sair do programa, basta clicar no X no canto superior direito.

    Observações:
    Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
    laranja
    , caso nada tenha sido detectado; e na cor
    vermelha
    , caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
    No, thanks
    .

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites
  • Autor do tópico
  • Olá, Diego,

    Nada encontrado, a luz ficou laranja como você falou.

    De vez em quando o notebook demora muito pra iniciar e aparece a mensagem "Servidor ocupado", com os botões "Alternar para..." e "Repetir". Quando clico em "alternar para..." ele abre o menu iniciar e volta a funcionar normal.

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites

    Caro guilhermeigs

    Log limpo :)

    >>>> Como está o computador?

    # Etapa nº 1 #

    Vamos desinstalar o ComboFix:

    Renomeie o combofix.exe para uninstall.exe, clique duas vezes nele e aguarde o programa ser removido.

    Ou se preferir vá em,

    iniciar > executar e digite Combofix /Uninstall e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido.

    # Etapa nº 2 #

    Faça download do OTC by OldTimer e salve em seu desktop.

    • Clique duas vezes no ícone 4142006426_4719050954_o.gif
    • Clique em executar;
    • Clique em seu único botão (imagem abaixo):
      4141259853_5a542d5908_o.jpg
    • Permita que seu computador seja reiniciado.

    # Etapa nº 3 #

    • Novamente: clique duas vezes no adwcleaner.exe
      • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

    • Clique em Desinstalar
    • Clique em Sim, aguarde.

    # Etapa nº 4 #
    O seu Java está desatualizado.
    Atenção: Desinstale TODAS as versões antigas do Java.
    • Feche todos os programas especialmente o seu Navegador (IE, Firefox etc).
    • Acesse o site Java para Windows
    • Clique em 4531602912_e9606174d3_o.gif
    • Na janela que surgir clique em Executar;
    • Siga os procedimentos de instalação.

    # Etapa nº 5 #

    <<@>> Instale o CCleaner

    O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner


    • IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
    • Abra o programa e clique em Executar Limpeza;
    • clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
      Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

    <<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!

    Abraços :D

    Compartilhar este post


    Link para o post
    Compartilhar em outros sites





    Sobre o Clube do Hardware

    No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

    Direitos autorais

    Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

    ×