Jump to content

szanini

Members
  • Posts

    9
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Mr. Gringo thank you for your help. My computer is running at 100%! This case can be given as closed. Hugs to all the staff. Sandro
  2. Mr. Gringo, I did the scan using ESET online and not accused any error / virus. I used the AutoRuns and sending the report so you can help me optimize my PC drive. I searched the HELP program information but found nothing. Several items had already unselected. By my intuition, I unselect items related to "4shared Desktop" (which I no longer use) and the "Windows Mail" (because I use Office Outlook). I'm too scared to do anything wrong. Would you let me know what are the inputs that can be unselect to make the most efficient start windows. Attached is the report Thank you. AutoRuns.pdf
  3. Sr. Gringo, Também já tinha instalado o CCleanner em minha máquina e faço uma limpeza semanalmente com ele. Aproveito para perguntar a respeito dessa entrada: Erros ActiveX/COM | InProcServer32\%CommonProgramFiles%\System\Ole DB\msdaora.dll | HKCR\CLSID\{e8cc4cbe-fdff-11d0-b865-00a0c9081c1d} Sandro Zanini Esse erro sempre aparece no CClenner não há nenhuma forma de corrigir...mesmo fazendo a correção sempre que escaneio de novo, ela volta a aparecer. Utilizo também o Ashampoo WinOptimizer 10 mas ele não reconhece essa entrada como inválida ou erro. O que posso fazer a respeito disso? Segue abaixo o relatório do MBAM e do HijackThis (Google translate) Mr. Gringo, Also had CCleanner installed on my machine and make a weekly cleaning with it. Take this opportunity to ask about this entry: Errors ActiveX / COM InProcServer32 \% CommonProgramFiles% \ System \ Ole DB \ Msdaora.dll HKCR \ CLSID \ {e8cc4cbe-FDFF-11d0-b865-00a0c9081c1d} Sandro Zanini This error always appears in CClenner there is no way to fix ... even making the correction when I scan again, it reappears. Also use Ashampoo WinOptimizer 10 but he does not recognize this entry as invalid or error. What can I do about it? Below is the report from MBAM and HijackThis: Malwarebytes Anti-Malware (Trial) 1.75.0.1300 www.malwarebytes.org Versão da Base de Dados: v2013.08.20.06 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16660 Sandro Zanini :: SANDRO-PC [administrador] Proteção: Permitir 20/08/2013 16:55:15 mbam-log-2013-08-20 (16-55-15).txt Tipo de Verificação: Verificação Rápida Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM Opções de verificação desativadas: P2P Objetos escaneados: 351840 Tempo decorrido: 3 minuto(s), 16 segundo(s) Processos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0 (Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0 (Não foram detectados ítens maliciosos) Pastas Detectadas: 0 (Não foram detectados ítens maliciosos) Arquivos Detectados: 0 (Não foram detectados ítens maliciosos) (fim) -------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:09:01, on 20/08/2013 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v10.0 (10.00.9200.16660) Boot mode: Normal Running processes: C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files (x86)\Siber Systems\AI RoboForm\robotaskbaricon.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\WINDOWS\SysWOW64\ctfmon.exe H:\_Bibliotecas WIN8\Sandro Zanini\Desktop\HijackThis.exe C:\WINDOWS\syswow64\wwahost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: RoboForm - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll O2 - BHO: Logitech SetPoint - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~2\Office15\GROOVEEX.DLL O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll O2 - BHO: DialuxBHO - {F586CB96-7091-42ec-9829-F5D5CE65AFC1} - C:\Program Files (x86)\DIAL GmbH\DIALux\Dialux.BHO.dll O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll" (file missing) O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui O4 - HKCU\..\Run: [RoboForm] "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" O4 - Startup: Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: www.bb.com.br O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O20 - AppInit_DLLs: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: DIAL Communication Service (DialComService) - DIAL GmbH - C:\Program Files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: Everything - Unknown owner - C:\Program Files (x86)\Everything\Everything.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: Ashampoo LiveTuner Service (WO_LiveService) - Unknown owner - C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe -- End of file - 14694 bytes
  4. Sr. Gringo, Desculpe a demora... eu acho que ao escrever o post ontem, esqueci de apertar o botão para publicar minha resposta. Bom, acredito que com o segundo procedimento utilizando o Combofix tudo ficou certo. Já não recebe alertas nem do AVAST nem do Malwarebytes. Também não apareceu mais nenhuma pasta nova nos diretórios. O que percebi é que tanto ontem como hoje ao ligar o computador o Windows demorou e fez alguma atualização durante o boot (eu acho que a limpeza deve ter afetado alguma parte do IExplore). Mas depois seu funcionamento foi normal... Desde já agradeço a atenção. Fico aguardando mais instruções (se necessario). Segue o relatório do Combofix: Mr. Gringo, Sorry for the delay ... I think when writing the post yesterday, I forgot to push the button to publish my response. Well, I think with the second procedure using Combofix everything went right. No longer receive alerts or the AVAST or Malwarebytes. Also did not appear any more in the new folder directories. What I realized is that now as when the computer Windows took and made some update during boot (I think that cleaning must have affected some part of IExplore). But after its operation was normal ... I thank the your attention. I am awaiting further instructions (if necessary). Follows the Combofix report: ComboFix 13-08-18.01 - Sandro Zanini 18/08/2013 11:47:31.2.4 - x64 Microsoft Windows 8 Pro 6.2.9200.0.1252.55.1046.18.24522.22485 [GMT -3:00] Executando de: h:\_bibliotecas win8\Sandro Zanini\Desktop\ComboFix.exe Comandos utilizados :: h:\_bibliotecas win8\Sandro Zanini\Desktop\CFScript.txt AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Criado um novo ponto de restauração . . (((((((((((((((( Arquivos/Ficheiros criados de 2013-07-18 to 2013-08-18 )))))))))))))))))))))))))))) . . 2013-08-15 02:28 . 2013-08-15 02:28 -------- d-----w- c:\windows\ERUNT 2013-08-14 22:42 . 2013-08-14 22:42 -------- d-----w- c:\programdata\Protexis64 2013-08-14 16:52 . 2013-08-14 16:52 -------- d-----w- c:\program files (x86)\MSECache 2013-08-11 19:48 . 2013-08-11 19:48 -------- d-----w- C:\NvidiaLogging 2013-08-11 19:47 . 2013-05-14 19:28 39712 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2013-08-11 19:47 . 2013-05-14 19:27 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll 2013-08-11 19:47 . 2013-05-14 19:27 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2013-08-10 00:47 . 2013-08-10 00:47 -------- d-----w- c:\users\Sandro Zanini\AppData\Roaming\Malwarebytes 2013-08-10 00:47 . 2013-08-10 00:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-08-10 00:47 . 2013-08-10 00:47 -------- d-----w- c:\programdata\Malwarebytes 2013-08-10 00:47 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-08 21:19 . 2013-08-16 18:28 -------- d-----r- c:\users\Sandro Zanini\Dropbox 2013-08-08 21:14 . 2013-08-16 18:28 -------- d-----w- c:\users\Sandro Zanini\AppData\Roaming\Dropbox 2013-08-07 02:01 . 2013-08-07 02:01 -------- d-----w- c:\users\Sandro Zanini\AppData\Roaming\PSafe 2013-08-07 02:01 . 2013-08-07 02:01 -------- d-----w- c:\users\Sandro Zanini\AppData\Local\PSafe 2013-08-07 02:01 . 2013-08-01 01:18 384000 ----a-r- c:\windows\system32\PsClikS64.dll 2013-08-07 02:01 . 2013-08-01 01:18 323584 ----a-r- c:\windows\SysWow64\PsClikS.dll 2013-08-07 01:54 . 2013-08-07 19:30 -------- d-----w- c:\program files (x86)\DVDVideoSoft 2013-08-07 01:54 . 2013-08-07 19:30 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft 2013-08-06 14:51 . 2013-08-06 14:51 -------- d-----w- c:\program files (x86)\FileZilla FTP Client 2013-08-03 15:36 . 2013-08-03 15:36 -------- d-----w- c:\users\Sandro Zanini\AppData\Local\Osram_Lamp 2013-07-27 18:48 . 2013-07-27 18:48 -------- d-----w- c:\users\Sandro Zanini\AppData\Roaming\SolidDocuments 2013-07-25 20:31 . 2013-07-25 20:32 -------- d-----w- c:\program files (x86)\EasternGraphics 2013-07-25 20:31 . 2013-07-25 20:31 -------- d-----w- c:\programdata\EasternGraphics 2013-07-25 16:07 . 2013-07-25 16:07 -------- d-----w- c:\program files\EasternGraphics 2013-07-24 20:53 . 2013-07-24 20:53 -------- d-----w- c:\users\Sandro Zanini\AppData\Roaming\TagScanner 2013-07-24 20:53 . 2013-07-24 20:53 -------- d-----w- c:\program files (x86)\TagScanner 2013-07-23 20:09 . 2013-07-23 20:09 -------- d-----w- c:\users\Sandro Zanini\AppData\Local\LIBFREDO6_DATA_Dir 2013-07-22 15:44 . 2013-07-23 15:48 -------- d-----w- c:\users\Sandro Zanini\AppData\Roaming\Configuration 2013-07-22 15:44 . 2013-07-23 15:48 -------- d-----w- c:\users\Sandro Zanini\AppData\Roaming\Backup Tickets 2013-07-22 15:44 . 2013-07-23 15:48 -------- d-----w- c:\users\Public\BuildEdge 2013-07-22 15:37 . 2013-07-22 15:37 -------- d-----w- c:\users\Sandro Zanini\AppData\Roaming\BuildEdge 2013-07-20 16:58 . 2013-06-16 22:41 997632 ----a-w- c:\windows\system32\drivers\ndis.sys 2013-07-20 16:58 . 2013-06-01 11:33 2233600 ----a-w- c:\windows\system32\drivers\tcpip.sys . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-17 01:13 . 2013-05-16 14:32 78161360 ----a-w- c:\windows\system32\MRT.exe 2013-08-17 00:03 . 2013-07-12 15:29 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys 2013-07-03 12:52 . 2013-07-03 12:52 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-07-03 12:52 . 2013-05-16 02:23 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-07-03 12:52 . 2013-05-16 02:23 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-27 23:36 . 2013-05-17 15:39 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-06-27 23:36 . 2013-05-17 15:38 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-06-27 23:36 . 2013-05-17 15:38 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-27 22:04 . 2013-05-16 14:51 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-27 22:04 . 2013-05-16 14:51 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-21 12:06 . 2013-07-12 14:58 925648 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2013-06-21 12:06 . 2013-07-12 14:58 7641832 ----a-w- c:\windows\system32\nvopencl.dll 2013-06-21 12:06 . 2013-07-12 14:58 6324360 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-06-21 12:06 . 2013-07-12 14:58 570656 ----a-w- c:\windows\system32\NvIFR64.dll 2013-06-21 12:06 . 2013-07-12 14:58 467232 ----a-w- c:\windows\SysWow64\NvIFR.dll 2013-06-21 12:06 . 2013-07-12 14:58 27781920 ----a-w- c:\windows\system32\nvoglv64.dll 2013-06-21 12:06 . 2013-07-12 14:58 266448 ----a-w- c:\windows\system32\nvinitx.dll 2013-06-21 12:06 . 2013-07-12 14:58 218592 ----a-w- c:\windows\system32\nvoglshim64.dll 2013-06-21 12:06 . 2013-07-12 14:58 214448 ----a-w- c:\windows\SysWow64\nvinit.dll 2013-06-21 12:06 . 2013-07-12 14:58 21102368 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-06-21 12:06 . 2013-07-12 14:58 181488 ----a-w- c:\windows\SysWow64\nvoglshim32.dll 2013-06-21 12:06 . 2013-07-12 14:58 13411896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-06-21 12:06 . 2013-07-12 14:58 11235104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-06-21 12:06 . 2013-07-12 14:58 9239344 ----a-w- c:\windows\system32\nvcuda.dll 2013-06-21 12:06 . 2013-07-12 14:58 7687592 ----a-w- c:\windows\SysWow64\nvcuda.dll 2013-06-21 12:06 . 2013-07-12 14:58 572704 ----a-w- c:\windows\system32\NvFBC64.dll 2013-06-21 12:06 . 2013-07-12 14:58 465184 ----a-w- c:\windows\SysWow64\NvFBC.dll 2013-06-21 12:06 . 2013-07-12 14:58 2953504 ----a-w- c:\windows\system32\nvcuvid.dll 2013-06-21 12:06 . 2013-07-12 14:58 2777888 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2013-06-21 12:06 . 2013-07-12 14:58 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-06-21 12:06 . 2013-07-12 14:58 25256224 ----a-w- c:\windows\system32\nvcompiler.dll 2013-06-21 12:06 . 2013-07-12 14:58 2363680 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-06-21 12:06 . 2013-07-12 14:58 2002720 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2013-06-21 12:06 . 2013-07-12 14:58 1832224 ----a-w- c:\windows\system32\nvdispco6432049.dll 2013-06-21 12:06 . 2013-07-12 14:58 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2013-06-21 12:06 . 2013-07-12 14:58 15144928 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-06-21 12:06 . 2013-07-12 14:58 1511712 ----a-w- c:\windows\system32\nvdispgenco6432049.dll 2013-06-21 12:06 . 2013-07-12 14:58 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-06-21 12:06 . 2013-05-15 17:09 61216 ----a-w- c:\windows\system32\OpenCL.dll 2013-06-21 12:06 . 2013-05-15 17:09 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-06-21 12:06 . 2013-02-26 03:32 2936208 ----a-w- c:\windows\system32\nvapi64.dll 2013-06-21 12:06 . 2013-02-26 03:32 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-06-21 12:06 . 2012-07-25 20:22 15920536 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-06-21 10:23 . 2013-05-15 17:10 6496544 ----a-w- c:\windows\system32\nvcpl.dll 2013-06-21 10:23 . 2013-05-15 17:10 3514656 ----a-w- c:\windows\system32\nvsvc64.dll 2013-06-21 10:23 . 2013-05-15 17:10 884512 ----a-w- c:\windows\system32\nvvsvc.exe 2013-06-21 10:23 . 2013-05-15 17:10 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-06-21 10:23 . 2013-05-15 17:10 237856 ----a-w- c:\windows\system32\nvmctray.dll 2013-06-21 08:16 . 2013-06-21 08:16 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-06-20 04:17 . 2013-05-15 17:10 3253909 ----a-w- c:\windows\system32\nvcoproc.bin 2013-06-11 23:43 . 2013-07-11 16:32 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-06-11 23:43 . 2013-07-11 16:32 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-06-11 23:26 . 2013-07-11 16:32 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-06-11 23:26 . 2013-07-11 16:32 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-06-11 23:26 . 2013-07-11 16:32 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-06-11 23:25 . 2013-07-11 16:32 19238912 ----a-w- c:\windows\system32\mshtml.dll 2013-06-11 23:25 . 2013-07-11 16:32 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-06-11 23:25 . 2013-07-11 16:32 3958784 ----a-w- c:\windows\system32\jscript9.dll 2013-06-11 23:25 . 2013-07-11 16:32 855552 ----a-w- c:\windows\system32\jscript.dll 2013-06-11 23:25 . 2013-07-11 16:32 15404032 ----a-w- c:\windows\system32\ieframe.dll 2013-06-11 23:25 . 2013-07-11 16:32 2648576 ----a-w- c:\windows\system32\iertutil.dll 2013-06-10 18:44 . 2013-05-16 12:43 2080472 ----a-w- c:\windows\RtlExUpd.dll 2013-06-01 09:25 . 2013-07-11 16:32 496640 ----a-w- c:\windows\SysWow64\qedit.dll 2013-06-01 09:21 . 2013-07-11 16:32 595968 ----a-w- c:\windows\system32\qedit.dll 2013-05-30 23:24 . 2013-06-15 23:23 1257472 ----a-w- c:\windows\system32\kernel32.dll 2013-05-30 23:14 . 2013-07-11 16:32 4036096 ----a-w- c:\windows\system32\win32k.sys 2013-05-30 14:12 . 2013-05-15 17:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2013-05-23 23:01 . 2013-06-15 23:23 1300992 ----a-w- c:\windows\system32\gdi32.dll 2013-05-23 22:27 . 2013-06-15 23:23 1022464 ----a-w- c:\windows\SysWow64\gdi32.dll 2013-05-22 04:45 . 2013-07-12 14:35 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll 2013-05-22 00:50 . 2013-07-12 14:33 3425608 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys 2013-05-21 18:57 . 2013-07-12 14:33 142408 ----a-w- c:\windows\system32\RCoInstII64.dll 2013-05-20 19:32 . 2013-05-20 19:32 31984 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys 2013-05-20 19:16 . 2013-07-12 14:33 1003592 ----a-w- c:\windows\system32\RtkApi64.dll 2013-05-20 17:36 . 2013-07-12 14:33 2794056 ----a-w- c:\windows\system32\RtPgEx64.dll . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{5348442D-5637-006A-76A7-7A786E7484D7}] 2013-07-29 07:23 12240 ----a-w- c:\program files (x86)\AskPartnerNetwork\Toolbar\SHD-V7\Passport.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F586CB96-7091-42ec-9829-F5D5CE65AFC1}] 2013-07-12 11:18 1220880 ----a-w- c:\program files (x86)\DIAL GmbH\DIALux\Dialux.BHO.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{5348442D-5637-006A-76A7-7A786E7484D7}"= "c:\program files (x86)\AskPartnerNetwork\Toolbar\SHD-V7\Passport.dll" [2013-07-29 12240] . [HKEY_CLASSES_ROOT\clsid\{5348442d-5637-006a-76a7-7a786e7484d7}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-07-13 07:43 1724616 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-07-13 07:43 1724616 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-07-13 07:43 1724616 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\Sandro Zanini\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\Sandro Zanini\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\Sandro Zanini\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-07-01 160592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] "ApnTBMon"="c:\program files (x86)\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe" [2013-07-29 1558480] . c:\users\Sandro Zanini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2013-6-17 2606448] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] 2013-07-15 14:23 1410088 ------w- c:\program files (x86)\GbPlugin\gbieh.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 DialComService;DIAL Communication Service;c:\program files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe;c:\program files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 WO_LiveService;Ashampoo LiveTuner Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswKbd;aswKbd; [x] S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x] S2 APNMCP;Serviço de atualização Ask;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe;c:\program files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x] S2 Everything;Everything;c:\program files (x86)\Everything\Everything.exe;c:\program files (x86)\Everything\Everything.exe [x] S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [x] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\System32\drivers\ICCWDT.sys;c:\windows\SYSNATIVE\drivers\ICCWDT.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Conteúdo da pasta 'Tarefas Agendadas' . 2013-08-14 c:\windows\Tasks\AdvancedDriverUpdater_UPDATES.job - c:\program files (x86)\Advanced Driver Updater\adu.exe [2013-05-16 21:20] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1] @="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}" [HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}] 2013-06-12 02:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2] @="{853B7E05-C47D-4985-909A-D0DC5C6D7303}" [HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}] 2013-06-12 02:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3] @="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}" [HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}] 2013-06-12 02:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-07-13 07:37 2328776 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-07-13 07:37 2328776 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-07-13 07:37 2328776 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\Sandro Zanini\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\Sandro Zanini\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\Sandro Zanini\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\Sandro Zanini\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll . ------- Scan Suplementar ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: &Download All using 4shared Desktop - c:\program files (x86)\4shared Desktop\Desktop.32/D_ALL_LINK IE: &Download using 4shared Desktop - c:\program files (x86)\4shared Desktop\Desktop.32/D_ONE_LINK IE: &Enviar para o OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105 IE: Anexar a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Anexar destino do link a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Converter destino do link em Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Converter em Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000 IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm Trusted Zone: bancobrasil.com.br\www Trusted Zone: bancobrasil.com.br\www14 Trusted Zone: bancobrasil.com.br\www2 Trusted Zone: bb.com.br\www TCP: DhcpNameServer = 201.21.192.167 201.21.192.162 201.6.4.116 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL . - - - - ORFÃOS REMOVIDOS - - - - . AddRemove-DietPRO4 - Versão Demonstrativa - c:\windows\iun6002.exe AddRemove-EGR-ShellExtension - c:\programdata\{9559969E-5786-48CA-87AB-B7695EC37420}\EGR-ShellExtension_setup.exe AddRemove-pCon.planner 6.6 - c:\programdata\{5D563DDF-5A7F-498E-92F6-5EEFCD7FC8CF}\pcon.planner_setup.exe AddRemove-{31AE3593-448E-43AB-B865-C235F64B0FB5} - c:\programdata\{9559969E-5786-48CA-87AB-B7695EC37420}\EGR-ShellExtension_setup.exe AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Sandro Zanini\AppData\Roaming\unins000.exe AddRemove-{61FFF5E3-1D08-4F66-AC29-EF61963F2619} - c:\programdata\{5D563DDF-5A7F-498E-92F6-5EEFCD7FC8CF}\pcon.planner_setup.exe . . . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Tempo para conclusão: 2013-08-18 11:55:41 ComboFix-quarantined-files.txt 2013-08-18 14:55 ComboFix2.txt 2013-08-16 13:35 . Pré-execução: 107.216.986.112 bytes disponíveis Pós execução: 107.143.413.760 bytes disponíveis . - - End Of File - - 616603BA9E97769D986553E84165DE5C 671B81004FDD1588FA9ED1331C9CECA9
  5. Mr. Gringo Also appeared a new folder in c: \ 69d \ , with the following files (no extension): 7fo0a7; 7f1a; 656; 61616; I do not know if it was some folder created by ADWCleaner or junkware I used the same day ... or if I'm still infected and has some malware creating folders on my computer. Although not marked in yellow, just noticed that this folder now appears in the report of Combofix 2013-08-14 19:56 . 2013-08-14 19:56 -------- d-----w- C:\69d
  6. Sr. Gringo, Após utilizar o computador por um dia, notei que as janelas que abriam inesperadamente já não estava mais ocorrendo. Hoje, ao utilizar o Combofix, percebi que o programa localizou alguns itens que eu não conheço e não sei se é algum tipo de infecção. Eu alterei a cor da linha do relatório para ficar mais fácil identificar o que não reconheço (não sei se faz parte de algum programa que utilizo ou se foi instalado por algum malware). Sigo aguardando novas instruções. [Google translator] Mr. Gringo, After using the computer for a day, I noticed that the windows that opened unexpectedly was no longer occurring. Today, the use Combofix, I realized that the program located a few items that I do not know and do not know if it's some kind of infection. I changed the line color of the report to make it easier to identify what they do not recognize (I do not know if it is part of a program that I use or if it was installed by malware - disregarded file type. dlll;. exe and. sys). I keep waiting for new instructions. ComboFix 13-08-15.03 - Sandro Zanini 16/08/2013 10:20:02.1.4 - x64 Microsoft Windows 8 Pro 6.2.9200.0.1252.55.1046.18.24522.22720 [GMT -3:00] Executando de: h:\_bibliotecas win8\Sandro Zanini\Downloads\ComboFix.exe AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47} SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Criado um novo ponto de restauração . . ((((((((((((((((((((((((((((((((((((( Outras Exclusões ))))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Sandro Zanini\AppData\Roaming\unins000.exe c:\windows\iun6002.exe c:\windows\wininit.ini h:\_bibliotecas win8\Sandro Zanini\Documents\Readiris.DUS . . (((((((((((((((( Arquivos/Ficheiros criados de 2013-07-16 to 2013-08-16 )))))))))))))))))))))))))))) . . 2013-08-16 13:28 . 2013-08-16 13:28 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-08-16 13:28 . 2013-08-16 13:28 -------- d-----w- c:\users\Sandro Zanini\AppData\Local\temp 2013-08-16 13:28 . 2013-08-16 13:28 -------- d-----w- c:\users\NeroMediaHomeUser.4\AppData\Local\temp 2013-08-16 13:28 . 2013-08-16 13:28 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp 2013-08-15 02:28 . 2013-08-15 02:28 -------- d-----w- c:\windows\ERUNT 2013-08-14 22:42 . 2013-08-14 22:42 -------- d-----w- c:\programdata\Protexis64 2013-08-14 19:56 . 2013-08-14 19:56 -------- d-----w- C:\69d 2013-08-14 16:52 . 2013-08-14 16:52 -------- d-----w- c:\program files (x86)\MSECache 2013-08-11 19:48 . 2013-08-11 19:48 -------- d-----w- C:\NvidiaLogging 2013-08-11 19:47 . 2013-05-14 19:28 39712 ----a-w- c:\windows\system32\drivers\nvvad64v.sys 2013-08-11 19:47 . 2013-05-14 19:27 29984 ----a-w- c:\windows\system32\nvaudcap64v.dll 2013-08-11 19:47 . 2013-05-14 19:27 28448 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll 2013-08-10 00:47 . 2013-08-10 00:47 -------- d-----w- c:\users\Sandro Zanini\AppData\Roaming\Malwarebytes 2013-08-10 00:47 . 2013-08-10 00:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-08-10 00:47 . 2013-08-10 00:47 -------- d-----w- c:\programdata\Malwarebytes 2013-08-10 00:47 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-08-08 21:19 . 2013-08-16 12:31 -------- d-----r- c:\users\Sandro Zanini\Dropbox 2013-08-08 21:14 . 2013-08-16 12:31 -------- d-----w- c:\users\Sandro Zanini\AppData\Roaming\Dropbox 2013-08-07 02:01 . 2013-08-07 02:01 -------- d-----w- c:\users\Sandro Zanini\AppData\Roaming\PSafe ( Already deleted that folder several times but she always comes back) 2013-08-07 02:01 . 2013-08-07 02:01 -------- d-----w- c:\users\Sandro Zanini\AppData\Local\PSafe ( Already deleted that folder several times but she always comes back) 2013-08-07 02:01 . 2013-08-01 01:18 384000 ----a-r- c:\windows\system32\PsClikS64.dll 2013-08-07 02:01 . 2013-08-01 01:18 323584 ----a-r- c:\windows\SysWow64\PsClikS.dll 2013-08-07 01:54 . 2013-08-07 19:30 -------- d-----w- c:\program files (x86)\DVDVideoSoft 2013-08-07 01:54 . 2013-08-07 19:30 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft 2013-08-06 14:51 . 2013-08-06 14:51 -------- d-----w- c:\program files (x86)\FileZilla FTP Client 2013-08-03 15:36 . 2013-08-03 15:36 -------- d-----w- c:\users\Sandro Zanini\AppData\Local\Osram_Lamp 2013-07-27 18:48 . 2013-07-27 18:48 -------- d-----w- c:\users\Sandro Zanini\AppData\Roaming\SolidDocuments 2013-07-25 20:31 . 2013-07-25 20:32 -------- d-----w- c:\program files (x86)\EasternGraphics 2013-07-25 20:31 . 2013-07-25 20:31 -------- d-----w- c:\programdata\EasternGraphics 2013-07-25 16:07 . 2013-07-25 16:07 -------- d-----w- c:\program files\EasternGraphics 2013-07-24 20:53 . 2013-07-24 20:53 -------- d-----w- c:\users\Sandro Zanini\AppData\Roaming\TagScanner 2013-07-24 20:53 . 2013-07-24 20:53 -------- d-----w- c:\program files (x86)\TagScanner 2013-07-23 20:09 . 2013-07-23 20:09 -------- d-----w- c:\users\Sandro Zanini\AppData\Local\LIBFREDO6_DATA_Dir 2013-07-22 15:44 . 2013-07-23 15:48 -------- d-----w- c:\users\Sandro Zanini\AppData\Roaming\Configuration 2013-07-22 15:44 . 2013-07-23 15:48 -------- d-----w- c:\users\Sandro Zanini\AppData\Roaming\Backup Tickets 2013-07-22 15:44 . 2013-07-23 15:48 -------- d-----w- c:\users\Public\BuildEdge 2013-07-22 15:37 . 2013-07-22 15:37 -------- d-----w- c:\users\Sandro Zanini\AppData\Roaming\BuildEdge 2013-07-20 16:58 . 2013-06-16 22:41 997632 ----a-w- c:\windows\system32\drivers\ndis.sys 2013-07-20 16:58 . 2013-06-01 11:33 2233600 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-07-18 23:51 . 2013-07-18 23:51 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp 2013-07-18 17:34 . 2013-08-07 02:15 -------- d-----w- c:\program files\Unlocker 2013-07-18 00:39 . 2013-08-03 15:36 -------- d-----w- c:\program files (x86)\Common Files\DIALux 2013-07-18 00:35 . 2013-08-07 22:37 -------- d-----w- c:\programdata\DIALux 2013-07-18 00:35 . 2013-08-07 22:37 -------- d-----w- c:\programdata\DIALux PlugIns 2013-07-18 00:34 . 2013-07-18 00:34 323716 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll 2013-07-18 00:34 . 2013-07-18 00:34 192644 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll 2013-07-18 00:34 . 2004-10-22 05:18 749568 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll 2013-07-18 00:34 . 2004-10-22 05:17 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll 2013-07-18 00:34 . 2004-10-22 05:17 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll 2013-07-18 00:34 . 2004-10-22 05:16 180224 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll 2013-07-18 00:34 . 2004-10-22 05:16 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe 2013-07-17 20:55 . 2013-07-17 20:55 -------- d-----w- c:\users\Sandro Zanini\AppData\Local\DIAL GmbH 2013-07-17 20:54 . 2013-07-17 20:54 -------- d-----w- c:\program files (x86)\Common Files\DIAL GmbH 2013-07-17 20:53 . 2013-07-17 20:54 -------- d-----w- c:\program files (x86)\DIAL GmbH 2013-07-17 20:53 . 2008-07-12 11:18 3851784 ----a-w- c:\windows\SysWow64\D3DX9_39.dll 2013-07-17 20:52 . 2013-07-17 20:54 -------- d-----w- c:\programdata\DIAL GmbH 2013-07-17 18:07 . 2013-07-17 18:07 -------- d-----w- c:\program files (x86)\Citrix 2013-07-17 18:07 . 2013-08-11 20:03 -------- d-----w- c:\users\Sandro Zanini\AppData\Local\Citrix 2013-07-17 15:01 . 2013-07-17 15:01 -------- d-----w- c:\users\Sandro Zanini\AppData\Roaming\Abvent . . . ((((((((((((((((((((((((((((((((((((( Relatório Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-08-15 02:14 . 2013-07-12 15:29 31088 ----a-w- c:\windows\SysWow64\drivers\gbpndisrd.sys 2013-07-11 16:54 . 2013-05-16 14:32 78185248 ----a-w- c:\windows\system32\MRT.exe 2013-07-03 12:52 . 2013-07-03 12:52 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-07-03 12:52 . 2013-05-16 02:23 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-07-03 12:52 . 2013-05-16 02:23 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-06-27 23:36 . 2013-05-17 15:39 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys 2013-06-27 23:36 . 2013-05-17 15:38 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys 2013-06-27 23:36 . 2013-05-17 15:38 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys 2013-06-27 22:04 . 2013-05-16 14:51 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-06-27 22:04 . 2013-05-16 14:51 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-06-21 12:06 . 2013-07-12 14:58 925648 ----a-w- c:\windows\SysWow64\nvumdshim.dll 2013-06-21 12:06 . 2013-07-12 14:58 7641832 ----a-w- c:\windows\system32\nvopencl.dll 2013-06-21 12:06 . 2013-07-12 14:58 6324360 ----a-w- c:\windows\SysWow64\nvopencl.dll 2013-06-21 12:06 . 2013-07-12 14:58 570656 ----a-w- c:\windows\system32\NvIFR64.dll 2013-06-21 12:06 . 2013-07-12 14:58 467232 ----a-w- c:\windows\SysWow64\NvIFR.dll 2013-06-21 12:06 . 2013-07-12 14:58 27781920 ----a-w- c:\windows\system32\nvoglv64.dll 2013-06-21 12:06 . 2013-07-12 14:58 266448 ----a-w- c:\windows\system32\nvinitx.dll 2013-06-21 12:06 . 2013-07-12 14:58 218592 ----a-w- c:\windows\system32\nvoglshim64.dll 2013-06-21 12:06 . 2013-07-12 14:58 214448 ----a-w- c:\windows\SysWow64\nvinit.dll 2013-06-21 12:06 . 2013-07-12 14:58 21102368 ----a-w- c:\windows\SysWow64\nvoglv32.dll 2013-06-21 12:06 . 2013-07-12 14:58 181488 ----a-w- c:\windows\SysWow64\nvoglshim32.dll 2013-06-21 12:06 . 2013-07-12 14:58 13411896 ----a-w- c:\windows\SysWow64\nvwgf2um.dll 2013-06-21 12:06 . 2013-07-12 14:58 11235104 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys 2013-06-21 12:06 . 2013-07-12 14:58 9239344 ----a-w- c:\windows\system32\nvcuda.dll 2013-06-21 12:06 . 2013-07-12 14:58 7687592 ----a-w- c:\windows\SysWow64\nvcuda.dll 2013-06-21 12:06 . 2013-07-12 14:58 572704 ----a-w- c:\windows\system32\NvFBC64.dll 2013-06-21 12:06 . 2013-07-12 14:58 465184 ----a-w- c:\windows\SysWow64\NvFBC.dll 2013-06-21 12:06 . 2013-07-12 14:58 2953504 ----a-w- c:\windows\system32\nvcuvid.dll 2013-06-21 12:06 . 2013-07-12 14:58 2777888 ----a-w- c:\windows\SysWow64\nvcuvid.dll 2013-06-21 12:06 . 2013-07-12 14:58 2597856 ----a-w- c:\windows\SysWow64\nvapi.dll 2013-06-21 12:06 . 2013-07-12 14:58 25256224 ----a-w- c:\windows\system32\nvcompiler.dll 2013-06-21 12:06 . 2013-07-12 14:58 2363680 ----a-w- c:\windows\system32\nvcuvenc.dll 2013-06-21 12:06 . 2013-07-12 14:58 2002720 ----a-w- c:\windows\SysWow64\nvcuvenc.dll 2013-06-21 12:06 . 2013-07-12 14:58 1832224 ----a-w- c:\windows\system32\nvdispco6432049.dll 2013-06-21 12:06 . 2013-07-12 14:58 17560352 ----a-w- c:\windows\SysWow64\nvcompiler.dll 2013-06-21 12:06 . 2013-07-12 14:58 15144928 ----a-w- c:\windows\system32\nvd3dumx.dll 2013-06-21 12:06 . 2013-07-12 14:58 1511712 ----a-w- c:\windows\system32\nvdispgenco6432049.dll 2013-06-21 12:06 . 2013-07-12 14:58 12427240 ----a-w- c:\windows\SysWow64\nvd3dum.dll 2013-06-21 12:06 . 2013-05-15 17:09 61216 ----a-w- c:\windows\system32\OpenCL.dll 2013-06-21 12:06 . 2013-05-15 17:09 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll 2013-06-21 12:06 . 2013-02-26 03:32 2936208 ----a-w- c:\windows\system32\nvapi64.dll 2013-06-21 12:06 . 2013-02-26 03:32 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll 2013-06-21 12:06 . 2012-07-25 20:22 15920536 ----a-w- c:\windows\system32\nvwgf2umx.dll 2013-06-21 10:23 . 2013-05-15 17:10 6496544 ----a-w- c:\windows\system32\nvcpl.dll 2013-06-21 10:23 . 2013-05-15 17:10 3514656 ----a-w- c:\windows\system32\nvsvc64.dll 2013-06-21 10:23 . 2013-05-15 17:10 884512 ----a-w- c:\windows\system32\nvvsvc.exe 2013-06-21 10:23 . 2013-05-15 17:10 63776 ----a-w- c:\windows\system32\nvshext.dll 2013-06-21 10:23 . 2013-05-15 17:10 237856 ----a-w- c:\windows\system32\nvmctray.dll 2013-06-21 08:16 . 2013-06-21 08:16 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe 2013-06-20 04:17 . 2013-05-15 17:10 3253909 ----a-w- c:\windows\system32\nvcoproc.bin 2013-06-11 23:43 . 2013-07-11 16:32 1767936 ----a-w- c:\windows\SysWow64\wininet.dll 2013-06-11 23:43 . 2013-07-11 16:32 2877440 ----a-w- c:\windows\SysWow64\jscript9.dll 2013-06-11 23:26 . 2013-07-11 16:32 51712 ----a-w- c:\windows\system32\ie4uinit.exe 2013-06-11 23:26 . 2013-07-11 16:32 2241024 ----a-w- c:\windows\system32\wininet.dll 2013-06-11 23:26 . 2013-07-11 16:32 1365504 ----a-w- c:\windows\system32\urlmon.dll 2013-06-11 23:25 . 2013-07-11 16:32 19238912 ----a-w- c:\windows\system32\mshtml.dll 2013-06-11 23:25 . 2013-07-11 16:32 603136 ----a-w- c:\windows\system32\msfeeds.dll 2013-06-11 23:25 . 2013-07-11 16:32 3958784 ----a-w- c:\windows\system32\jscript9.dll 2013-06-11 23:25 . 2013-07-11 16:32 855552 ----a-w- c:\windows\system32\jscript.dll 2013-06-11 23:25 . 2013-07-11 16:32 15404032 ----a-w- c:\windows\system32\ieframe.dll 2013-06-11 23:25 . 2013-07-11 16:32 2648576 ----a-w- c:\windows\system32\iertutil.dll 2013-06-10 18:44 . 2013-05-16 12:43 2080472 ----a-w- c:\windows\RtlExUpd.dll 2013-06-01 09:25 . 2013-07-11 16:32 496640 ----a-w- c:\windows\SysWow64\qedit.dll 2013-06-01 09:21 . 2013-07-11 16:32 595968 ----a-w- c:\windows\system32\qedit.dll 2013-05-30 23:24 . 2013-06-15 23:23 1257472 ----a-w- c:\windows\system32\kernel32.dll 2013-05-30 23:14 . 2013-07-11 16:32 4036096 ----a-w- c:\windows\system32\win32k.sys 2013-05-30 14:12 . 2013-05-15 17:00 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin 2013-05-23 23:01 . 2013-06-15 23:23 1300992 ----a-w- c:\windows\system32\gdi32.dll 2013-05-23 22:27 . 2013-06-15 23:23 1022464 ----a-w- c:\windows\SysWow64\gdi32.dll 2013-05-22 04:45 . 2013-07-12 14:35 8192 ----a-w- c:\windows\system32\drivers\IntelMEFWVer.dll 2013-05-22 00:50 . 2013-07-12 14:33 3425608 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys 2013-05-21 18:57 . 2013-07-12 14:33 142408 ----a-w- c:\windows\system32\RCoInstII64.dll 2013-05-20 19:32 . 2013-05-20 19:32 31984 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys 2013-05-20 19:16 . 2013-07-12 14:33 1003592 ----a-w- c:\windows\system32\RtkApi64.dll 2013-05-20 17:36 . 2013-07-12 14:33 2794056 ----a-w- c:\windows\system32\RtPgEx64.dll . . (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))))))))))))))))))))))))))) . . *Nota* entradas vazias e legítimas por padrão não são apresentadas. REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{F586CB96-7091-42ec-9829-F5D5CE65AFC1}] 2013-07-12 11:18 1220880 ----a-w- c:\program files (x86)\DIAL GmbH\DIALux\Dialux.BHO.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-06-03 10:35 1725128 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-06-03 10:35 1725128 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-06-03 10:35 1725128 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\Sandro Zanini\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\Sandro Zanini\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 130736 ----a-w- c:\users\Sandro Zanini\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "7e0"="c:\users\Sandro Zanini\AppData\Roaming\68\7e0.js" [X] "RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-07-01 160592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968] . c:\users\Sandro Zanini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\Sandro Zanini\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-5 27370808] Trillian.lnk - c:\program files (x86)\Trillian\trillian.exe [2013-6-17 2606448] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb] (necessary for internet banking) 2013-07-15 14:23 1410088 ------w- c:\program files (x86)\GbPlugin\gbieh.dll . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) "AppInit_DLLs"=c:\progra~2\NVIDIA~1\NVSTRE~1\rxinput.dll . R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [x] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x] R3 DialComService;DIAL Communication Service;c:\program files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe;c:\program files (x86)\DIAL GmbH\DIAL Communication Framework\DialComService.exe [x] R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x] R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x] R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x] R3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x] R3 WO_LiveService;Ashampoo LiveTuner Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerService.exe [x] S0 aswRvrt;aswRvrt; [x] S0 aswVmm;aswVmm; [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x] S1 aswFW;avast! TDI Firewall driver; [x] S1 aswKbd;aswKbd; [x] S1 aswNdisFlt;Avast! Firewall Driver;c:\windows\system32\DRIVERS\aswNdisFlt.sys;c:\windows\SYSNATIVE\DRIVERS\aswNdisFlt.sys [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\System32\drivers\dtsoftbus01.sys;c:\windows\SYSNATIVE\drivers\dtsoftbus01.sys [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x] S2 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x] S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe;c:\program files\AVAST Software\Avast\afwServ.exe [x] S2 Everything;Everything;c:\program files (x86)\Everything\Everything.exe;c:\program files (x86)\Everything\Everything.exe [x] S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x] S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x] S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 10\LiveTunerProcessMonitor64.sys [x] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x] S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x] S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x] S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [x] S3 ICCWDT;Intel® Watchdog Timer Driver (Intel® WDT);c:\windows\System32\drivers\ICCWDT.sys;c:\windows\SYSNATIVE\drivers\ICCWDT.sys [x] S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x] S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . Conteúdo da pasta 'Tarefas Agendadas' . 2013-08-14 c:\windows\Tasks\AdvancedDriverUpdater_UPDATES.job - c:\program files (x86)\Advanced Driver Updater\adu.exe [2013-05-16 21:20] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1] @="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}" [HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}] 2013-06-12 02:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2] @="{853B7E05-C47D-4985-909A-D0DC5C6D7303}" [HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}] 2013-06-12 02:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3] @="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}" [HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}] 2013-06-12 02:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)] @="{8BA85C75-763B-4103-94EB-9470F12FE0F7}" [HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}] 2013-06-03 10:33 2328264 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)] @="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" [HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}] 2013-06-03 10:33 2328264 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)] @="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" [HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}] 2013-06-03 10:33 2328264 ----a-w- c:\progra~1\MICROS~1\Office15\GROOVEEX.DLL . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\Sandro Zanini\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\Sandro Zanini\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\Sandro Zanini\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4] @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}] 2013-06-05 17:17 164016 ----a-w- c:\users\Sandro Zanini\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-05-21 13538376] "Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-07-27 1028896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=c:\progra~1\NVIDIA~1\NVSTRE~1\rxinput.dll . ------- Scan Suplementar ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local> IE: &Download All using 4shared Desktop - c:\program files (x86)\4shared Desktop\Desktop.32/D_ALL_LINK IE: &Download using 4shared Desktop - c:\program files (x86)\4shared Desktop\Desktop.32/D_ONE_LINK IE: &Enviar para o OneNote - c:\progra~1\MICROS~1\Office15\ONBttnIE.dll/105 IE: Anexar a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html IE: Anexar destino do link a PDF existente - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html IE: Converter destino do link em Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html IE: Converter em Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\Office15\EXCEL.EXE/3000 IE: Free YouTube Download - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm IE: Free YouTube to MP3 Converter - c:\program files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm Trusted Zone: bancobrasil.com.br\www (internet banking) Trusted Zone: bancobrasil.com.br\www14 Trusted Zone: bancobrasil.com.br\www2 Trusted Zone: bb.com.br\www TCP: DhcpNameServer = 201.21.192.167 201.21.192.162 201.6.4.116 Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL . - - - - ORFÃOS REMOVIDOS - - - - . AddRemove-DietPRO4 - Versão Demonstrativa - c:\windows\iun6002.exe AddRemove-EGR-ShellExtension - c:\programdata\{9559969E-5786-48CA-87AB-B7695EC37420}\EGR-ShellExtension_setup.exe AddRemove-pCon.planner 6.6 - c:\programdata\{5D563DDF-5A7F-498E-92F6-5EEFCD7FC8CF}\pcon.planner_setup.exe AddRemove-{31AE3593-448E-43AB-B865-C235F64B0FB5} - c:\programdata\{9559969E-5786-48CA-87AB-B7695EC37420}\EGR-ShellExtension_setup.exe AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Sandro Zanini\AppData\Roaming\unins000.exe AddRemove-{61FFF5E3-1D08-4F66-AC29-EF61963F2619} - c:\programdata\{5D563DDF-5A7F-498E-92F6-5EEFCD7FC8CF}\pcon.planner_setup.exe . . . --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Tempo para conclusão: 2013-08-16 10:35:34 ComboFix-quarantined-files.txt 2013-08-16 13:35 . Pré-execução: 107.520.970.752 bytes disponíveis Pós execução: 107.364.511.744 bytes disponíveis . - - End Of File - - 20AB677E3D66F6DB2E5F8424230BE087 671B81004FDD1588FA9ED1331C9CECA9
  7. Mr.Gringo, Still like additional information, I inform you that after restarting the machine, dreamweaver opened in edit mode with two java files that were placed in the "start" of Windows. Their names were: 7e0.js and 2d2D.js. .. as they were unaware that files, I see where they were located. the 7e0.js was hidden in one of the folders C: \ Users \ Sandro Zanini \ AppData \ Roaming \ and the 2d2D.js was in a folder cahmada "68" in C: \ ProgramData \ ... Using survey software "Everything" got access and deleted them and their respective shortcuts.
  8. Obrigado Gringo pela a ajuda. Segue os dois logs do ADWClenner e tambem do Junkware RT. Sigo aguardando novas instruções. [Google translator] Thanks for the help Gringo.Sending the two logs ADWClenner and also the junkware RT.I keep waiting for new instructions. # AdwCleaner v2.306 - Relatório criado em 14/08/2013 às 23:13:01# Atualizado em 19/07/2013 por Xplode# Sistema Operacional : Windows 8 Pro (64 bits)# Usuário : Sandro Zanini - SANDRO-PC# Modo de Boot : Normal# Executado de : H:\_Bibliotecas WIN8\Sandro Zanini\Downloads\AdwCleaner.exe# Opção [Remover] ***** [serviços] ***** ***** [Arquivos/Pastas] ***** Arquivo Removido : C:\WINDOWS\Tasks\Plus-HD-2.2-codedownloader.jobArquivo Removido : C:\WINDOWS\Tasks\Plus-HD-2.2-enabler.jobArquivo Removido : C:\WINDOWS\Tasks\Plus-HD-2.2-firefoxinstaller.jobArquivo Removido : C:\WINDOWS\Tasks\Plus-HD-2.2-updater.jobPasta Removido : C:\Program Files (x86)\Common Files\337Pasta Removido : C:\Program Files (x86)\HDvidCodec.comPasta Removido : C:\Program Files (x86)\P2P_TorrentPasta Removido : C:\Program Files (x86)\Plus-HD-2.2Pasta Removido : C:\ProgramData\boost_interprocessPasta Removido : C:\Users\Sandro Zanini\AppData\Local\SwvUpdaterPasta Removido : C:\Users\Sandro Zanini\AppData\Roaming\dvdvideosoftiehelpersPasta Removido : C:\Users\Sandro Zanini\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HDvidCodec.comPasta Removido : C:\Users\Sandro Zanini\AppData\Roaming\OpenCandyPasta Removido : C:\Users\Sandro Zanini\AppData\Roaming\Tencent ***** [Registro] ***** Chave Removida : HKCU\Software\1ClickDownloadChave Removida : HKCU\Software\AppDataLow\Software\CrossriderChave Removida : HKCU\Software\AppDataLow\Software\P2P_TorrentChave Removida : HKCU\Software\AppDataLow\Software\Plus-HD-2.2Chave Removida : HKCU\Software\InstalledBrowserExtensionsChave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311301136}Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}Chave Removida : HKCU\Software\systweakChave Removida : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}Chave Removida : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLLChave Removida : HKLM\SOFTWARE\Classes\CrossriderApp0033036.BHOChave Removida : HKLM\SOFTWARE\Classes\CrossriderApp0033036.BHO.1Chave Removida : HKLM\SOFTWARE\Classes\CrossriderApp0033036.SandboxChave Removida : HKLM\SOFTWARE\Classes\CrossriderApp0033036.Sandbox.1Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440344304436}Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}Chave Removida : HKLM\Software\IminentChave Removida : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCSChave Removida : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCSChave Removida : HKLM\Software\P2P_TorrentChave Removida : HKLM\Software\Plus-HD-2.2Chave Removida : HKLM\Software\systweakChave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110311301136}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220322302236}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550355305536}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660366306636}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\kpkbnefaikfaeadgidhpoanckoiaheliChave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311301136}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownloadChave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Plus-HD-2.2Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARPChave Removida : HKLM\SOFTWARE\Classes\CLSID\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550355305536}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660366306636}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}Chave Removida : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}Chave Removida : HKLM\SOFTWARE\Tarma Installer ***** [Navegadores] ***** -\\ Internet Explorer v10.0.9200.16537 [OK] Registro está limpo. ************************* AdwCleaner[R1].txt - [14635 octets] - [14/08/2013 23:12:22]AdwCleaner[s1].txt - [14359 octets] - [14/08/2013 23:13:01] ########## EOF - C:\AdwCleaner[s1].txt - [14420 octets] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 5.4.5 (08.13.2013:1)OS: Windows 8 Pro x64Ran by Sandro Zanini on 14/08/2013 at 23:28:57,74~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}Failed to delete: [Registry Key] HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC} ~~~ Files Failed to delete: [File] "C:\WINDOWS\wininit.ini" ~~~ Folders Successfully deleted: [Folder] "C:\Users\Sandro Zanini\AppData\Roaming\systweak" ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 14/08/2013 at 23:34:02,40End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  9. Esta é a mensagem que tenho recebido constantemente do AVAST. Sempre que abro o browser ...sempre abre uma segunda janela que foi direcionada para outros dominios. como exemplo: o ultimo foi este: http://newsalert.timehares.com/?sov=62570201&hid=fpnprltlhjhjhvnj&ctrl1=nodl&id=XNSX.nodl O avast entra em ação e mostra essa mensagem URL: http://newsalert.timehares.com/?sov Process: C:\Users\Sandro Zanini\AppData\Local\Map... Infection: URL:Mal Tenho instalado também o Malwarebytes mas mesmo fazendo scan completo não consegui me livrar dessa praga. Seguindo as instruções, segue os log do DDS: Agradeço antecipadamente. Sandro Zanini attach.txt dds.txt
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.