Ir ao conteúdo
  • Cadastre-se
Reneê Cruz

Cartão de Memória Infectado - Ejeta Automaticamente

Recommended Posts

Boa tarde Pessoal,
Não estou conseguindo remover uma trinca de vírus de um cartão de memoria são eles:
iyijihcirc.vbs
Servieca.vbs
Pmlae.exe 

 

Detectados pelo avast, e por outras ferramentas e limpeza de midias removiveis, porém todas as vezes que marco para eliminar os mesmos o cartão de memória se ejeta automaticamente e os vírus não são apagados o mesmo acontece quando tento formatar, usando o botão direito ou pelo CMD, já tentei formatar em modo de segurança pelo prompt mas o resultado é o mesmo. gostaria de ajuda para tentar solucionar esse problema.

Transferi esse post para esta área do forum após recomendação do @Anthmann.
Segue abaixo os logs do  dds.scr.:

 
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16540  BrowserJavaVersion: 10.67.2
Run by Servidor at 8:56:01 on 2014-10-15
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.2070.18.4003.1427 [GMT -3:00]
.
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Tonec\IDMan.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\System32\spool\drivers\x64\3\E_YATII4E.EXE
C:\Program Files (x86)\Tonec\IEMonitor.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\wbem\unsecapp.exe
C:\ViteSoft\Admin\VSCyberAdmin.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskmgr.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = about:blank
mSearch Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
uProxyOverride = local;<local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Tonec\IDMIECC.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - 
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Programa Auxiliar de Início de Sessão da conta Microsoft: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: GbIehObj Class: {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [iDMan] C:\Program Files (x86)\Tonec\IDMan.exe /onboot
uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
uRun: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\x64\3\E_YATII4E.EXE /EPT "EPLTarget\P0000000000000000" /M "L355 Series" /EF "HKCU"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
mRun: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [uSB Security] C:\Program Files (x86)\USB Disk Security\USBGuard.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: &Enviar para o OneNote - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Tonec\IEGetAll.htm
IE: Fazer o download usando o IDM - C:\Program Files (x86)\Tonec\IEExt.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.1.20
TCP: Interfaces\{EF02B612-1FC1-4043-B844-CC55E27B4118} : DHCPNameServer = 192.168.1.20
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
SSODL: WebCheck - <orphaned>
SEH: GbPluginObj Class - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\PROGRAM FILES (X86)\GbPlugin\gbieh.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mSearch Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = about:blank
x64-BHO: IDM integration (IDMIEHlprObj Class): {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Tonec\IDMIECC64.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-BHO: Skype Click to Call for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll
x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Servidor\AppData\Roaming\Mozilla\Firefox\Profiles\eo62ovvy.default\
FF - plugin: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\npBrowserPlugin.dll
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Public\Games\BlackShot\BlackShot\GameData\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll
FF - plugin: C:\Users\Servidor\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
FF - plugin: C:\Users\Servidor\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll
FF - plugin: C:\Users\Servidor\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
FF - plugin: C:\Users\Servidor\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1207148.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;C:\Windows\System32\drivers\aswRvrt.sys [2014-10-6 65776]
R0 aswVmm;avast! VM Monitor;C:\Windows\System32\drivers\aswVmm.sys [2014-10-6 224896]
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-8-16 667496]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-8-16 28008]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2014-10-6 1041168]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswsp.sys [2014-10-6 427360]
R1 Bfilter;Baidu Antivirus Minifilter Driver;C:\Windows\System32\drivers\Bfilter.sys [2013-12-14 52032]
R1 Bfmon;Baidu FS Monitor Driver;C:\Windows\System32\drivers\Bfmon.sys [2013-12-14 34624]
R1 Bprotect;Baidu Protect;C:\Windows\System32\drivers\Bprotect.sys [2013-12-14 121312]
R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2014-5-21 91352]
R2 aswHwid;avast! HardwareID;C:\Windows\System32\drivers\aswHwid.sys [2014-10-6 29208]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2014-10-6 79184]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2014-10-6 50344]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-7-14 1390176]
R2 c2cpnrsvc;Skype Click to Call PNR Service;C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [2014-7-14 1767520]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [2013-4-10 81920]
R2 GbpSv;Gbp Service;C:\PROGRA~2\GbPlugin\GbpSv.exe [2014-8-9 546104]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-8-5 145008]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [2013-4-10 2736128]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2014-10-3 169752]
R3 IntcDAud;Áudio do Monitor Intel®;C:\Windows\System32\drivers\IntcDAud.sys [2014-3-26 342528]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2013-8-16 128200]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-5-21 25816]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;C:\Windows\System32\drivers\viahduaa.sys [2014-8-23 1357424]
S2 aswStm;aswStm;C:\Windows\System32\drivers\aswStm.sys [2014-10-6 92008]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-5-21 1809720]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-5-21 860472]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2013-8-16 107288]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;C:\Windows\System32\drivers\lgandnetdiag64.sys [2013-7-6 29184]
S3 ANDNetModem;LGE AndroidNet USB Modem;C:\Windows\System32\drivers\lgandnetmodem64.sys [2013-7-6 36352]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;C:\Windows\System32\drivers\lgandnetndis64.sys [2013-7-6 93184]
S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2013-9-4 31920]
S3 cpudrv64;cpudrv64;C:\Program Files (x86)\SystemRequirementsLab\cpudrv64.sys [2011-6-2 17864]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2014-1-22 108800]
S3 flashusb;flashusb;C:\Windows\System32\drivers\flashusb.sys [2013-7-26 19968]
S3 HPFXBULKLEDM;HPFXBULKLEDM;C:\Windows\System32\drivers\hppdbulkio.sys [2013-4-18 22040]
S3 HPFXFAX;HPFXFAX;C:\Windows\System32\drivers\hppdfaxio.sys [2013-4-18 23576]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-5-21 122584]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-5-21 63704]
S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\Windows\System32\drivers\nmwcdnsucx64.sys [2013-1-23 12800]
S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\Windows\System32\drivers\nmwcdnsux64.sys [2013-1-23 171008]
S3 npggsvc;nProtect GameGuard Service;C:\Windows\System32\GameMon.des -service --> C:\Windows\System32\GameMon.des -service [?]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 ssdudfu;SAMSUNG Mobile USB DFU2 Device;C:\Windows\System32\drivers\ssdudfu.sys [2013-7-26 101960]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2014-1-22 206080]
S3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudobex.sys [2013-6-4 203672]
S3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);C:\Windows\System32\drivers\ssudserd.sys [2014-1-22 206080]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-6-10 54784]
S4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
S4 DragonUpdater;COMODO Dragon Update Service;C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [2014-5-21 2135232]
S4 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2012-5-10 608864]
S4 EpsonScanSvc;Epson Scanner Service;C:\Windows\System32\escsvc64.exe [2014-4-10 135824]
S4 HP LaserJet Service;HP LaserJet Service;C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [2010-10-25 145920]
S4 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe [2013-12-17 46904]
S4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-4-10 13336]
S4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-6-19 634632]
S4 lxbk_device;lxbk_device;C:\Windows\System32\lxbkcoms.exe -service --> C:\Windows\System32\lxbkcoms.exe -service [?]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2012-7-13 769432]
S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S4 TeamViewer9;TeamViewer 9;C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [2014-8-3 5037888]
S4 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2013-4-10 364416]
S4 VIAKaraokeService;VIA Karaoke digital mixer Service;C:\Windows\System32\ViakaraokeSrv.exe [2014-8-23 27760]
S4 WatAdminSvc;WatAdminSvc;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-4-10 1255736]
.
=============== File Associations ===============
.
FileExt: .vbe: VBEFile="C:\Windows\System32\Notepad.exe" %1 [default=Edit - 'Open' doesn't exist]
FileExt: .vbs: VBSFile="C:\Windows\System32\Notepad.exe" %1 [default=Edit - 'Open' doesn't exist]
FileExt: .js: JSFile=C:\Windows\System32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist]
FileExt: .jse: JSEFile=C:\Windows\System32\Notepad.exe %1 [default=Edit - 'Open' doesn't exist]
FileExt: .wsf: WSFFile="C:\Windows\System32\Notepad.exe" %1 [default=Edit - 'Open' doesn't exist]
.
=============== Created Last 30 ================
.
2014-10-14 19:08:17 -------- d-----w- C:\Users\Servidor\AppData\Roaming\Zbshareware Lab
2014-10-14 19:08:16 -------- d-----w- C:\Program Files (x86)\USB Disk Security
2014-10-14 15:08:05 -------- d-----w- C:\DriveKey
2014-10-14 15:07:01 32768 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2014-10-14 15:07:01 225280 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll
2014-10-14 15:07:01 176128 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2014-10-14 15:07:00 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2014-10-14 15:06:59 610436 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2014-10-14 13:09:05 -------- d-----w- C:\Users\Servidor\AppData\Local\ElevatedDiagnostics
2014-10-13 22:29:47 -------- d-----w- C:\Program Files (x86)\Pendrive Virus Remover
2014-10-13 15:48:32 -------- d-----w- C:\Emperium Lan
2014-10-10 18:28:12 -------- d-----w- C:\Users\Servidor\AppData\Local\Rockstar Games
2014-10-10 18:28:03 -------- d-sh--w- C:\ProgramData\SecuROM
2014-10-10 17:39:23 -------- d-----w- C:\Program Files (x86)\Arab-GB
2014-10-06 14:04:23 11578928 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{F5F6B4CC-D33C-4CD8-AF34-A75E790B61FF}\mpengine.dll
2014-10-06 14:02:41 -------- d-----w- C:\Users\Servidor\AppData\Roaming\AVAST Software
2014-10-06 14:01:11 93568 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2014-10-06 14:01:11 92008 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2014-10-06 14:01:11 79184 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2014-10-06 14:01:11 65776 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2014-10-06 14:01:11 29208 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2014-10-06 14:01:11 224896 ----a-w- C:\Windows\System32\drivers\aswVmm.sys
2014-10-06 14:01:11 1041168 ----a-w- C:\Windows\System32\drivers\aswSnx.sys
2014-10-06 14:01:05 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2014-10-06 14:01:02 43152 ----a-w- C:\Windows\avastSS.scr
2014-10-03 14:32:42 -------- d-----w- C:\Program Files (x86)\StarCraft II
2014-10-03 14:00:55 20992 ----a-w- C:\Windows\System32\OpenCL.dll
2014-10-03 14:00:55 144896 ----a-w- C:\Windows\System32\IntelOpenCL64.dll
2014-10-03 14:00:51 17920 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2014-10-03 14:00:51 104448 ----a-w- C:\Windows\SysWow64\IntelOpenCL32.dll
2014-10-02 23:07:05 -------- d-----w- C:\Program Files (x86)\Diablo III
2014-10-02 23:05:05 -------- d-----w- C:\Users\Servidor\AppData\Local\Blizzard Entertainment
2014-10-02 23:05:02 -------- d-----w- C:\Users\Servidor\AppData\Roaming\Battle.net
2014-10-02 23:05:02 -------- d-----w- C:\Users\Servidor\AppData\Local\Battle.net
2014-10-02 23:04:54 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2014-10-02 23:04:54 -------- d-----w- C:\Program Files (x86)\Battle.net
2014-09-23 23:59:43 -------- d-----w- C:\Programas Teste
2014-09-23 21:11:09 -------- d-----w- C:\Users\Servidor\AppData\Local\Facebook
2014-09-23 15:25:00 -------- d-----w- C:\Users\Servidor\AppData\Local\{85A468D9-DF89-48E0-8D8E-777DA392BA65}
2014-09-23 15:00:32 -------- d-----w- C:\Windows\ehome
2014-09-22 22:36:40 -------- d-----w- C:\gravity
2014-09-20 19:56:12 -------- d-----w- C:\Program Files (x86)\BrasMU Season 8
2014-09-20 12:06:05 -------- d-----w- C:\Users\Servidor\.android
2014-09-19 14:11:44 815314 ----a-w- C:\Users\Servidor\AppData\Roaming\unins001.exe
2014-09-19 14:11:44 -------- d-----w- C:\ProgramData\boost_interprocess
2014-09-19 13:42:06 -------- d-----w- C:\Users\Servidor\AppData\Roaming\CodeBlocks
2014-09-19 13:41:24 -------- d-----w- C:\Program Files (x86)\CodeBlocks
2014-09-16 20:40:50 -------- d-----w- C:\CFLog
.
==================== Find3M  ====================
.
2014-10-13 22:14:57 122584 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-09-15 16:19:37 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-15 16:19:37 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-15 12:06:02 278152 ------w- C:\Windows\System32\MpSigStub.exe
2014-08-29 18:31:52 98216 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-23 13:16:30 18594480 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2014-08-12 23:00:10 4575232 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2014-07-24 16:05:02 8192 ----a-w- C:\Windows\SysWow64\srvany.exe
2014-07-22 15:43:24 57096 ----a-w- C:\Windows\System32\certsentry.dll
2014-07-22 15:43:24 48392 ----a-w- C:\Windows\SysWow64\certsentry.dll
2014-07-22 15:42:54 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2014-07-22 15:42:54 1700352 ----a-w- C:\Windows\SysWow64\gdiplus.dll
2014-07-22 15:42:54 1060864 ----a-w- C:\Windows\SysWow64\mfc71.dll
.
============= FINISH:  8:57:09,34 ===============
 

e
 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate 
Boot Device: \Device\HarddiskVolume1
Install Date: 10/04/2013 11:38:33
System Uptime: 15/10/2014 08:18:59 (0 hours ago)
.
Motherboard: MEGAWARE |  | MW-H61H2-M2
Processor: Intel® Core i7-2600 CPU @ 3.40GHz | CPU 1 | 3400/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 931 GiB total, 595,941 GiB free.
D: is CDROM ()
I: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKslabc99670
Device ID: ROOT\LEGACY_MPKSLABC99670\0000
Manufacturer: 
Name: MpKslabc99670
PNP Device ID: ROOT\LEGACY_MPKSLABC99670\0000
Service: MpKslabc99670
.
==== System Restore Points ===================
.
RP208: 10/10/2014 15:47:56 - Installed Grand Theft Auto IV
RP209: 13/10/2014 21:52:51 - Removed System Requirements Lab CYRI
RP210: 14/10/2014 12:07:13 - Installed HP USB Disk Storage Format Tool
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
ABBYY FineReader 9.0 Sprint
Adobe AIR
Adobe Flash Player 14 ActiveX
Adobe Flash Player 15 Plugin
Adobe Reader XI (11.0.09)
Adobe Shockwave Player 12.0
Aeria Ignite
Age of Empires III
Age of Mythology
Age of Mythology - The Titans Expansion
Akamai NetSession Interface
Aoe World Aok Patch Br
Apple Mobile Device Support
Apple Software Update
Ashampoo Burning Studio 14
µTorrent
aTube Catcher versão 3.8
avast! Free Antivirus
Battle.net
Bonjour
CCleaner
CodeBlocks
Comodo Dragon
Counter-Strike 1.6
Counter-Strike 2.0
Cross Fire AL
CSS FULL DZ [Oct 15 2007] v18.1
Curse
D3DX10
DAEMON Tools Lite
Desinstalar impressora EPSON T25 Series
DET AoC(E) 1.0
Diablo II
Diablo III
DivX Plus DirectShow Filters
Download Navigator
DVD Audio Extractor 7.1.2
DVD Flick 1.3.0.7
Epson Customer Participation
Epson Easy Photo Print 2
Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery
Epson Easy Photo Print Plug-in for Windows Live Photo Gallery Setup
Epson Event Manager
EPSON L355 Series Printer Uninstall
EPSON Scan
EpsonNet Print
Facebook Video Calling 3.1.0.521
Firebird .NET Data Provider 2.0 (.NET 2.0)
Firebird 2.1.3.18185 (Win32)
FormatFactory 3.3.4.0
Galeria de Fotografias
GBBD Caixa Economica Federal
Gerenciador de Downloads
Google Chrome
Google Talk (remove only)
Grand Theft Auto IV
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
HP Deskjet 2540 series Software básico do dispositivo
HP FWUpdateEDO2
HP FWUpdateEDO3
HP LaserJet Professional CM1410 Series
HP LJ CM1410 MFP Series HP Scan
HP Officejet Pro 8600 Ajuda
HP Officejet Pro 8600 Estudo de aprimoramento de produtos
HP Officejet Pro 8600 Software básico do dispositivo
HP Support Solutions Framework
HP Unified IO
HP Update
HP USB Disk Storage Format Tool
HPDiagnosticAlert
HPLaserJetHelp_LearnCenter
HPLJUT
hppCM1410LaserJetService
hppFaxDrvCM1410
hppFaxUtilityCM1410
hppLaserJetService
hppSendFaxCM1410
hppTLBXFXCM1410
hpzTLBXFX
I.R.I.S. OCR
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
Intel® SDK for OpenCL - CPU Only Runtime Package
Intel® Trusted Connect Service Client
Internet Download Manager version 7.1
iTunes
Java 7 Update 67
Java Auto Updater
K-Lite Mega Codec Pack 9.9.5
League of Legends
LG United Mobile Driver
Módulo de Segurança - Banco do Brasil
Malwarebytes Anti-Malware versão 2.0.2.1012
MediaCoder x64 0.8.31.5645
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PTG Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended PTG Language Pack
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Age of Empires II
Microsoft Age of Empires II: The Conquerors Expansion
Microsoft Application Error Reporting
Microsoft Chart Controls for Microsoft .NET Framework 3.5 (KB2500170)
Microsoft Help Viewer 1.0
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server Compact 3.5 SP2 x64 ENU
Microsoft SQL Server System CLR Types
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU
Microsoft_VC100_CRT_SP1_x64
Microsoft_VC100_CRT_SP1_x86
Movie Maker
Mozilla Firefox 32.0.3 (x86 pt-BR)
Mozilla Maintenance Service
MSI to redistribute MS VS2005 CRT libraries
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT110
MSVCRT110_amd64
MSXML4 Parser
Nero 12
Nero Audio Pack 1
Nero BackItUp
Nero BackItUp Help (CHM)
Nero Blu-ray Player
Nero Blu-ray Player Help (CHM)
Nero Burning ROM
Nero Burning ROM Help (CHM)
Nero ControlCenter
Nero ControlCenter Help (CHM)
Nero Core Components
Nero Disc Menus Basic
Nero Effects Basic
Nero Express
Nero Express Help (CHM)
Nero Kwik Media
Nero Kwik Media Help (CHM)
Nero Kwik Themes Basic
Nero PiP Effects Basic
Nero Recode
Nero Recode Help (CHM)
Nero RescueAgent
Nero RescueAgent Help (CHM)
Nero SharedVideoCodecs
Nero Update
Nero Video
Nero Video Help (CHM)
neroxml
Nokia Connectivity Cable Driver
Nokia Suite
Opera 12.17
Pacote de controladores do Windows - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
PC Connectivity Solution
Photo Common
Photo Gallery
PhotoScape
Picasa 3
Platform
Plugin Letras.mus.br 1.30
Prerequisite installer
Ragnarok Online
Ragnarok Online 2
RagnarokHQ
RagnarokOnline
Realtek Ethernet Controller Driver
Revo Uninstaller 1.95
Samsung Kies
SAMSUNG Mobile Composite Device Software
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3
SAMSUNG USB Driver for Mobile Phones
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Visual C# 2010 Express - ENU (KB2251489)
Skype Click to Call
Skype™ 6.18
StarCraft II
Suporte para Aplicativos Apple
swMSM
System Requirements Lab for Intel
System.Data.SQLite v1.0.79.0
TeamSpeak 3 Client
TeamViewer 9
UnderCoverXP 1.23
USB Disk Security
Vampire - The Masquerade Bloodlines
VC80CRTRedist - 8.0.50727.6195
VIA Gerenciador de dispositivo de plataforma
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VSCyber FREE Administrador
Warface
Welcome App (Start-up experience)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Mobile Device Updater Component
Windows Movie Maker 2.6
WinRAR 4.11 (32-bit)
WYD (remove only)
Zune
Zune Language Pack (CHS)
Zune Language Pack (CHT)
Zune Language Pack (CSY)
Zune Language Pack (DAN)
Zune Language Pack (DEU)
Zune Language Pack (ELL)
Zune Language Pack (ESP)
Zune Language Pack (FIN)
Zune Language Pack (FRA)
Zune Language Pack (HUN)
Zune Language Pack (IND)
Zune Language Pack (ITA)
Zune Language Pack (JPN)
Zune Language Pack (KOR)
Zune Language Pack (MSL)
Zune Language Pack (NLD)
Zune Language Pack (NOR)
Zune Language Pack (PLK)
Zune Language Pack (PTB)
Zune Language Pack (PTG)
Zune Language Pack (RUS)
Zune Language Pack (SVE)
.
==== End Of File ===========================
 

 
  •  

 


Log GMER:
 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-10-15 09:59:32
Windows 6.1.7600  x64 \Device\Harddisk0\DR0 -> \Device\Ide
 
\IAAStorageDevice-1 WDC_WD10 rev.80.0 931,51GB
Running: ymnpgpk8.exe; Driver: C:\Users\Servidor\AppData\Local\Temp
 
\pwtdrkob.sys
 
 
---- User code sections - GMER 2.1 ----
 
.text   C:\Windows\system32\wininit.exe[724] C:\Windows
 
\system32\kernel32.dll!GetBinaryTypeW + 189                              
 
                            0000000076bcf1fd 1 byte [62]
.text   C:\Windows\system32\services.exe[784] C:\Windows
 
\system32\kernel32.dll!GetBinaryTypeW + 189                              
 
                           0000000076bcf1fd 1 byte [62]
.text   C:\Windows\system32\winlogon.exe[808] C:\Windows
 
\system32\kernel32.dll!GetBinaryTypeW + 189                              
 
                           0000000076bcf1fd 1 byte [62]
.text   C:\Windows\system32\lsass.exe[836] C:\Windows
 
\system32\kernel32.dll!GetBinaryTypeW + 189                              
 
                              0000000076bcf1fd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[940] C:\Windows
 
\system32\kernel32.dll!GetBinaryTypeW + 189                              
 
                            0000000076bcf1fd 1 byte [62]
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[1012] C:\Windows
 
\SysWOW64\ntdll.dll!LdrLoadDll                                           
 
                            000000007725c4aa 6 bytes {JMP QWORD [RIP
 
+0x71ae001e]}
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[1012] C:\Windows
 
\SysWOW64\ntdll.dll!LdrUnloadDll                                         
 
                            0000000077261247 6 bytes JMP 71a5000a
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[1012] C:\Windows
 
\syswow64\kernel32.dll!FreeLibrary                                       
 
                            00000000754a1de2 6 bytes {JMP QWORD [RIP
 
+0x71a7001e]}
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[1012] C:\Windows
 
\syswow64\kernel32.dll!FreeLibraryAndExitThread                          
 
                            00000000754bc835 5 bytes JMP 
 
0000000174438fc8
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[1012] C:\Windows
 
\syswow64\kernel32.dll!GetBinaryTypeW + 112                              
 
                            00000000754cb0c5 1 byte [62]
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[1012] C:\Windows
 
\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                            
 
                            0000000074c52c91 4 bytes {CALL QWORD [RIP
 
+0x71ac000a]}
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[1012] C:\Windows
 
\syswow64\psapi.dll!GetModuleInformation + 69                            
 
                            0000000074c01465 2 bytes [C0, 74]
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[1012] C:\Windows
 
\syswow64\psapi.dll!GetModuleInformation + 155                           
 
                            0000000074c014bb 2 bytes [C0, 74]
.text   ...                                                              
 
                                                                         
 
          * 2
.text   C:\Windows\system32\svchost.exe[388] C:\Windows
 
\system32\kernel32.dll!GetBinaryTypeW + 189                              
 
                            0000000076bcf1fd 1 byte [62]
.text   C:\Windows\System32\svchost.exe[584] C:\Windows
 
\system32\kernel32.dll!GetBinaryTypeW + 189                              
 
                            0000000076bcf1fd 1 byte [62]
.text   C:\Windows\System32\svchost.exe[680] C:\Windows
 
\system32\kernel32.dll!GetBinaryTypeW + 189                              
 
                            0000000076bcf1fd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[688] C:\Windows
 
\system32\kernel32.dll!GetBinaryTypeW + 189                              
 
                            0000000076bcf1fd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1120] C:\Windows
 
\system32\kernel32.dll!GetBinaryTypeW + 189                              
 
                           0000000076bcf1fd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1244] C:\Windows
 
\system32\kernel32.dll!GetBinaryTypeW + 189                              
 
                           0000000076bcf1fd 1 byte [62]
.text   C:\Windows\System32\spoolsv.exe[1532] C:\Windows
 
\system32\kernel32.dll!GetBinaryTypeW + 189                              
 
                           0000000076bcf1fd 1 byte [62]
.text   C:\Windows\system32\svchost.exe[1560] C:\Windows
 
\system32\kernel32.dll!GetBinaryTypeW + 189                              
 
                           0000000076bcf1fd 1 byte [62]
.text   C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
 
[1648] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112             
 
               00000000754cb0c5 1 byte [62]
.text   C:\Program Files (x86)\Skype\Toolbars\AutoUpdate
 
\SkypeC2CAutoUpdateSvc.exe[1692] C:\Windows\syswow64\kernel32.dll!
 
GetBinaryTypeW + 112              00000000754cb0c5 1 byte [62]
.text   C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
 
[1724] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112             
 
            00000000754cb0c5 1 byte [62]
.text   C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe
 
[1824] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112             
 
               00000000754cb0c5 1 byte [62]
.text   C:\Windows\Explorer.EXE[2340] C:\Windows\system32\kernel32.dll!
 
GetBinaryTypeW + 189                                                     
 
            0000000076bcf1fd 1 byte [62]
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[2628] C:\Windows
 
\syswow64\kernel32.dll!GetBinaryTypeW + 112                              
 
                            00000000754cb0c5 1 byte [62]
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[2628] C:\Windows
 
\syswow64\KERNELBASE.dll!LoadLibraryExW + 493                            
 
                            0000000074c52c91 4 bytes CALL 71ac0000
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[2628] C:\Windows
 
\syswow64\RPCRT4.dll!IUnknown_QueryInterface_Proxy                       
 
                            00000000751741cb 6 bytes {JMP QWORD [RIP
 
+0x71a4001e]}
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[2628] C:\Windows
 
\syswow64\ole32.dll!CoUnmarshalInterface                                 
 
                            0000000074d2533b 6 bytes JMP 71a8000a
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[2628] C:\Windows
 
\syswow64\PSAPI.DLL!GetModuleInformation + 69                            
 
                            0000000074c01465 2 bytes [C0, 74]
.text   C:\PROGRA~2\GbPlugin\GbpSv.exe[2628] C:\Windows
 
\syswow64\PSAPI.DLL!GetModuleInformation + 155                           
 
                            0000000074c014bb 2 bytes [C0, 74]
.text   ...                                                              
 
                                                                         
 
          * 2
.text   C:\Windows\System32\igfxpers.exe[2116] C:\Windows
 
\system32\kernel32.dll!GetBinaryTypeW + 189                              
 
                          0000000076bcf1fd 1 byte [62]
.text   C:\Program Files (x86)\Tonec\IDMan.exe[2248] C:\Windows
 
\syswow64\kernel32.dll!GetBinaryTypeW + 112                              
 
                    00000000754cb0c5 1 byte [62]
.text   C:\Program Files (x86)\Tonec\IDMan.exe[2248] C:\Windows
 
\syswow64\PSAPI.DLL!GetModuleInformation + 69                            
 
                    0000000074c01465 2 bytes [C0, 74]
.text   C:\Program Files (x86)\Tonec\IDMan.exe[2248] C:\Windows
 
\syswow64\PSAPI.DLL!GetModuleInformation + 155                           
 
                    0000000074c014bb 2 bytes [C0, 74]
.text   ...                                                              
 
                                                                         
 
          * 2
.text   C:\Windows\system32\svchost.exe[2720] C:\Windows
 
\system32\kernel32.dll!GetBinaryTypeW + 189                              
 
                           0000000076bcf1fd 1 byte [62]
.text   C:\Program Files\Common Files\Microsoft Shared\Windows Live
 
\WLIDSVC.EXE[2096] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 
 
                0000000076bcf1fd 1 byte [62]
.text   C:\Windows\System32\spool\drivers\x64\3\E_YATII4E.EXE[3492] C:
 
\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                      
 
             0000000076bcf1fd 1 byte [62]
.text   C:\Program Files (x86)\Tonec\IEMonitor.exe[3648] C:\Windows
 
\syswow64\kernel32.dll!GetBinaryTypeW + 112                              
 
                00000000754cb0c5 1 byte [62]
.text   C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology
 
\IAStorIcon.exe[3668] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 
 
112           00000000754cb0c5 1 byte [62]
.text   C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe[3680] C:
 
\Windows\system32\kernel32.dll!GetBinaryTypeW + 189                      
 
               0000000076bcf1fd 1 byte [62]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[3688] C:
 
\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter               
 
                 00000000754ad03c 8 bytes [31, C0, C2, 04, 00, 90, 90, 
 
...]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[3688] C:
 
\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                      
 
                 00000000754cb0c5 1 byte [62]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[3688] C:
 
\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                    
 
                 0000000074c01465 2 bytes [C0, 74]
.text   C:\Program Files\AVAST Software\Avast\avastui.exe[3688] C:
 
\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                   
 
                 0000000074c014bb 2 bytes [C0, 74]
.text   ...                                                              
 
                                                                         
 
          * 2
.text   C:\Windows\system32\SearchIndexer.exe[3912] C:\Windows
 
\system32\kernel32.dll!GetBinaryTypeW + 189                              
 
                     0000000076bcf1fd 1 byte [62]
.text   C:\Program Files (x86)\Intel\Intel® Integrated Clock 
 
Controller Service\ICCProxy.exe[3452] C:\Windows\syswow64\kernel32.dll!
 
GetBinaryTypeW + 112  00000000754cb0c5 1 byte [62]
.text   C:\Windows\system32\wbem\wmiprvse.exe[3440] C:\Windows
 
\system32\kernel32.dll!GetBinaryTypeW + 189                              
 
                     0000000076bcf1fd 1 byte [62]
.text   C:\Program Files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe
 
[4180] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112             
 
              00000000754cb0c5 1 byte [62]
.text   C:\ViteSoft\Admin\VSCyberAdmin.exe[4976] C:\Windows
 
\syswow64\KERNEL32.dll!GetBinaryTypeW + 112                              
 
                        00000000754cb0c5 1 byte [62]
.text   C:\ViteSoft\Admin\VSCyberAdmin.exe[4976] C:\Windows
 
\syswow64\PSAPI.DLL!GetModuleInformation + 69                            
 
                        0000000074c01465 2 bytes [C0, 74]
.text   C:\ViteSoft\Admin\VSCyberAdmin.exe[4976] C:\Windows
 
\syswow64\PSAPI.DLL!GetModuleInformation + 155                           
 
                        0000000074c014bb 2 bytes [C0, 74]
.text   ...                                                              
 
                                                                         
 
          * 2
.text   C:\Users\Servidor\Downloads\Programs\ymnpgpk8.exe[7000] C:
 
\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112                      
 
                 00000000754cb0c5 1 byte [62]
 
---- Kernel IAT/EAT - GMER 2.1 ----
 
IAT     C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!
 
AtaPortReadPortBufferUshort]                                             
 
                         [fffff880010dbe94] \SystemRoot
 
\System32\Drivers\sptd.sys [.text]
IAT     C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!
 
AtaPortReadPortUchar]                                                    
 
                         [fffff880010dbc38] \SystemRoot
 
\System32\Drivers\sptd.sys [.text]
IAT     C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!
 
AtaPortWritePortUchar]                                                   
 
                         [fffff880010dc614] \SystemRoot
 
\System32\Drivers\sptd.sys [.text]
IAT     C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!
 
AtaPortWritePortUlong]                                                   
 
                         [fffff880010dca10] \SystemRoot
 
\System32\Drivers\sptd.sys [.text]
IAT     C:\Windows\system32\DRIVERS\atapi.sys[ataport.SYS!
 
AtaPortWritePortBufferUshort]                                            
 
                         [fffff880010dc86c] \SystemRoot
 
\System32\Drivers\sptd.sys [.text]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortCopyMemory]                                                       
 
                      [?]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortGetPhysicalAddress]                                               
 
                      [?]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortReadRegisterUlong]                                                
 
                      [?]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortInitializeEx]                                                     
 
                      [?]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortDeviceStateChange]                                                
 
                      [?]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortEtwTraceLog]                                                      
 
                      [?]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortRegistryFreeBuffer]                                               
 
                      [?]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortGetBusData]                                                       
 
                      [?]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortRegistryRead]                                                     
 
                      [?]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortRequestCallback]                                                  
 
                      [?]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortStallExecution]                                                   
 
                      [ffffb0a015ff5024]  [unknown section]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortGetUnCachedExtension]                                             
 
                      [fffffa60e8cb8b48]  [unknown section]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortReadRegisterUchar]                                                
 
                      [?]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortBuildRequestSenseIrb]                                             
 
                      [fff9c3e8d2330000]  [unknown section]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortReleaseRequestSenseIrb]                                           
 
                      [fffa47e8cb8b48ff]  [unknown section]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortCompleteRequest]                                                  
 
                      [?]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortNotification]                                                     
 
                      [?]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortGetDeviceBase]                                                    
 
                      [?]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortGetScatterGatherList]                                             
 
                      [?]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortRegistryAllocateBuffer]                                           
 
                      [?]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[PCIIDEX.SYS!
 
AtaPortWriteRegisterUlong]                                               
 
                      [?]
IAT     C:\Windows\System32\Drivers\aove7657.SYS[NTOSKRNL.exe!
 
KeBugCheckEx]                                                            
 
                     [?]
 
---- Devices - GMER 2.1 ----
 
Device  \Driver\aove7657 \Device\Scsi\aove76571                          
 
                                                                         
 
          fffffa8006f9b2c0
Device  \Driver\aove7657 \Device\Scsi\aove76571Port1Path0Target0Lun0     
 
                                                                         
 
          fffffa8006f9b2c0
Device  \FileSystem\Ntfs \Ntfs                                           
 
                                                                         
 
          fffffa80043562c0
Device  \Driver\usbehci \Device\USBPDO-1                                 
 
                                                                         
 
          fffffa8006f482c0
Device  \Driver\NetBT \Device\NetBT_Tcpip_{EF02B612-1FC1-4043-B844-
 
CC55E27B4118}                                                            
 
                fffffa8006e842c0
Device  \Driver\cdrom \Device\CdRom0                                     
 
                                                                         
 
          fffffa8006c082c0
Device  \Driver\cdrom \Device\CdRom1                                     
 
                                                                         
 
          fffffa8006c082c0
Device  \Driver\usbehci \Device\USBFDO-0                                 
 
                                                                         
 
          fffffa8006f482c0
Device  \Driver\usbehci \Device\USBFDO-1                                 
 
                                                                         
 
          fffffa8006f482c0
Device  \Driver\NetBT \Device\NetBt_Wins_Export                          
 
                                                                         
 
          fffffa8006e842c0
Device  \Driver\aove7657 \Device\ScsiPort1                               
 
                                                                         
 
          fffffa8006f9b2c0
Device  \Driver\usbehci \Device\USBPDO-0                                 
 
                                                                         
 
          fffffa8006f482c0
 
---- Modules - GMER 2.1 ----
 
Module  \SystemRoot\System32\Drivers\aove7657.SYS (MS AHCI 1.0 Standard 
 
Driver/Microsoft Corporation SIGNED)(2009-07-14 00:01:01)                
 
           fffff8800578c000-fffff880057dd000 (331776 bytes)
 
---- Registry - GMER 2.1 ----
 
Reg     HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys
 
\00195d0f43b6                                                            
 
             
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC                                        
 
                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     
 
                            C:\Program Files (x86)\DAEMON Tools Lite\
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     
 
                            0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     
 
                            0
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  
 
                            0xC0 0x77 0xFE 0x03 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001                               
 
                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         
 
                            0x8D 0x5D 0x53 0xD8 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            
 
                            0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0                          
 
                            
Reg     HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    
 
                            0x1D 0x8A 0xB3 0x01 ...
Reg     HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys
 
\00195d0f43b6 (not active ControlSet)                                    
 
                 
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)                
 
                                
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC@p0                                     
 
                                C:\Program Files (x86)\DAEMON Tools 
 
Lite\
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC@u0                                     
 
                                0x00 0x00 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC@h0                                     
 
                                0
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12                                  
 
                                0xC0 0x77 0xFE 0x03 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet)       
 
                                
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12                         
 
                                0x8D 0x5D 0x53 0xD8 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0                            
 
                                0xA0 0x02 0x00 0x00 ...
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet)  
 
                                
Reg     HKLM\SYSTEM\ControlSet002\services\sptd\Cfg
 
\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12                    
 
                                0x1D 0x8A 0xB3 0x01 ...
 
---- EOF - GMER 2.1 ----

post-740423-0-76759100-1413378391_thumb.

post-740423-0-55630600-1413378401_thumb.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Reneê Cruz,

 

Recomendo que salve este tópico em seus Favoritos para facilitar na hora de encontrá-lo.
 
Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

 

1)


Baixe o McShield Anti-Malware Tool
http://www.mcshield....hield-Setup.exe

Dê um duplo-clique no MCShield-Setup.exe para instalar a ferramenta.

  • Clique no botão Next >
  • Em seguida em I Agree e novamente em Next >
  • Depois no botão Install
  • Em Language altere para Português Brasil
  • Clique no botão Run! e aguarde a varredura
  • Abra a ferramenta e na aba Escaneamentos marque também os itens "Sempre exibir itens ocultos em unidades flash" e "Modo interativo"
  • Clique em OK, em seguida conecte todos os dispositivos de armazenamento removível nas portas USBs. (pendrive, HD Externo, etc)
  • Aguarde o scan.
  • Na aba Logs clique em Save
  • Será gerado um log na sua área de trabalho. Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.

2)

 

Baixe o Anti-VBS/VBE e salve na sua área de trabalho.
http://www.mcshield.net/download/tools/Anti-VBSVBE/Anti-VBSVBEx64.exe

Dê um duplo-clique para executar a ferramenta.

Aguarde e ao final, abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

 

 

3)

 

Leia as instruções contidas neste link:
 
 

##### "Como usar o ComboFix" #####


 
Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  • Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:
  • Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
  • Duplo clique no icone desktopicon.png que está no desktop.
  • Leia e aceite as condições, digitando 1 e enter.
  • Computadores com Windows XP deverão instalar o Console de Recuperação:
  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.
  • O ComboFix será executado, por favor seja paciente e aguarde.
  • Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.
  • Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.

  • Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua próxima resposta.

 

 

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a tópicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixei o McShield Anti-Malware Tool,
Segui os procedimentos, mas ao conectar o cartão de memoria ele se ejeta automaticamente e surge a seguinte mensagem:

 

"Warning: M: drive is read only.
 

Use 'Scan With MCShield' in the context menu to disregard this and scan the drive
"

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixei o McShield Anti-Malware Tool,

Segui os procedimentos, mas ao conectar o cartão de memoria ele se ejeta automaticamente e surge a seguinte mensagem:

 

"Warning: M: drive is read only.

 

Use 'Scan With MCShield' in the context menu to disregard this and scan the drive

"

 

Acontece em qualquer porta USB?

 

Tente esse procedimento no modo de segurança.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Carlos, 
Realizado o procedimento em modo de segurança, o dispositivo removível se ejeta automaticamente e o programa informa a seguinte mensagem:
" Unidade M: foi escaneado.
Não foi detectado nenhum malware."

http://uploaddeimagens.com.br/imagens/sem_titulo-jpg--4153

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ele estava na minha camera e os virus estavam armazenados tanto na memoria interna da camera tanto no cartão, a camera eu consegui formatar normalmente mas sempre que realizo qualquer procedimento para a remoção do vírus ele se ejeta impedindo a limpeza aconteça.
No caso devo proceder com os passos 2 e 3?

Compartilhar este post


Link para o post
Compartilhar em outros sites
>>> MCShield AllScans.txt <<<
 
-----------------------------
 
 
 
 
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
 
>>> v 3.0.5.28 / DB: 2014.10.12.1 / Windows 7 <<<
 
 
16/10/2014 11:20:29 > Unidade C: - escaneamento iniciado (sem rotulo ~931 GB, NTFS HDD )...
 
 
 
=> A unidade está limpa.
 
 
 
 
 
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
 
>>> v 3.0.5.28 / DB: 2014.10.12.1 / Windows 7 <<<
 
 
16/10/2014 11:55:04 > Unidade C: - escaneamento iniciado (sem rotulo ~931 GB, NTFS HDD )...
 
 
 
=> A unidade está limpa.
 
 
 
 
 
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
 
>>> v 3.0.5.28 / DB: 2014.10.12.1 / Windows 7 <<<
 
 
16/10/2014 11:57:19 > Unidade M: - escaneamento iniciado (sem rotulo ~3751 MB, FAT32 unidade flash )...
 
 
 
=> A unidade está limpa.
 
 
 
 
 
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
 
>>> v 3.0.5.28 / DB: 2014.10.12.1 / Windows 7 <<<
 
 
16/10/2014 11:59:39 > Unidade C: - escaneamento iniciado (sem rotulo ~931 GB, NTFS HDD )...
 
 
 
=> A unidade está limpa.
 
 
 
 
 
MCShield ::Anti-Malware Tool:: http://www.mcshield.net/
 
>>> v 3.0.5.28 / DB: 2014.10.12.1 / Windows 7 <<<
 
 
17/10/2014 10:26:52 > Unidade E: - escaneamento iniciado (PENDRIVE ~7635 MB, NTFS unidade flash )...
 
 
 
=> A unidade está limpa.

 
 
----------------------------------
 
Running fix at 17/10/2014 10:27:42
 
Fix finished at 17/10/2014 10:27:47
 
Anti-VBS/VBE, build 11
 
----------------------------------
 
Running fix at 17/10/2014 10:30:06
 
Fix finished at 17/10/2014 10:30:10
 
Anti-VBS/VBE, build 11

ComboFix 14-10-15.01 - Servidor 17/10/2014  10:50:58.8.8 - x64
Microsoft Windows 7 Ultimate   6.1.7600.0.1252.55.2070.18.4003.1002 [GMT -3:00]
Executando de: c:\users\Servidor\Downloads\Programs\ComboFix_2.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\cflog\EPLog.txt
c:\users\Servidor\AppData\Roaming\unins001.exe
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2014-09-17 to 2014-10-17  ))))))))))))))))))))))))))))
.
.
2014-10-17 07:52 . 2014-10-17 07:52 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5F6B4CC-D33C-4CD8-AF34-A75E790B61FF}\offreg.dll
2014-10-16 14:20 . 2014-10-17 13:26 -------- d-----w- c:\programdata\MCShield
2014-10-16 14:20 . 2014-10-16 14:20 -------- d-----w- c:\program files (x86)\MCShield
2014-10-14 19:08 . 2014-10-14 19:08 -------- d-----w- c:\users\Servidor\AppData\Roaming\Zbshareware Lab
2014-10-14 16:15 . 2014-10-14 17:34 -------- d-----w- c:\users\Servidor\AppData\Roaming\gtk-2.0
2014-10-14 15:08 . 2014-10-14 15:08 -------- d-----w- C:\DriveKey
2014-10-14 15:07 . 2001-09-05 07:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2014-10-14 15:07 . 2001-09-05 07:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2014-10-14 15:07 . 2001-09-05 07:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2014-10-14 15:07 . 2001-09-05 07:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2014-10-14 15:06 . 2001-09-05 06:24 610436 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe
2014-10-14 13:09 . 2014-10-14 13:09 -------- d-----w- c:\users\Servidor\AppData\Local\ElevatedDiagnostics
2014-10-13 22:29 . 2014-10-13 22:33 -------- d-----w- c:\program files (x86)\Pendrive Virus Remover
2014-10-13 15:48 . 2014-10-13 15:48 -------- d-----w- C:\Emperium Lan
2014-10-10 18:28 . 2014-10-10 18:28 -------- d-----w- c:\users\Servidor\AppData\Local\Rockstar Games
2014-10-10 18:28 . 2014-10-10 18:28 -------- d-sh--w- c:\programdata\SecuROM
2014-10-10 17:39 . 2014-10-10 17:39 -------- d-----w- c:\program files (x86)\Arab-GB
2014-10-10 01:13 . 2014-10-10 01:13 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2014-10-06 14:04 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F5F6B4CC-D33C-4CD8-AF34-A75E790B61FF}\mpengine.dll
2014-10-06 14:02 . 2014-10-06 14:02 -------- d-----w- c:\users\Servidor\AppData\Roaming\AVAST Software
2014-10-06 14:01 . 2014-10-06 14:01 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-10-06 14:01 . 2014-10-06 14:01 92008 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-10-06 14:01 . 2014-10-06 14:01 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-10-06 14:01 . 2014-10-06 14:01 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-10-06 14:01 . 2014-10-06 14:01 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-10-06 14:01 . 2014-10-06 14:01 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-10-06 14:01 . 2014-10-06 14:01 1041168 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-10-06 14:01 . 2014-10-06 14:01 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-10-06 14:01 . 2014-10-06 14:01 -------- d-sh--w- c:\windows\SysWow64\%APPDATA%
2014-10-06 14:01 . 2014-10-06 14:01 43152 ----a-w- c:\windows\avastSS.scr
2014-10-03 14:32 . 2014-10-04 23:44 -------- d-----w- c:\program files (x86)\StarCraft II
2014-10-03 14:00 . 2012-05-15 10:13 144896 ----a-w- c:\windows\system32\IntelOpenCL64.dll
2014-10-03 14:00 . 2012-05-15 10:13 20992 ----a-w- c:\windows\system32\OpenCL.dll
2014-10-03 14:00 . 2012-05-15 09:20 104448 ----a-w- c:\windows\SysWow64\IntelOpenCL32.dll
2014-10-03 14:00 . 2012-05-15 09:20 17920 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-10-02 23:07 . 2014-10-03 14:19 -------- d-----w- c:\program files (x86)\Diablo III
2014-10-02 23:05 . 2014-10-02 23:05 -------- d-----w- c:\users\Servidor\AppData\Local\Blizzard Entertainment
2014-10-02 23:05 . 2014-10-11 17:30 -------- d-----w- c:\users\Servidor\AppData\Local\Battle.net
2014-10-02 23:05 . 2014-10-06 13:32 -------- d-----w- c:\users\Servidor\AppData\Roaming\Battle.net
2014-10-02 23:04 . 2014-10-11 16:11 -------- d-----w- c:\program files (x86)\Battle.net
2014-10-02 23:04 . 2014-10-03 14:36 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2014-09-23 23:59 . 2014-09-25 01:49 -------- d-----w- C:\Programas Teste
2014-09-23 21:11 . 2014-09-23 21:11 -------- d-----w- c:\users\Servidor\AppData\Local\Facebook
2014-09-23 15:00 . 2014-09-23 15:00 -------- d-----w- c:\windows\ehome
2014-09-23 15:00 . 2014-09-23 15:00 -------- d-----w- c:\users\Default\AppData\Roaming\Media Center Programs
2014-09-22 22:36 . 2014-09-22 22:36 -------- d-----w- C:\gravity
2014-09-20 19:56 . 2014-09-20 20:55 -------- d-----w- c:\program files (x86)\BrasMU Season 8
2014-09-20 12:06 . 2014-09-20 12:06 -------- d-----w- c:\users\Servidor\.android
2014-09-19 14:11 . 2014-09-19 14:20 -------- d-----w- c:\programdata\boost_interprocess
2014-09-19 13:42 . 2014-10-02 00:11 -------- d-----w- c:\users\Servidor\AppData\Roaming\CodeBlocks
2014-09-19 13:41 . 2014-09-19 13:41 -------- d-----w- c:\program files (x86)\CodeBlocks
.
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-13 22:14 . 2014-05-21 23:25 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-06 14:01 . 2013-05-31 20:12 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-09-15 16:19 . 2013-04-10 15:35 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-15 16:19 . 2013-04-10 15:35 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-15 12:06 . 2013-04-10 15:54 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-08-30 00:57 . 2012-07-17 17:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-29 18:31 . 2014-08-29 18:32 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-23 13:16 . 2014-08-23 13:16 18594480 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-08-12 23:00 . 2014-08-12 23:00 4575232 ----a-w- c:\windows\SysWow64\GPhotos.scr
2014-07-24 16:05 . 2013-07-31 02:44 8192 ----a-w- c:\windows\SysWow64\srvany.exe
2014-07-22 15:43 . 2014-07-22 15:43 57096 ----a-w- c:\windows\system32\certsentry.dll
2014-07-22 15:43 . 2014-07-22 15:43 48392 ----a-w- c:\windows\SysWow64\certsentry.dll
2014-07-22 15:42 . 2014-07-22 15:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-07-22 15:42 . 2014-07-22 15:42 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2014-07-22 15:42 . 2014-07-22 15:42 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Tonec\IDMan.exe" [2011-08-21 3413400]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2014-03-04 3696912]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\x64\3\E_YATII4E.EXE" [2012-02-28 283232]
"MCShield Monitor"="c:\program files (x86)\MCShield\mcshieldrtm.exe" [2014-04-11 650816]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2010-11-06 283160]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-12-22 2870896]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-10-06 4085896]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-09-12 959176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2014-07-31 20:37 1754664 ------w- c:\program files (x86)\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AutoUpdateDisableNotify"=dword:00000001
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys;c:\windows\SYSNATIVE\drivers\GbpKm.sys [x]
R1 MpKslabc99670;MpKslabc99670;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1672EA8F-3263-441A-86D2-603F02354EF7}\MpKslabc99670.sys;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{1672EA8F-3263-441A-86D2-603F02354EF7}\MpKslabc99670.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\DRIVERS\lgandnetdiag64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetdiag64.sys [x]
R3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\DRIVERS\lgandnetmodem64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetmodem64.sys [x]
R3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\DRIVERS\lgandnetndis64.sys;c:\windows\SYSNATIVE\DRIVERS\lgandnetndis64.sys [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]
R3 cpudrv64;cpudrv64;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys;c:\program files (x86)\SystemRequirementsLab\cpudrv64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 flashusb;flashusb;c:\windows\system32\DRIVERS\flashusb.sys;c:\windows\SYSNATIVE\DRIVERS\flashusb.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\users\Public\Games\BlackShot\BlackShot\GameData\Room\safedrv.sys;c:\users\Public\Games\BlackShot\BlackShot\GameData\Room\safedrv.sys [x]
R3 HPFXBULKLEDM;HPFXBULKLEDM;c:\windows\system32\drivers\hppdbulkio.sys;c:\windows\SYSNATIVE\drivers\hppdbulkio.sys [x]
R3 HPFXFAX;HPFXFAX;c:\windows\system32\drivers\hppdfaxio.sys;c:\windows\SYSNATIVE\drivers\hppdfaxio.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 ONDAusbmdm6k;ONDA Proprietary USB Driver;c:\windows\system32\DRIVERS\ONDAusbmdm6k.sys;c:\windows\SYSNATIVE\DRIVERS\ONDAusbmdm6k.sys [x]
R3 ONDAusbnmea;ONDA NMEA Port;c:\windows\system32\DRIVERS\ONDAusbnmea.sys;c:\windows\SYSNATIVE\DRIVERS\ONDAusbnmea.sys [x]
R3 ONDAusbser6k;ONDA Diagnostic Port;c:\windows\system32\DRIVERS\ONDAusbser6k.sys;c:\windows\SYSNATIVE\DRIVERS\ONDAusbser6k.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApiUtil64.sys [x]
R3 ssdudfu;SAMSUNG Mobile USB DFU2 Device;c:\windows\system32\DRIVERS\ssdudfu.sys;c:\windows\SYSNATIVE\DRIVERS\ssdudfu.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 ssudobex;SAMSUNG Mobile USB OBEX Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudobex.sys;c:\windows\SYSNATIVE\DRIVERS\ssudobex.sys [x]
R3 ssudserd;SAMSUNG Mobile USB Diagnostic Serial Port(DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssudserd.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\Servidor\AppData\Local\Temp\tmpAF85.tmp;c:\users\Servidor\AppData\Local\Temp\tmpAF85.tmp [x]
R3 X6va012;X6va012;c:\windows\SysWOW64\Drivers\X6va012;c:\windows\SysWOW64\Drivers\X6va012 [x]
R3 X6va015;X6va015;c:\windows\SysWOW64\Drivers\X6va015;c:\windows\SysWOW64\Drivers\X6va015 [x]
R3 X6va017;X6va017;c:\windows\SysWOW64\Drivers\X6va017;c:\windows\SysWOW64\Drivers\X6va017 [x]
R3 X6va021;X6va021;c:\windows\SysWOW64\Drivers\X6va021;c:\windows\SysWOW64\Drivers\X6va021 [x]
R3 X6va027;X6va027;c:\windows\SysWOW64\Drivers\X6va027;c:\windows\SysWOW64\Drivers\X6va027 [x]
R4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
R4 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
R4 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
R4 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
R4 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
R4 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 lxbk_device;lxbk_device;c:\windows\system32\lxbkcoms.exe;c:\windows\SYSNATIVE\lxbkcoms.exe [x]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R4 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe;c:\windows\SYSNATIVE\viakaraokesrv.exe [x]
R4 WatAdminSvc;WatAdminSvc;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 Bfilter;Baidu Antivirus Minifilter Driver;c:\windows\System32\drivers\Bfilter.sys;c:\windows\SYSNATIVE\drivers\Bfilter.sys [x]
S1 Bfmon;Baidu FS Monitor Driver;c:\windows\System32\drivers\Bfmon.sys;c:\windows\SYSNATIVE\drivers\Bfmon.sys [x]
S1 Bprotect;Baidu Protect;c:\windows\System32\drivers\Bprotect.sys;c:\windows\SYSNATIVE\drivers\Bprotect.sys [x]
S1 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbguard.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRIVERS\idmwfp.sys [x]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe;c:\program files (x86)\Firebird\Firebird_2_1\bin\fbserver.exe [x]
S3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
S3 IntcDAud;Áudio do Monitor Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-14 21:40 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.137\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-10-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-10 16:19]
.
2014-10-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10 15:46]
.
2014-10-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-10 15:46]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-10-06 14:01 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-05-31 00:50 22408 ----a-w- c:\program files (x86)\Tonec\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2014-04-09 172016]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2014-04-09 399856]
"Persistence"="c:\windows\system32\igfxpers.exe" [2014-04-09 442352]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Search_URL = about:blank
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = about:blank
uInternet Settings,ProxyOverride = local;<local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: &Enviar para o OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Fazer o download de todos os links usando o IDM - c:\program files (x86)\Tonec\IEGetAll.htm
IE: Fazer o download usando o IDM - c:\program files (x86)\Tonec\IEExt.htm
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\seg
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 192.168.1.20
FF - ProfilePath - c:\users\Servidor\AppData\Roaming\Mozilla\Firefox\Profiles\eo62ovvy.default\
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Servidor\AppData\Roaming\unins001.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\Servidor\AppData\Local\Temp\tmpAF85.tmp"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va012]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va012"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va015]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va015"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va017]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va017"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va021]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va021"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va027]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va027"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-2475278908-3400158278-3307230388-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):6e,6e,ed,df,df,a9,80,cc,a3,81,53,f8,bf,34,cd,04,6a,dd,95,48,bc,
   33,97,a3,73,a1,b1,22,dc,99,5c,81,ea,9d,c5,9b,5d,ff,18,08,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2475278908-3400158278-3307230388-1000_Classes\Wow6432Node\CLSID\{b97a76b8-035b-4070-89b7-4780c4dab8b1}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:000000e3
"Therad"=dword:0000001d
"MData"=hex(0):73,d5,cf,b8,a4,07,89,80,31,e4,35,6b,2a,ca,fe,43,b6,1f,81,1f,5a,
   1b,4d,36,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,ee,21,46,8f,3c,f2,5c,68,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.14"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_14_0_0_145.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0010\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0011\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0012\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0013\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0014\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0015\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0016\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0017\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0018\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0019\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0020\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0021\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0022\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0023\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0024\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0025\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2014-10-17  11:08:22
ComboFix-quarantined-files.txt  2014-10-17 14:08
ComboFix2.txt  2014-09-14 00:48
.
Pré-execução: 634.793.664.512 bytes livres
Pós execução: 634.174.693.376 bytes livres
.
- - End Of File - - F6F98D5113F2B5207E08AD0E25C99C2E

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,
 
Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).
 
Abra o seu Bloco de Notas, copie (control + c) e cole (control + v) todo o texto que está dentro do "Código":
 

ClearJavaCache::Folder::c:\programdata\boost_interprocessc:\program files (x86)\Baidu SecurityDriver::BprotectExPCFApiUtilBfilterBfmonBprotectFile::c:\windows\System32\drivers\BprotectEx.sysc:\windows\System32\drivers\Bfilter.sysc:\windows\System32\drivers\Bfmon.sysc:\windows\System32\drivers\Bprotect.sysRegLock::[HKEY_USERS\S-1-5-21-2475278908-3400158278-3307230388-1000_Classes\Wow6432Node\CLSID\{7B8E9164-324D-4A2E-A46D-0165FB2000EC}][HKEY_USERS\S-1-5-21-2475278908-3400158278-3307230388-1000_Classes\Wow6432Node\CLSID\{b97a76b8-035b-[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}][HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation][HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]Registry::[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"AntiVirusDisableNotify"=0"AntiVirusOverride"=0"FirewallDisableNotify"=0"FirewallOverride"=0"UpdatesDisableNotify"=0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"AntiVirusDisableNotify"=0"FirewallDisableNotify"=0"FirewallOverride"=0[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"Hidden"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies]"DisableCMD"=-"DisableRegistryTools"=-"DisableTaskMgr"=-"NoDispCPL"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion]"SystemRestoreDisableSR"=-[-HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Internet Explorer\Control Panel][HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\MRT]"DontReportInfectionInformation"=-[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]"DisableConfig"=0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall"=0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc]"Start"=dword:00000002[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]"ParseAutoexec"="1"[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]"ParseAutoexec"="1"[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]"HideFileExt"=0[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings]"MigrateProxy"=dword:00000000"ProxyEnable"=dword:00000000[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer]"NoControlPanel"=-"NofolderOptions"=-"NoWindowsUpdate"=-[HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]"ParseAutoexec"="1"[HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel]"HomePage"=- ADS::
  • Salve este arquivo como: CFScript.txt
  • Tal com exemplificado na animação abaixo, arraste o arquivo CFScript.txt para dentro do ComboFix.exe. Quando a ferramenta terminar de rodar, gerará um log. Anexe esse arquivo C:\ComboFix.txt.

2872959479_997d4500c4_o.gif

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia.

 

1)

 

Baixe o AdwCleaner e salve no desktop.
https://toolslib.net/downloads/finish/1/

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique no botão Examinar e aguarde o exame finalizar.

Clique no botão Limpar.

Abrirá um bloco de notas com o resultado. Anexe o log na sua próxima resposta.

NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 

2)

 

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://malwarebytes....am-download.php

Dê um duplo-clique no mbam-setup.exe, para a instalação.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware (se houver) e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, caso o programa tenha sido instalado em Inglês, com o programa aberto, clique em Settings e no campo Language mude para Portuguese (Brasil).
  • Ainda na tela de Configurações, clique em Detecção e proteção, marque Verificar por Rootkits. Em Detecções PUP (programas potencialmente indesejados):, selecione Tratar detecções como malware.
  • Clique em Verificar em seguida Verificar ameaça por fim clique em Verificar agora.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver ítens encontrados, clique no botão Mover todos para a Quarentena..
  • Clique em Aplicar ações.
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Histórico -> Logs de aplicativos na janela principal do programa. Utilize o formato .txt para exportar o log.
  • Anexe o log na sua próxima resposta..

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Windows Repair Portable.
http://www.bleepingc...ortable/dl/266/
 
Extrai os arquivos para área de trabalho.

Execute o arquivo Repair_Windows.exe para iniciar a ferramenta.

Clique na aba Repairs > Certifique que a opção Automatically do a registry backup esteja marcada.
 
2dp7xx.png

Clique no botão Open Repairs.
 
Em seguida deixe marcado como está na imagem e dê o Start Repairs.

2h3bl7o.png

Aguarde e ao término o PC será reiniciado.
 
Poste o log gerado

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não surgiu automaticamente nenhum log porém navegando a pasta que o programa está localizado encontrei 9 itens, postarei um por um.

Tweaking.com - Windows Repair v2.9.2
--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Ultimate
OS Architecture: 64-bit
OS Version: 6.1.7600
OS Service Pack: 
Computer Name: SERVIDOR-PC
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Servidor
Current Profile SID: S-1-5-21-2475278908-3400158278-3307230388-1000
Current Profile Classes: S-1-5-21-2475278908-3400158278-3307230388-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Servidor\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 06:58:39
 
Process Count: 85
Commit Total: 4,44 GB
Commit Limit: 7,82 GB
Commit Peak: 5,17 GB
Handle Count: 31187
Kernel Total: 465,00 MB
Kernel Paged: 382,35 MB
Kernel Non Paged: 82,65 MB
System Cache: 27,82 GB
Thread Count: 1281
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3,91 GB
Memory Used: 2,95 GB(75,5751%)
Memory Avail.: 977,70 MB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 3,91 GB
Memory Used: 2,43 GB(62,1921%)
Memory Avail.: 1,48 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (19/10/2014 17:48:17)
 
Setting Any Missing 'InstallDate' From Uninstall Sections Before Running Repair...
Total Missing 'InstallDate' Fixed: 112
 
01 - Reset Registry Permissions 01/03
   HKEY_CURRENT_USER & Sub Keys
   Start (19/10/2014 17:48:44)
   Running Repair Under Current User Account
   Done (19/10/2014 17:50:17)
 
01 - Reset Registry Permissions 02/03
   HKEY_LOCAL_MACHINE & Sub Keys
   Start (19/10/2014 17:50:17)
   Running Repair Under System Account
   Done (19/10/2014 18:02:23)
 
01 - Reset Registry Permissions 03/03
   HKEY_CLASSES_ROOT & Sub Keys
   Start (19/10/2014 18:02:23)
   Running Repair Under System Account
   Done (19/10/2014 18:04:16)
 
03 - Reset Service Permissions
   Start (19/10/2014 18:04:16)
   Running Repair Under System Account
   Done (19/10/2014 18:04:36)
 
04 - Register System Files
   Start (19/10/2014 18:04:36)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:05:44)
 
05 - Repair WMI
   Start (19/10/2014 18:05:44)
 
   Starting Security Center So We Can Export The Security Info.
 
   Exporting Antivirus Info...
   avast! Antivirus Exported.
 
   Exporting AntiSpyware Info...
   Windows Defender Exported.
   avast! Antivirus Exported.
 
   Exporting 3rd Party Firewall Info...
   No Firewall Products Reported.
 
   Running Repair Under Current User Account
   Done (19/10/2014 18:14:08)
 
06 - Repair Windows Firewall
   Start (19/10/2014 18:14:08)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:15:01)
 
07 - Repair Internet Explorer
   Start (19/10/2014 18:15:01)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:16:01)
 
08 - Repair MDAC/MS Jet
   Start (19/10/2014 18:16:01)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:16:25)
 
09 - Repair Hosts File
   Start (19/10/2014 18:16:25)
   Running Repair Under System Account
   Done (19/10/2014 18:16:26)
 
10 - Remove Policies Set By Infections
   Start (19/10/2014 18:16:26)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:16:30)
 
11 - Repair Start Menu Icons Removed By Infections
   Start (19/10/2014 18:16:30)
   Running Repair Under System Account
   Done (19/10/2014 18:16:32)
 
12 - Repair Icons
   Start (19/10/2014 18:16:32)
   Running Repair Under Current User Account
   Done (19/10/2014 18:16:33)
 
13 - Repair Winsock & DNS Cache
   Start (19/10/2014 18:16:33)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:17:22)
 
15 - Repair Proxy Settings
   Start (19/10/2014 18:17:22)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:17:24)
 
17 - Repair Windows Updates
   Start (19/10/2014 18:17:24)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Setting Windows Updates Files That Are In Use To Be Removed At Next Boot.
   Done (19/10/2014 18:17:53)
 
18 - Repair CD/DVD Missing/Not Working
   Start (19/10/2014 18:17:53)
   iTunes not found, not applying UpperFilters iTunes Reg Key
   Done (19/10/2014 18:17:53)
 
19 - Repair Volume Shadow Copy Service
   Start (19/10/2014 18:17:53)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:18:25)
 
21 - Repair MSI (Windows Installer)
   Start (19/10/2014 18:18:25)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:18:43)
 
23.01 - Repair bat Association
   Start (19/10/2014 18:18:43)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:18:46)
 
23.02 - Repair cmd Association
   Start (19/10/2014 18:18:46)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:18:48)
 
23.03 - Repair com Association
   Start (19/10/2014 18:18:48)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:18:50)
 
23.04 - Repair Directory Association
   Start (19/10/2014 18:18:50)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:18:52)
 
23.05 - Repair Drive Association
   Start (19/10/2014 18:18:52)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:18:54)
 
23.06 - Repair exe Association
   Start (19/10/2014 18:18:54)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:18:57)
 
23.07 - Repair Folder Association
   Start (19/10/2014 18:18:57)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:18:59)
 
23.08 - Repair inf Association
   Start (19/10/2014 18:18:59)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:19:01)
 
23.09 - Repair lnk (Shortcuts) Association
   Start (19/10/2014 18:19:01)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:19:03)
 
23.10 - Repair msc Association
   Start (19/10/2014 18:19:03)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:19:05)
 
23.11 - Repair reg Association
   Start (19/10/2014 18:19:05)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:19:08)
 
23.12 - Repair scr Association
   Start (19/10/2014 18:19:08)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:19:10)
 
24 - Repair Windows Safe Mode
   Start (19/10/2014 18:19:10)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:19:12)
 
25 - Repair Print Spooler
   Start (19/10/2014 18:19:12)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:19:38)
 
26 - Restore Important Windows Services
   Start (19/10/2014 18:19:38)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:19:52)
 
27 - Set Windows Services To Default Startup
   Start (19/10/2014 18:19:52)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:19:58)
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
   Skipping Repair.
   Repair is for Windows v6.2 (Windows 8 & Newer) or higher.
   Current version: 6.1
 
31 - Repair Windows 'New' Submenu
   Start (19/10/2014 18:19:58)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (19/10/2014 18:20:00)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (19/10/2014 18:20:00)
   Total Repair Time: 00:31:45
 
 
...YOU MUST RESTART YOUR SYSTEM...

NÆo foi poss¡vel localizar C:\Users\Servidor\AppData\Local\Microsoft\Windows\Explorer\iconcache*.db
Ficheiro eliminado - C:\Users\Servidor\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
Ficheiro eliminado - C:\Users\Servidor\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
Ficheiro eliminado - C:\Users\Servidor\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
Ficheiro eliminado - C:\Users\Servidor\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
Ficheiro eliminado - C:\Users\Servidor\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
Ficheiro eliminado - C:\Users\Servidor\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db

[sC] ChangeServiceConfig Òxito
O servi‡o Windows Installer nÆo foi iniciado.
 
Para mais ajuda, escreva NET HELPMSG 3521.
 
O servi‡o Windows Installer est  a iniciar.
O servi‡o Windows Installer foi iniciado com ˆxito.
 
[sC] ChangeServiceConfig Òxito
O servi‡o Windows Installer est  a parar.
O servi‡o Windows Installer foi parado com ˆxito.
 
O servi‡o Windows Installer est  a iniciar.
O servi‡o Windows Installer foi iniciado com ˆxito.

Ficheiro eliminado - C:\Windows\System32\spool\PRINTERS\PP1gyn2qgnzvws3oom7c5nsmmgc.TMP
Ficheiro eliminado - C:\Windows\System32\spool\PRINTERS\PP66jf93bw8eynvsyk1s4i0ts2c.TMP
Ficheiro eliminado - C:\Windows\System32\spool\PRINTERS\PP7vf1ao2s2bebzcs3stge49k5.TMP
Ficheiro eliminado - C:\Windows\System32\spool\PRINTERS\PP83zhligsmi040a5sgl6rs1tm.TMP
Ficheiro eliminado - C:\Windows\System32\spool\PRINTERS\PP9py4te68sw0wcp8v62cnm2b4c.TMP
Ficheiro eliminado - C:\Windows\System32\spool\PRINTERS\PPeyf93oagcjwn8b8ugq4h2nm9c.TMP
Ficheiro eliminado - C:\Windows\System32\spool\PRINTERS\PPggvvvnlyi5w7zouuzclfuh_jd.TMP
Ficheiro eliminado - C:\Windows\System32\spool\PRINTERS\PPmna6msiws16vq2tpqtjp56a3d.TMP
Ficheiro eliminado - C:\Windows\System32\spool\PRINTERS\PPpwp7ykwchl30mf0n8sq_4izpc.TMP
Ficheiro eliminado - C:\Windows\System32\spool\PRINTERS\PPqlrzd4803gmoqrtr_2cb2ttyc.TMP
Ficheiro eliminado - C:\Windows\System32\spool\PRINTERS\PPr57kelgnd5owvi08ekc9csenb.TMP
Ficheiro eliminado - C:\Windows\System32\spool\PRINTERS\PPsejzo5q7w_g6vvfhf8b1ejzgd.TMP
Ficheiro eliminado - C:\Windows\System32\spool\PRINTERS\1\DSPDFDA.tmp

O servi‡o C¢pia sombra de volume nÆo foi iniciado.
 
Para mais ajuda, escreva NET HELPMSG 3521.
 
O servi‡o Fornecedor de C¢pia Sombra do Software Microsoft nÆo foi iniciado.
 
Para mais ajuda, escreva NET HELPMSG 3521.
 
O servi‡o C¢pia sombra de volume est  a parar.
O servi‡o C¢pia sombra de volume foi parado com ˆxito.
 
O servi‡o Fornecedor de C¢pia Sombra do Software Microsoft est  a parar.
O servi‡o Fornecedor de C¢pia Sombra do Software Microsoft foi parado com ˆxito.

O servi‡o Firewall do Windows est  a parar.
O servi‡o Firewall do Windows foi parado com ˆxito.
 
O servi‡o Partilha de liga‡Æo … Internet (ICS) nÆo foi iniciado.
 
Para mais ajuda, escreva NET HELPMSG 3521.
 
Os seguintes servi‡os estÆo dependentes do servi‡o Motor de Filtragem Base.
A paragem do servi‡o Motor de Filtragem Base ir  tamb‚m parar estes servi‡os.
 
   Agente de Pol¡tica de IPSec
   MBAMWebAccessControl
   M¢dulos de Cria‡Æo de Chaves IKE e AuthIP IPsec
   IDMWFP
 
O servi‡o Agente de Pol¡tica de IPSec est  a parar..
O servi‡o Agente de Pol¡tica de IPSec foi parado com ˆxito.
 
O servi‡o MBAMWebAccessControl est  a parar........
NÆo foi poss¡vel parar o servi‡o MBAMWebAccessControl.
 
O servi‡o M¢dulos de Cria‡Æo de Chaves IKE e AuthIP IPsec est  a parar.
O servi‡o M¢dulos de Cria‡Æo de Chaves IKE e AuthIP IPsec foi parado com ˆxito.
 
 
O servi‡o IDMWFP foi parado com ˆxito.
 
Ocorreu o erro de sistema 1051.
 
Um controlo de paragem foi enviado a um servi‡o, do qual dependem outros servi‡os que estÆo a ser executados.
 
[sC] ChangeServiceConfig Òxito
[sC] ChangeServiceConfig Òxito
[sC] ChangeServiceConfig Falhou 5:
 
Acesso negado.
 
[sC] ChangeServiceConfig Òxito
O servi‡o Firewall do Windows est  a parar.
O servi‡o Firewall do Windows foi parado com ˆxito.
 
O servi‡o Partilha de liga‡Æo … Internet (ICS) nÆo foi iniciado.
 
Para mais ajuda, escreva NET HELPMSG 3521.
 
Os seguintes servi‡os estÆo dependentes do servi‡o Motor de Filtragem Base.
A paragem do servi‡o Motor de Filtragem Base ir  tamb‚m parar estes servi‡os.
 
   Agente de Pol¡tica de IPSec
   MBAMWebAccessControl
 
O servi‡o Agente de Pol¡tica de IPSec est  a parar...
O servi‡o Agente de Pol¡tica de IPSec foi parado com ˆxito.
 
O servi‡o est  a ser iniciado ou a parar. Tente novamente mais tarde.
 
[sC] ChangeServiceConfig Òxito
[sC] ChangeServiceConfig Òxito
[sC] ChangeServiceConfig Falhou 5:
 
Acesso negado.
 
[sC] ChangeServiceConfig Òxito

[sC] ChangeServiceConfig Òxito
[sC] ChangeServiceConfig Òxito
[sC] ChangeServiceConfig Òxito
[sC] ChangeServiceConfig Òxito
O servi‡o Servi‡os de Criptografia est  a parar..
O servi‡o Servi‡os de Criptografia foi parado com ˆxito.
 
O servi‡o Servi‡o de Transferˆncia Inteligente em Segundo Plano est  a parar..
O servi‡o Servi‡o de Transferˆncia Inteligente em Segundo Plano foi parado com ˆxito.
 
O servi‡o Windows Update nÆo foi iniciado.
 
Para mais ajuda, escreva NET HELPMSG 3521.
 
O servi‡o Instalador de M¢dulos do Windows nÆo foi iniciado.
 
Para mais ajuda, escreva NET HELPMSG 3521.
 
O sistema nÆo conseguiu localizar o ficheiro especificado.
Ficheiro eliminado - C:\Windows\SoftwareDistribution\ReportingEvents.log
Ficheiro eliminado - C:\Windows\SoftwareDistribution\AuthCabs\authcab.cab
Ficheiro eliminado - C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\authcab.cab
Ficheiro eliminado - C:\Windows\SoftwareDistribution\DataStore\DataStore.edb
Ficheiro eliminado - C:\Windows\SoftwareDistribution\DataStore\Logs\edb.chk
Ficheiro eliminado - C:\Windows\SoftwareDistribution\DataStore\Logs\edb.log
Ficheiro eliminado - C:\Windows\SoftwareDistribution\DataStore\Logs\edb00167.log
Ficheiro eliminado - C:\Windows\SoftwareDistribution\DataStore\Logs\edbres00001.jrs
Ficheiro eliminado - C:\Windows\SoftwareDistribution\DataStore\Logs\edbres00002.jrs
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\0ef2053f031c8ca6956b4e0f94b4310e0d4029ff
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\2106a49544656d591093d53817aaded9a28e907e
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\280c96322b4ad6e6c77ae4bdf09520377d6cacd4
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\2a22f9943e9161fdd3529fed502f22abb3a82daf
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\575c04eabfe04506db3fd9ac18ea836a718ec971
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\5791a4f1e1a399947079a2582046e6167ddb040d
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\64e31edf212912b05a5166cefcfb306a497f2f96
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\84ff975b0b666079aed5334643df2827566390a5
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\87338545586dfcbe2ff7d223b1145bd814a82d0b
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\8988e1cd5f51fa22e46215f18042cf620f5aca76
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\89b37b38f723aa2942fbf7f3b1ea1fa13925eeac
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\8a3dadeacf61b0a8352b33ad83036acf4140ddd1
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\8edfc9cdcb1adcb86d11fab7352a8f4cc2a07c78
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\9a956bf26111fb104c059c5eca68ad77193db09b
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\a7c83077b8a28d409e36316d2d7321fa0ccdb7e8
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\affa65f324a409d6284af0512f5bdddafbbf8de4
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\b384b09c42954c3ce025a337eb7bb72b6969d2ee
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\b705e736ab91d770b398ce650c26265c36d535bc
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\b8835d49aed59bffde737c38c3321b352a15e407
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\bcde464452caa174f38873b1d11388c86fa2f323
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\be67e694bf96befd8c7ebf6c2cba16d140378bd1
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\c40d3e3035b8cea714f27532fea37c05b2d4dc65
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\ccbcf042ade27866fd6c9b72767f9bc67ea54eb4
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\e0fe5647244ccca213859d8fd96a46a1af8bfd6b
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\e2da8a5844049aca02c6f5719d4839f044a29b12
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\f148ce602da77a9b7ee7dd42acc3521ec2d5d881
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\fb45133189dbce32cdd68176e74e5657f09534f9
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\2581926cad39d94877f6f9f51fe3ea23\dw20sharedamd64.cab
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\268a598f9c64ca7a0db0e08524c3d35c\outlfltr-x-none.cab
Ficheiro eliminado - C:\Windows\SoftwareDistribution\Download\b5b9f5ba6cb8b86e33d8167cfc66c613\mso-x-none.cab
Ficheiro eliminado - C:\Windows\SoftwareDistribution\SelfUpdate\wsus3setup.cab
Ficheiro eliminado - C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256.mum
Ficheiro eliminado - C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256.mum
Ficheiro eliminado - C:\Windows\SoftwareDistribution\SelfUpdate\WUClient-SelfUpdate-Core-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256.mum
Ficheiro eliminado - C:\Windows\SoftwareDistribution\SelfUpdate\wuident.cab
Ficheiro eliminado - C:\Windows\SoftwareDistribution\SelfUpdate\wuident.txt
Ficheiro eliminado - C:\Windows\SoftwareDistribution\SelfUpdate\WuPackages.xml
Ficheiro eliminado - C:\Windows\SoftwareDistribution\SelfUpdate\Handler\WuSetupHandler.cab
Ficheiro eliminado - C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\muredir.cab
Ficheiro eliminado - C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\v6-legacy-muredir.cab
Ficheiro eliminado - C:\Windows\SoftwareDistribution\WuRedir\7971F918-A847-4430-9279-4A52D1EFE18D\wuredir.cab
Ficheiro eliminado - C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\muv4wuredir.cab
Ficheiro eliminado - C:\Windows\SoftwareDistribution\WuRedir\9482F4B4-E343-43B6-B170-9A65BC822C77\wuredir.cab
Ficheiro eliminado - C:\Windows\system32\catroot2\dberr.txt
Ficheiro eliminado - C:\Windows\system32\catroot2\edb.chk
Ficheiro eliminado - C:\Windows\system32\catroot2\edb.log
Ficheiro eliminado - C:\Windows\system32\catroot2\edb005CD.log
Ficheiro eliminado - C:\Windows\system32\catroot2\edbres00001.jrs
Ficheiro eliminado - C:\Windows\system32\catroot2\edbres00002.jrs
Ficheiro eliminado - C:\Windows\system32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
Ficheiro eliminado - C:\Windows\system32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
Ficheiro eliminado - C:\Windows\system32\config\txr\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.0.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\config\txr\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.1.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\config\txr\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.2.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\config\txr\{016888cc-6c6f-11de-8d1d-001e0bcde3ec}.TxR.blf
Ficheiro eliminado - C:\Windows\system32\config\txr\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
Ficheiro eliminado - C:\Windows\system32\config\txr\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\config\txr\{016888cd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
C:\Windows\system32\config\txr\{1b195e9c-4d5a-11e4-b98e-c89cdc44c012}.TxR.0.regtrans-ms
O processo nÆo pode aceder ao ficheiro porque este est  a ser utilizado por outro processo.
C:\Windows\system32\config\txr\{1b195e9c-4d5a-11e4-b98e-c89cdc44c012}.TxR.1.regtrans-ms
O processo nÆo pode aceder ao ficheiro porque este est  a ser utilizado por outro processo.
C:\Windows\system32\config\txr\{1b195e9c-4d5a-11e4-b98e-c89cdc44c012}.TxR.2.regtrans-ms
O processo nÆo pode aceder ao ficheiro porque este est  a ser utilizado por outro processo.
C:\Windows\system32\config\txr\{1b195e9c-4d5a-11e4-b98e-c89cdc44c012}.TxR.blf
O processo nÆo pode aceder ao ficheiro porque este est  a ser utilizado por outro processo.
C:\Windows\system32\config\txr\{1b195e9d-4d5a-11e4-b98e-c89cdc44c012}.TM.blf
O processo nÆo pode aceder ao ficheiro porque este est  a ser utilizado por outro processo.
C:\Windows\system32\config\txr\{1b195e9d-4d5a-11e4-b98e-c89cdc44c012}.TMContainer00000000000000000001.regtrans-ms
O processo nÆo pode aceder ao ficheiro porque este est  a ser utilizado por outro processo.
C:\Windows\system32\config\txr\{1b195e9d-4d5a-11e4-b98e-c89cdc44c012}.TMContainer00000000000000000002.regtrans-ms
O processo nÆo pode aceder ao ficheiro porque este est  a ser utilizado por outro processo.
Ficheiro eliminado - C:\Windows\system32\config\txr\{263b26cf-ec9c-11e2-ab8c-806e6f6e6963}.TxR.0.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\config\txr\{263b26cf-ec9c-11e2-ab8c-806e6f6e6963}.TxR.1.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\config\txr\{263b26cf-ec9c-11e2-ab8c-806e6f6e6963}.TxR.2.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\config\txr\{263b26cf-ec9c-11e2-ab8c-806e6f6e6963}.TxR.blf
Ficheiro eliminado - C:\Windows\system32\config\txr\{263b26d0-ec9c-11e2-ab8c-806e6f6e6963}.TM.blf
Ficheiro eliminado - C:\Windows\system32\config\txr\{263b26d0-ec9c-11e2-ab8c-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\config\txr\{263b26d0-ec9c-11e2-ab8c-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\schema.dat{0ab375fb-f5ec-11e2-8090-c89cdc44c012}.TM.blf
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\schema.dat{0ab375fb-f5ec-11e2-8090-c89cdc44c012}.TMContainer00000000000000000001.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\schema.dat{0ab375fb-f5ec-11e2-8090-c89cdc44c012}.TMContainer00000000000000000002.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\schema.dat{17e57333-2549-11e3-87da-c89cdc44c012}.TM.blf
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\schema.dat{17e57333-2549-11e3-87da-c89cdc44c012}.TMContainer00000000000000000001.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\schema.dat{17e57333-2549-11e3-87da-c89cdc44c012}.TMContainer00000000000000000002.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\schema.dat{323fa584-b27b-11e3-a570-c89cdc44c012}.TM.blf
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\schema.dat{323fa584-b27b-11e3-a570-c89cdc44c012}.TMContainer00000000000000000001.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\schema.dat{323fa584-b27b-11e3-a570-c89cdc44c012}.TMContainer00000000000000000002.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{6ea7fb1d-a1f8-11e2-8207-c89cdc44c012}.TM.blf
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{6ea7fb1d-a1f8-11e2-8207-c89cdc44c012}.TMContainer00000000000000000001.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{6ea7fb1d-a1f8-11e2-8207-c89cdc44c012}.TMContainer00000000000000000002.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{846ee3d3-7039-11de-9d20-001d09fa5a1c}.TM.blf
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{846ee3d3-7039-11de-9d20-001d09fa5a1c}.TMContainer00000000000000000001.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{846ee3d3-7039-11de-9d20-001d09fa5a1c}.TMContainer00000000000000000002.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{906de8f2-cac1-11e2-824a-c89cdc44c012}.TM.blf
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{906de8f2-cac1-11e2-824a-c89cdc44c012}.TMContainer00000000000000000001.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{906de8f2-cac1-11e2-824a-c89cdc44c012}.TMContainer00000000000000000002.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{947fd0cb-a1f5-11e2-a632-c89cdc44c012}.TM.blf
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{947fd0cb-a1f5-11e2-a632-c89cdc44c012}.TMContainer00000000000000000001.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{947fd0cb-a1f5-11e2-a632-c89cdc44c012}.TMContainer00000000000000000002.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{9c67e356-c31a-11e2-994d-c89cdc44c012}.TM.blf
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{9c67e356-c31a-11e2-994d-c89cdc44c012}.TMContainer00000000000000000001.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{9c67e356-c31a-11e2-994d-c89cdc44c012}.TMContainer00000000000000000002.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\schema.dat{c9ab1e0e-1d6e-11e4-a69c-c89cdc44c012}.TM.blf
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\schema.dat{c9ab1e0e-1d6e-11e4-a69c-c89cdc44c012}.TMContainer00000000000000000001.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\schema.dat{c9ab1e0e-1d6e-11e4-a69c-c89cdc44c012}.TMContainer00000000000000000002.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{dfe5af07-a1f4-11e2-9e82-c89cdc44c012}.TM.blf
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{dfe5af07-a1f4-11e2-9e82-c89cdc44c012}.TMContainer00000000000000000001.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\SCHEMA.DAT{dfe5af07-a1f4-11e2-9e82-c89cdc44c012}.TMContainer00000000000000000002.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\schema.dat{ffbd3039-6f4d-11e3-adb7-c89cdc44c012}.TM.blf
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\schema.dat{ffbd3039-6f4d-11e3-adb7-c89cdc44c012}.TMContainer00000000000000000001.regtrans-ms
Ficheiro eliminado - C:\Windows\system32\SMI\Store\Machine\schema.dat{ffbd3039-6f4d-11e3-adb7-c89cdc44c012}.TMContainer00000000000000000002.regtrans-ms
NÆo foi poss¡vel localizar C:\Windows\system32\SMI\Store\Machine\*.blf
NÆo foi poss¡vel localizar C:\Windows\system32\SMI\Store\Machine\*.regtrans-ms
[sC] SetServiceObjectSecurity Òxito
[sC] SetServiceObjectSecurity Òxito
Ficheiro nÆo encontrado - C:\Windows\SysWoW64\catroot2\*.*
 
Reponha com ˆxito o Cat logo Winsock.
Tem de reiniciar o computador para concluir a reposi‡Æo.
 
[sC] ChangeServiceConfig Òxito
[sC] ChangeServiceConfig Òxito
[sC] ChangeServiceConfig Òxito
[sC] ChangeServiceConfig Òxito
[sC] ChangeServiceConfig Òxito
[sC] ChangeServiceConfig Òxito
[sC] ChangeServiceConfig Òxito
[sC] ChangeServiceConfig Òxito
O servi‡o Servi‡os de Criptografia nÆo foi iniciado.
 
Para mais ajuda, escreva NET HELPMSG 3521.
 
O servi‡o Servi‡o de Transferˆncia Inteligente em Segundo Plano nÆo foi iniciado.
 
Para mais ajuda, escreva NET HELPMSG 3521.
 
O servi‡o Windows Update nÆo foi iniciado.
 
Para mais ajuda, escreva NET HELPMSG 3521.
 
O servi‡o Instalador de M¢dulos do Windows nÆo foi iniciado.
 
Para mais ajuda, escreva NET HELPMSG 3521.
 
O sistema não conseguiu localizar o ficheiro especificado.
Não foi possível localizar C:\ProgramData\Application Data\Microsoft\Network\Downloader\qmgr*.dat
Caminho nÆo encontrado - C:\Windows\SoftwareDistribution
O sistema não conseguiu localizar o ficheiro especificado.
O sistema não conseguiu localizar o ficheiro especificado.
Caminho nÆo encontrado - C:\Windows\system32\catroot2
O sistema não conseguiu localizar o ficheiro especificado.
O sistema não conseguiu localizar o ficheiro especificado.
C:\Windows\system32\config\txr\{1b195e9c-4d5a-11e4-b98e-c89cdc44c012}.TxR.0.regtrans-ms
O processo não pode aceder ao ficheiro porque este está a ser utilizado por outro processo.
C:\Windows\system32\config\txr\{1b195e9c-4d5a-11e4-b98e-c89cdc44c012}.TxR.1.regtrans-ms
O processo não pode aceder ao ficheiro porque este está a ser utilizado por outro processo.
C:\Windows\system32\config\txr\{1b195e9c-4d5a-11e4-b98e-c89cdc44c012}.TxR.2.regtrans-ms
O processo não pode aceder ao ficheiro porque este está a ser utilizado por outro processo.
C:\Windows\system32\config\txr\{1b195e9c-4d5a-11e4-b98e-c89cdc44c012}.TxR.blf
O processo não pode aceder ao ficheiro porque este está a ser utilizado por outro processo.
C:\Windows\system32\config\txr\{1b195e9d-4d5a-11e4-b98e-c89cdc44c012}.TM.blf
O processo não pode aceder ao ficheiro porque este está a ser utilizado por outro processo.
C:\Windows\system32\config\txr\{1b195e9d-4d5a-11e4-b98e-c89cdc44c012}.TMContainer00000000000000000001.regtrans-ms
O processo não pode aceder ao ficheiro porque este está a ser utilizado por outro processo.
C:\Windows\system32\config\txr\{1b195e9d-4d5a-11e4-b98e-c89cdc44c012}.TMContainer00000000000000000002.regtrans-ms
O processo não pode aceder ao ficheiro porque este está a ser utilizado por outro processo.
Ficheiro nÆo encontrado - C:\Windows\system32\SMI\Store\Machine\*.TM*
Ficheiro nÆo encontrado - C:\Windows\system32\SMI\Store\Machine\*.blf
Ficheiro nÆo encontrado - C:\Windows\system32\SMI\Store\Machine\*.regtrans-ms
Não foi possível localizar C:\Windows\system32\SMI\Store\Machine\*.TM*
Não foi possível localizar C:\Windows\system32\SMI\Store\Machine\*.blf
Não foi possível localizar C:\Windows\system32\SMI\Store\Machine\*.regtrans-ms
[sC] SetServiceObjectSecurity Òxito
[sC] SetServiceObjectSecurity Òxito
Caminho nÆo encontrado - C:\Windows\SysWoW64\catroot2
O sistema não conseguiu localizar o ficheiro especificado.
O sistema não conseguiu localizar o ficheiro especificado.
 
Reponha com êxito o Catálogo Winsock.
Tem de reiniciar o computador para concluir a reposição.
 
[sC] ChangeServiceConfig Òxito
[sC] ChangeServiceConfig Òxito
[sC] ChangeServiceConfig Òxito
[sC] ChangeServiceConfig Òxito

 
Reponha com ˆxito o Cat logo Winsock.
Tem de reiniciar o computador para concluir a reposi‡Æo.
 
OK.
 
A repor Global, OK!
A repor Interface, OK!
A repor Endere‡o Unicast, OK!
A repor rota, OK!
A repor Subinterface, OK!
Reinicie o computador para concluir esta ac‡Æo.
 
 
Reponha com ˆxito o Cat logo Winsock.
Tem de reiniciar o computador para concluir a reposi‡Æo.
 
NÆo foi encontrado o seguinte comando: int 6to4 reset all.
NÆo existem defini‡äes especificadas pelo utilizador para repor.
 
A repor Endere‡o Unicast, OK!
A repor rota, OK!
Reinicie o computador para concluir esta ac‡Æo.
 
 
NÆo foi encontrado o seguinte comando: int isatap reset all.
 
 
Reposi‡Æo de todos os parƒmetros de TCP com ˆxito!
OK.
 
NÆo foi encontrado o seguinte comando: int teredo reset all.
 
Configura‡Æo IP do Windows
 
Cache de resolu‡Æo DNS limpa com ˆxito.
 
Configura‡Æo IP do Windows
 
Foi iniciado o registo dos registos dos recursos de DNS de todos os adaptadores deste computador. Eventuais erros serÆo comunicados no 'Visualizador de eventos' dentro de 15 minutos.
 
Reponha com êxito o Catálogo Winsock.
Tem de reiniciar o computador para concluir a reposição.
 
OK.
 
A repor Interface, OK!
Reinicie o computador para concluir esta acção.
 
 
Reponha com êxito o Catálogo Winsock.
Tem de reiniciar o computador para concluir a reposição.
 
Não foi encontrado o seguinte comando: int 6to4 reset all.
Não existem definições especificadas pelo utilizador para repor.
 
Não existem definições especificadas pelo utilizador para repor.
 
 
Não foi encontrado o seguinte comando: int isatap reset all.
 
 
Reposição de todos os parâmetros de TCP com êxito!
OK.
 
Não foi encontrado o seguinte comando: int teredo reset all.
 
Configura‡Æo IP do Windows
 
Cache de resolu‡Æo DNS limpa com ˆxito.
 
Configura‡Æo IP do Windows
 
Foi iniciado o registo dos registos dos recursos de DNS de todos os adaptadores deste computador. Eventuais erros serÆo comunicados no 'Visualizador de eventos' dentro de 15 minutos.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

 

Desative temporiariamente seu AntiVirus

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Marque a caixa 'Enable detection of potentially unwanted applications"
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque também as caixas :
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Clique Change e marque também a caixa Computador.
  • Clique em Start.
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List of found threats
  • Clique em Export to text file e salve o log na sua área de trabalho.
  • Clique em Back.
  • Clique em Finish.
  • Anexe o log Salvo.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Reneê Cruz,

 

Desculpa a demora, tive problemas como meu HD.

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.
 
Baixe 51a612a8b27e2-Zoek.png Zoek.exe (por Smeenk) e salve na sua área de trabalho.
 
Execute o arquivo Zoek.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em execadmin.png.

Selecione estas linhas dentro do CODE, clique com o direito sobre a seleção e escolha a opção copiar. emptyclsid;
 

emptyclsid;resetieproxy;ffdefaults;msconfigcheck;autoclean;resethosts;shortcutfix;systemspecs;chrdefaults;resetwmi;

Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar

Nota: Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.


Clique [Run Script]

Aguarde o scan. Ao final abrirá o bloco de notas com o relatório.

Uma cópia também será salva no seu disco local com o nome zoek-results.txt

Anexe o zoek-results.txt na sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite Carlos,

Demora? Imagine leve o tempo que desejar, e espero que tenha resolvido ai com o seu HD e esteja tudo nos trinques...
Com relação ao Zoek.exe, não consegui baixar o arquivo meus navegadores informam "Falha - Sem Ficheiro".
Optei por não pesquisar o programa em sites externos a não ser que me oriente a fazer o mesmo, aguardo o contato.

 

-

Feito, Acho que foi uma falha temporária após algumas tentativas consegui baixar e executar o programa segue o Log em Anexo, não havia conseguido anexar o mesmo pois estava com a extensão .log fiz uma copia em txt.

zoek-results-.txt

Editado por Reneê Cruz
  • Curtir 1

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado.

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×