Ir ao conteúdo
  • Cadastre-se
Jerusag

Notebook Lento

Recommended Posts

Meu Notebook está muito lento e não consegue processar mais. Na inicialização não carrega totalmente o desktop e processa lentamente. O antivírus não abre mais e só consigo ligar o notebook no modo de segurança.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 NETWORK
Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.51.2
Run by Delano Gonçalves at 14:39:25 on 2014-04-19
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.55.1046.18.4004.2904 [GMT -3:00]
.
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Users\Delano Gonçalves\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Delano Gonçalves\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Delano Gonçalves\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Delano Gonçalves\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Delano Gonçalves\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.turkojan.com/
uDefault_Page_URL = hxxp://www.google.com
uProxyServer = :0
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL
BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
uRun: [Memory Improve Master] C:\Program Files (x86)\Memory Improve Master\MemoryImproveMaster.exe /autorun
mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
TCP: NameServer = 10.1.1.1 192.168.0.1
TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2} : DHCPNameServer = 10.1.1.1 192.168.0.1
TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2}\3756D6023796E616C6 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2}\3756D6023796E616C6 : DHCPNameServer = 8.8.8.8 4.4.4.4 10.1.1.1
TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2}\746545D233835303 : NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2}\746545D233835303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2}\D4142554353514341425E4549425F4F5E4564777F627B6 : DHCPNameServer = 192.168.2.1 192.168.1.1
TCP: Interfaces\{61125825-8A81-49E6-8AF1-C95273272F1F} : NameServer = 8.8.8.8,4.4.4.4
TCP: Interfaces\{61125825-8A81-49E6-8AF1-C95273272F1F} : DHCPNameServer = 192.168.254.254
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mSearchAssistant = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHM501II_S2QDJ56BA07836A07836&ts=1376893832
x64-mCustomizeSearch = hxxp://search.portaldosites.com/web/?utm_source=b&utm_medium=cor&from=cor&uid=SAMSUNGXHM501II_S2QDJ56BA07836A07836&ts=1376893832
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab
x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
Hosts: 127.0.0.1 www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Delano Gonçalves\AppData\Roaming\Mozilla\Firefox\Profiles\3buwg3jx.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Delano Gonçalves\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll
.
============= SERVICES / DRIVERS ===============
.
R0 FSProFilter;FSPro File Filter;C:\Windows\System32\drivers\FSPFltd.sys [2012-3-13 54848]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-12-21 55856]
R1 Bprotect;Baidu Protect;C:\Windows\System32\drivers\Bprotect.sys [2014-3-19 128992]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-26 283200]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-5-20 29344]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-21 533096]
S1 4168234drv;4168234drv;C:\Windows\System32\drivers\4168234drv.sys [2013-7-24 556632]
S1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-4-1 28600]
S1 Bfilter;Baidu Antivirus Minifilter Driver;C:\Windows\System32\drivers\Bfilter.sys [2014-3-19 52032]
S1 Bfmon;Baidu FS Monitor Driver;C:\Windows\System32\drivers\Bfmon.sys [2014-3-19 34624]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
S2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-21 89600]
S2 AntiVirSchedulerService;Avira Agendamento;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-4-1 440400]
S2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-4-1 440400]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-5-20 146592]
S2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-5-20 80032]
S2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-4-1 108440]
S2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2014-4-1 84720]
S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-1-20 402192]
S2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-1-20 115472]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-1-20 385808]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 KMSEmulator;KMS Server Service;C:\ProgramData\KMSAuto\KMSES.exe 1688 55041-00206-236-329597-03-1049-7601.0000-3002012 KillProcessOnPort --> C:\ProgramData\KMSAuto\KMSES.exe 1688 55041-00206-236-329597-03-1049-7601.0000-3002012 KillProcessOnPort [?]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-18 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-18 857912]
S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]
S2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-12-21 1692480]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S2 winzipersvc;WinZiper service;C:\Program Files (x86)\WinZipper\winzipersvc.exe [2013-8-23 424104]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-5-20 36000]
S3 BprotectEx;Baidu ProtectEx;C:\Windows\System32\drivers\BprotectEx.sys [2013-8-26 76096]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-5-20 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-5-20 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-5-20 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-5-20 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-12-21 282272]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-12-21 176096]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-11 111616]
S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-12-21 158976]
S3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-21 317440]
S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-9-15 25816]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-18 63192]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]
S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-12-21 250984]
S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudobex.sys [2013-10-28 204568]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2012-11-14 40712]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2014-4-1 1017424]
S4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-11-10 166400]
S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-11-10 128512]
S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
.
=============== Created Last 30 ================
.
2014-04-18 22:21:41 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-18 22:20:59 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-18 22:20:59 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-04-18 22:20:58 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-11 04:42:01 359936 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2014-04-11 04:42:01 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll
2014-04-09 15:42:20 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys
2014-04-09 15:42:20 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys
2014-04-09 15:42:20 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll
2014-04-09 15:42:20 2048 ----a-w- C:\Windows\System32\iologmsg.dll
2014-04-09 15:42:20 190912 ----a-w- C:\Windows\System32\drivers\storport.sys
2014-04-09 15:37:17 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-04-09 15:37:17 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-04-09 15:37:17 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-04-09 15:37:17 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-04-09 15:37:17 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-04-09 15:37:17 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-04-09 15:37:17 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-04-09 15:37:17 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2014-04-09 15:37:17 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-04-09 15:37:13 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2014-04-01 15:26:15 -------- d-----w- C:\Users\Delano Gonçalves\AppData\Roaming\Avira
2014-04-01 15:24:54 84720 ----a-w- C:\Windows\System32\drivers\avnetflt.sys
2014-04-01 15:24:54 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2014-04-01 15:24:54 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2014-04-01 15:24:52 -------- d-----w- C:\ProgramData\Avira
2014-04-01 15:24:52 -------- d-----w- C:\Program Files (x86)\Avira
.
==================== Find3M  ====================
.
2014-04-11 14:27:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-11 14:27:10 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-03 12:50:58 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-03-06 09:32:16 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:32:07 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-01-24 21:15:00 35984 ----a-w- C:\Windows\System32\FM20PTG.DLL
2014-01-24 21:15:00 35984 ----a-w- C:\Windows\System32\FM20PTB.DLL
2014-01-23 19:05:00 1683112 ----a-w- C:\Windows\System32\FM20.DLL
2014-01-21 14:14:50 34624 ----a-w- C:\Windows\System32\drivers\Bfmon.sys
2014-01-21 14:14:40 52032 ----a-w- C:\Windows\System32\drivers\Bfilter.sys
2014-01-21 10:01:36 128992 ----a-w- C:\Windows\System32\drivers\Bprotect.sys
2010-01-26 21:11:08 444283 ----a-w- C:\Program Files\Common Files\WinPcapNmap.exe
2010-01-26 13:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe

..

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Basic 
Boot Device: \Device\HarddiskVolume2
Install Date: 24/12/2011 11:38:23
System Uptime: 19/04/2014 14:26:09 (0 hours ago)
.
Motherboard: Dell Inc. |  | 0X0DC1
Processor: Intel® Core i3-2330M CPU @ 2.20GHz | CPU 1 | 2195/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 452 GiB total, 322,9 GiB free.
D: is CDROM ()
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: avast! Firewall NDIS Filter Miniport
Device ID: ROOT\SW_ASWNDISMP\0000
Manufacturer: ALWIL Software
Name: avast! Firewall NDIS Filter Miniport
PNP Device ID: ROOT\SW_ASWNDISMP\0000
Service: aswNdis
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: Security Processor Loader Driver
Device ID: ROOT\LEGACY_SPLDR\0000
Manufacturer: 
Name: Security Processor Loader Driver
PNP Device ID: ROOT\LEGACY_SPLDR\0000
Service: spldr
.
==== System Restore Points ===================
.
RP365: 08/04/2014 21:29:14 - Ponto de Verificação Agendado
RP366: 10/04/2014 03:00:31 - Windows Update
RP367: 11/04/2014 01:40:55 - Windows Update
RP368: 13/04/2014 03:00:11 - Windows Update
.
==== Installed Programs ======================
.
ABBYY FineReader 9.0 Sprint
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 12 ActiveX
Adobe Flash Player 13 Plugin
Adobe Photoshop CS6
Adobe Reader XI - Português
Adobe Shockwave Player 12.0
Adolix Split and Merge PDF v2.1
Advanced Audio FX Engine
µTorrent
Auslogics Disk Defrag
Avira Free Antivirus
BCL easyConverter Desktop 3 (Word Version)
BlueStacks Notification Center
Bluetooth Win7 Suite (64)
CCleaner
Controle ActiveX do Windows Live Mesh para Conexões Remotas
Counter-Strike: Global Offensive
CyberLink PowerDVD 9.5
DAEMON Tools Lite
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition
Defraggler
Dell Bluetooth Installation
Dell DataSafe Local Backup
Dell DataSafe Local Backup - Support Software
Dell Edoc Viewer
Dell Getting Started Guide
Dell PhotoStage
Dell Touchpad
Dell VideoStage 
Dell Webcam Central
Desinstalar impressora EPSON TX133 TX135 Series
DirectX 9 Runtime
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
Epson Event Manager
EPSON Scan
FormatFactory 3.00
Free PS Convert driver 8.15
Glary Utilities 4.1
Google Chrome
Google Earth Plug-in
Google Update Helper
Intel® Processor Graphics
Java 7 Update 51
Java Auto Updater
Java 6 Update 37
Java 6 Update 39 (64-bit)
K-Lite Mega Codec Pack 10.2.0
Last.fm Scrobbler 2.1.36
League of Legends
Left 4 Dead 2
Malwarebytes Anti-Malware versão 2.0.1.1004
Memory Improve Master Free Version v6.1.2.369
Microsoft .NET Framework 4.5.1
Microsoft Access MUI (Portuguese (Brazil)) 2013
Microsoft Antimalware Service PT-BR Language Pack
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft DCF MUI (Portuguese (Brazil)) 2013
Microsoft Excel MUI (Portuguese (Brazil)) 2013
Microsoft Games for Windows - LIVE Redistributable
Microsoft Groove MUI (Portuguese (Brazil)) 2013
Microsoft InfoPath MUI (Portuguese (Brazil)) 2013
Microsoft Lync MUI (Portuguese (Brazil)) 2013
Microsoft Office 32-bit Components 2013
Microsoft Office OSM MUI (Portuguese (Brazil)) 2013
Microsoft Office OSM UX MUI (Portuguese (Brazil)) 2013
Microsoft Office Professional Plus 2013
Microsoft Office Proofing (Portuguese (Brazil)) 2013
Microsoft Office Proofing Tools 2013 - English
Microsoft Office Proofing Tools 2013 - Español
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2013
Microsoft Office Shared MUI (Portuguese (Brazil)) 2013
Microsoft OneNote MUI (Portuguese (Brazil)) 2013
Microsoft Outlook MUI (Portuguese (Brazil)) 2013
Microsoft PowerPoint MUI (Portuguese (Brazil)) 2013
Microsoft Publisher MUI (Portuguese (Brazil)) 2013
Microsoft Security Client PT-BR Language Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Word MUI (Portuguese (Brazil)) 2013
Microsoft_VC80_CRT_x86
Microsoft_VC90_CRT_x86
Mozilla Firefox 27.0.1 (x86 pt-BR)
Mozilla Maintenance Service
MPC-HC 1.6.5.6366
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MV RegClean 5.9
My Dell
My Lockbox 2.6
Palco de Música da Dell
Palco Dell
PDF Settings CS6
PDFConverter Printer Driver version 2.00
PhotoScape
PhotoShowExpress
Quickset64
RBVirtualFolder64Inst
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealUpgrade 1.1
Revisores de Texto do Microsoft Office 2013 – Português do Brasil
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft Word 2013 (KB2863910) 64-Bit Edition
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition
Skype™ 6.11
Sonic CinePlayer Decoder Pack
Steam
swMSM
System Requirements Lab CYRI
System Requirements Lab Detection
The War Z
Unlocker 1.9.1-x64
Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition
Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition
Update for Microsoft Office 2013 (KB2817636) 64-Bit Edition
Update for Microsoft Office 2013 (KB2825631) 64-Bit Edition
Update for Microsoft Office 2013 (KB2827272) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863825) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863844) 64-Bit Edition
Update for Microsoft Office 2013 (KB2863860) 64-Bit Edition
Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition
Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition
Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition
Update for Microsoft PowerPoint 2013 (KB2837627) 64-Bit Edition
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition
Update for Microsoft Word 2013 (KB2863909) 64-Bit Edition
VDownloader 3.9.1622
vDownloader Packages
WinAVI Video Converter
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
WinPcap 4.1.1
WinRAR 4.20 (32-bit)
WinRAR 5.00 (64-bit)
WinZipper
Word to PDF Converter 4.00
.
==== End Of File ===========================
 
 
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-04-19 15:41:58
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 465,76GB
Running: dd52i88s.exe; Driver: C:\Users\DELANO~1\AppData\Local\Temp\uwldqkod.sys
 
 
---- Registry - GMER 2.1 ----
 
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5f2cf02                                         
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5f2cf02@2c4401b204e4                            0xFF 0xC1 0xF1 0xAD ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5f2cf02@18e2c2cf2371                            0x62 0xC9 0x9B 0x2E ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5f2cf02@58a2b520d11b                            0xCB 0xAA 0x77 0x67 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                    
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                 C:\Program Files (x86)\DAEMON Tools Lite\
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                 0x00 0x00 0x00 0x00 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                 0
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                              0xE6 0x2C 0x2E 0x06 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                           
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                        0xA0 0x02 0x00 0x00 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                     0xF0 0xC6 0x32 0x16 ...
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                      
Reg   HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                0x00 0x05 0x1A 0x3A ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5f2cf02 (not active ControlSet)                     
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5f2cf02@2c4401b204e4                                0xFF 0xC1 0xF1 0xAD ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5f2cf02@18e2c2cf2371                                0x62 0xC9 0x9B 0x2E ...
Reg   HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5f2cf02@58a2b520d11b                                0xCB 0xAA 0x77 0x67 ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     C:\Program Files (x86)\DAEMON Tools Lite\
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     0x00 0x00 0x00 0x00 ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     0
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  0xE6 0x2C 0x2E 0x06 ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            0xA0 0x02 0x00 0x00 ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         0xF0 0xC6 0x32 0x16 ...
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
Reg   HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    0x00 0x05 0x1A 0x3A ...
 
---- Files - GMER 2.1 ----
 
File  C:\Users\Delano Gonçalves\Documents\Minhas imagens                                                                  0 bytes
 
---- EOF - GMER 2.1 ----

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá

 

Desculpe a demora :)

 

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

 

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.51.2

Run by Delano Gonçalves at 10:10:57 on 2014-04-21

Microsoft Windows 7 Home Basic   6.1.7601.1.1252.55.1046.18.4004.2734 [GMT -3:00]

.

AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}

SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Program Files\IDT\WDM\STacSV64.exe

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe

C:\Program Files\IDT\WDM\AESTSr64.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe

C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe

C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe

C:\Windows\System32\igfxtray.exe

C:\Windows\System32\hkcmd.exe

C:\Windows\System32\igfxpers.exe

C:\Program Files\IDT\WDM\sttray64.exe

C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe

C:\Program Files (x86)\BlueStacks\HD-Agent.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\ProgramData\KMSAuto\KMSES.exe

C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe

C:\Windows\system32\svchost.exe -k bthsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.turkojan.com/

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL

BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

uRun: [Memory Improve Master] C:\Program Files (x86)\Memory Improve Master\MemoryImproveMaster.exe /autorun

mRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot

mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

mRun: [blueStacks Agent] C:\Program Files (x86)\BlueStacks\HD-Agent.exe

mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

uPolicies-Explorer: NoDrives = dword:0

mPolicies-Explorer: NoDrives = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

.

INFO: HKLM has more than 50 listed domains.

   If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} - hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab

TCP: NameServer = 10.1.1.1 192.168.0.1

TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2} : NameServer = 8.8.8.8,8.8.4.4

TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2} : DHCPNameServer = 10.1.1.1 192.168.0.1

TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2}\3756D6023796E616C6 : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2}\3756D6023796E616C6 : DHCPNameServer = 8.8.8.8 4.4.4.4 10.1.1.1

TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2}\746545D233835303 : NameServer = 208.67.222.222,208.67.220.220

TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2}\746545D233835303 : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2}\D4142554353514341425E4549425F4F5E4564777F627B6 : DHCPNameServer = 192.168.2.1 192.168.1.1

TCP: Interfaces\{61125825-8A81-49E6-8AF1-C95273272F1F} : NameServer = 8.8.8.8,4.4.4.4

Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll

x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll

x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe

x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe

x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe

x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\Office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

.

INFO: x64-HKLM has more than 50 listed domains.

   If you wish to scan all of them, select the 'Force scan all domains' option.

.

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab

x64-Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Notify: igfxcui - igfxdev.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Delano Gonçalves\AppData\Roaming\Mozilla\Firefox\Profiles\3buwg3jx.default\

FF - plugin: C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

FF - plugin: C:\Users\Delano Gonçalves\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_170.dll

.

============= SERVICES / DRIVERS ===============

.

R0 FSProFilter;FSPro File Filter;C:\Windows\System32\drivers\FSPFltd.sys [2012-3-13 54848]

R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2011-12-21 55856]

R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2014-4-1 28600]

R1 Bfilter;Baidu Antivirus Minifilter Driver;C:\Windows\System32\drivers\Bfilter.sys [2014-3-19 52032]

R1 Bfmon;Baidu FS Monitor Driver;C:\Windows\System32\drivers\Bfmon.sys [2014-3-19 34624]

R1 Bprotect;Baidu Protect;C:\Windows\System32\drivers\Bprotect.sys [2014-3-19 128992]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-26 283200]

R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]

R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-21 89600]

R2 AntiVirSchedulerService;Avira Agendamento;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2014-4-1 440400]

R2 AntiVirService;Avira Real-Time Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2014-4-1 440400]

R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-5-20 146592]

R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-5-20 80032]

R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2014-4-1 108440]

R2 avnetflt;avnetflt;C:\Windows\System32\drivers\avnetflt.sys [2014-4-1 84720]

R2 BstHdDrv;BlueStacks Hypervisor;C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [2014-1-20 115472]

R2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [2014-1-20 385808]

R2 KMSEmulator;KMS Server Service;C:\ProgramData\KMSAuto\KMSES.exe 1688 55041-00206-236-329597-03-1049-7601.0000-3002012 KillProcessOnPort --> C:\ProgramData\KMSAuto\KMSES.exe 1688 55041-00206-236-329597-03-1049-7601.0000-3002012 KillProcessOnPort [?]

R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-12-21 1692480]

R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-5-20 36000]

R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-5-20 298656]

R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-5-20 29344]

R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-5-20 201376]

R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-5-20 55456]

R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-5-20 154272]

R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-12-21 282272]

R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-12-21 176096]

R3 IntcDAud;Áudio do vídeo Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-21 317440]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-4-20 25816]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-12-21 533096]

S1 4168234drv;4168234drv;C:\Windows\System32\drivers\4168234drv.sys [2013-7-24 556632]

S1 8006813drv;8006813drv;C:\Windows\System32\drivers\8006813drv.sys [2014-4-20 556632]

S2 BstHdAndroidSvc;BlueStacks Android Service;C:\Program Files (x86)\BlueStacks\HD-Service.exe [2014-1-20 402192]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-20 857912]

S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]

S3 BprotectEx;Baidu ProtectEx;C:\Windows\System32\drivers\BprotectEx.sys [2013-8-26 76096]

S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-8-20 103576]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-11 111616]

S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-12-21 158976]

S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-18 119512]

S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-20 63192]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2014-1-23 178760]

S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656]

S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-12-21 250984]

S3 ScreamBAudioSvc;ScreamBee Audio;C:\Windows\System32\drivers\ScreamingBAudio64.sys [2010-7-1 38992]

S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-10-28 204568]

S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudobex.sys [2013-10-28 204568]

S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]

S3 taphss6;Anchorfree HSS VPN Adapter;C:\Windows\System32\drivers\taphss6.sys [2012-11-14 40712]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]

S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]

S4 AntiVirWebService;Avira Web Protection;C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [2014-4-1 1017424]

S4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-11-10 166400]

S4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-11-10 128512]

S4 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-20 1809720]

S4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]

.

=============== Created Last 30 ================

.

2014-04-20 22:10:33 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2014-04-20 22:10:33 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys

2014-04-20 22:10:33 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-04-20 22:10:33 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-20 22:06:38 -------- d-----w- C:\ProgramData\Licenses

2014-04-20 22:06:36 129872 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL

2014-04-20 21:48:54 556632 ----a-w- C:\Windows\System32\drivers\8006813drv.sys

2014-04-20 21:44:13 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-04-20 21:18:43 -------- d-----w- C:\ProgramData\CheckPoint

2014-04-20 15:01:02 -------- d-----w- C:\AdwCleaner

2014-04-20 14:27:09 -------- d-----w- C:\$RECYCLE.BIN

2014-04-19 21:24:12 98816 ----a-w- C:\Windows\sed.exe

2014-04-19 21:24:12 256000 ----a-w- C:\Windows\PEV.exe

2014-04-19 21:24:12 208896 ----a-w- C:\Windows\MBR.exe

2014-04-19 21:24:07 -------- d-----w- C:\ComboFix

2014-04-18 22:21:41 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-04-11 04:42:01 359936 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll

2014-04-11 04:42:01 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\IEShims.dll

2014-04-09 15:42:20 27584 ----a-w- C:\Windows\System32\drivers\Diskdump.sys

2014-04-09 15:42:20 274880 ----a-w- C:\Windows\System32\drivers\msiscsi.sys

2014-04-09 15:42:20 2048 ----a-w- C:\Windows\SysWow64\iologmsg.dll

2014-04-09 15:42:20 2048 ----a-w- C:\Windows\System32\iologmsg.dll

2014-04-09 15:42:20 190912 ----a-w- C:\Windows\System32\drivers\storport.sys

2014-04-09 15:37:17 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2014-04-09 15:37:17 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2014-04-09 15:37:17 362496 ----a-w- C:\Windows\System32\wow64win.dll

2014-04-09 15:37:17 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2014-04-09 15:37:17 243712 ----a-w- C:\Windows\System32\wow64.dll

2014-04-09 15:37:17 2048 ----a-w- C:\Windows\SysWow64\user.exe

2014-04-09 15:37:17 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2014-04-09 15:37:17 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2014-04-09 15:37:17 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2014-04-09 15:37:13 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys

2014-04-01 15:26:15 -------- d-----w- C:\Users\Delano Gonçalves\AppData\Roaming\Avira

2014-04-01 15:24:54 84720 ----a-w- C:\Windows\System32\drivers\avnetflt.sys

2014-04-01 15:24:54 28600 ----a-w- C:\Windows\System32\drivers\avkmgr.sys

2014-04-01 15:24:54 108440 ----a-w- C:\Windows\System32\drivers\avgntflt.sys

2014-04-01 15:24:52 -------- d-----w- C:\ProgramData\Avira

2014-04-01 15:24:52 -------- d-----w- C:\Program Files (x86)\Avira

.

==================== Find3M  ====================

.

2014-04-11 14:27:10 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-04-11 14:27:10 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-03-06 09:32:16 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll

2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-03-06 08:32:07 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll

2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll

2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll

2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll

2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-03-04 09:17:05 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys

2014-02-04 02:32:22 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll

2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll

2014-02-04 02:04:22 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll

2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll

2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll

2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll

2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll

2014-01-24 21:15:00 35984 ----a-w- C:\Windows\System32\FM20PTG.DLL

2014-01-24 21:15:00 35984 ----a-w- C:\Windows\System32\FM20PTB.DLL

2014-01-23 19:05:00 1683112 ----a-w- C:\Windows\System32\FM20.DLL

2014-01-21 14:14:50 34624 ----a-w- C:\Windows\System32\drivers\Bfmon.sys

2014-01-21 14:14:40 52032 ----a-w- C:\Windows\System32\drivers\Bfilter.sys

2010-01-26 21:11:08 444283 ----a-w- C:\Program Files\Common Files\WinPcapNmap.exe

2010-01-26 13:11:08 444283 ----a-w- C:\Program Files (x86)\Common Files\WinPcapNmap.exe

.

============= FINISH: 10:12:10,95 ===============

 


.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Home Basic 

Boot Device: \Device\HarddiskVolume2

Install Date: 24/12/2011 11:38:23

System Uptime: 21/04/2014 05:40:11 (5 hours ago)

.

Motherboard: Dell Inc. |  | 0X0DC1

Processor: Intel® Core i3-2330M CPU @ 2.20GHz | CPU 1 | 792/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 452 GiB total, 325,958 GiB free.

D: is CDROM ()

E: is CDROM ()

F: is CDROM ()

G: is CDROM ()

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: avast! Firewall NDIS Filter Miniport

Device ID: ROOT\SW_ASWNDISMP\0000

Manufacturer: ALWIL Software

Name: avast! Firewall NDIS Filter Miniport

PNP Device ID: ROOT\SW_ASWNDISMP\0000

Service: aswNdis

.

Class GUID: 

Description: Dispositivo Periférico Bluetooth

Device ID: BTHENUM\{00001800-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&1200\8&CE70EE9&0&F8E07901C0B7_C00000000

Manufacturer: 

Name: Dispositivo Periférico Bluetooth

PNP Device ID: BTHENUM\{00001800-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&1200\8&CE70EE9&0&F8E07901C0B7_C00000000

Service: 

.

Class GUID: 

Description: Dispositivo Periférico Bluetooth

Device ID: BTHENUM\{00001801-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&1200\8&CE70EE9&0&F8E07901C0B7_C00000000

Manufacturer: 

Name: Dispositivo Periférico Bluetooth

PNP Device ID: BTHENUM\{00001801-0000-1000-8000-00805F9B34FB}_VID&0001000F_PID&1200\8&CE70EE9&0&F8E07901C0B7_C00000000

Service: 

.

==== System Restore Points ===================

.

No restore point in system.

.

==== Installed Programs ======================

.

ABBYY FineReader 9.0 Sprint

Adobe AIR

Adobe Download Assistant

Adobe Flash Player 12 ActiveX

Adobe Flash Player 13 Plugin

Adobe Photoshop CS6

Adobe Reader XI - Português

Adobe Shockwave Player 12.0

Adolix Split and Merge PDF v2.1

Advanced Audio FX Engine

µTorrent

Auslogics Disk Defrag

Avira Free Antivirus

BCL easyConverter Desktop 3 (Word Version)

BlueStacks Notification Center

Bluetooth Win7 Suite (64)

CCleaner

Controle ActiveX do Windows Live Mesh para Conexões Remotas

Counter-Strike: Global Offensive

CyberLink PowerDVD 9.5

DAEMON Tools Lite

Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition

Defraggler

Dell Bluetooth Installation

Dell DataSafe Local Backup

Dell DataSafe Local Backup - Support Software

Dell Edoc Viewer

Dell Getting Started Guide

Dell PhotoStage

Dell Touchpad

Dell VideoStage 

Dell Webcam Central

Desinstalar impressora EPSON TX133 TX135 Series

DirectX 9 Runtime

Epson Easy Photo Print 2

Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery

Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup

Epson Event Manager

EPSON Scan

FormatFactory 3.00

Free PS Convert driver 8.15

Glary Utilities 4.1

Google Chrome

Google Earth Plug-in

Google Update Helper

Intel® Processor Graphics

Java 7 Update 51

Java Auto Updater

Java 6 Update 37

Java 6 Update 39 (64-bit)

K-Lite Mega Codec Pack 10.2.0

Last.fm Scrobbler 2.1.36

League of Legends

Left 4 Dead 2

Malwarebytes Anti-Malware versão 2.0.1.1004

Memory Improve Master Free Version v6.1.2.369

Microsoft .NET Framework 4.5.1

Microsoft Access MUI (Portuguese (Brazil)) 2013

Microsoft Antimalware Service PT-BR Language Pack

Microsoft Application Error Reporting

Microsoft Choice Guard

Microsoft DCF MUI (Portuguese (Brazil)) 2013

Microsoft Excel MUI (Portuguese (Brazil)) 2013

Microsoft Games for Windows - LIVE Redistributable

Microsoft Groove MUI (Portuguese (Brazil)) 2013

Microsoft InfoPath MUI (Portuguese (Brazil)) 2013

Microsoft Lync MUI (Portuguese (Brazil)) 2013

Microsoft Office 32-bit Components 2013

Microsoft Office OSM MUI (Portuguese (Brazil)) 2013

Microsoft Office OSM UX MUI (Portuguese (Brazil)) 2013

Microsoft Office Professional Plus 2013

Microsoft Office Proofing (Portuguese (Brazil)) 2013

Microsoft Office Proofing Tools 2013 - English

Microsoft Office Proofing Tools 2013 - Español

Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2013

Microsoft Office Shared MUI (Portuguese (Brazil)) 2013

Microsoft OneNote MUI (Portuguese (Brazil)) 2013

Microsoft Outlook MUI (Portuguese (Brazil)) 2013

Microsoft PowerPoint MUI (Portuguese (Brazil)) 2013

Microsoft Publisher MUI (Portuguese (Brazil)) 2013

Microsoft Security Client PT-BR Language Pack

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Microsoft Word MUI (Portuguese (Brazil)) 2013

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

Mozilla Firefox 27.0.1 (x86 pt-BR)

Mozilla Maintenance Service

MPC-HC 1.6.5.6366

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MV RegClean 5.9

My Dell

My Lockbox 2.6

Palco de Música da Dell

Palco Dell

PDF Settings CS6

PDFConverter Printer Driver version 2.00

PhotoScape

PhotoShowExpress

Quickset64

RBVirtualFolder64Inst

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealUpgrade 1.1

Revisores de Texto do Microsoft Office 2013 – Português do Brasil

Roxio Activation Module

Roxio BackOnTrack

Roxio Burn

Roxio Creator Starter

Roxio Express Labeler 3

Roxio File Backup

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft Word 2013 (KB2863910) 64-Bit Edition

Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition

Skype™ 6.11

Sonic CinePlayer Decoder Pack

Steam

swMSM

System Requirements Lab CYRI

System Requirements Lab Detection

The War Z

Unlocker 1.9.1-x64

Update for Microsoft Excel 2013 (KB2752087) 64-Bit Edition

Update for Microsoft Lync 2013 (KB2817678) 64-Bit Edition

Update for Microsoft Lync 2013 (KB2863908) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition

Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition

Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition

Update for Microsoft Office 2013 (KB2817636) 64-Bit Edition

Update for Microsoft Office 2013 (KB2825631) 64-Bit Edition

Update for Microsoft Office 2013 (KB2827272) 64-Bit Edition

Update for Microsoft Office 2013 (KB2863825) 64-Bit Edition

Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition

Update for Microsoft Office 2013 (KB2863844) 64-Bit Edition

Update for Microsoft Office 2013 (KB2863860) 64-Bit Edition

Update for Microsoft OneDrive for Business (KB2863864) 64-Bit Edition

Update for Microsoft OneNote 2013 (KB2817628) 64-Bit Edition

Update for Microsoft Outlook 2013 (KB2863911) 64-Bit Edition

Update for Microsoft PowerPoint 2013 (KB2837627) 64-Bit Edition

Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition

Update for Microsoft Word 2013 (KB2863909) 64-Bit Edition

VDownloader 3.9.1622

vDownloader Packages

WinAVI Video Converter

Windows Live Call

Windows Live Communications Platform

Windows Live Essentials

Windows Live Messenger

Windows Live Movie Maker

Windows Live Photo Gallery

Windows Live Sign-in Assistant

Windows Live Sync

Windows Live Upload Tool

WinPcap 4.1.1

WinRAR 4.20 (32-bit)

WinRAR 5.00 (64-bit)

Word to PDF Converter 4.00

.

==== End Of File ===========================

 

 


GMER 2.1.19357 - http://www.gmer.net

Rootkit scan 2014-04-21 10:42:09

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 SAMSUNG_ rev.2AJ1 465,76GB

Running: o1ri1kri.exe; Driver: C:\Users\DELANO~1\AppData\Local\Temp\uwldqkod.sys

 

 

---- Kernel code sections - GMER 2.1 ----

 

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                               fffff800031b8000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545                                                               fffff800031b8011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}

.text     C:\Windows\system32\drivers\USBPORT.SYS!DllUnload                                                                                fffff880042b8dac 12 bytes {MOV RAX, 0xfffffa800688a2a0; JMP RAX}

 

---- User code sections - GMER 2.1 ----

 

.text     C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000075c41465 2 bytes [C4, 75]

.text     C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000075c414bb 2 bytes [C4, 75]

.text     ...                                                                                                                              * 2

 

---- Devices - GMER 2.1 ----

 

Device    \Driver\ah2pmafs \Device\Scsi\ah2pmafs1                                                                                          fffffa80069432c0

Device    \Driver\ah2pmafs \Device\Scsi\ah2pmafs1Port1Path0Target0Lun0                                                                     fffffa80069432c0

Device    \FileSystem\Ntfs \Ntfs                                                                                                           fffffa800369e2c0

Device    \FileSystem\fastfat \Fat                                                                                                         fffffa8008ed52c0

Device    \Driver\dtsoftbus01 \Device\00000074                                                                                             fffffa80065fd2c0

Device    \Driver\usbehci \Device\USBPDO-1                                                                                                 fffffa80068d22c0

Device    \Driver\NetBT \Device\NetBT_Tcpip_{61125825-8A81-49E6-8AF1-C95273272F1F}                                                         fffffa80067ad2c0

Device    \Driver\cdrom \Device\CdRom0                                                                                                     fffffa80064942c0

Device    \Driver\cdrom \Device\CdRom1                                                                                                     fffffa80064942c0

Device    \Driver\cdrom \Device\CdRom2                                                                                                     fffffa80064942c0

Device    \Driver\NetBT \Device\NetBT_Tcpip_{BABB0539-5637-47C9-8171-F484F6B547A8}                                                         fffffa80067ad2c0

Device    \Driver\cdrom \Device\CdRom3                                                                                                     fffffa80064942c0

Device    \Driver\dtsoftbus01 \Device\00000075                                                                                             fffffa80065fd2c0

Device    \Driver\usbehci \Device\USBFDO-0                                                                                                 fffffa80068d22c0

Device    \Driver\dtsoftbus01 \Device\DTSoftBusCtl                                                                                         fffffa80065fd2c0

Device    \Driver\usbehci \Device\USBFDO-1                                                                                                 fffffa80068d22c0

Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                                          fffffa80067ad2c0

Device    \Driver\NetBT \Device\NetBT_Tcpip_{38E37FA0-4495-47A3-A602-17C6741F70A2}                                                         fffffa80067ad2c0

Device    \Driver\usbehci \Device\USBPDO-0                                                                                                 fffffa80068d22c0

Device    \Driver\ah2pmafs \Device\ScsiPort1                                                                                               fffffa80069432c0

 

---- Modules - GMER 2.1 ----

 

Module    \SystemRoot\System32\Drivers\ah2pmafs.SYS                                                                                        fffff88008200000-fffff88008251000 (331776 bytes)

 

---- Registry - GMER 2.1 ----

 

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5f2cf02                                                      

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5f2cf02@2c4401b204e4                                         0xFF 0xC1 0xF1 0xAD ...

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5f2cf02@18e2c2cf2371                                         0x62 0xC9 0x9B 0x2E ...

Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\9439e5f2cf02@58a2b520d11b                                         0xCB 0xAA 0x77 0x67 ...

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                 

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                              C:\Program Files (x86)\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                              0x00 0x00 0x00 0x00 ...

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                              0

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                           0xE6 0x2C 0x2E 0x06 ...

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                        

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                     0xA0 0x02 0x00 0x00 ...

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                  0xF0 0xC6 0x32 0x16 ...

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                   

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                             0x00 0x05 0x1A 0x3A ...

Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5f2cf02 (not active ControlSet)                                  

Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5f2cf02@2c4401b204e4                                             0xFF 0xC1 0xF1 0xAD ...

Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5f2cf02@18e2c2cf2371                                             0x62 0xC9 0x9B 0x2E ...

Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\9439e5f2cf02@58a2b520d11b                                             0xCB 0xAA 0x77 0x67 ...

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                             

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                  C:\Program Files (x86)\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                  0x00 0x00 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                  0

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                               0xE6 0x2C 0x2E 0x06 ...

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                    

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                         0xA0 0x02 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                      0xF0 0xC6 0x32 0x16 ...

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)               

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                 0x00 0x05 0x1A 0x3A ...

 

---- Files - GMER 2.1 ----

 

File      C:\Users\Delano Gonçalves\Documents\Minhas imagens                                                                               0 bytes

 

---- EOF - GMER 2.1 ----

 


Compartilhar este post


Link para o post
Compartilhar em outros sites
Caro Jerusag
 
Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
Sempre coloque suas respostas neste tópico... Não abra outro!
Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
Respeite a ordem das instruções passadas.
Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

 
Faça o download Junkware Removal Tool e salve em seu Desktop.
  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

 
# Etapa nº 2 #
 

  • Clique duas vezes no adwcleaner.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
No final do scan será aberto um log com o resultado.
Caso algo seja detectado, clique então no botão Remover.
Novamente, no final do scan será aberto um log com o resultado.
Copie todo seu conteúdo e cole em sua próxima resposta.

Continua...


 
# Etapa nº 3 #
 
Leia as instruções contidas neste link:
 
 
Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"
Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
[*]Duplo clique no icone desktopicon.png que está no desktop.
[*]Leia e aceite as condições, digitando 1 e enter.
[*]Computadores com Windows XP deverão instalar o Console de Recuperação:
Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
Clique em "OK" ao EULA.
Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.
[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
[*]Poderá surgir o aviso que é necessário reiniciar o computador.
NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.


NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.
Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
Prezado diego_moicano,
 
Segue os logs como pedido:
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Basic x64
Ran by Delano Gonçalves on 23/04/2014 at 14:32:27,19
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Delano Gonçalves\AppData\Roaming\mozilla\firefox\profiles\3buwg3jx.default\minidumps [12 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/04/2014 at 14:41:12,94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v3.202 - Relatório criado 23/04/2014 às 14:43:51
# Atualizado 23/04/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Delano Gonçalves - DELANOGONÇALVES
# Executando de : C:\Users\Delano Gonçalves\desktop\adwcleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{065C1A21-97F8-45FB-A9F0-861B60FACEC8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3204358F-5904-46A6-841F-D6B5BE3EF4E3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3AE67737-0E3E-44AA-AA5E-46A68BF017FF}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3EE5B726-044A-48D2-AA7B-049BD9A0F62A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{60FBBE03-57FF-49D8-B38E-053D3F489825}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6A5182F1-C0B8-42B8-96CC-7F329CD46913}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6C153418-8E4D-4FAF-AF27-5201E38463A7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A26A2F05-AC4D-4A1E-9531-9125F7309B78}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CC5D6240-7DF0-435D-9B9B-F8586A99DE86}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F343045E-E20A-46E1-82D8-9962C43EFC9E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FBB360DC-CB6C-4D6A-808A-2C773151BFFF}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FFD7DDAC-EC28-42A5-8D39-917B9078604B}

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v27.0.1 (pt-BR)

[ Arquivo : C:\Users\Delano Gonçalves\AppData\Roaming\Mozilla\Firefox\Profiles\3buwg3jx.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [13086 octets] - [20/04/2014 12:01:05]
AdwCleaner[R1].txt - [1997 octets] - [23/04/2014 14:42:48]
AdwCleaner[s0].txt - [11990 octets] - [20/04/2014 12:02:25]
AdwCleaner[s1].txt - [1891 octets] - [23/04/2014 14:43:51]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1951 octets] ##########

 

p.s: Não consigo postar o log do ComboFix de nenhum modo, como devo proceder? Só conseguir postar agora o log do AdwCleaner 

 

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 14-04-20.01 - Delano Gonçalves 23/04/2014  14:54:17.5.4 - x64
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.55.1046.18.4004.2708 [GMT -3:00]
Executando de: c:\users\Delano Gonçalves\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Enabled/Updated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Criado um novo ponto de restauração
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Execuções precedente -------
.
c:\program files (x86)\Turkojan\Client.exe
c:\windows\SysWow64\Config.ini
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf


---- Execuções precedente -------
.
c:\program files (x86)\Turkojan\Client.exe
c:\windows\SysWow64\Config.ini
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-03-23 to 2014-04-23  ))))))))))))))))))))))))))))
.
.
2014-04-23 18:02 . 2014-04-23 18:02 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-04-23 18:02 . 2014-04-23 18:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-20 22:10 . 2014-04-20 22:10 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-20 22:10 . 2014-04-03 12:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-20 22:10 . 2014-04-03 12:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-20 22:10 . 2014-04-03 12:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-20 22:06 . 2014-04-20 22:06 -------- d-----w- c:\programdata\Licenses
2014-04-20 22:06 . 2009-03-24 15:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-04-20 21:48 . 2014-04-21 02:04 556632 ----a-w- c:\windows\system32\drivers\8006813drv.sys
2014-04-20 21:44 . 2014-04-20 23:00 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-04-20 21:18 . 2014-04-20 21:18 -------- d-----w- c:\programdata\CheckPoint
2014-04-20 15:01 . 2014-04-23 17:43 -------- d-----w- C:\AdwCleaner
2014-04-18 22:21 . 2014-04-23 17:23 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-11 04:42 . 2014-03-06 08:32 574976 ----a-w- c:\windows\system32\ieui.dll
2014-04-11 04:42 . 2014-03-06 06:00 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-04-11 04:42 . 2014-03-06 05:50 257536 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2014-04-09 15:42 . 2014-02-04 02:37 27584 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-09 15:42 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-09 15:42 . 2014-02-04 02:35 274880 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-09 15:42 . 2014-02-04 02:28 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-09 15:42 . 2014-02-04 02:00 2048 ----a-w- c:\windows\SysWow64\iologmsg.dll
2014-04-09 15:37 . 2014-03-04 09:44 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-04-09 15:37 . 2014-03-04 09:44 243712 ----a-w- c:\windows\system32\wow64.dll
2014-04-09 15:37 . 2014-03-04 09:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-04-09 15:37 . 2014-03-04 09:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-04-09 15:37 . 2014-03-04 09:44 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-04-09 15:37 . 2014-03-04 09:17 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-04-09 15:37 . 2014-03-04 09:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-04-09 15:37 . 2014-03-04 09:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-04-09 15:37 . 2014-03-04 08:09 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-04-09 15:37 . 2014-03-04 08:09 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-04-09 15:37 . 2014-01-24 02:37 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-01 18:46 . 2014-04-01 18:46 -------- d-----w- c:\program files\Microsoft.NET
2014-04-01 15:26 . 2014-04-01 15:26 -------- d-----w- c:\users\Delano Gonçalves\AppData\Roaming\Avira
2014-04-01 15:24 . 2014-02-25 18:11 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-04-01 15:24 . 2014-02-25 18:11 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-04-01 15:24 . 2014-02-25 18:11 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-04-01 15:24 . 2014-02-25 18:11 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-04-01 15:24 . 2014-04-01 15:24 -------- d-----w- c:\programdata\Avira
2014-04-01 15:24 . 2014-04-01 15:24 -------- d-----w- c:\program files (x86)\Avira


(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-11 14:27 . 2012-08-17 15:56 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-11 14:27 . 2011-12-21 13:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-10 06:05 . 2012-01-09 20:52 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-04 09:17 . 2014-04-09 15:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-12 16:19 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-12 16:16 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-12 16:16 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-12 16:16 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-12 16:16 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-12 16:19 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-12 16:19 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-12 16:19 228864 ----a-w- c:\windows\system32\wwansvc.dll
2014-01-24 21:15 . 2014-01-24 21:15 35984 ----a-w- c:\windows\system32\FM20PTG.DLL
2014-01-24 21:15 . 2014-01-24 21:15 35984 ----a-w- c:\windows\system32\FM20PTB.DLL
2014-01-23 19:05 . 2014-01-23 19:05 1683112 ----a-w- c:\windows\system32\FM20.DLL
2010-01-26 21:11 . 2013-08-19 07:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2010-01-26 13:11 . 2012-03-14 17:46 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-12 23:13 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-12 23:13 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-12 23:13 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Memory Improve Master"="c:\program files (x86)\Memory Improve Master\MemoryImproveMaster.exe" [2009-03-16 5095424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-09-03 295512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"BlueStacks Agent"="c:\program files (x86)\BlueStacks\HD-Agent.exe" [2014-01-20 811792]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv


.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk * \0BootDefrag.exe\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R1 4168234drv;4168234drv;c:\windows\system32\DRIVERS\4168234drv.sys;c:\windows\SYSNATIVE\DRIVERS\4168234drv.sys [x]
R1 8006813drv;8006813drv;c:\windows\system32\DRIVERS\8006813drv.sys;c:\windows\SYSNATIVE\DRIVERS\8006813drv.sys [x]
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMSEmulator;KMS Server Service;c:\programdata\KMSAuto\KMSES.exe 1688 55041-00206-236-329597-03-1049-7601.0000-3002012 KillProcessOnPort;c:\programdata\KMSAuto\KMSES.exe 1688 55041-00206-236-329597-03-1049-7601.0000-3002012 KillProcessOnPort [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BdApiUtil;BdApiUtil; [x]
R3 BdCameraProtect;BdCameraProtect; [x]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys;c:\windows\SYSNATIVE\DRIVERS\ssudobex.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]


R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
R4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys;c:\windows\SYSNATIVE\Drivers\FSPFltd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 Bfilter;Baidu Antivirus Minifilter Driver;c:\windows\System32\drivers\Bfilter.sys;c:\windows\SYSNATIVE\drivers\Bfilter.sys [x]
S1 Bfmon;Baidu FS Monitor Driver;c:\windows\System32\drivers\Bfmon.sys;c:\windows\SYSNATIVE\drivers\Bfmon.sys [x]
S1 Bprotect;Baidu Protect;c:\windows\System32\drivers\Bprotect.sys;c:\windows\SYSNATIVE\drivers\Bprotect.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 AntiVirSchedulerService;Avira Agendamento;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.


Conteúdo da pasta 'Tarefas Agendadas'
.
2014-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 14:27]
.
2014-04-23 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2013-12-04 02:12]
.
2014-04-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce86f762b63724.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 15:40]
.
2014-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 15:40]
.
2013-09-04 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3599105776-4291230309-2711627101-1000.job
- c:\program files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 18:19]
.
2013-09-28 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3599105776-4291230309-2711627101-1000.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2013-08-14 20:13]
.
2013-09-21 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3599105776-4291230309-2711627101-1000.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2013-08-14 20:13]
.
.
--------- X64 Entries -----------
.
.


.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-12 23:10 2333400 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-12 23:10 2333400 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-12 23:10 2333400 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.turkojan.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.1.1.1 192.168.0.1
TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2}\3756D6023796E616C6: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2}\746545D233835303: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{61125825-8A81-49E6-8AF1-C95273272F1F}: NameServer = 8.8.8.8,4.4.4.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Delano Gonçalves\AppData\Roaming\Mozilla\Firefox\Profiles\3buwg3jx.default\
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.


--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.AU"


[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MOV"


.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (LocalSystem)


"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"


.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"


.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"


.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2014-04-23  15:05:14
ComboFix-quarantined-files.txt  2014-04-23 18:05
.
Pré-execução: 349.217.652.736 bytes disponíveis
Pós execução: 350.098.067.456 bytes disponíveis
.
- - End Of File - - 17DE85D3442FD40AF2DF1A75A0918D38

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Jerusag

 

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":
KillAll:: File::c:\windows\system32\DRIVERS\4168234drv.sysc:\windows\system32\DRIVERS\8006813drv.sysc:\windows\System32\drivers\BprotectEx.sysc:\windows\System32\drivers\Bfilter.sysc:\windows\System32\drivers\Bfmon.sysc:\windows\System32\drivers\Bprotect.sys Driver::4168234drv8006813drvBdApiUtilBprotectExBfilterBfmonBprotect DDS::uStart Page = hxxp://www.turkojan.com/ Reglock::[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings][HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings][HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] ADS::
  • Salve este arquivo como: CFScript.txt
Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif
 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 14-04-26.01 - Delano Gonçalves 26/04/2014  23:03:06.7.4 - x64
Microsoft Windows 7 Home Basic   6.1.7601.1.1252.55.1046.18.4004.2381 [GMT -3:00]
Executando de: c:\users\Delano Gonçalves\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Delano Gonçalves\Desktop\CFScript.txt.txt
AV: Avira Desktop *Disabled/Outdated* {4D041356-F94D-285F-8768-AAE50FA36859}
SP: Avira Desktop *Disabled/Outdated* {F665F2B2-DF77-27D1-BDD8-9197742422E4}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\system32\DRIVERS\4168234drv.sys"
"c:\windows\system32\DRIVERS\8006813drv.sys"
"c:\windows\System32\drivers\Bfilter.sys"
"c:\windows\System32\drivers\Bfmon.sys"
"c:\windows\System32\drivers\Bprotect.sys"
"c:\windows\System32\drivers\BprotectEx.sys"
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BDAPIUTIL
-------\Legacy_BFILTER
-------\Legacy_BFMON
-------\Legacy_BPROTECT
-------\Legacy_BPROTECTEX
-------\Service_4168234drv
-------\Service_8006813drv
-------\Service_BdApiUtil
-------\Service_Bfilter
-------\Service_Bfmon
-------\Service_Bprotect
-------\Service_BprotectEx
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-03-27 to 2014-04-27  ))))))))))))))))))))))))))))
.


.
2014-04-27 02:13 . 2014-04-27 02:13 -------- d-----w- c:\users\Public\AppData\Local\temp
2014-04-27 02:13 . 2014-04-27 02:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-20 22:10 . 2014-04-20 22:10 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-20 22:10 . 2014-04-03 12:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-20 22:10 . 2014-04-03 12:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-20 22:10 . 2014-04-03 12:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-20 22:06 . 2014-04-20 22:06 -------- d-----w- c:\programdata\Licenses
2014-04-20 22:06 . 2009-03-24 15:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2014-04-20 21:48 . 2014-04-21 02:04 556632 ----a-w- c:\windows\system32\drivers\8006813drv.sys
2014-04-20 21:44 . 2014-04-20 23:00 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy 2
2014-04-20 21:18 . 2014-04-20 21:18 -------- d-----w- c:\programdata\CheckPoint
2014-04-20 15:01 . 2014-04-23 18:21 -------- d-----w- C:\AdwCleaner
2014-04-18 22:21 . 2014-04-27 01:38 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-11 04:42 . 2014-03-06 08:32 574976 ----a-w- c:\windows\system32\ieui.dll
2014-04-11 04:42 . 2014-03-06 06:00 359936 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2014-04-11 04:42 . 2014-03-06 05:50 257536 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2014-04-09 15:42 . 2014-02-04 02:37 27584 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-04-09 15:42 . 2014-02-04 02:35 190912 ----a-w- c:\windows\system32\drivers\storport.sys
2014-04-09 15:42 . 2014-02-04 02:35 274880 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-04-09 15:42 . 2014-02-04 02:28 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-04-09 15:42 . 2014-02-04 02:00 2048 ----a-w- c:\windows\SysWow64\iologmsg.dll
2014-04-09 15:37 . 2014-03-04 09:44 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-04-09 15:37 . 2014-03-04 09:44 243712 ----a-w- c:\windows\system32\wow64.dll
2014-04-09 15:37 . 2014-03-04 09:44 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-04-09 15:37 . 2014-03-04 09:44 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-04-09 15:37 . 2014-03-04 09:44 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-04-09 15:37 . 2014-03-04 09:17 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-04-09 15:37 . 2014-03-04 09:16 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-04-09 15:37 . 2014-03-04 09:16 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-04-09 15:37 . 2014-03-04 08:09 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-04-09 15:37 . 2014-03-04 08:09 2048 ----a-w- c:\windows\SysWow64\user.exe
2014-04-09 15:37 . 2014-01-24 02:37 1684928 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-04-01 18:46 . 2014-04-01 18:46 -------- d-----w- c:\program files\Microsoft.NET
2014-04-01 15:26 . 2014-04-01 15:26 -------- d-----w- c:\users\Delano Gonçalves\AppData\Roaming\Avira
2014-04-01 15:24 . 2014-02-25 18:11 84720 ----a-w- c:\windows\system32\drivers\avnetflt.sys
2014-04-01 15:24 . 2014-02-25 18:11 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-04-01 15:24 . 2014-02-25 18:11 131576 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-04-01 15:24 . 2014-02-25 18:11 108440 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-04-01 15:24 . 2014-04-01 15:24 -------- d-----w- c:\programdata\Avira
2014-04-01 15:24 . 2014-04-01 15:24 -------- d-----w- c:\program files (x86)\Avira
.
.
.


(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-11 14:27 . 2012-08-17 15:56 692616 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-11 14:27 . 2011-12-21 13:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-10 06:05 . 2012-01-09 20:52 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-04 09:17 . 2014-04-09 15:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-02-07 01:23 . 2014-03-12 16:19 3156480 ----a-w- c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-12 16:16 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-12 16:16 624128 ----a-w- c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-12 16:16 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-12 16:16 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-12 16:19 484864 ----a-w- c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-12 16:19 381440 ----a-w- c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-12 16:19 228864 ----a-w- c:\windows\system32\wwansvc.dll
2010-01-26 21:11 . 2013-08-19 07:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2010-01-26 13:11 . 2012-03-14 17:46 444283 ----a-w- c:\program files (x86)\Common Files\WinPcapNmap.exe
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-12 23:13 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-12 23:13 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-12 23:13 1728216 ----a-w- c:\progra~2\MICROS~1\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Memory Improve Master"="c:\program files (x86)\Memory Improve Master\MemoryImproveMaster.exe" [2009-03-16 5095424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2013-09-03 295512]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)


.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk * \0BootDefrag.exe\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R2 BstHdAndroidSvc;BlueStacks Android Service;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android;c:\program files (x86)\BlueStacks\HD-Service.exe BstHdAndroidSvc Android [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BdCameraProtect;BdCameraProtect; [x]


R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ScreamBAudioSvc;ScreamBee Audio;c:\windows\system32\drivers\ScreamingBAudio64.sys;c:\windows\SYSNATIVE\drivers\ScreamingBAudio64.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys;c:\windows\SYSNATIVE\DRIVERS\ssudobex.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 taphss6;Anchorfree HSS VPN Adapter;c:\windows\system32\DRIVERS\taphss6.sys;c:\windows\SYSNATIVE\DRIVERS\taphss6.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe;c:\program files (x86)\Avira\AntiVir Desktop\avwebg7.exe [x]
R4 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [x]
R4 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE;c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [x]
R4 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys;c:\windows\SYSNATIVE\Drivers\FSPFltd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys;c:\windows\SYSNATIVE\DRIVERS\avkmgr.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]


S2 AntiVirSchedulerService;Avira Agendamento;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 avnetflt;avnetflt;c:\windows\system32\DRIVERS\avnetflt.sys;c:\windows\SYSNATIVE\DRIVERS\avnetflt.sys [x]
S2 BstHdDrv;BlueStacks Hypervisor;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys;c:\program files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [x]
S2 BstHdLogRotatorSvc;BlueStacks Log Rotator Service;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe;c:\program files (x86)\BlueStacks\HD-LogRotatorService.exe [x]
S2 KMSEmulator;KMS Server Service;c:\programdata\KMSAuto\KMSES.exe 1688 55041-00206-236-329597-03-1049-7601.0000-3002012 KillProcessOnPort;c:\programdata\KMSAuto\KMSES.exe 1688 55041-00206-236-329597-03-1049-7601.0000-3002012 KillProcessOnPort [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Conteúdo da pasta 'Tarefas Agendadas'


.
2014-04-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-17 14:27]
.
2014-04-27 c:\windows\Tasks\GlaryInitialize 4.job
- c:\program files (x86)\Glary Utilities 4\Initialize.exe [2013-12-04 02:12]
.
2014-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce86f762b63724.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 15:40]
.
2014-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-04 15:40]
.
2013-09-04 c:\windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3599105776-4291230309-2711627101-1000.job
- c:\program files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [2013-08-14 18:19]
.
2013-09-28 c:\windows\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3599105776-4291230309-2711627101-1000.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2013-08-14 20:13]
.
2013-09-21 c:\windows\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3599105776-4291230309-2711627101-1000.job
- c:\program files (x86)\Real\RealUpgrade\realupgrade.exe [2013-08-14 20:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-03-12 23:10 2333400 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-03-12 23:10 2333400 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-03-12 23:10 2333400 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL


.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.254.254 192.168.2.1
TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2}: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2}\3756D6023796E616C6: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2}\378616C6F6D6: NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{38E37FA0-4495-47A3-A602-17C6741F70A2}\746545D233835303: NameServer = 208.67.222.222,208.67.220.220
TCP: Interfaces\{61125825-8A81-49E6-8AF1-C95273272F1F}: NameServer = 8.8.8.8,4.4.4.4
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Delano Gonçalves\AppData\Roaming\Mozilla\Firefox\Profiles\3buwg3jx.default\
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.3GP"


.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aac\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adt\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.adts\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.ASX"


.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.M4A"


.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MP4"


.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WAV"


.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WMP11.AssocFile.WVX"


.
[HKEY_LOCAL_MACHINE\SOFTWARE\BlueStacks]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"


.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"


.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\programdata\KMSAuto\KMSES.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\program files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-04-26  23:22:08 - Máquina reiniciou
ComboFix-quarantined-files.txt  2014-04-27 02:22
ComboFix2.txt  2014-04-23 18:05
.
Pré-execução: 370.872.340.480 bytes disponíveis
Pós execução: 370.724.585.472 bytes disponíveis
.
- - End Of File - - 139566860EDD7CB5269401848C04D861

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Jerusag

 

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 28/04/2014
Scan Time: 13:44:24
Logfile:
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.28.07
Rootkit Database: v2014.03.27.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Delano Gonçalves

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 280287
Time Elapsed: 15 min, 2 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Warn
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Jerusag

 

# Etapa nº 1 #
 
Faça o download do Kaspersky AVP Tool de um desses links:
 
Você será direcionado a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. 
Somente o campo "email" é obrigatório.
Informe seu email depois clique no botão Submit Form.
A página será recarregada. Clique no botão Download
Salve-o em sua área de trabalho (Desktop).
Execute o arquivo e aguarde a instalação.
  • ** Usuários do Windows Vista e Windows 7: Clique com o direito sobre o arquivo, depois clique em Executar como administrador

  • Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start.
Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

 
KRT_settings.png
 
Nesta tela, marque a caixa ao lado de:
Meu Computador; 
Disco local (C:);
Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem;
Depois clique na aba Automatic Scan.

 
KRT_install2_.png
 
De volta à tela inicial do programa, clique no botão Start scanning;
Tenha paciência, é um pouco demorado;
Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer;
Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

 
KRT_detection_.png
 
Uma vez finalizado o scan, proceda da seguinte forma:
Na tela principal, caso tenha sido detectado algo, então salve o log
Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.
Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). 
Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.
Escolha um local de fácil acesso e salve como log.txt
Copie todo o conteúdo desse bloco de notas e cole em sua próxima resposta.
Se nada for detectado, então não precisa salvar o log, apenas avise.
Para sair do programa, basta clicar no X no canto superior direito.

 

Observações:
Enquanto durar o scan, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor
laranja
, caso nada tenha sido detectado; e na cor
vermelha
, caso tenha encontrado algo. Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão
No, thanks
.

 
# Etapa nº 2 #
 
Faça o download do SecurityCheck e salve em seu Desktop
Clique duas vezes no SecurityCheck.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

Pressione qualquer tecla para continuar... será aberto um relatório
Copie todo seu conteúdo e cole em sua próxima resposta

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

  Status: Detected   (events: 1)

30/04/2014 16:32:11 Detected Trojan program Backdoor.Win32.Turkojan.ant C:\Qoobox\Quarantine\C\Program Files (x86)\Turkojan\Client.exe.vir//UPX High

 

P.s: Não deu para baixar o SecurityCheck, a página de download não existe mais.

 

Abraços!  :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Status: Detected   (events: 1)
01/05/2014 15:34:53 Detected Trojan program Backdoor.Win32.Turkojan.ant C:\Qoobox\Quarantine\C\Program Files (x86)\Turkojan\Client.exe.vir//UPX High

 

Results of screen317's Security Check version 0.99.82 
Windows 7 Service Pack 1 x64 (UAC is enabled) 
Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
Avira Desktop  
Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 6 Update 37 
Java 7 Update 51 
Java version out of Date!
Adobe Flash Player 13.0.0.182 
Adobe Reader XI 
Mozilla Firefox 27.0.1 Firefox out of Date! 
Google Chrome 34.0.1847.116 
Google Chrome 34.0.1847.131 
````````Process Check: objlist.exe by Laurent```````` 
Avira Antivir avgnt.exe
Avira Antivir avguard.exe
Malwarebytes Anti-Malware mbamscheduler.exe  
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

 

 

P.s: Na central de ações está com um 'X' com a seguinte mensagem 'Avira Desktop relata que está desativado'. Porém abrindo o Avira informa que está tudo ativado. 

 

Abraços

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara Jerusag :)

 

O que foi detectado pelo Kaspesky pertence ao ComboFix, será removido quando o mesmo for desinstalado ;)

 

Vamos fazer as correções/atualizações recomendadas ;)
 
# Etapa nº 1 #
 
Atualize o Java.
 
Atenção: Desinstale TODAS as versões antigas do Java.
  • Feche todos os programas especialmente o seu Navegador (IE, Firefox etc).
  • Acesse o site Java para Windows
  • Clique em 4531602912_e9606174d3_o.gif
  • Na janela que surgir clique em Executar;
  • Siga os procedimentos de instalação.

 
# Etapa nº 2 #
 
Atualize o Firefox
 
Aguardo retorno :)
 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Prezado diego_moicano,

 

Fiz as atualizações recomendadas. Aguardo próximos passos! 

 

Abraços  :lol:

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara Jerusag

 

>>>> Como está o computador?
 
# Etapa nº 1 #
 
Vamos desinstalar o ComboFix:
 
Renomeie o combofix.exe para uninstall.exe, clique duas vezes nele e aguarde o programa ser removido. 
 
Ou se preferir vá em,
 
iniciar > executar e digite  Combofix /Uninstall e clique OK, na janela que aparecer clique em executar e aguarde o programa ser removido.
 
# Etapa nº 2 #
 
Faça download do OTC by OldTimer e salve em seu desktop.
  • Clique duas vezes no ícone 4142006426_4719050954_o.gif
  • Clique em executar;
  • Clique em seu único botão (imagem abaixo):
4141259853_5a542d5908_o.jpgPermita que seu computador seja reiniciado.

 
# Etapa nº 3 #
 
  • Novamente: clique duas vezes no adwcleaner.exe
    • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Desinstalar
  • Clique em Sim, aguarde.
 
# Etapa nº 4 #
 
<<@>> Instale o CCleaner
 
O CCleaner é um excelente utilitário de limpeza para o computador, que lhe ajudará no desempenho do computador. Faça o download dele aqui CCleaner
IMPORTANTE: Após a instalação vá até o local onde o programa foi instalado, C:\Arquivos de programas\CCleaner, clique duas vezes na pasta, numa área vazia desta janela, clique com o botão direito do mouse e escolha Novo > pasta e crie uma nova pasta; coloque o nome de backups!
Abra o programa e clique em Executar Limpeza;
clique no botão Registro > Procurar Erros > Corrigir erro(s) seleciona(s)...
 
Obs: Não se esqueça de aceitar o backup das correções, e salvá-los nas pasta criada acima!

<<@>> Mantenha sempre seu Windows atualizado; mantenha uma vigilância constante com o firewall e antivírus e por fim, lembre-se que, a melhor forma de prevenir começa pelas nossas atitudes!
 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro diego_moicano,

 

Fiz todos os passos! O computador está melhor, mas se eu o deixo ligado sem mexer e depois de um tempo volto a mexer ele trava bastante e demora a responder. O processador está demorando pra processar nesse caso. E a central de ações ainda mostra o status do antivírus como desligado. Tem algum problema? 

 

Abraços  :D

Compartilhar este post


Link para o post
Compartilhar em outros sites
depois de um tempo volto a mexer ele trava bastante e demora a responder.

 

 

Pode estar relacionado a hardware ;)

 

E a central de ações ainda mostra o status do antivírus como desligado.

 

 

Normalmente é bug do Windows, tente reativá-la. E me informe do resultado.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tentei reativar e o problema persistia, então desinstalei e instalei novamente. Depois de feito isso o problema foi resolvido.

Em relação aos travamentos resolvi que vou mandar formatar pois o notebook não tem mais o desempenho de antes.

 

Obrigada!

 

Att, 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×