Ir ao conteúdo
  • Cadastre-se
Tootz Limitless

Problema com Windows Explorer não funciona mais.

Recommended Posts

Bom dia, eu gostaria de uma ajuda, já que meu PC não ta abrindo mais comando nenhum do Windows Explorer, EX, PAINEL DE CONTROLE, RESOLUÇÃO DA TELA, ele trava e coloca a mensagem "windos explorer parou de funcionar"

 

gostaria de uma ajuda de vocês para solucionar, já que passei anti virus e anti spy e continuou a mesma coisa!! 

 

 

 

meu log dds

 

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.51.2
Run by Eric Heyden at 21:07:31 on 2014-05-20
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.4042.2598 [GMT -3:00]
.
AV: Baidu Antivirus *Enabled/Updated* {10616E6C-0E20-8594-D377-A7D03F6128A6}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Baidu Antivirus *Disabled/Updated* {AB008F88-281A-8A1A-E9C7-9CA244E6621B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSvc.exe
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Baidu Security\PC App Store\4.3.1.5802\PCAppStoreSvc.exe
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ToolBox\26.1.7777.14\ToolBoxService.exe
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Windows\SysWOW64\PnkBstrB.exe
C:\Windows\system32\taskhost.exe
C:\Windows\explorer.exe
C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uDefault_Page_URL = hxxp://www.google.com
mStart Page = about:blank
mDefault_Page_URL = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [uTorrent] "C:\Users\Eric Heyden\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
uRun: [86d] C:\Users\Eric Heyden\AppData\Roaming\90c7\86d.js
mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [baidu Antivirus] "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
mRun: [baidu PC Faster 4.0.0.0] "C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe" -auto -start
dRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Eric Heyden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\da93d.js
StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\da93d.js
uPolicies-Explorer: NoDriveTypeAutoRun = dword:189
uPolicies-Explorer: NoWindowsUpdate = 1
uPolicies-Explorer: NoControlPanel = 1
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:189
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{D55BE7DF-36CE-4A6A-BDFC-C394A655A1C0} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
AppInit_DLLs= C:\Users\ERICHE~1\AppData\Local\DProtect\eBP.dll,C:\Users\ERICHE~1\AppData\Local\DProtect\eBPSD.dll
SSODL: WebCheck - <orphaned>
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\36.0.1985.18\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
x64-mDefault_Page_URL = hxxp://www.google.com
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Eric Heyden\AppData\Roaming\Mozilla\Firefox\Profiles\mwo0z9c9.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll
FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Users\Eric Heyden\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Eric Heyden\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
FF - plugin: C:\Users\Eric Heyden\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll
FF - plugin: C:\Users\Eric Heyden\AppData\Roaming\raidcall\plugins\nprcplugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Driver de comutação do controlador host Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hcs.sys [2013-7-16 19264]
R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-7-16 21616]
R1 Bfilter;Baidu Antivirus Minifilter Driver;C:\Windows\System32\drivers\Bfilter.sys [2014-4-29 56640]
R1 Bfmon;Baidu FS Monitor Driver;C:\Windows\System32\drivers\Bfmon.sys [2014-4-29 37696]
R1 Bnbase;Bnbase;C:\Windows\System32\drivers\bnbasex64.sys [2014-4-29 91616]
R1 Bndef;Baidu NetDefense;C:\Windows\System32\drivers\bndef64.sys [2014-4-29 102432]
R1 Bprotect;Baidu Protect;C:\Windows\System32\drivers\Bprotect.sys [2014-4-29 158432]
R1 BprotectEx;Baidu ProtectEx;C:\Windows\System32\drivers\BProtectEx.sys [2013-8-21 85824]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-21 283064]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
R2 BavSvc;Baidu Antivirus Service;C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSvc.exe [2014-4-29 1971816]
R2 BHipsSvc;Baidu Hips Service;C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [2014-4-29 478360]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2014-3-19 519720]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-5-13 2228048]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-7-16 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-7-16 129856]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-7-16 166720]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-4-15 377616]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-19 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-19 857912]
R2 PCAppStoreSvc_{PCAppStore_4.3.1.5802};Baidu PC App Store Service 4.3.1.5802;C:\Program Files (x86)\Baidu Security\PC App Store\4.3.1.5802\PCAppStoreSvc.exe [2014-5-16 576032]
R2 PCFasterSvc_{PCFaster_4.0.0.0};Baidu PC Faster Service 4.0.0.0;C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [2014-4-23 695280]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]
R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]
R2 ToolBoxService;ToolBox Service;C:\Program Files (x86)\ToolBox\26.1.7777.14\ToolBoxService.exe [2014-5-16 80576]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-7-16 365376]
R3 iusb3hub;Driver para hub Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hub.sys [2013-7-16 357184]
R3 iusb3xhc;Driver de controlador host eXtensível Intel® USB 3.0;C:\Windows\System32\drivers\iusb3xhc.sys [2013-7-16 789824]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-19 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-19 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-19 63192]
R3 PCFApiUtil;PCFApiUtil;C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [2014-4-23 145664]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-16 646248]
S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
S3 BdSandbox;Baidu BdSandbox Driver;C:\Windows\System32\drivers\BdSandbox.sys [2014-4-29 153920]
S3 etdrv;etdrv;C:\Windows\etdrv.sys [2013-7-16 25640]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-3-18 1471352]
S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2013-7-16 30528]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-7-16 160256]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-11 111616]
S3 iumsvc;Intel® Update Manager;C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-2-28 174368]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-16 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-17 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-17 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2014-05-20 23:45:30 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{6D5DBF65-4D56-43B6-94F3-B4548AF03876}\mpengine.dll
2014-05-19 05:05:31 -------- d-----w- C:\ProgramData\Baidu
2014-05-19 05:04:02 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll
2014-05-19 05:03:32 -------- d-----w- C:\AdwCleaner
2014-05-19 04:55:06 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-05-19 04:54:26 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-05-19 04:54:26 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-05-19 04:54:26 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-05-19 04:54:26 -------- d-----w- C:\ProgramData\Malwarebytes
2014-05-19 04:54:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-16 20:35:21 -------- d-----w- C:\Program Files (x86)\ToolBox
2014-05-15 20:17:17 -------- d-sh--w- C:\Users\Eric Heyden\AppData\Roaming\90c7
2014-05-15 20:17:17 -------- d-sh--w- C:\Program Files\8fcf
2014-05-15 20:17:16 -------- d-sh--w- C:\911
2014-05-15 06:25:44 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi
2014-05-15 06:07:03 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-05-15 06:07:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-05-13 13:53:54 965232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll
2014-05-07 15:14:42 -------- d-----w- C:\Users\Eric Heyden\AppData\Local\LeNinjaZ
2014-05-06 02:25:58 -------- d-sh--w- C:\Users\Eric Heyden\AppData\Local\.#
2014-05-04 04:08:22 -------- d-----w- C:\ProgramData\Intel® Update Manager
2014-05-03 20:56:15 -------- d-----w- C:\Users\Eric Heyden\AppData\Local\Chromium
2014-05-02 18:46:55 -------- d-----w- C:\Program Files (x86)\LeNinjaZ
2014-04-30 21:30:08 -------- d-sh--w- C:\Users\Eric Heyden\AppData\Local\EmieUserList
2014-04-30 21:30:08 -------- d-sh--w- C:\Users\Eric Heyden\AppData\Local\EmieSiteList
2014-04-30 21:23:07 -------- d-----w- C:\Level up
2014-04-30 10:26:23 -------- d-s---w- C:\Windows\System32\CompatTel
2014-04-30 06:02:35 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-04-30 06:02:35 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-04-30 06:02:34 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-04-30 06:02:34 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-04-30 00:35:09 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2014-04-30 00:35:03 335360 ----a-w- C:\Windows\System32\msieftp.dll
2014-04-30 00:35:03 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2014-04-30 00:35:01 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-04-30 00:32:25 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll
2014-04-29 07:42:17 91616 ----a-w- C:\Windows\System32\drivers\bnbasex64.sys
2014-04-29 07:42:17 56640 ----a-w- C:\Windows\System32\drivers\Bfilter.sys
2014-04-29 07:42:17 37696 ----a-w- C:\Windows\System32\drivers\Bfmon.sys
2014-04-29 07:42:17 158432 ----a-w- C:\Windows\System32\drivers\Bprotect.sys
2014-04-29 07:42:17 153920 ----a-w- C:\Windows\System32\drivers\BdSandbox.sys
2014-04-29 07:42:17 102432 ----a-w- C:\Windows\System32\drivers\bndef64.sys
2014-04-21 03:09:10 692736 ----a-r- C:\Windows\SysWow64\firstclass2000_vcl5.bpl
2014-04-21 03:09:10 558080 ----a-r- C:\Windows\SysWow64\vcldb50.bpl
2014-04-21 03:09:10 387072 ----a-r- C:\Windows\SysWow64\dss50.bpl
2014-04-21 03:09:10 300032 ----a-r- C:\Windows\SysWow64\vclbde50.bpl
2014-04-21 03:09:10 248832 ----a-r- C:\Windows\SysWow64\vclx50.bpl
2014-04-21 03:09:10 2023424 ----a-r- C:\Windows\SysWow64\vcl50.bpl
2014-04-21 03:09:10 -------- d-----w- C:\Program Files (x86)\Central de Jogos
2014-04-21 03:09:01 315904 ----a-w- C:\Windows\IsUn0416.exe
.
==================== Find3M  ====================
.
2014-05-19 20:53:54 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2014-05-19 20:53:54 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2014-05-14 18:52:08 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2014-05-14 08:16:34 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 08:16:34 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll
2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-04-23 09:33:44 85824 ----a-w- C:\Windows\System32\drivers\BProtectEx.sys
2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll
2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll
2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll
2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe
2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2014-03-31 12:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-03-19 18:50:41 720082 ----a-w- C:\Users\Eric Heyden\AppData\Roaming\unins000.exe
2014-03-14 15:11:23 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys
2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll
2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe
2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll
2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll
2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll
2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll
2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll
2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll
2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll
2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll
2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll
2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll
2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll
2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll
2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe
2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe
2014-02-20 19:04:27 386680 ----a-w- C:\Windows\System32\drivers\sptd.sys
.
============= FINISH: 21:09:59,31 ===============
 

 

 

2 log attach

 

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 16/07/2013 09:52:04
System Uptime: 19/05/2014 09:42:11 (36 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | B75M-D3H
Processor: Intel® Core i5-3570K CPU @ 3.40GHz | Intel® Core i5-3570K CPU @ 3.40GHz | 3801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 605,601 GiB free.
D: is FIXED (NTFS) - 0 GiB total, 0,07 GiB free.
E: is FIXED (NTFS) - 931 GiB total, 866,436 GiB free.
F: is CDROM ()
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP103: 09/05/2014 00:09:56 - Ponto de Verificação Agendado
RP104: 13/05/2014 07:41:13 - Windows Update
RP105: 15/05/2014 03:00:27 - Windows Update
RP106: 18/05/2014 07:17:12 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 13 ActiveX
Adobe Flash Player 13 Plugin
Adobe Reader XI (11.0.06) - Português
Apple Mobile Device Support
Apple Software Update
µTorrent
Atualizações da NVIDIA 1.11.3
Aurora World
Auto Mouse Click version 1.1
AutoCAD 2014 - English
AutoCAD 2014 Language Pack - English
Autodesk 360
Autodesk App Manager
Autodesk AutoCAD 2014 - English
Autodesk Content Service
Autodesk Content Service Language Pack
Autodesk Featured Apps
Autodesk Material Library 2014
Autodesk Material Library Base Resolution Image Library 2014
Autodesk ReCap
Autodesk ReCap Language Pack-English
Baidu Antivirus
Baidu PC Faster
Bonjour
BS.Player FREE
CCleaner
Central de Jogos
Combat Arms
Counter-Strike 1.6
DAEMON Tools Lite
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dota 2
Easy Tune 6 B12.0912.1
ElfBot NG 4.5.9
Estudo de aprimoramento de produto para HP Deskjet 3540 series
EVGA Precision X 3.0.3
F1 2012
Facebook Video Calling 2.0.0.447
FARO LS 1.1.501.0 (64bit)
GBBD Banco do Brasil
Google Chrome
Google Update Helper
Happy Cloud Client
HP Deskjet 3540 series Ajuda
HP Deskjet 3540 series Software básico do dispositivo
HP Photo Creations
HP Update
iCloud
Infestation: Survivor Stories
Intel® Control Center
Intel® Management Engine Components
Intel® Rapid Storage Technology
Intel® Update Manager
Intel® USB 3.0 eXtensible Host Controller Driver
Intel® Trusted Connect Service Client
iTunes
Java 7 Update 51
Java Auto Updater
K-Lite Mega Codec Pack 10.1.0
Left 4 Dead 2
LogMeIn Hamachi
Malwarebytes Anti-Malware versão 2.0.1.1004
McAfee Security Scan Plus
Microsoft .NET Framework 4.5.1
Microsoft .NET Framework 4.5.1 (Português do Brasil)
Microsoft .NET Framework 4.5.1 (PTB)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Mozilla Firefox 29.0.1 (x86 pt-BR)
Mozilla Maintenance Service
NASCAR '14
NVIDIA Driver de controle do 3D Vision 304.87
NVIDIA Driver de gráficos 311.06
NVIDIA Driver de áudio HD 1.3.18.0
NVIDIA Driver do 3D Vision 311.06
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Software do sistema PhysX 9.12.0613
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Components
ON_OFF Charge B11.1102.1
Origin
Painel de controle da NVIDIA 311.06
Patch v23 versão 2013
Priston Tale Brasil 
PunkBuster Services
RaceRoom Racing Experience 
RaceRoom Racing Experience Launcher
RaidCall
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
Realtek Ethernet Controller Driver
RealUpgrade 1.1
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2760781) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2878284) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2863926) 64-Bit Edition
SketchUp Import for AutoCAD 2014
Skype™ 6.11
Steam
Suporte para Aplicativos Apple
sXe Injected
TeamSpeak 3 Client
Tibia
Tibia MULTI-ip changer
Tibia Testserver
Tibiacast
Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition
Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition
Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition
WinRAR 4.20 (32-bit)
WRC3 versão 1.0
Yu-Gi-Oh! Power of Chaos YUGI MILLENNIAL DESTINY
.
==== End Of File ===========================
 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Olá

 

Desculpe a demora :)

 

Se ainda precisa de ajuda refaça os logs, pois preciso dos mesmos com datas atualizadas: Leia Antes de Postar - Criando um novo Tópico

 

ATENÇÃO 1: Não precisa abrir um novo tópico, coloque os novos logs neste mesmo tópico, obrigado!

ATENÇÃO 2: Não edite seu tópico, use o botão responder, obrigado!

ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

ATENÇÃO 4: Não anexe os logs, obrigado!

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa, antes tarde do que nunca!! obrigado pela atenção.

 

aqui vai os logs atualizados.

 

DDS -

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 

Internet Explorer: 11.0.9600.17041  BrowserJavaVersion: 10.51.2

Run by Eric Heyden at 2:28:08 on 2014-05-26

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.4042.2427 [GMT -3:00]

.

AV: Baidu Antivirus *Enabled/Updated* {10616E6C-0E20-8594-D377-A7D03F6128A6}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: Baidu Antivirus *Disabled/Updated* {AB008F88-281A-8A1A-E9C7-9CA244E6621B}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\nvvsvc.exe

C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

C:\PROGRA~2\GbPlugin\GbpSv.exe

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\System32\spoolsv.exe

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe

C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSvc.exe

C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Intel\iCLS Client\HeciServer.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

C:\Program Files (x86)\Baidu Security\PC App Store\4.3.1.5802\PCAppStoreSvc.exe

C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe

C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe

C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

C:\Program Files (x86)\ToolBox\26.1.7777.507\ToolBoxService.exe

C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe

C:\Windows\system32\SearchIndexer.exe

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

C:\Windows\System32\svchost.exe -k secsvcs

C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

C:\Windows\system32\taskhost.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PrivacyIconClient.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Windows\explorer.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Baidu Security\Baidu Antivirus\bavhm.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://br.hao123.com/?tn=opencd_hp_hao123_br

uDefault_Page_URL = hxxp://www.google.com

mStart Page = about:blank

mDefault_Page_URL = hxxp://www.google.com

mWinlogon: Userinit = userinit.exe,

BHO: toolbox: {063D037D-F7F6-4D75-940F-54EE0011F82B} - C:\Users\Eric Heyden\AppData\LocalLow\ToolBox\26.1.7777.507\toolbox.dll

BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL

BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

uRun: [uTorrent] "C:\Users\Eric Heyden\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED

uRun: [86d] C:\Users\Eric Heyden\AppData\Roaming\90c7\86d.js

mRun: [iMSS] "C:\Program Files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe"

mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60

mRun: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"

mRun: [baidu Antivirus] "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" -auto

mRun: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start

dRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe

dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601

StartupFolder: C:\Users\Eric Heyden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\da93d.js

StartupFolder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\da93d.js

uPolicies-Explorer: NoDriveTypeAutoRun = dword:189

uPolicies-Explorer: NoWindowsUpdate = 1

uPolicies-Explorer: NoControlPanel = 1

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: NoActiveDesktopChanges = dword:1

mPolicies-Explorer: NoDriveTypeAutoRun = dword:189

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: &Enviar para o OneNote - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

IE: E&xportar para o Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{D55BE7DF-36CE-4A6A-BDFC-C394A655A1C0} : DHCPNameServer = 192.168.1.1

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

AppInit_DLLs= C:\Users\ERICHE~1\AppData\Local\DProtect\eBP.dll,C:\Users\ERICHE~1\AppData\Local\DProtect\eBPSD.dll

SSODL: WebCheck - <orphaned>

SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL

mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2008.2\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome

x64-mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

x64-mDefault_Page_URL = hxxp://www.google.com

x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL

x64-IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-SSODL: WebCheck - <orphaned>

x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Eric Heyden\AppData\Roaming\Mozilla\Firefox\Profiles\mwo0z9c9.default\

FF - prefs.js: browser.startup.homepage - hxxp://br.hao123.com/?tn=opencd_hp_hao123_br

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

FF - plugin: C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

FF - plugin: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll

FF - plugin: C:\ProgramData\HappyCloud\Application\npHappyCloudPlugin.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll

FF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll

FF - plugin: C:\Users\Eric Heyden\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll

FF - plugin: C:\Users\Eric Heyden\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

FF - plugin: C:\Users\Eric Heyden\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll

FF - plugin: C:\Users\Eric Heyden\AppData\Roaming\raidcall\plugins\nprcplugin.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll

.

============= SERVICES / DRIVERS ===============

.

R0 iusb3hcs;Driver de comutação do controlador host Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hcs.sys [2013-7-16 19264]

R1 AppleCharger;AppleCharger;C:\Windows\System32\drivers\AppleCharger.sys [2013-7-16 21616]

R1 Bfilter;Baidu Antivirus Minifilter Driver;C:\Windows\System32\drivers\Bfilter.sys [2014-4-29 56640]

R1 Bfmon;Baidu FS Monitor Driver;C:\Windows\System32\drivers\Bfmon.sys [2014-4-29 37696]

R1 Bnbase;Bnbase;C:\Windows\System32\drivers\bnbasex64.sys [2014-4-29 91616]

R1 Bndef;Baidu NetDefense;C:\Windows\System32\drivers\bndef64.sys [2014-4-29 102432]

R1 Bprotect;Baidu Protect;C:\Windows\System32\drivers\Bprotect.sys [2014-4-29 158432]

R1 BprotectEx;Baidu ProtectEx;C:\Windows\System32\drivers\BProtectEx.sys [2013-8-21 85824]

R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-21 283064]

R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]

R2 BavSvc;Baidu Antivirus Service;C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSvc.exe [2014-4-29 1971816]

R2 BHipsSvc;Baidu Hips Service;C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [2014-4-29 478360]

R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2014-3-19 519720]

R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2014-5-13 2228048]

R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-7-16 13592]

R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]

R2 Intel® ME Service;Intel® ME Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-7-16 129856]

R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe [2013-7-16 166720]

R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2014-4-15 377616]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-19 1809720]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-19 857912]

R2 PCAppStoreSvc_{PCAppStore_4.3.1.5802};Baidu PC App Store Service 4.3.1.5802;C:\Program Files (x86)\Baidu Security\PC App Store\4.3.1.5802\PCAppStoreSvc.exe [2014-5-16 576032]

R2 PCFasterSvc_{PCFaster_4.0.0.0};Baidu PC Faster Service 4.0.0.0;C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [2014-4-23 695280]

R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]

R2 StarWindServiceAE;StarWind AE Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]

R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-1-18 383264]

R2 ToolBoxService;ToolBox Service;C:\Program Files (x86)\ToolBox\26.1.7777.507\ToolBoxService.exe [2014-5-19 80576]

R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-7-16 365376]

R3 iusb3hub;Driver para hub Intel® USB 3.0;C:\Windows\System32\drivers\iusb3hub.sys [2013-7-16 357184]

R3 iusb3xhc;Driver de controlador host eXtensível Intel® USB 3.0;C:\Windows\System32\drivers\iusb3xhc.sys [2013-7-16 789824]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-19 25816]

R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-19 119512]

R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-19 63192]

R3 PCFApiUtil;PCFApiUtil;C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [2014-4-23 145664]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-7-16 646248]

S2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-1-5 75624]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]

S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]

S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-9-5 171680]

S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;"C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe" --> C:\Program Files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesService64.exe [?]

S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]

S3 BdSandbox;Baidu BdSandbox Driver;C:\Windows\System32\drivers\BdSandbox.sys [2014-4-29 153920]

S3 etdrv;etdrv;C:\Windows\etdrv.sys [2013-7-16 25640]

S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2014-3-18 1471352]

S3 GVTDrv64;GVTDrv64;C:\Windows\GVTDrv64.sys [2013-7-16 30528]

S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2013-7-16 160256]

S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-11 111616]

S3 iumsvc;Intel® Update Manager;C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [2014-2-28 174368]

S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [2012-9-5 234776]

S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-7-16 20992]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-7-17 59392]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]

S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-7-17 1255736]

.

=============== File Associations ===============

.

FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"

.

=============== Created Last 30 ================

.

2014-05-26 01:30:24 -------- d-----w- C:\Users\Eric Heyden\AppData\Roaming\baidu

2014-05-26 01:29:08 -------- d-----w- C:\Users\Eric Heyden\AppData\Local\TuneUp Software

2014-05-26 01:29:06 -------- d-----w- C:\Users\Eric Heyden\AppData\Roaming\TuneUp Software

2014-05-26 01:29:01 -------- d-----w- C:\Program Files (x86)\TuneUp Utilities 2014

2014-05-26 01:28:56 -------- d-----w- C:\ProgramData\TuneUp Software

2014-05-26 01:28:22 -------- d-----w- C:\Users\Eric Heyden\AppData\Roaming\OpenCandy

2014-05-26 01:28:22 -------- d-----w- C:\Program Files (x86)\Cheat Engine 6.3

2014-05-23 06:18:33 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4F8717F4-C515-4813-9E07-4B5D51A6AFC4}\offreg.dll

2014-05-23 06:14:56 10702536 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{4F8717F4-C515-4813-9E07-4B5D51A6AFC4}\mpengine.dll

2014-05-21 01:24:58 -------- d-----w- C:\Users\Eric Heyden\AppData\Roaming\ToolBox

2014-05-19 05:05:31 -------- d-----w- C:\ProgramData\Baidu

2014-05-19 05:04:02 536576 ----a-w- C:\Windows\SysWow64\sqlite3.dll

2014-05-19 05:03:32 -------- d-----w- C:\AdwCleaner

2014-05-19 04:55:06 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys

2014-05-19 04:54:26 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys

2014-05-19 04:54:26 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys

2014-05-19 04:54:26 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys

2014-05-19 04:54:26 -------- d-----w- C:\ProgramData\Malwarebytes

2014-05-19 04:54:26 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-05-16 20:35:21 -------- d-----w- C:\Program Files (x86)\ToolBox

2014-05-15 20:17:17 -------- d-sh--w- C:\Users\Eric Heyden\AppData\Roaming\90c7

2014-05-15 20:17:17 -------- d-sh--w- C:\Program Files\8fcf

2014-05-15 20:17:16 -------- d-sh--w- C:\911

2014-05-15 06:25:44 -------- d-----w- C:\Program Files (x86)\LogMeIn Hamachi

2014-05-15 06:07:03 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2014-05-15 06:07:03 2724864 ----a-w- C:\Windows\System32\mshtml.tlb

2014-05-13 13:53:54 965232 ----a-w- C:\Program Files (x86)\Mozilla Firefox\icuuc52.dll

2014-05-07 15:14:42 -------- d-----w- C:\Users\Eric Heyden\AppData\Local\LeNinjaZ

2014-05-06 02:25:58 -------- d-sh--w- C:\Users\Eric Heyden\AppData\Local\.#

2014-05-04 04:08:22 -------- d-----w- C:\ProgramData\Intel® Update Manager

2014-05-03 20:56:15 -------- d-----w- C:\Users\Eric Heyden\AppData\Local\Chromium

2014-05-02 18:46:55 -------- d-----w- C:\Program Files (x86)\LeNinjaZ

2014-04-30 21:30:08 -------- d-sh--w- C:\Users\Eric Heyden\AppData\Local\EmieUserList

2014-04-30 21:30:08 -------- d-sh--w- C:\Users\Eric Heyden\AppData\Local\EmieSiteList

2014-04-30 21:23:07 -------- d-----w- C:\Level up

2014-04-30 10:26:23 -------- d-s---w- C:\Windows\System32\CompatTel

2014-04-30 06:02:35 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe

2014-04-30 06:02:35 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe

2014-04-30 06:02:34 12625920 ----a-w- C:\Windows\System32\wmploc.DLL

2014-04-30 06:02:34 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL

2014-04-30 00:35:09 461312 ----a-w- C:\Windows\System32\scavengeui.dll

2014-04-30 00:35:03 335360 ----a-w- C:\Windows\System32\msieftp.dll

2014-04-30 00:35:03 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll

2014-04-30 00:35:01 228864 ----a-w- C:\Windows\System32\wwansvc.dll

2014-04-30 00:32:25 81920 ----a-w- C:\Windows\SysWow64\davclnt.dll

2014-04-29 07:42:17 91616 ----a-w- C:\Windows\System32\drivers\bnbasex64.sys

2014-04-29 07:42:17 56640 ----a-w- C:\Windows\System32\drivers\Bfilter.sys

2014-04-29 07:42:17 37696 ----a-w- C:\Windows\System32\drivers\Bfmon.sys

2014-04-29 07:42:17 158432 ----a-w- C:\Windows\System32\drivers\Bprotect.sys

2014-04-29 07:42:17 153920 ----a-w- C:\Windows\System32\drivers\BdSandbox.sys

2014-04-29 07:42:17 102432 ----a-w- C:\Windows\System32\drivers\bndef64.sys

.

==================== Find3M  ====================

.

2014-05-26 04:27:13 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr

2014-05-26 04:27:13 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe

2014-05-26 02:53:25 291128 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0

2014-05-14 08:16:34 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl

2014-05-14 08:16:34 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe

2014-05-09 06:14:03 477184 ----a-w- C:\Windows\System32\aepdu.dll

2014-05-09 06:11:23 424448 ----a-w- C:\Windows\System32\aeinv.dll

2014-04-23 09:33:44 85824 ----a-w- C:\Windows\System32\drivers\BProtectEx.sys

2014-04-12 02:22:05 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys

2014-04-12 02:22:05 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys

2014-04-12 02:19:38 29184 ----a-w- C:\Windows\System32\sspisrv.dll

2014-04-12 02:19:38 136192 ----a-w- C:\Windows\System32\sspicli.dll

2014-04-12 02:19:37 28160 ----a-w- C:\Windows\System32\secur32.dll

2014-04-12 02:19:32 1460736 ----a-w- C:\Windows\System32\lsasrv.dll

2014-04-12 02:19:05 31232 ----a-w- C:\Windows\System32\lsass.exe

2014-04-12 02:12:06 22016 ----a-w- C:\Windows\SysWow64\secur32.dll

2014-04-12 02:10:56 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll

2014-03-31 12:35:08 270496 ------w- C:\Windows\System32\MpSigStub.exe

2014-03-19 18:50:41 720082 ----a-w- C:\Users\Eric Heyden\AppData\Roaming\unins000.exe

2014-03-14 15:11:23 31088 ----a-w- C:\Windows\SysWow64\drivers\gbpndisrd.sys

2014-03-06 09:31:33 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll

2014-03-06 08:59:04 66048 ----a-w- C:\Windows\System32\iesetup.dll

2014-03-06 08:57:34 548352 ----a-w- C:\Windows\System32\vbscript.dll

2014-03-06 08:57:20 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll

2014-03-06 08:29:40 139264 ----a-w- C:\Windows\System32\ieUnatt.exe

2014-03-06 08:29:14 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe

2014-03-06 08:28:15 752640 ----a-w- C:\Windows\System32\jscript9diag.dll

2014-03-06 08:15:54 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe

2014-03-06 08:11:41 5784064 ----a-w- C:\Windows\System32\jscript9.dll

2014-03-06 08:02:34 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll

2014-03-06 08:02:33 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll

2014-03-06 08:01:01 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll

2014-03-06 07:56:43 38400 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll

2014-03-06 07:46:36 4254720 ----a-w- C:\Windows\SysWow64\jscript9.dll

2014-03-06 07:38:13 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2014-03-06 07:36:40 592896 ----a-w- C:\Windows\SysWow64\jscript9diag.dll

2014-03-06 07:13:43 32256 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll

2014-03-06 07:11:15 2043904 ----a-w- C:\Windows\System32\inetcpl.cpl

2014-03-06 06:40:39 1967104 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2014-03-06 06:22:40 2260480 ----a-w- C:\Windows\System32\wininet.dll

2014-03-06 05:41:49 1789440 ----a-w- C:\Windows\SysWow64\wininet.dll

2014-03-04 09:47:01 5550016 ----a-w- C:\Windows\System32\ntoskrnl.exe

2014-03-04 09:44:21 362496 ----a-w- C:\Windows\System32\wow64win.dll

2014-03-04 09:44:21 243712 ----a-w- C:\Windows\System32\wow64.dll

2014-03-04 09:44:21 13312 ----a-w- C:\Windows\System32\wow64cpu.dll

2014-03-04 09:44:20 39936 ----a-w- C:\Windows\System32\wincredprovider.dll

2014-03-04 09:44:10 210944 ----a-w- C:\Windows\System32\wdigest.dll

2014-03-04 09:44:08 86528 ----a-w- C:\Windows\System32\TSpkg.dll

2014-03-04 09:44:06 340992 ----a-w- C:\Windows\System32\schannel.dll

2014-03-04 09:44:03 722944 ----a-w- C:\Windows\System32\objsel.dll

2014-03-04 09:44:03 314880 ----a-w- C:\Windows\System32\msv1_0.dll

2014-03-04 09:44:03 16384 ----a-w- C:\Windows\System32\ntvdm64.dll

2014-03-04 09:44:00 728064 ----a-w- C:\Windows\System32\kerberos.dll

2014-03-04 09:44:00 424960 ----a-w- C:\Windows\System32\KernelBase.dll

2014-03-04 09:43:56 57344 ----a-w- C:\Windows\System32\cngprovider.dll

2014-03-04 09:43:56 52736 ----a-w- C:\Windows\System32\dpapiprovider.dll

2014-03-04 09:43:56 44544 ----a-w- C:\Windows\System32\dimsroam.dll

2014-03-04 09:43:56 22016 ----a-w- C:\Windows\System32\credssp.dll

2014-03-04 09:43:55 56832 ----a-w- C:\Windows\System32\adprovider.dll

2014-03-04 09:43:55 53760 ----a-w- C:\Windows\System32\capiprovider.dll

2014-03-04 09:43:50 455168 ----a-w- C:\Windows\System32\winlogon.exe

2014-03-04 09:20:11 3969984 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2014-03-04 09:20:11 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2014-03-04 09:16:54 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2014-03-04 09:16:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2014-03-04 09:16:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll

2014-03-04 08:09:30 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2014-03-04 08:09:29 2048 ----a-w- C:\Windows\SysWow64\user.exe

.

============= FINISH:  2:30:14,43 ===============

 

 

Attach

 

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate 

Boot Device: \Device\HarddiskVolume1

Install Date: 16/07/2013 09:52:04

System Uptime: 26/05/2014 02:04:30 (0 hours ago)

.

Motherboard: Gigabyte Technology Co., Ltd. |  | B75M-D3H

Processor: Intel® Core i5-3570K CPU @ 3.40GHz | Intel® Core i5-3570K CPU @ 3.40GHz | 3801/100mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 931 GiB total, 615,411 GiB free.

D: is FIXED (NTFS) - 0 GiB total, 0,07 GiB free.

E: is FIXED (NTFS) - 931 GiB total, 866,436 GiB free.

F: is CDROM ()

G: is CDROM ()

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP106: 18/05/2014 07:17:12 - Windows Update

RP107: 22/05/2014 12:14:44 - Windows Update

RP108: 26/05/2014 00:34:32 - Removido TuneUp Utilities 2014

.

==== Installed Programs ======================

.

@Bios

Adobe Flash Player 13 ActiveX

Adobe Flash Player 13 Plugin

Adobe Reader XI (11.0.06) - Português

Apple Mobile Device Support

Apple Software Update

µTorrent

Atualizações da NVIDIA 1.11.3

Aurora World

Auto Mouse Click version 1.1

AutoCAD 2014 - English

AutoCAD 2014 Language Pack - English

Autodesk 360

Autodesk App Manager

Autodesk AutoCAD 2014 - English

Autodesk Content Service

Autodesk Content Service Language Pack

Autodesk Featured Apps

Autodesk Material Library 2014

Autodesk Material Library Base Resolution Image Library 2014

Autodesk ReCap

Autodesk ReCap Language Pack-English

Baidu Antivirus

Baidu PC Faster

Bonjour

BS.Player FREE

CCleaner

Central de Jogos

Cheat Engine 6.3

Combat Arms

Counter-Strike 1.6

DAEMON Tools Lite

Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition

Dota 2

Easy Tune 6 B12.0912.1

ElfBot NG 4.5.9

Estudo de aprimoramento de produto para HP Deskjet 3540 series

EVGA Precision X 3.0.3

F1 2012

Facebook Video Calling 2.0.0.447

FARO LS 1.1.501.0 (64bit)

GBBD Banco do Brasil

Google Chrome

Google Update Helper

Happy Cloud Client

HP Deskjet 3540 series Ajuda

HP Deskjet 3540 series Software básico do dispositivo

HP Photo Creations

HP Update

iCloud

Infestation: Survivor Stories

Intel® Control Center

Intel® Management Engine Components

Intel® Rapid Storage Technology

Intel® Update Manager

Intel® USB 3.0 eXtensible Host Controller Driver

Intel® Trusted Connect Service Client

iTunes

Java 7 Update 51

Java Auto Updater

K-Lite Mega Codec Pack 10.1.0

Left 4 Dead 2

LogMeIn Hamachi

Malwarebytes Anti-Malware versão 2.0.1.1004

McAfee Security Scan Plus

Microsoft .NET Framework 4.5.1

Microsoft .NET Framework 4.5.1 (Português do Brasil)

Microsoft .NET Framework 4.5.1 (PTB)

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office Office 32-bit Components 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219

Mozilla Firefox 29.0.1 (x86 pt-BR)

Mozilla Maintenance Service

NASCAR '14

NVIDIA Driver de controle do 3D Vision 304.87

NVIDIA Driver de gráficos 311.06

NVIDIA Driver de áudio HD 1.3.18.0

NVIDIA Driver do 3D Vision 311.06

NVIDIA Install Application

NVIDIA PhysX

NVIDIA Software do sistema PhysX 9.12.0613

NVIDIA Stereoscopic 3D Driver

NVIDIA Update Components

ON_OFF Charge B11.1102.1

Origin

Painel de controle da NVIDIA 311.06

Patch v23 versão 2013

Priston Tale Brasil 

PunkBuster Services

RaceRoom Racing Experience 

RaceRoom Racing Experience Launcher

RaidCall

RealDownloader

RealNetworks - Microsoft Visual C++ 2008 Runtime

RealNetworks - Microsoft Visual C++ 2010 Runtime

RealPlayer

Realtek Ethernet Controller Driver

RealUpgrade 1.1

Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)

Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)

Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)

Security Update for Microsoft Excel 2010 (KB2826033) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553284) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2760781) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2826023) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2826035) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2850016) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2878284) 64-Bit Edition

Security Update for Microsoft Office 2010 (KB2880971) 64-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition

Security Update for Microsoft Word 2010 (KB2863926) 64-Bit Edition

SketchUp Import for AutoCAD 2014

Skype™ 6.11

Steam

Suporte para Aplicativos Apple

sXe Injected

TeamSpeak 3 Client

Tibia

Tibia MULTI-ip changer

Tibia Testserver

Tibiacast

TuneUp Utilities 2014 (pt-BR)

Update for Microsoft Access 2010 (KB2553446) 64-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2878281) 64-Bit Edition

Update for Microsoft InfoPath 2010 (KB2817369) 64-Bit Edition

Update for Microsoft InfoPath 2010 (KB2817396) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2589298) 64-Bit Edition

Update for Microsoft Office 2010 (KB2589352) 64-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 64-Bit Edition

Update for Microsoft Office 2010 (KB2597087) 64-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 64-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 64-Bit Edition

Update for Microsoft Office 2010 (KB2825635) 64-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 64-Bit Edition

Update for Microsoft Office 2010 (KB2850079) 64-Bit Edition

Update for Microsoft Office 2010 (KB2878225) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition

Update for Microsoft OneNote 2010 (KB2837595) 64-Bit Edition

Update for Microsoft Outlook 2010 (KB2687567) 64-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2837579) 64-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2760601) 64-Bit Edition

Update for Microsoft Visio 2010 (KB2880526) 64-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2837587) 64-Bit Edition

WinRAR 4.20 (32-bit)

WRC3 versão 1.0

Yu-Gi-Oh! Power of Chaos YUGI MILLENNIAL DESTINY

.

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

GMER

 

GMER 2.1.19357 - http://www.gmer.net

Rootkit scan 2014-05-26 12:55:25

Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD10 rev.80.0 931,51GB

Running: mn67ydft.exe; Driver: C:\Users\ERICHE~1\AppData\Local\Temp\awtyipow.sys

 

 

---- Kernel code sections - GMER 2.1 ----

 

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528                                                                              fffff80002fad000 16 bytes [8B, E3, 41, 5F, 41, 5E, 41, ...]

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 545                                                                              fffff80002fad011 35 bytes {LEA ECX, [RSP+0x70]; CALL 0x3d64f}

 

---- User code sections - GMER 2.1 ----

 

.text     C:\PROGRA~2\GbPlugin\GbpSv.exe[1016] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll                                                                 0000000077d81287 6 bytes JMP 71a8000a

.text     C:\PROGRA~2\GbPlugin\GbpSv.exe[1016] C:\Windows\syswow64\kernel32.dll!FreeLibrary                                                               0000000075e43488 6 bytes JMP 71af000a

.text     C:\PROGRA~2\GbPlugin\GbpSv.exe[1016] C:\Windows\syswow64\kernel32.dll!FreeLibraryAndExitThread                                                  0000000075e5d552 5 bytes JMP 000000017522a11b

.text     C:\PROGRA~2\GbPlugin\GbpSv.exe[1016] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                                                    00000000762d2c9e 4 bytes CALL 71ac0000

.text     C:\PROGRA~2\GbPlugin\GbpSv.exe[1016] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                                                    0000000077d11465 2 bytes [D1, 77]

.text     C:\PROGRA~2\GbPlugin\GbpSv.exe[1016] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                                                   0000000077d114bb 2 bytes [D1, 77]

.text     ...                                                                                                                                             * 2

.text     C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSvc.exe[2008] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll                                 0000000077d7c4dd 6 bytes JMP 71af000a

.text     C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavSvc.exe[2008] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                  00000000762d2c9e 4 bytes CALL 71ac0000

.text     C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe[1348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                0000000077d11465 2 bytes [D1, 77]

.text     C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe[1348] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155               0000000077d114bb 2 bytes [D1, 77]

.text     ...                                                                                                                                             * 2

.text     C:\Program Files (x86)\Baidu Security\PC App Store\4.3.1.5802\PCAppStoreSvc.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69   0000000077d11465 2 bytes [D1, 77]

.text     C:\Program Files (x86)\Baidu Security\PC App Store\4.3.1.5802\PCAppStoreSvc.exe[2736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000077d114bb 2 bytes [D1, 77]

.text     ...                                                                                                                                             * 2

.text     C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69           0000000077d11465 2 bytes [D1, 77]

.text     C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe[2856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          0000000077d114bb 2 bytes [D1, 77]

.text     ...                                                                                                                                             * 2

.text     C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000077d11465 2 bytes [D1, 77]

.text     C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe[2916] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      0000000077d114bb 2 bytes [D1, 77]

.text     ...                                                                                                                                             * 2

.text     C:\Windows\SysWOW64\PnkBstrA.exe[2948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                         0000000070911a22 2 bytes [91, 70]

.text     C:\Windows\SysWOW64\PnkBstrA.exe[2948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                         0000000070911ad0 2 bytes [91, 70]

.text     C:\Windows\SysWOW64\PnkBstrA.exe[2948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                         0000000070911b08 2 bytes [91, 70]

.text     C:\Windows\SysWOW64\PnkBstrA.exe[2948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                         0000000070911bba 2 bytes [91, 70]

.text     C:\Windows\SysWOW64\PnkBstrA.exe[2948] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                         0000000070911bda 2 bytes [91, 70]

.text     C:\Windows\SysWOW64\PnkBstrA.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                  0000000077d11465 2 bytes [D1, 77]

.text     C:\Windows\SysWOW64\PnkBstrA.exe[2948] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                 0000000077d114bb 2 bytes [D1, 77]

.text     ...                                                                                                                                             * 2

.text     C:\Program Files (x86)\ToolBox\26.1.7777.507\ToolBoxService.exe[2464] C:\Windows\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                   00000000762d2c9e 4 bytes CALL 71af0000

.text     C:\Program Files (x86)\ToolBox\26.1.7777.507\ToolBoxService.exe[2464] C:\Windows\syswow64\RPCRT4.dll!IUnknown_QueryInterface_Proxy              0000000075bd428b 6 bytes JMP 71a8000a

.text     C:\Program Files (x86)\ToolBox\26.1.7777.507\ToolBoxService.exe[2464] C:\Windows\syswow64\ole32.dll!CoUnmarshalInterface                        0000000075f6f150 6 bytes JMP 71ab000a

.text     C:\Program Files (x86)\ToolBox\26.1.7777.507\ToolBoxService.exe[2464] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                   0000000077d11465 2 bytes [D1, 77]

.text     C:\Program Files (x86)\ToolBox\26.1.7777.507\ToolBoxService.exe[2464] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                  0000000077d114bb 2 bytes [D1, 77]

.text     ...                                                                                                                                             * 2

.text     C:\Windows\Explorer.EXE[2604] C:\Windows\system32\kernel32.dll!CreateProcessW                                                                   0000000077a60650 6 bytes JMP 3a

.text     C:\Windows\Explorer.EXE[2604] C:\Windows\system32\KERNELBASE.dll!LoadLibraryExW + 357                                                           000007fefdc29055 3 bytes CALL ff000c00

 

---- Kernel IAT/EAT - GMER 2.1 ----

 

IAT       C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortBufferUshort]                                                                  [fffff880010d4e94] \SystemRoot\System32\Drivers\sptd.sys [.text]

IAT       C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortReadPortUchar]                                                                         [fffff880010d4c38] \SystemRoot\System32\Drivers\sptd.sys [.text]

IAT       C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUchar]                                                                        [fffff880010d5614] \SystemRoot\System32\Drivers\sptd.sys [.text]

IAT       C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortUlong]                                                                        [fffff880010d5a10] \SystemRoot\System32\Drivers\sptd.sys [.text]

IAT       C:\Windows\system32\drivers\atapi.sys[ataport.SYS!AtaPortWritePortBufferUshort]                                                                 [fffff880010d586c] \SystemRoot\System32\Drivers\sptd.sys [.text]

 

---- Devices - GMER 2.1 ----

 

Device    \Driver\a41urwfa \Device\Scsi\a41urwfa1Port2Path0Target0Lun0                                                                                    fffffa800790d2c0

Device    \Driver\ayw7jedd \Device\Scsi\ayw7jedd1Port3Path0Target0Lun0                                                                                    fffffa800799a2c0

Device    \Driver\a41urwfa \Device\Scsi\a41urwfa1                                                                                                         fffffa800790d2c0

Device    \Driver\ayw7jedd \Device\Scsi\ayw7jedd1                                                                                                         fffffa800799a2c0

Device    \FileSystem\Ntfs \Ntfs                                                                                                                          fffffa8003fa62c0

Device    \Driver\dtsoftbus01 \Device\0000007a                                                                                                            fffffa800725f2c0

Device    \Driver\NetBT \Device\NetBT_Tcpip_{74863A16-D772-4318-94D6-CBD01481C1C0}                                                                        fffffa8006a6c2c0

Device    \Driver\usbehci \Device\USBPDO-1                                                                                                                fffffa80077652c0

Device    \Driver\iScsiPrt \Device\RaidPort0                                                                                                              fffffa80079c62c0

Device    \Driver\cdrom \Device\CdRom0                                                                                                                    fffffa8007f922c0

Device    \Driver\cdrom \Device\CdRom1                                                                                                                    fffffa8007f922c0

Device    \Driver\cdrom \Device\CdRom2                                                                                                                    fffffa8007f922c0

Device    \Driver\usbehci \Device\USBFDO-0                                                                                                                fffffa80077652c0

Device    \Driver\dtsoftbus01 \Device\DTSoftBusCtl                                                                                                        fffffa800725f2c0

Device    \Driver\NetBT \Device\NetBT_Tcpip_{D55BE7DF-36CE-4A6A-BDFC-C394A655A1C0}                                                                        fffffa8006a6c2c0

Device    \Driver\usbehci \Device\USBFDO-1                                                                                                                fffffa80077652c0

Device    \Driver\NetBT \Device\NetBt_Wins_Export                                                                                                         fffffa8006a6c2c0

Device    \Driver\usbehci \Device\USBPDO-0                                                                                                                fffffa80077652c0

Device    \Driver\iScsiPrt \Device\ScsiPort1                                                                                                              fffffa80079c62c0

Device    \Driver\a41urwfa \Device\ScsiPort2                                                                                                              fffffa800790d2c0

Device    \Driver\ayw7jedd \Device\ScsiPort3                                                                                                              fffffa800799a2c0

 

---- Modules - GMER 2.1 ----

 

Module    \SystemRoot\System32\Drivers\a41urwfa.SYS                                                                                                       fffff8800781d000-fffff88007869000 (311296 bytes)

Module    \SystemRoot\System32\Drivers\ayw7jedd.SYS                                                                                                       fffff88009d8f000-fffff88009de0000 (331776 bytes)

 

---- Threads - GMER 2.1 ----

 

Thread    C:\Windows\System32\svchost.exe [2548:208]                                                                                                      000007fef7019688

 

---- Registry - GMER 2.1 ----

 

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                             C:\Program Files (x86)\Alcohol Soft\Alcohol 120\

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                             1

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                          0x12 0xD5 0x78 0x3E ...

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                                       

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                    0xA0 0x02 0x00 0x00 ...

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                 0x56 0x2D 0x17 0x72 ...

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                                                

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                          0x65 0xA5 0x6E 0x63 ...

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC                                                                

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                             C:\Program Files (x86)\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                             0x00 0x00 0x00 0x00 ...

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                             0

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                          0x6D 0xA5 0xF3 0xB3 ...

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                                                       

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                    0xA0 0x02 0x00 0x00 ...

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                 0xC4 0x31 0xA3 0xB6 ...

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                                                  

Reg       HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                            0x03 0x1A 0x3A 0x41 ...

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                            

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                 C:\Program Files (x86)\Alcohol Soft\Alcohol 120\

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                 1

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                              0x12 0xD5 0x78 0x3E ...

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                                   

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                        0xA0 0x02 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                     0x56 0x2D 0x17 0x72 ...

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)                            

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                              0x65 0xA5 0x6E 0x63 ...

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                                            

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                                                 C:\Program Files (x86)\DAEMON Tools Lite\

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                                                 0x00 0x00 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                                                 0

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                                              0x6D 0xA5 0xF3 0xB3 ...

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)                                   

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                                                        0xA0 0x02 0x00 0x00 ...

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                                                     0xC4 0x31 0xA3 0xB6 ...

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)                              

Reg       HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                                                0x03 0x1A 0x3A 0x41 ...

 

---- EOF - GMER 2.1 ----

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Tootz Limitless

 

Atente para o meu pedido: ATENÇÃO 3: Não coloque os logs entre TAGS, obrigado!

 

Tive que editar seus posts.

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
Sempre coloque suas respostas neste tópico... Não abra outro!
Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
Respeite a ordem das instruções passadas.
Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

# Etapa nº 1 #

 
Desinstale os seguintes programas:
 
Baidu Antivirus
Baidu PC Faster

 

 

 
Reinstale um outro antivírus e me informe qual foi. ;)
 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Tootz Limitless

 

# Etapa nº 1 #
 
Faça o download Junkware Removal Tool e salve em seu Desktop.
  • Desative seus programas de proteção (antivírus etc) para evitar qualquer conflito.
  • Clique duas vezes JRT.exe
    • Se seu sistema for Windows Vista ou Windows 7 ou Windows 8, clique com o botão direito do mouse e peça para Executar como Administrador.

    [*]Seja paciente e aguarde o scan terminar.[*]Abra o log JRT.txt que está em seu Desktop.[*]Copie todo conteúdo e cole em sua próximo mensagem.

 
# Etapa nº 2 #
 

  • Clique duas vezes no adwcleaner.exe
  • Atenção: Usuários Windows Vista, 7 e 8, cliquem com o botão direito do mouse e escolha: execadmin.png

  • Clique em Pesquisar
No final do scan será aberto um log com o resultado.
Caso algo seja detectado, clique então no botão Remover.
Novamente, no final do scan será aberto um log com o resultado.
Copie todo seu conteúdo e cole em sua próxima resposta.

 
# Etapa nº 3 #
 
Leia as instruções contidas neste link:
 
 
Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"
Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
[*]Duplo clique no icone desktopicon.png que está no desktop.
[*]Leia e aceite as condições, digitando 1 e enter.
[*]Computadores com Windows XP deverão instalar o Console de Recuperação:
Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
Clique em "OK" ao EULA.
Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde.
[*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
[*]Poderá surgir o aviso que é necessário reiniciar o computador.
NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.
[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.


NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.
Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

RESULTADO  JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Eric Heyden on 30/05/2014 at 12:07:07,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-138091164-585759890-2586022290-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Windows\Tasks\dll-files.com fixer_monthly.job"
Successfully deleted: [File] "C:\Windows\Tasks\dll-files.com fixer_updates.job"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Eric Heyden\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\Eric Heyden\AppData\Roaming\dll-files.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\dll-files.com fixer"
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Eric Heyden\AppData\Roaming\mozilla\firefox\profiles\mwo0z9c9.default\prefs.js
 
user_pref("browser.startup.homepage", "hxxp://br.hao123.com/?tn=opencd_hp_hao123_br");
Emptied folder: C:\Users\Eric Heyden\AppData\Roaming\mozilla\firefox\profiles\mwo0z9c9.default\minidumps [5 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/05/2014 at 12:11:50,72
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
RESULTADO  AdwCleaneR
 
 
# AdwCleaner v3.211 - Relatório criado 30/05/2014 às 12:15:16
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Eric Heyden - ERICHEYDEN-PC
# Executando de : C:\Users\Eric Heyden\Desktop\adwcleaner_3.211.exe
# Opção : Limpar
 
***** [ Serviços ] *****
 
 
***** [ Arquivos / Pastas ] *****
 
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\Windows\System32\roboot64.exe
 
***** [ Atalhos ] *****
 
 
***** [ Registro ] *****
 
Chave Deletedo : HKCU\Software\AppDataLow\Software
 
***** [ Navegadores ] *****
 
-\\ Internet Explorer v11.0.9600.17041
 
 
-\\ Mozilla Firefox v29.0.1 (pt-BR)
 
[ Arquivo : C:\Users\Eric Heyden\AppData\Roaming\Mozilla\Firefox\Profiles\mwo0z9c9.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2017.2
 
[ Arquivo : C:\Users\Eric Heyden\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deletedo [search Provider] : hxxp://br.ask.com/web?q={searchTerms}
Deletedo [Extension] : ifohbjbgfchkkfhphahclmkpgejiplfo
 
*************************
 
AdwCleaner[R0].txt - [16889 octets] - [19/05/2014 02:03:44]
AdwCleaner[R1].txt - [1487 octets] - [30/05/2014 12:12:52]
AdwCleaner[s0].txt - [14689 octets] - [19/05/2014 02:04:23]
AdwCleaner[s1].txt - [1270 octets] - [30/05/2014 12:15:16]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1330 octets] ##########
 

COMBOFIX

 

ComboFix 14-05-29.01 - Eric Heyden 30/05/2014  12:23:53.1.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.4042.2380 [GMT -3:00]
Executando de: c:\users\Eric Heyden\Desktop\ComboFix.exe
AV: Baidu Antivirus *Enabled/Updated* {10616E6C-0E20-8594-D377-A7D03F6128A6}
SP: Baidu Antivirus *Disabled/Updated* {AB008F88-281A-8A1A-E9C7-9CA244E6621B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\sXe Injected
c:\program files (x86)\sXe Injected\ddsxei.sys
c:\program files (x86)\sXe Injected\sXe-I EULA.txt
c:\program files (x86)\sXe Injected\sXe Injected.exe
c:\program files (x86)\sXe Injected\sXe Injected.txt
c:\program files (x86)\sXe Injected\sXe.dll
c:\program files (x86)\sXe Injected\uninstall.exe
c:\program files (x86)\sXe Injected\uninstall.ini
c:\users\Eric Heyden\AppData\Local\.#
c:\users\Eric Heyden\AppData\Local\.#\MBX@1018@2E61A60.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1018@2E61A70.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1018@2E61A80.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1058@2FF19F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@10CC@1BD19F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1120@1AB19F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1170@2FA19F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@118C@1A819F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@120C@291A60.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@120C@291A70.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@120C@291A80.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@124C@30C19F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@12A4@2791A70.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@12A4@2791A90.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@12B0@2901A70.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@12B0@2901A90.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@14F4@2FE19F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1568@3619F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1578@E51A80.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1578@E51AA0.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@15F0@1441A18.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@15F8@1AF19F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@161C@341A80.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@161C@341AA0.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1678@13B1A70.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1678@13B1A90.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@16A0@2901A18.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@16B4@3819F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@16DC@31919F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1714@15819F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1760@28E1A18.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1768@2B19F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1790@2DF19F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1814@241A18.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1848@2FF19F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1860@301A18.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@18B4@1A919F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1938@3919F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1950@31719F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1990@271A70.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1990@271A90.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1A38@2911A80.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1A38@2911AA0.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1B18@14F19F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1BA0@17519F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1C68@2881A70.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1C68@2881A90.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1C6C@2EF19F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@1D4C@31719F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@3A0@1421A18.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@3A4@30E19F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@4A0@31419F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@4B8@15619F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@5A4@2F41A60.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@5A4@2F41A70.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@5A4@2F41A80.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@79C@32719F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@83C@261A18.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@A90@1471A28.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@AFC@1A519F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@C5C@321A18.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@CBC@1D19F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@D5C@2931A70.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@D5C@2931A90.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@D68@2D1A70.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@D68@2D1A90.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@DB8@2419F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@E88@1B019F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@F0C@32B19F8.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@F2C@2811A80.###
c:\users\Eric Heyden\AppData\Local\.#\MBX@F2C@2811AA0.###
c:\windows\IsUn0416.exe
c:\windows\SysWow64\Config.ini
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-04-28 to 2014-05-30  ))))))))))))))))))))))))))))
.
.
2014-05-30 15:07 . 2014-05-30 15:07 -------- d-----w- c:\windows\ERUNT
2014-05-29 23:42 . 2014-05-29 23:42 -------- d-----w- c:\users\Eric Heyden\AppData\Local\DeathZ Entertainment
2014-05-29 21:52 . 2014-04-30 19:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{58BBBB65-AC0B-426D-B33A-95A22C7BEA14}\mpengine.dll
2014-05-29 19:09 . 2014-05-29 19:09 -------- d-----w- c:\users\Eric Heyden\AppData\Local\PortalTitan
2014-05-28 23:46 . 2014-05-28 23:47 -------- d-----w- c:\users\Eric Heyden\AppData\Roaming\rmi
2014-05-28 23:39 . 2014-05-28 23:40 1106384 ----a-w- c:\windows\SysWow64\msvcp110d.dll
2014-05-28 19:58 . 2014-05-28 19:58 -------- d-----w- c:\programdata\Logs
2014-05-28 18:01 . 2014-05-28 18:01 -------- d-----w- c:\users\Eric Heyden\AppData\Local\Skype
2014-05-28 18:01 . 2014-05-28 18:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-05-28 18:01 . 2014-05-28 18:01 -------- d-----r- c:\program files (x86)\Skype
2014-05-28 17:33 . 2014-05-28 17:34 -------- d-----w- c:\program files\WinRAR
2014-05-28 15:40 . 2014-05-28 15:40 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68CD1B23-18A6-4442-A28A-4E13B5F4CF49}\gapaengine.dll
2014-05-28 15:40 . 2014-04-30 19:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-28 15:38 . 2014-05-28 15:38 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-05-28 15:37 . 2014-05-28 15:38 -------- d-----w- c:\program files\Microsoft Security Client
2014-05-26 05:31 . 2014-05-26 05:31 -------- d-----w- c:\program files (x86)\Window Title Changer
2014-05-26 01:29 . 2014-05-26 01:29 -------- d-----w- c:\users\Eric Heyden\AppData\Local\TuneUp Software
2014-05-26 01:29 . 2014-05-26 01:29 -------- d-----w- c:\users\Eric Heyden\AppData\Roaming\TuneUp Software
2014-05-26 01:29 . 2014-05-26 05:03 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2014
2014-05-26 01:28 . 2014-05-26 01:30 -------- d-----w- c:\programdata\TuneUp Software
2014-05-26 01:28 . 2014-05-26 01:28 -------- d-----w- c:\program files (x86)\Cheat Engine 6.3
2014-05-23 06:14 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F8717F4-C515-4813-9E07-4B5D51A6AFC4}\mpengine.dll
2014-05-21 01:24 . 2014-05-29 00:18 -------- d-----w- c:\users\Eric Heyden\AppData\Roaming\ToolBox
2014-05-19 05:04 . 2010-08-30 11:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-19 05:03 . 2014-05-30 15:15 -------- d-----w- C:\AdwCleaner
2014-05-19 04:55 . 2014-05-30 15:48 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-19 04:54 . 2014-05-19 04:54 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-19 04:54 . 2014-05-19 04:54 -------- d-----w- c:\programdata\Malwarebytes
2014-05-19 04:54 . 2014-04-03 12:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-19 04:54 . 2014-04-03 12:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-19 04:54 . 2014-04-03 12:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-18 22:00 . 2014-05-18 22:14 8290 ----a-w- c:\users\Eric Heyden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\da93d.js
2014-05-18 22:00 . 2014-05-18 22:14 8290 ----a-w- c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\da93d.js
2014-05-16 20:35 . 2014-05-29 00:18 -------- d-----w- c:\program files (x86)\ToolBox
2014-05-15 20:17 . 2014-05-15 20:17 -------- d-sh--w- c:\users\Eric Heyden\AppData\Roaming\90c7
2014-05-15 20:17 . 2014-05-15 20:17 -------- d-sh--w- c:\program files\8fcf
2014-05-15 20:17 . 2014-05-15 20:17 -------- d-----w- C:\911
2014-05-15 06:25 . 2014-05-15 06:25 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-05-15 06:07 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 06:07 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 06:07 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 06:07 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-15 06:06 . 2014-05-15 06:06 -------- d-----w- c:\program files\Common Files\DESIGNER
2014-05-07 15:14 . 2014-05-07 15:14 -------- d-----w- c:\users\Eric Heyden\AppData\Local\LeNinjaZ
2014-05-04 04:08 . 2014-05-04 04:08 -------- d-----w- c:\programdata\Intel® Update Manager
2014-05-03 20:56 . 2014-05-03 20:56 -------- d-----w- c:\users\Eric Heyden\AppData\Local\Chromium
2014-04-30 21:30 . 2014-04-30 21:30 -------- d-sh--w- c:\users\Eric Heyden\AppData\Local\EmieUserList
2014-04-30 21:30 . 2014-04-30 21:30 -------- d-sh--w- c:\users\Eric Heyden\AppData\Local\EmieSiteList
2014-04-30 21:23 . 2014-05-01 14:58 -------- d-----w- C:\Level up
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-27 20:20 . 2013-07-16 16:15 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-05-27 20:20 . 2013-07-16 16:14 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-05-27 19:19 . 2013-07-16 16:14 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-05-15 06:03 . 2013-08-22 06:00 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 08:16 . 2013-07-17 00:56 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 08:16 . 2013-07-17 00:56 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-19 18:50 . 2014-03-19 18:50 720082 ----a-w- c:\users\Eric Heyden\AppData\Roaming\unins000.exe
2014-03-14 15:11 . 2013-07-29 20:27 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys
2014-03-11 12:52 . 2014-03-11 12:52 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 09:31 . 2014-04-11 06:00 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-11 06:00 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-11 06:00 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-11 06:00 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-11 06:00 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-11 06:00 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-11 06:00 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-11 06:00 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-11 06:00 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-11 06:00 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-11 06:00 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-11 06:00 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-11 06:00 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-11 06:00 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-11 06:00 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-11 06:00 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-11 06:00 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-11 06:00 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-11 06:00 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-11 06:00 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-11 06:00 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-11 06:00 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-11 06:00 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-11 06:00 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-11 06:00 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-11 06:00 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-11 06:00 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-11 06:00 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-11 06:00 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-11 06:00 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-11 06:00 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-11 06:00 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-11 06:00 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-04 09:44 . 2014-04-09 10:40 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 10:40 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 10:40 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 10:40 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 10:40 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 10:40 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 10:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 10:40 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 10:40 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 10:40 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 10:40 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"86d"="c:\users\Eric Heyden\AppData\Roaming\90c7\86d.js" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2012-07-19 133440]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 1081224]
.
c:\users\Eric Heyden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
da93d.js [2014-5-18 8290]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
da93d.js [2014-5-18 8290]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2014-02-21 19:13 1582632 ------w- c:\program files (x86)\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys;c:\windows\SYSNATIVE\drivers\GbpKm.sys [x]
R1 Bfilter;Baidu Antivirus Minifilter Driver;c:\windows\System32\drivers\Bfilter.sys;c:\windows\SYSNATIVE\drivers\Bfilter.sys [x]
R1 Bfmon;Baidu FS Monitor Driver;c:\windows\System32\drivers\Bfmon.sys;c:\windows\SYSNATIVE\drivers\Bfmon.sys [x]
R1 Bnbase;Bnbase;c:\windows\system32\drivers\bnbasex64.sys;c:\windows\SYSNATIVE\drivers\bnbasex64.sys [x]
R1 Bndef;Baidu NetDefense;c:\windows\System32\drivers\bndef64.sys;c:\windows\SYSNATIVE\drivers\bndef64.sys [x]
R1 Bprotect;Baidu Protect;c:\windows\System32\drivers\Bprotect.sys;c:\windows\SYSNATIVE\drivers\Bprotect.sys [x]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 PCAppStoreSvc_{PCAppStore_4.3.1.5802};Baidu PC App Store Service 4.3.1.5802;c:\program files (x86)\Baidu Security\PC App Store\4.3.1.5802\PCAppStoreSvc.exe;c:\program files (x86)\Baidu Security\PC App Store\4.3.1.5802\PCAppStoreSvc.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 BdApiUtil;BdApiUtil;c:\program files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys;c:\program files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys [x]
R3 BdCameraProtect;BdCameraProtect;c:\program files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys;c:\program files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys [x]
R3 BdSandbox;Baidu BdSandbox Driver;c:\windows\System32\drivers\BdSandbox.sys;c:\windows\SYSNATIVE\drivers\BdSandbox.sys [x]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iumsvc;Intel® Update Manager;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe;c:\program files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 X6va013;X6va013;c:\windows\SysWOW64\Drivers\X6va013;c:\windows\SysWOW64\Drivers\X6va013 [x]
R3 X6va016;X6va016;c:\windows\SysWOW64\Drivers\X6va016;c:\windows\SysWOW64\Drivers\X6va016 [x]
S0 iusb3hcs;Driver de comutação do controlador host Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 ToolBoxService;ToolBox Service;c:\program files (x86)\ToolBox\26.1.7777.551\ToolBoxService.exe;c:\program files (x86)\ToolBox\26.1.7777.551\ToolBoxService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 iusb3hub;Driver para hub Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Driver de controlador host eXtensível Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-28 21:37 1101640 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2017.2\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-05-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-17 08:16]
.
2014-05-29 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-138091164-585759890-2586022290-1000Core.job
- c:\users\Eric Heyden\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-05 22:45]
.
2014-05-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-138091164-585759890-2586022290-1000UA.job
- c:\users\Eric Heyden\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-05 22:45]
.
2014-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-16 12:53]
.
2014-05-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-16 12:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
FF - ProfilePath - c:\users\Eric Heyden\AppData\Roaming\Mozilla\Firefox\Profiles\mwo0z9c9.default\
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} - (no file)
AddRemove-Central de Jogos - c:\windows\IsUn0416.exe
AddRemove-Dll-Files Fixer_is1 - c:\program files (x86)\Dll-Files.com Fixer\unins000.exe
AddRemove-sXe Injected - c:\program files (x86)\sXe Injected\uninstall.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va013]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va013"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va016]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va016"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-05-30  12:53:03 - Máquina reiniciou
ComboFix-quarantined-files.txt  2014-05-30 15:53
.
Pré-execução: 662.843.731.968 bytes disponíveis
Pós execução: 663.647.293.440 bytes disponíveis
.
- - End Of File - - C1DE057F88CF8B75E72204A0FB0E383A

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Tootz Limitless

 

# Etapa nº 1 #

 

Desinstale o seguinte programa: McAfee Security Scan Plus

 

# Etapa nº 2 #

 

Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
  • Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":
SecCenter::AV: Baidu Antivirus *Enabled/Updated* {10616E6C-0E20-8594-D377-A7D03F6128A6}SP: Baidu Antivirus *Disabled/Updated* {AB008F88-281A-8A1A-E9C7-9CA244E6621B} File::c:\users\Eric Heyden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\da93d.jsc:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\da93d.jsc:\windows\System32\drivers\Bfilter.sysc:\windows\System32\drivers\Bfmon.sysc:\windows\system32\drivers\bnbasex64.sysc:\windows\System32\drivers\bndef64.sysc:\windows\System32\drivers\Bprotect.sysc:\windows\System32\drivers\BdSandbox.sysc:\windows\System32\drivers\BprotectEx.sys Folder::c:\users\Eric Heyden\AppData\Roaming\90c7c:\program files\8fcfC:\911c:\program files (x86)\Baidu Securityc:\program files (x86)\McAfee Security Scan Registry::[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]"86d"=- Driver::BfilterBfmonBnbaseBndefBprotectBdApiUtilBdCameraProtectBdSandboxBprotectExPCFApiUtilMcComponentHostService
  • Salve este arquivo como: CFScript.txt
Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Poste esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif
 
Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites

DEU ISSO AQUI COMBOFIX

 

ComboFix 14-05-29.01 - Eric Heyden 31/05/2014  16:39:04.2.4 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.4042.2751 [GMT -3:00]
Executando de: c:\users\Eric Heyden\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\Eric Heyden\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {641105E6-77ED-3F35-A304-765193BCB75F}
SP: Microsoft Security Essentials *Disabled/Updated* {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\da93d.js"
"c:\users\Eric Heyden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\da93d.js"
"c:\windows\System32\drivers\BdSandbox.sys"
"c:\windows\System32\drivers\Bfilter.sys"
"c:\windows\System32\drivers\Bfmon.sys"
"c:\windows\system32\drivers\bnbasex64.sys"
"c:\windows\System32\drivers\bndef64.sys"
"c:\windows\System32\drivers\Bprotect.sys"
"c:\windows\System32\drivers\BprotectEx.sys"
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\911
c:\911\87cb8
c:\911\87db
c:\911\8c0e4
c:\911\90
c:\911\9494
c:\program files (x86)\Baidu Security
c:\program files (x86)\Baidu Security\PC App Store\4.3.1.5802\log.dll
c:\program files (x86)\Baidu Security\PC App Store\4.3.1.5802\PCAppStoreSvc.exe
c:\program files (x86)\Baidu Security\PC App Store\4.3.1.5802\Plugins\Plugin.ServShellEx\ServShellEx.dll
c:\program files\8fcf
c:\program files\8fcf\8e.js
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\da93d.js
c:\users\Eric Heyden\AppData\Roaming\90c7
c:\users\Eric Heyden\AppData\Roaming\90c7\86d.js
c:\users\Eric Heyden\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\da93d.js
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_BDAPIUTIL
-------\Legacy_BDCAMERAPROTECT
-------\Legacy_BFILTER
-------\Legacy_BFMON
-------\Legacy_BNBASE
-------\Legacy_BNDEF
-------\Legacy_BPROTECT
-------\Legacy_BPROTECTEX
-------\Legacy_PCFAPIUTIL
-------\Service_BdApiUtil
-------\Service_BdCameraProtect
-------\Service_BdSandbox
-------\Service_Bfilter
-------\Service_Bfmon
-------\Service_Bnbase
-------\Service_Bndef
-------\Service_Bprotect
-------\Service_BprotectEx
-------\Service_PCFApiUtil
-------\Service_PCAppStoreSvc_{PCAppStore_4.3.1.5802}
-------\Service_PCAppStoreSvc_{PCAppStore_4.3.1.5802}
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-04-28 to 2014-05-31  ))))))))))))))))))))))))))))
.
.
2014-05-31 19:45 . 2014-05-31 19:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-05-31 19:45 . 2014-05-31 19:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-31 15:44 . 2014-04-30 19:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{EC3DE7B5-CA04-4B1B-A487-0279FDC84F29}\mpengine.dll
2014-05-30 15:07 . 2014-05-30 15:07 -------- d-----w- c:\windows\ERUNT
2014-05-29 23:42 . 2014-05-29 23:42 -------- d-----w- c:\users\Eric Heyden\AppData\Local\DeathZ Entertainment
2014-05-29 21:52 . 2014-04-30 19:20 10702536 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-05-29 19:09 . 2014-05-29 19:09 -------- d-----w- c:\users\Eric Heyden\AppData\Local\PortalTitan
2014-05-28 23:46 . 2014-05-28 23:47 -------- d-----w- c:\users\Eric Heyden\AppData\Roaming\rmi
2014-05-28 23:39 . 2014-05-28 23:40 1106384 ----a-w- c:\windows\SysWow64\msvcp110d.dll
2014-05-28 19:58 . 2014-05-28 19:58 -------- d-----w- c:\programdata\Logs
2014-05-28 18:01 . 2014-05-28 18:01 -------- d-----w- c:\users\Eric Heyden\AppData\Local\Skype
2014-05-28 18:01 . 2014-05-28 18:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-05-28 18:01 . 2014-05-28 18:01 -------- d-----r- c:\program files (x86)\Skype
2014-05-28 17:33 . 2014-05-28 17:34 -------- d-----w- c:\program files\WinRAR
2014-05-28 15:40 . 2014-05-28 15:40 1031560 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{68CD1B23-18A6-4442-A28A-4E13B5F4CF49}\gapaengine.dll
2014-05-28 15:38 . 2014-05-28 15:38 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2014-05-28 15:37 . 2014-05-28 15:38 -------- d-----w- c:\program files\Microsoft Security Client
2014-05-26 05:31 . 2014-05-26 05:31 -------- d-----w- c:\program files (x86)\Window Title Changer
2014-05-26 01:29 . 2014-05-26 01:29 -------- d-----w- c:\users\Eric Heyden\AppData\Local\TuneUp Software
2014-05-26 01:29 . 2014-05-26 01:29 -------- d-----w- c:\users\Eric Heyden\AppData\Roaming\TuneUp Software
2014-05-26 01:29 . 2014-05-26 05:03 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2014
2014-05-26 01:28 . 2014-05-26 01:30 -------- d-----w- c:\programdata\TuneUp Software
2014-05-26 01:28 . 2014-05-26 01:28 -------- d-----w- c:\program files (x86)\Cheat Engine 6.3
2014-05-23 06:14 . 2014-04-30 23:20 10702536 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4F8717F4-C515-4813-9E07-4B5D51A6AFC4}\mpengine.dll
2014-05-21 01:24 . 2014-05-29 00:18 -------- d-----w- c:\users\Eric Heyden\AppData\Roaming\ToolBox
2014-05-19 05:04 . 2010-08-30 11:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-05-19 05:03 . 2014-05-30 15:15 -------- d-----w- C:\AdwCleaner
2014-05-19 04:55 . 2014-05-31 20:09 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-05-19 04:54 . 2014-05-30 19:09 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-05-19 04:54 . 2014-05-19 04:54 -------- d-----w- c:\programdata\Malwarebytes
2014-05-19 04:54 . 2014-05-12 10:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-05-19 04:54 . 2014-05-12 10:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-05-19 04:54 . 2014-05-12 10:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-05-16 20:35 . 2014-05-29 00:18 -------- d-----w- c:\program files (x86)\ToolBox
2014-05-15 06:25 . 2014-05-15 06:25 -------- d-----w- c:\program files (x86)\LogMeIn Hamachi
2014-05-15 06:07 . 2014-05-06 04:40 23544320 ----a-w- c:\windows\system32\mshtml.dll
2014-05-15 06:07 . 2014-05-06 03:00 84992 ----a-w- c:\windows\system32\mshtmled.dll
2014-05-15 06:07 . 2014-05-06 04:17 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-15 06:07 . 2014-05-06 03:07 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-15 06:06 . 2014-05-15 06:06 -------- d-----w- c:\program files\Common Files\DESIGNER
2014-05-07 15:14 . 2014-05-07 15:14 -------- d-----w- c:\users\Eric Heyden\AppData\Local\LeNinjaZ
2014-05-04 04:08 . 2014-05-04 04:08 -------- d-----w- c:\programdata\Intel® Update Manager
2014-05-03 20:56 . 2014-05-03 20:56 -------- d-----w- c:\users\Eric Heyden\AppData\Local\Chromium
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-27 20:20 . 2013-07-16 16:15 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-05-27 20:20 . 2013-07-16 16:14 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-05-27 19:19 . 2013-07-16 16:14 291128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2014-05-15 06:03 . 2013-08-22 06:00 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 08:16 . 2013-07-17 00:56 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 08:16 . 2013-07-17 00:56 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-19 18:50 . 2014-03-19 18:50 720082 ----a-w- c:\users\Eric Heyden\AppData\Roaming\unins000.exe
2014-03-14 15:11 . 2013-07-29 20:27 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys
2014-03-11 12:52 . 2014-03-11 12:52 133928 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2014-03-06 09:31 . 2014-04-11 06:00 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-03-06 08:59 . 2014-04-11 06:00 66048 ----a-w- c:\windows\system32\iesetup.dll
2014-03-06 08:57 . 2014-04-11 06:00 548352 ----a-w- c:\windows\system32\vbscript.dll
2014-03-06 08:57 . 2014-04-11 06:00 48640 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-03-06 08:53 . 2014-04-11 06:00 2767360 ----a-w- c:\windows\system32\iertutil.dll
2014-03-06 08:40 . 2014-04-11 06:00 51200 ----a-w- c:\windows\system32\jsproxy.dll
2014-03-06 08:39 . 2014-04-11 06:00 33792 ----a-w- c:\windows\system32\iernonce.dll
2014-03-06 08:32 . 2014-04-11 06:00 574976 ----a-w- c:\windows\system32\ieui.dll
2014-03-06 08:29 . 2014-04-11 06:00 139264 ----a-w- c:\windows\system32\ieUnatt.exe
2014-03-06 08:29 . 2014-04-11 06:00 111616 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-03-06 08:28 . 2014-04-11 06:00 752640 ----a-w- c:\windows\system32\jscript9diag.dll
2014-03-06 08:15 . 2014-04-11 06:00 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-06 08:11 . 2014-04-11 06:00 5784064 ----a-w- c:\windows\system32\jscript9.dll
2014-03-06 08:09 . 2014-04-11 06:00 453120 ----a-w- c:\windows\system32\dxtmsft.dll
2014-03-06 08:03 . 2014-04-11 06:00 586240 ----a-w- c:\windows\system32\ie4uinit.exe
2014-03-06 08:02 . 2014-04-11 06:00 61952 ----a-w- c:\windows\SysWow64\iesetup.dll
2014-03-06 08:02 . 2014-04-11 06:00 455168 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-03-06 08:01 . 2014-04-11 06:00 51200 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2014-03-06 07:56 . 2014-04-11 06:00 38400 ----a-w- c:\windows\system32\JavaScriptCollectionAgent.dll
2014-03-06 07:48 . 2014-04-11 06:00 195584 ----a-w- c:\windows\system32\msrating.dll
2014-03-06 07:46 . 2014-04-11 06:00 4254720 ----a-w- c:\windows\SysWow64\jscript9.dll
2014-03-06 07:42 . 2014-04-11 06:00 296960 ----a-w- c:\windows\system32\dxtrans.dll
2014-03-06 07:38 . 2014-04-11 06:00 112128 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2014-03-06 07:36 . 2014-04-11 06:00 592896 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-03-06 07:21 . 2014-04-11 06:00 628736 ----a-w- c:\windows\system32\msfeeds.dll
2014-03-06 07:13 . 2014-04-11 06:00 32256 ----a-w- c:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-03-06 07:11 . 2014-04-11 06:00 2043904 ----a-w- c:\windows\system32\inetcpl.cpl
2014-03-06 06:53 . 2014-04-11 06:00 13551104 ----a-w- c:\windows\system32\ieframe.dll
2014-03-06 06:40 . 2014-04-11 06:00 1967104 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2014-03-06 06:22 . 2014-04-11 06:00 2260480 ----a-w- c:\windows\system32\wininet.dll
2014-03-06 05:58 . 2014-04-11 06:00 1400832 ----a-w- c:\windows\system32\urlmon.dll
2014-03-06 05:50 . 2014-04-11 06:00 846336 ----a-w- c:\windows\system32\ieapfltr.dll
2014-03-06 05:41 . 2014-04-11 06:00 1789440 ----a-w- c:\windows\SysWow64\wininet.dll
2014-03-04 09:44 . 2014-04-09 10:40 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-09 10:40 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-09 10:40 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-09 10:40 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-09 10:40 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-09 10:40 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-09 10:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-09 10:40 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-09 10:40 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-09 10:40 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-09 10:40 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IMSS"="c:\program files (x86)\Intel\Intel® Management Engine Components\IMSS\PIconStartup.exe" [2012-07-19 133440]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-05-20 291648]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 1081224]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2014-02-21 19:13 1582632 ------w- c:\program files (x86)\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys;c:\windows\SYSNATIVE\drivers\GbpKm.sys [x]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe;c:\windows\SYSNATIVE\AppleChargerSrv.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iumsvc;Intel® Update Manager;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe;c:\program files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Inspeção de Rede da Microsoft;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys;c:\program files (x86)\TuneUp Utilities 2014\TuneUpUtilitiesDriver64.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 X6va013;X6va013;c:\windows\SysWOW64\Drivers\X6va013;c:\windows\SysWOW64\Drivers\X6va013 [x]
R3 X6va016;X6va016;c:\windows\SysWOW64\Drivers\X6va016;c:\windows\SysWOW64\Drivers\X6va016 [x]
S0 iusb3hcs;Driver de comutação do controlador host Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 Intel® ME Service;Intel® ME Service;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 ToolBoxService;ToolBox Service;c:\program files (x86)\ToolBox\26.1.7777.551\ToolBoxService.exe;c:\program files (x86)\ToolBox\26.1.7777.551\ToolBoxService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 iusb3hub;Driver para hub Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Driver de controlador host eXtensível Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-28 21:37 1101640 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2017.2\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-05-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-17 08:16]
.
2014-05-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-138091164-585759890-2586022290-1000Core.job
- c:\users\Eric Heyden\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-05 22:45]
.
2014-05-31 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-138091164-585759890-2586022290-1000UA.job
- c:\users\Eric Heyden\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-05 22:45]
.
2014-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-16 12:53]
.
2014-05-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-16 12:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2014-03-11 1271072]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = www.google.com
mDefault_Page_URL = hxxp://www.google.com
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: &Enviar para o OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
FF - ProfilePath - c:\users\Eric Heyden\AppData\Roaming\Mozilla\Firefox\Profiles\mwo0z9c9.default\
.
- - - - ORFÃOS REMOVIDOS - - - -
.
ShellIconOverlayIdentifiers-{0A93904A-BB1E-4a0c-9753-B57B9AE272CC} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va013]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va013"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va016]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va016"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Malwarebytes Anti-Malware\mbam.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-05-31  17:12:11 - Máquina reiniciou
ComboFix-quarantined-files.txt  2014-05-31 20:12
ComboFix2.txt  2014-05-30 15:53
.
Pré-execução: 673.127.346.176 bytes disponíveis
Pós execução: 672.504.631.296 bytes disponíveis
.
- - End Of File - - E65AA922C531E62B7AC68114DA4DAF2D

ps; meu windows já está abrindo normal, sem travar ou fica carregando!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caro Tootz Limitless

 

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

 

Abraços :D

Compartilhar este post


Link para o post
Compartilhar em outros sites





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×