Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Pedroalves

[Resolvido] Processo estranho

Recommended Posts

do nada aparece-me um processo cmd do nada sem eu sequer ter chamado a linha de commandos do windows

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:44:59, on 17-11-2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17420)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\PROGRAM FILES (X86)\INSTALLSHIELD INSTALLATION INFORMATION\{E6931688-DA2B-4E16-8539-3D323D69C677}\AICHARGERPLUS.EXE
C:\PROGRAM FILES (X86)\INTEL\INTEL® USB 3.0 EXTENSIBLE HOST CONTROLLER DRIVER\APPLICATION\IUSB3MON.EXE
C:\PROGRAM FILES (X86)\D-LINK\DWL-G122_DWA-110\AIRGCFG.EXE
C:\Users\Pedro\APPDATA\LOCAL\AKAMAI\NETSESSION_WIN.EXE
C:\Users\Pedro\AppData\Local\Akamai\netsession_win.exe
C:\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O2 - BHO: Microsoft Web Test Recorder 12.0 Helper - {432dd630-7e03-4c97-9d62-b99f52df4fc2} - C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\Adobe Contribute CS5.1\Plugins\IEPlugin\contributeieplugin.dll
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O8 - Extra context menu item: E&nviar para o OneNote - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ANIWConn Service (ANIWConnService) - Unknown owner - C:\Windows\system32\ANIWConnService.exe
O23 - Service: ASUS Com Service (asComSvc) - Unknown owner - C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
O23 - Service: ASGT - Unknown owner - C:\Windows\SysWOW64\ASGT.exe
O23 - Service: ASUS HM Com Service (asHmComSvc) - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
O23 - Service: AsusFanControlService - ASUSTeK Computer Inc. - C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe
O23 - Service: Xamarin Bonjour Service (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Xamarin\Bonjour\mDNSResponder.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit (mi-raysat_3dsmax2013_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TomTomHOMEService - TomTom - C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.21\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.20\bin\mysqld.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 13640 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Pedroalves

 

> Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )
>
> Ou daqui: < AdwCleaner >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!
< Executar_Administrador.jpg >
> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.
AdwCleaner_Examinar_zps828ed634.jpg
> Ps: Dê início ao scan,clicando em "Examinar".
< AdwCleaner_Limpar_zps06005ae9.jpg >
> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

boa noite DigRam

segue se relatorio

# AdwCleaner v4.101 - Report created 17/11/2014 at 22:57:17
# Updated 09/11/2014 by Xplode
# Database : 2014-11-07.1 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Pedro - PEDRO-PC
# Running from : C:\Users\Pedro\Desktop\adwcleaner_4.101.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Pedro\AppData\Local\CrashRpt
File Deleted : C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\a17eb6yi.default-1402841639684\user.js

***** [ Scheduled Tasks ] *****

Task Deleted : Driver Booster Scan
Task Deleted : Driver Booster Update

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\GoogleUpdate.exe

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17420


-\\ Mozilla Firefox v33.1.1 (x86 pt-PT)


-\\ Google Chrome v

[C:\Users\Pedro\AppData\Local\Google\Chrome\User Data\Default\preferences] - Deleted [Extension] : nfengeggddojhakldhlpjdlddgkkjkdd

*************************

AdwCleaner[R0].txt - [1535 octets] - [17/11/2014 22:54:26]
AdwCleaner[s0].txt - [1464 octets] - [17/11/2014 22:57:17]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1524 octets] ##########

o processo cmd so me aparace quando estou ligado a internet

Compartilhar este post


Link para o post
Compartilhar em outros sites
  • Boa Noite! Pedroalves
  • Baixe: < desktopicon.png > ( ... by Swearware )
  • Salve-o no desktop! ( Área de trabalho! )
  • Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )
  • Feche algum programa/arquivo que esteja aberto.
  • Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )
  • Ps: Esteja conectado(a) à Internet. << Importante!
  • É preciso estar logado no sistema com privilégios de administrador.
  • Execute ComboFix.exe,com um duplo clique.

qCVSHxOR.jpg

  • Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.
  • Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.
  • Abrir-se-á a janela Auto Scan.
  • Aguarde a finalização de todas as Etapas.
  • Durante o scan,evite utilizar o mouse ou teclado!
  • Concluindo,poste: C:\ComboFix.txt

"Tentativa de operaçao ilegal em uma chave do Registro marcada para exclusão."

  • Ao ocorrer este erro,basta reiniciar o computador!
  • "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."
  • Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

segue -se o log do combofix

ComboFix 14-11-17.01 - Pedro 18-11-2014 0:34.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.351.2070.18.4032.2473 [GMT 0:00]
Executando de: c:\users\Pedro\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Internet Security *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Internet Security *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\INSTALL.LOG
c:\users\Pedro\AppData\Local\assembly\tmp
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2014-10-18 to 2014-11-18 ))))))))))))))))))))))))))))
.
.
2014-11-18 00:41 . 2014-11-18 00:41 -------- d-----w- c:\users\MSSQL$SQLEXPRESS\AppData\Local\temp
2014-11-18 00:41 . 2014-11-18 00:41 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-11-17 22:54 . 2014-11-17 22:57 -------- d-----w- C:\AdwCleaner
2014-11-14 15:35 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E46B291-8ECA-406D-B43B-73B1EE67E435}\mpengine.dll
2014-11-14 15:26 . 2014-10-14 02:16 155064 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-11-14 15:23 . 2014-10-14 02:13 3241984 ----a-w- c:\windows\system32\msi.dll
2014-11-14 15:23 . 2014-10-14 01:50 2363904 ----a-w- c:\windows\SysWow64\msi.dll
2014-11-14 15:23 . 2014-10-18 02:05 861696 ----a-w- c:\windows\system32\oleaut32.dll
2014-11-14 15:23 . 2014-10-18 01:33 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2014-11-11 16:33 . 2014-11-03 20:25 615568 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-11-11 16:24 . 2010-05-26 11:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-11-11 16:24 . 2010-05-26 11:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2014-11-11 16:24 . 2010-05-26 11:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-11-11 16:24 . 2010-05-26 11:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2014-11-11 16:24 . 2010-05-26 11:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-11-11 16:24 . 2010-05-26 11:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-11-11 16:23 . 2014-10-03 19:23 38216 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-11-11 16:23 . 2014-10-03 19:23 32584 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-11-04 15:24 . 2014-10-30 04:53 1876296 ----a-w- c:\windows\system32\nvdispco6434460.dll
2014-11-04 15:24 . 2014-10-30 04:53 1539272 ----a-w- c:\windows\system32\nvdispgenco6434460.dll
2014-11-02 01:07 . 2014-11-02 01:07 -------- d-----w- c:\programdata\Nexon
2014-11-01 15:21 . 2014-11-01 15:21 -------- d-----w- c:\users\Pedro\AppData\Local\My Games
2014-11-01 15:05 . 2014-11-01 15:05 -------- d-----w- C:\temp
2014-11-01 15:03 . 2014-10-16 16:54 1876296 ----a-w- c:\windows\system32\nvdispco6434448.dll
2014-11-01 15:03 . 2014-10-16 16:54 1539272 ----a-w- c:\windows\system32\nvdispgenco6434448.dll
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-11-17 21:35 . 2014-04-24 18:36 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-11-17 16:03 . 2014-06-01 12:04 4268496 ----a-w- c:\windows\PE_Rom.dll
2014-11-14 16:07 . 2014-04-01 18:46 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-14 16:07 . 2014-04-01 18:46 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-11-14 15:29 . 2014-04-01 17:25 103374192 ----a-w- c:\windows\system32\MRT.exe
2014-11-06 17:06 . 2014-06-02 13:36 1291280 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-11-06 17:06 . 2014-04-02 18:19 2197680 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-11-06 17:06 . 2014-06-02 13:36 1715224 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-11-06 17:06 . 2014-04-02 18:19 2800296 ----a-w- c:\windows\system32\nvspcap64.dll
2014-11-04 14:30 . 2014-04-04 14:38 275080 ------w- c:\windows\system32\MpSigStub.exe
2014-11-04 00:04 . 2014-04-02 10:39 16884632 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-11-04 00:04 . 2014-04-01 14:51 73872 ----a-w- c:\windows\system32\OpenCL.dll
2014-11-04 00:04 . 2014-04-01 14:51 59592 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-11-04 00:04 . 2014-04-01 14:48 20985544 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-11-04 00:04 . 2014-04-01 14:48 987520 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-11-04 00:04 . 2014-04-01 14:47 3238040 ----a-w- c:\windows\system32\nvapi64.dll
2014-11-03 22:02 . 2014-04-01 14:51 6882448 ----a-w- c:\windows\system32\nvcpl.dll
2014-11-03 22:02 . 2014-04-01 14:51 3531464 ----a-w- c:\windows\system32\nvsvc64.dll
2014-11-03 22:02 . 2014-04-01 14:51 935232 ----a-w- c:\windows\system32\nvvsvc.exe
2014-11-03 22:02 . 2014-04-01 14:51 61640 ----a-w- c:\windows\system32\nvshext.dll
2014-11-03 22:02 . 2014-04-01 14:51 385352 ----a-w- c:\windows\system32\nvmctray.dll
2014-11-03 22:02 . 2014-04-01 14:51 2558792 ----a-w- c:\windows\system32\nvsvcr.dll
2014-11-03 11:58 . 2014-04-01 14:51 4099264 ----a-w- c:\windows\system32\nvcoproc.bin
2014-10-03 19:23 . 2014-04-01 14:52 35144 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-10-01 11:11 . 2014-04-24 18:36 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-10-01 11:11 . 2014-04-24 18:36 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-01 11:11 . 2014-04-24 18:36 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-09-25 02:08 . 2014-10-01 13:30 371712 ----a-w- c:\windows\system32\qdvd.dll
2014-09-25 01:40 . 2014-10-01 13:30 519680 ----a-w- c:\windows\SysWow64\qdvd.dll
2014-09-17 04:51 . 2014-09-19 16:08 31520 ----a-w- c:\windows\system32\nvhdap64.dll
2014-09-17 04:51 . 2014-09-19 16:08 197408 ----a-w- c:\windows\system32\drivers\nvhda64v.sys
2014-09-17 04:51 . 2014-03-20 22:02 1538880 ----a-w- c:\windows\system32\nvhdagenco6420103.dll
2014-09-13 23:48 . 2014-09-19 16:08 1876296 ----a-w- c:\windows\system32\nvdispco6434411.dll
2014-09-13 23:48 . 2014-09-19 16:08 1539272 ----a-w- c:\windows\system32\nvdispgenco6434411.dll
2014-09-09 22:11 . 2014-09-24 12:15 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-09 21:47 . 2014-09-24 12:15 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-05 02:11 . 2014-10-15 12:56 6584320 ----a-w- c:\windows\system32\mstscax.dll
2014-09-05 01:52 . 2014-10-15 12:56 5703168 ----a-w- c:\windows\SysWow64\mstscax.dll
2014-09-04 05:23 . 2014-10-15 12:56 424448 ----a-w- c:\windows\system32\rastls.dll
2014-09-04 05:04 . 2014-10-15 12:56 372736 ----a-w- c:\windows\SysWow64\rastls.dll
2014-08-29 02:07 . 2014-10-15 12:57 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2014-08-23 02:07 . 2014-09-04 12:42 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-09-04 12:42 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Pedro\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Pedro\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Pedro\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ANIWZCS2Service"="c:\program files (x86)\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2009-08-21 98304]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2013\avp.exe" [2014-04-25 356128]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-08-21 959176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 1210838drv;1210838drv;c:\windows\system32\DRIVERS\1210838drv.sys;c:\windows\SYSNATIVE\DRIVERS\1210838drv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 LiveUpdateSvc;LiveUpdate;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe;c:\program files (x86)\IObit\LiveUpdate\LiveUpdate.exe [x]
R2 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssadmdm.sys [x]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys;c:\windows\SYSNATIVE\DRIVERS\ssadserd.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe;c:\program files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys;c:\windows\SYSNATIVE\Drivers\VBoxUSB.sys [x]
R3 VsEtwService120;Visual Studio ETW Event Collection Service;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe;c:\program files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [x]
R3 WatAdminSvc;Serviço de Tecnologias de Activação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R4 RsFx0200;RsFx0200 Driver;c:\windows\system32\DRIVERS\RsFx0200.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0200.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL11.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Controlador do comutador do controlo do anfitrião Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S0 vsock;vSockets Driver;c:\windows\system32\drivers\vsock.sys;c:\windows\SYSNATIVE\drivers\vsock.sys [x]
S1 anodlwf;ANOD Network Security Filter driver;c:\windows\system32\DRIVERS\anodlwfx.sys;c:\windows\SYSNATIVE\DRIVERS\anodlwfx.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys;c:\windows\SYSNATIVE\DRIVERS\ndisrd.sys [x]
S2 AdvancedSystemCareService7;Advanced SystemCare Service 7;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe;c:\program files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [x]
S2 ANIWConnService;ANIWConn Service;c:\windows\system32\ANIWConnService.exe;c:\windows\SYSNATIVE\ANIWConnService.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [x]
S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe;c:\windows\SysWOW64\ASGT.exe [x]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe;c:\program files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [x]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe;c:\program files (x86)\ASUS\AsusFanControlService\1.04.01\AsusFanControlService.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 mi-raysat_3dsmax2013_64;mental ray 3.10 Satellite for Autodesk 3ds Max 2013 64-bit;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe;c:\program files\Autodesk\3ds Max 2013\NVIDIA\raysat_3dsmax2013_64server.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe;c:\program files (x86)\TomTom HOME 2\TomTomHOMEService.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vstor2-mntapi20-shared;Vstor2 MntApi 2.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi20-shared.sys;SysWOW64\drivers\vstor2-mntapi20-shared.sys [x]
S3 AiChargerPlus;AiChargerPlus;SysWow64\drivers\AiChargerPlus.sys;SysWow64\drivers\AiChargerPlus.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys;SysWow64\drivers\ASUSFILTER.sys [x]
S3 iusb3hub;Controlador do concentrador Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Controlador do controle do anfitrião eXtensível Intel® USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-11-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-01 16:07]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}]
2014-05-28 11:47 2471744 ----a-w- c:\program files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2014-05-23 01:10 671904 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2014-05-23 01:10 671904 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2014-05-23 01:10 671904 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Pedro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Pedro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Pedro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Pedro\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2013-08-07 36352]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-11-06 2800296]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-11-06 2464072]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&nviar para o OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\a17eb6yi.default-1402841639684\
FF - prefs.js: browser.startup.homepage - google.pt
FF - prefs.js: network.proxy.type - 0
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-2955925240-1096623219-443652941-1000\Software\SecuROM\License information*]
"datasecu"=hex:4f,dc,3e,35,c3,7b,c2,78,ca,01,f4,cc,2b,f3,e4,8d,04,cd,4d,f8,08,
e7,53,ba,81,0e,30,b3,64,ad,0b,4a,07,a1,fa,fb,63,a3,eb,b9,22,ef,98,ac,9e,b4,\
"rkeysecu"=hex:62,7a,78,dd,04,3a,83,1b,6a,e7,29,66,14,87,a4,1e
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_223_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_223.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ANIWConnService.exe
c:\program files (x86)\ASUS\AI Suite III\AISuite3.exe
c:\program files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
c:\program files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
c:\program files (x86)\Xamarin\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Tempo para conclusão: 2014-11-18 00:52:25 - Máquina reiniciou
ComboFix-quarantined-files.txt 2014-11-18 00:52
.
Pré-execução: 325.945.147.392 bytes livres
Pós execução: 325.337.780.224 bytes livres
.
- - End Of File - - 0EED820B22CD76C9B9B193876438B25F
A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Pedroalves

 

> Baixe: < Eset_smartin_zps130308b3.jpg >
> Salve-o no desktop!
> Desabilite seu antivírus e execute o arquivo esetsmartinstaller_enu.exe <<
> Aceite o contrato e marque: "YES, I accept the Terms of Use"
> Clique: "Start"
Eset_Onlinescanner_zps8a445796.jpg
> Em "Computer scan settings",marque:
<*> Enable detection of potentially unwanted applications
> Em "Hide advanced settings",marque:
<1> Scan archives
<2> Scan for potentially unsafe applications
<3> Enable Anti-Stealth technology
<4> Remove found threats
> Clique em "Advanced settings".
> Clique "Change" e marque a caixa "Computador".
> Clique: "Start" >> Aguarde! ( Pode durar algumas horas,esse scan... )
> Ao concluir,clique em "List of found threats".
> Clique em "Export to text file" e salve o relatório no desktop.
> Clique "Back" >> "Finish".
> Poste o relatório!
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

esquecime de mudar o scan para o computador devo fazer o scan de novo

C:\Users\All Users\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted

application
C:\ProgramData\IObit\ASCDownloader\ASCSetup.exe a variant of Win32/Toolbar.Widgi.B potentially unwanted application deleted - quarantined
F:\Downloads\jogos\Thief-RELOADED\rld-thief.iso a variant of Win32/HackTool.Crack.CS potentially unsafe application deleted - quarantined
F:\Program Files (x86)\Resident Evil 6\steam_api.dll Win32/HackTool.Crack.BQ potentially unsafe application deleted - quarantined

Compartilhar este post


Link para o post
Compartilhar em outros sites

 

 

esquecime de mudar o scan para o computador devo fazer o scan de novo

Olá! Pedroalves

 

> Pode repetir!

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Pedroalves

 

> Baixe: < FRST_Logo.jpg > ( ... by Farbar )
> Ou aqui,para sistemas 64bit!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".
Ivx5Hrwf.jpg
> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na execução da ferramenta.
> Poste o relatório! (FRST.txt + Addition.txt)
> Como o log será extenso,envie-o à Pjjoint.malekal.
> Ou acesse: < Cjoint_Logo.jpg >
> Maiores informações: < |Link| >
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa Noite! Pedroalves


> Desinstale:C:\Program Files (x86)\IObit\Advanced SystemCare 7 <<


> Copie estas informações que estão em vermelho,para o Bloco de Notas.

> Salve-a com o nome fixlist.txt.

> Salve-a no desktop! ( Área de trabalho ... ) /!\ (C:\Users\Pedro\Desktop) /!\


start

CloseProcesses:

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

SearchScopes: HKLM-x32 -> DefaultScope value is missing.

SearchScopes: HKU\S-1-5-21-2955925240-1096623219-443652941-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)

FF Extension: No Name - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\a17eb6yi.default-1402841639684\extensions\ascsurfingprotection@iobit.com [Not Found]

FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]

S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]

2014-11-18 18:48 - 2014-11-18 18:48 - 00000531 _____ () C:\Users\Pedro\Desktop\antivirus.txt

2014-11-18 00:54 - 2014-11-18 00:54 - 00031295 _____ () C:\Users\Pedro\Desktop\combo.txt

2014-11-18 00:52 - 2014-11-18 00:52 - 00031295 _____ () C:\ComboFix.txt

2014-11-18 00:32 - 2014-11-18 00:52 - 00000000 ____D () C:\Qoobox

2014-11-18 00:32 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe

2014-11-18 00:32 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe

2014-11-18 00:32 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe

2014-11-18 00:32 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe

2014-11-18 00:32 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe

2014-11-18 00:32 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe

2014-11-18 00:32 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe

2014-11-18 00:32 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe

2014-11-18 00:25 - 2014-11-18 00:25 - 05598319 ____R (Swearware) C:\Users\Pedro\Desktop\ComboFix.exe

2014-11-17 22:59 - 2014-11-17 22:59 - 00001612 _____ () C:\Users\Pedro\Desktop\AdwCleaner[s0].txt

2014-11-17 22:54 - 2014-11-17 22:57 - 00000000 ____D () C:\AdwCleaner

2014-11-17 22:53 - 2014-11-17 22:53 - 02140160 _____ () C:\Users\Pedro\Desktop\adwcleaner_4.101.exe

2014-11-18 22:22 - 2014-04-01 14:24 - 01992589 _____ () C:\Windows\WindowsUpdate.log

2014-11-17 21:35 - 2014-04-24 18:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-11-17 15:44 - 2014-04-26 17:00 - 00000000 ____D () C:\HiJackThis

2014-11-05 15:10 - 2014-04-24 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-11-05 15:10 - 2014-04-24 18:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-04-01 16:33 - 2013-10-25 11:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll

Task: {5C2B2056-9EBE-4D0A-9B37-8E80D41EBC4E} - System32\Tasks\Driver Booster SkipUAC (Pedro) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-08-06] (IObit)

Task: {AE8FA6E0-5E02-46A7-94E1-BF0BA30433E7} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit)

Task: {B850E69F-81FC-4943-BE8E-BC900CB08010} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe

Task: {F8567195-392A-46EB-8328-7AF9FC077A85} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)

AlternateDataStreams: C:\Users\Pedro\Definições locais:rjCp7gkyuhhBr7aBdLrF9iSu

AlternateDataStreams: C:\Users\Pedro\AppData\Local:rjCp7gkyuhhBr7aBdLrF9iSu

AlternateDataStreams: C:\Users\Pedro\AppData\Local\9zPXtZualj:47D5VyMp4XuwTgBjUbA

AlternateDataStreams: C:\Users\Pedro\AppData\Local\Application Data:rjCp7gkyuhhBr7aBdLrF9iSu

C:\Users\Pedro\AppData\Local\Temp\nvStInst.exe

C:\Program Files (x86)\IObit\Advanced SystemCare 7

emptytemp:

end


> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!

> Na mensagem,clique Executar.

> Poste o relatório! (Fixlog.txt)


A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite segue-se o log que me pediste

eu desconfio que o problema vinha do Advance System Care e Software da mesma companhia que tinha instalado

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-11-2014
Ran by Pedro at 2014-11-18 23:35:39 Run:1
Running from C:\Users\Pedro\Desktop
Loaded Profiles: Pedro & MSSQL$SQLEXPRESS (Available profiles: Pedro & MSSQL$SQLEXPRESS)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope value is missing.
SearchScopes: HKU\S-1-5-21-2955925240-1096623219-443652941-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
FF Extension: No Name - C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\a17eb6yi.default-1402841639684\extensions\ascsurfingprotection@iobit.com [Not Found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [881952 2014-01-14] (IObit)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VBoxNetFlt; system32\DRIVERS\VBoxNetFlt.sys [X]
S3 WinRing0_1_2_0; \??\C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [X]
2014-11-18 18:48 - 2014-11-18 18:48 - 00000531 _____ () C:\Users\Pedro\Desktop\antivirus.txt
2014-11-18 00:54 - 2014-11-18 00:54 - 00031295 _____ () C:\Users\Pedro\Desktop\combo.txt
2014-11-18 00:52 - 2014-11-18 00:52 - 00031295 _____ () C:\ComboFix.txt
2014-11-18 00:32 - 2014-11-18 00:52 - 00000000 ____D () C:\Qoobox
2014-11-18 00:32 - 2011-06-26 06:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-11-18 00:32 - 2010-11-07 17:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-11-18 00:32 - 2009-04-20 04:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-11-18 00:32 - 2000-08-31 00:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-11-18 00:32 - 2000-08-31 00:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-11-18 00:32 - 2000-08-31 00:00 - 00098816 _____ () C:\Windows\sed.exe
2014-11-18 00:32 - 2000-08-31 00:00 - 00080412 _____ () C:\Windows\grep.exe
2014-11-18 00:32 - 2000-08-31 00:00 - 00068096 _____ () C:\Windows\zip.exe
2014-11-18 00:25 - 2014-11-18 00:25 - 05598319 ____R (Swearware) C:\Users\Pedro\Desktop\ComboFix.exe
2014-11-17 22:59 - 2014-11-17 22:59 - 00001612 _____ () C:\Users\Pedro\Desktop\AdwCleaner[s0].txt
2014-11-17 22:54 - 2014-11-17 22:57 - 00000000 ____D () C:\AdwCleaner
2014-11-17 22:53 - 2014-11-17 22:53 - 02140160 _____ () C:\Users\Pedro\Desktop\adwcleaner_4.101.exe
2014-11-18 22:22 - 2014-04-01 14:24 - 01992589 _____ () C:\Windows\WindowsUpdate.log
2014-11-17 21:35 - 2014-04-24 18:36 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-17 15:44 - 2014-04-26 17:00 - 00000000 ____D () C:\HiJackThis
2014-11-05 15:10 - 2014-04-24 18:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-05 15:10 - 2014-04-24 18:36 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-01 16:33 - 2013-10-25 11:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
Task: {5C2B2056-9EBE-4D0A-9B37-8E80D41EBC4E} - System32\Tasks\Driver Booster SkipUAC (Pedro) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-08-06] (IObit)
Task: {AE8FA6E0-5E02-46A7-94E1-BF0BA30433E7} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-05-06] (IObit)
Task: {B850E69F-81FC-4943-BE8E-BC900CB08010} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe
Task: {F8567195-392A-46EB-8328-7AF9FC077A85} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-08-21] (Piriform Ltd)
AlternateDataStreams: C:\Users\Pedro\Definições locais:rjCp7gkyuhhBr7aBdLrF9iSu
AlternateDataStreams: C:\Users\Pedro\AppData\Local:rjCp7gkyuhhBr7aBdLrF9iSu
AlternateDataStreams: C:\Users\Pedro\AppData\Local\9zPXtZualj:47D5VyMp4XuwTgBjUbA
AlternateDataStreams: C:\Users\Pedro\AppData\Local\Application Data:rjCp7gkyuhhBr7aBdLrF9iSu
C:\Users\Pedro\AppData\Local\Temp\nvStInst.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 7
emptytemp:
end
*****************

Processes closed successfully.
C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM => value deleted successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKU\S-1-5-21-2955925240-1096623219-443652941-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key not found.
"HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key not found.
C:\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\a17eb6yi.default-1402841639684\extensions\ascsurfingprotection@iobit.com not found.
C:\Program Files (x86)\IObit Apps Toolbar\FF not found.
AdvancedSystemCareService7 => Service not found.
catchme => Service deleted successfully.
EagleX64 => Service deleted successfully.
VBoxNetFlt => Service deleted successfully.
WinRing0_1_2_0 => Service deleted successfully.
C:\Users\Pedro\Desktop\antivirus.txt => Moved successfully.
C:\Users\Pedro\Desktop\combo.txt => Moved successfully.
C:\ComboFix.txt => Moved successfully.
C:\Qoobox => Moved successfully.
C:\Windows\PEV.exe => Moved successfully.
C:\Windows\MBR.exe => Moved successfully.
C:\Windows\NIRCMD.exe => Moved successfully.
C:\Windows\SWREG.exe => Moved successfully.
C:\Windows\SWSC.exe => Moved successfully.
C:\Windows\sed.exe => Moved successfully.
C:\Windows\grep.exe => Moved successfully.
C:\Windows\zip.exe => Moved successfully.
C:\Users\Pedro\Desktop\ComboFix.exe => Moved successfully.
C:\Users\Pedro\Desktop\AdwCleaner[s0].txt => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\Pedro\Desktop\adwcleaner_4.101.exe => Moved successfully.
Could not move "C:\Windows\WindowsUpdate.log" => Scheduled to move on reboot.
C:\Windows\system32\Drivers\MBAMSwissArmy.sys => Moved successfully.
C:\HiJackThis => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware => Moved successfully.
C:\Program Files (x86)\Malwarebytes Anti-Malware => Moved successfully.
"C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5C2B2056-9EBE-4D0A-9B37-8E80D41EBC4E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C2B2056-9EBE-4D0A-9B37-8E80D41EBC4E}" => Key deleted successfully.
C:\Windows\System32\Tasks\Driver Booster SkipUAC (Pedro) => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Driver Booster SkipUAC (Pedro)" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE8FA6E0-5E02-46A7-94E1-BF0BA30433E7}" => Key not found.
C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator" => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B850E69F-81FC-4943-BE8E-BC900CB08010}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B850E69F-81FC-4943-BE8E-BC900CB08010}" => Key deleted successfully.
C:\Windows\System32\Tasks\Game_Booster_AutoUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Game_Booster_AutoUpdate" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F8567195-392A-46EB-8328-7AF9FC077A85}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F8567195-392A-46EB-8328-7AF9FC077A85}" => Key deleted successfully.
C:\Windows\System32\Tasks\CCleanerSkipUAC => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC" => Key deleted successfully.
"C:\Users\Pedro\Definições locais" => ":rjCp7gkyuhhBr7aBdLrF9iSu" ADS not found.
C:\Users\Pedro\AppData\Local => ":rjCp7gkyuhhBr7aBdLrF9iSu" ADS removed successfully.
C:\Users\Pedro\AppData\Local\9zPXtZualj => ":47D5VyMp4XuwTgBjUbA" ADS removed successfully.
"C:\Users\Pedro\AppData\Local\Application Data" => ":rjCp7gkyuhhBr7aBdLrF9iSu" ADS not found.
C:\Users\Pedro\AppData\Local\Temp\nvStInst.exe => Moved successfully.
"C:\Program Files (x86)\IObit\Advanced SystemCare 7" => File/Directory not found.
EmptyTemp: => Removed 104.6 MB temporary data.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-11-18 23:38:56)<=

C:\Windows\WindowsUpdate.log => Is moved successfully.

==== End of Fixlog ====

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Pedroalves

 

> Essa é a última ferramenta que utilizaremos! ( OTS )

 

> Baixe: < 331oifp.png > ( ... by Old Timer )
> Salve-o no desktop ou C:\.
> Duplo-clique em OTS.exe.
> Ps: Para Windows Vista ou 7,dê clique direito e execute OTS.exe como administrador.
adpvC8bl.jpg
> Na opção "Additional Scans",clique em "Extras".
> Marque as caixinhas:
[] Reg - NetSvcs
[] File - Lop Check
64bitscan.png
> Para SO 64 bits,marque a caixinha!
> Em "Basic Scans",marque as caixinhas:
[] Use Company Name Whitelist
[] Skip Microsoft Files
%systemdrive%\*.*
%systemdrive%\drivers\*.exe
%systemroot%\system32\drivers\*.* /90
%programfiles%\*.*
%localappdata%\*.exe
%localappdata%\*.txt
%localappdata%\*.ini
%localappdata%\*.dll
%localappdata%\*.dat
%userprofile%\*.exe
%userprofile%\*.txt
%userprofile%\*.ini
%userprofile%\*.dll
%userprofile%\*.dat /30
%appdata%\*.*
%systemroot%\system32\tasks\*.*
%windir%\tasks\*.*
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Attachments
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_ENABLE_SCRIPT_PASTE_URLACTION_IF_PROMPT
OTS_CustomScans.jpg
> Copie e cole estas informações que estão no Code,para o campo "Custom Scans".
> À seguir,clique em 2lasxtt.png
> Ao concluir,abrir-se-á o Bloco de Notas,com o relatório. ( OTS.txt )
> Poste-o em sua resposta!
> Acesse para isso! ( cjoint.com ou myfile.tk )
Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa Noite! Pedroalves


> Abra a ferramenta OTS.


[unregister Dlls]

[Registry - Safe List]

< FireFox Extensions [Program Folders] > ->

YY -> No name found -> C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF

YY -> No name found -> C:\USERS\PEDRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A17EB6YI.DEFAULT-1402841639684\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM

< Internet Explorer Extensions [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\

YY -> {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec [HKLM] -> C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe [button: PokerStars]

< 64bit-SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]

< SSODL [HKEY_LOCAL_MACHINE] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad

YN -> "{E6FB5E20-DE35-11CF-9C87-00AA005127ED}" [HKLM] -> Reg Error: Key error. [WebCheck]

[Registry - Additional Scans - Safe List]

< Uninstall List [HKEY_LOCAL_MACHINE\] > -> HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

YN -> ESET Online Scanner -> ESET Online Scanner v3

YN -> Malwarebytes Anti-Malware_is1 -> Malwarebytes Anti-Malware versão 2.0.3.1025

YN -> PokerStars -> PokerStars

[Files/Folders - Created Within 30 Days]

NY -> MBAMSwissArmy.sys -> C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

NY -> FRST -> C:\FRST

NY -> FRST64.exe -> C:\Users\Pedro\Desktop\FRST64.exe

NY -> ESET -> C:\Program Files (x86)\ESET

NY -> esetsmartinstaller_enu.exe -> C:\Users\Pedro\Desktop\esetsmartinstaller_enu.exe

[Files/Folders - Modified Within 30 Days]

NY -> MBAMSwissArmy.sys -> C:\Windows\SysNative\drivers\MBAMSwissArmy.sys

NY -> FRST64.exe -> C:\Users\Pedro\Desktop\FRST64.exe

NY -> esetsmartinstaller_enu.exe -> C:\Users\Pedro\Desktop\esetsmartinstaller_enu.exe

[File - Lop Check]

NY -> IObit -> C:\Users\Default\AppData\Roaming\IObit

NY -> IObit -> C:\Users\Default User\AppData\Roaming\IObit

NY -> IObit -> C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\IObit

NY -> IObit -> C:\Users\Pedro\AppData\Roaming\IObit

NY -> SCHEDLGU.TXT -> C:\Windows\Tasks\SCHEDLGU.TXT

[Custom Scans]

YY -> DelFix.txt -> C:\DelFix.txt

YY -> eula.1028.txt -> C:\eula.1028.txt

YY -> eula.1031.txt -> C:\eula.1031.txt

YY -> eula.1033.txt -> C:\eula.1033.txt

YY -> eula.1036.txt -> C:\eula.1036.txt

YY -> eula.1040.txt -> C:\eula.1040.txt

YY -> eula.1041.txt -> C:\eula.1041.txt

YY -> eula.1042.txt -> C:\eula.1042.txt

YY -> eula.2052.txt -> C:\eula.2052.txt

YY -> eula.3082.txt -> C:\eula.3082.txt

YY -> ola.txt -> C:\ola.txt

YY -> PureRa.txt -> C:\PureRa.txt

YY -> SCHEDLGU.TXT -> C:\Windows\tasks\SCHEDLGU.TXT

[empty temp folders]

[reboot]


> Cole estas informações que estão em vermelho,para o campo: "Paste Fix Here"


OTS_RunFix.jpg


> Clique em Run Fix >> Aguarde!

> Terminando,poste o relatório: C:\_OTS\MovedFiles\OTS.txt


A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia segue-se o log que me pediu

All Processes Killed
[Registry - Safe List]
File C:\PROGRAM FILES (X86)\IOBIT APPS TOOLBAR\FF not found.
File C:\USERS\PEDRO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\A17EB6YI.DEFAULT-1402841639684\EXTENSIONS\ASCSURFINGPROTECTION@IOBIT.COM not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF}:Exec\ not found.
C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
[Registry - Additional Scans - Safe List]
[Files/Folders - Created Within 30 Days]
C:\Windows\SysNative\drivers\MBAMSwissArmy.sys moved successfully.
C:\FRST\Quarantine\C\Windows\system32\Tasks folder moved successfully.
C:\FRST\Quarantine\C\Windows\system32\Drivers folder moved successfully.
C:\FRST\Quarantine\C\Windows\system32 folder moved successfully.
C:\FRST\Quarantine\C\Windows folder moved successfully.
C:\FRST\Quarantine\C\Users\Pedro\Desktop folder moved successfully.
C:\FRST\Quarantine\C\Users\Pedro\AppData\Local\Temp folder moved successfully.
C:\FRST\Quarantine\C\Users\Pedro\AppData\Local folder moved successfully.
C:\FRST\Quarantine\C\Users\Pedro\AppData folder moved successfully.
C:\FRST\Quarantine\C\Users\Pedro folder moved successfully.
C:\FRST\Quarantine\C\Users folder moved successfully.
C:\FRST\Quarantine\C\Qoobox\Quarantine\Registry_backups folder moved successfully.
C:\FRST\Quarantine\C\Qoobox\Quarantine\C\Users\Pedro\AppData\Local\assembly\tmp folder moved successfully.
C:\FRST\Quarantine\C\Qoobox\Quarantine\C\Users\Pedro\AppData\Local\assembly folder moved successfully.
C:\FRST\Quarantine\C\Qoobox\Quarantine\C\Users\Pedro\AppData\Local folder moved successfully.
C:\FRST\Quarantine\C\Qoobox\Quarantine\C\Users\Pedro\AppData folder moved successfully.
C:\FRST\Quarantine\C\Qoobox\Quarantine\C\Users\Pedro folder moved successfully.
C:\FRST\Quarantine\C\Qoobox\Quarantine\C\Users folder moved successfully.
C:\FRST\Quarantine\C\Qoobox\Quarantine\C\Program Files (x86) folder moved successfully.
C:\FRST\Quarantine\C\Qoobox\Quarantine\C folder moved successfully.
C:\FRST\Quarantine\C\Qoobox\Quarantine folder moved successfully.
Folder move failed. C:\FRST\Quarantine\C\Qoobox\BackEnv scheduled to be moved on reboot.
C:\FRST\Quarantine\C\Qoobox folder moved successfully.
C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools folder moved successfully.
C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware folder moved successfully.
C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu\Programs folder moved successfully.
C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows\Start Menu folder moved successfully.
C:\FRST\Quarantine\C\ProgramData\Microsoft\Windows folder moved successfully.
C:\FRST\Quarantine\C\ProgramData\Microsoft folder moved successfully.
C:\FRST\Quarantine\C\ProgramData folder moved successfully.
C:\FRST\Quarantine\C\Program Files (x86)\Malwarebytes Anti-Malware\Plugins folder moved successfully.
C:\FRST\Quarantine\C\Program Files (x86)\Malwarebytes Anti-Malware\Languages folder moved successfully.
C:\FRST\Quarantine\C\Program Files (x86)\Malwarebytes Anti-Malware\imageformats folder moved successfully.
C:\FRST\Quarantine\C\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows folder moved successfully.
C:\FRST\Quarantine\C\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon folder moved successfully.
C:\FRST\Quarantine\C\Program Files (x86)\Malwarebytes Anti-Malware\accessible folder moved successfully.
C:\FRST\Quarantine\C\Program Files (x86)\Malwarebytes Anti-Malware folder moved successfully.
C:\FRST\Quarantine\C\Program Files (x86) folder moved successfully.
C:\FRST\Quarantine\C\HiJackThis folder moved successfully.
C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles\a17eb6yi.default-1402841639684 folder moved successfully.
C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Users\Pedro\AppData\Roaming\Mozilla\Firefox\Profiles folder moved successfully.
C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Users\Pedro\AppData\Roaming\Mozilla\Firefox folder moved successfully.
C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Users\Pedro\AppData\Roaming\Mozilla folder moved successfully.
C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Users\Pedro\AppData\Roaming folder moved successfully.
C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Users\Pedro\AppData folder moved successfully.
C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Users\Pedro folder moved successfully.
C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C\Users folder moved successfully.
C:\FRST\Quarantine\C\AdwCleaner\Quarantine\C folder moved successfully.
C:\FRST\Quarantine\C\AdwCleaner\Quarantine folder moved successfully.
C:\FRST\Quarantine\C\AdwCleaner folder moved successfully.
C:\FRST\Quarantine\C folder moved successfully.
C:\FRST\Quarantine folder moved successfully.
C:\FRST\Logs folder moved successfully.
C:\FRST\Hives\Users\00000002 folder moved successfully.
C:\FRST\Hives\Users\00000001 folder moved successfully.
C:\FRST\Hives\Users folder moved successfully.
C:\FRST\Hives folder moved successfully.
C:\FRST folder moved successfully.
C:\Users\Pedro\Desktop\FRST64.exe moved successfully.
C:\Program Files (x86)\ESET\ESET Online Scanner\Quarantine folder moved successfully.
C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp folder moved successfully.
C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\oldfiles folder moved successfully.
C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com folder moved successfully.
C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\continuous folder moved successfully.
C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles folder moved successfully.
C:\Program Files (x86)\ESET\ESET Online Scanner\Modules\data folder moved successfully.
C:\Program Files (x86)\ESET\ESET Online Scanner\Modules folder moved successfully.
C:\Program Files (x86)\ESET\ESET Online Scanner folder moved successfully.
C:\Program Files (x86)\ESET folder moved successfully.
C:\Users\Pedro\Desktop\esetsmartinstaller_enu.exe moved successfully.
[Files/Folders - Modified Within 30 Days]
File C:\Windows\SysNative\drivers\MBAMSwissArmy.sys not found!
File C:\Users\Pedro\Desktop\FRST64.exe not found!
File C:\Users\Pedro\Desktop\esetsmartinstaller_enu.exe not found!
[File - Lop Check]
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V7\Boottime folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\Default\AppData\Roaming\IObit folder moved successfully.
File C:\Users\Default User\AppData\Roaming\IObit not found!
C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\IObit\Advanced SystemCare V7\Boottime folder moved successfully.
C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\MSSQL$SQLEXPRESS\AppData\Roaming\IObit folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\Smart Defrag 3 folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\IObit Uninstaller\Log folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\IObit Uninstaller folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\GameAssistant\URL folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\GameAssistant\GameIcon folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\GameAssistant\DB folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\GameAssistant folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\Driver Booster\Logs folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\Driver Booster folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\Advanced SystemCare V7\Startup Manager folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\Advanced SystemCare V7\SmartRAM folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\Advanced SystemCare V7\Registrycleaner\backup\Registry folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\Advanced SystemCare V7\Registrycleaner\backup folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\Advanced SystemCare V7\Registrycleaner folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\Advanced SystemCare V7\ProgramDeactivator folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\Advanced SystemCare V7\Log folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\Advanced SystemCare V7\Internet Booster folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\Advanced SystemCare V7\Homepage Protection folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\Advanced SystemCare V7\DiskCheck folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\Advanced SystemCare V7\ClonedFilesScanner folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\Advanced SystemCare V7\Boottime folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\Advanced SystemCare V7\Backup folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit\Advanced SystemCare V7 folder moved successfully.
C:\Users\Pedro\AppData\Roaming\IObit folder moved successfully.
File move failed. C:\Windows\Tasks\SCHEDLGU.TXT scheduled to be moved on reboot.
[Custom Scans]
C:\DelFix.txt moved successfully.
C:\eula.1028.txt moved successfully.
C:\eula.1031.txt moved successfully.
C:\eula.1033.txt moved successfully.
C:\eula.1036.txt moved successfully.
C:\eula.1040.txt moved successfully.
C:\eula.1041.txt moved successfully.
C:\eula.1042.txt moved successfully.
C:\eula.2052.txt moved successfully.
C:\eula.3082.txt moved successfully.
C:\ola.txt moved successfully.
C:\PureRa.txt moved successfully.
File move failed. C:\Windows\tasks\SCHEDLGU.TXT scheduled to be moved on reboot.
[empty temp folders]


User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: MSSQL$SQLEXPRESS
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 57311 bytes

User: Pedro
->Temp folder emptied: 7462943 bytes
->Temporary Internet Files folder emptied: 204425 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 24291402 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 57528 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 114654 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 31,00 mb

< End of fix log >
OTS by OldTimer - Version 3.1.47.2 fix logfile created on 11192014_154225

Files\Folders moved on Reboot...
File\Folder C:\FRST\Quarantine\C\Qoobox\BackEnv not found!
File move failed. C:\Windows\Tasks\SCHEDLGU.TXT scheduled to be moved on reboot.
File move failed. C:\Users\Pedro\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\e6bd7efb503d08553b43c5e04103da91_fce8395f8fd8a848_6229ccd76215aea1_0_0.bin scheduled to be moved on reboot.
File move failed. C:\Users\Pedro\AppData\Local\Temp\NVIDIA Corporation\NV_Cache\e6bd7efb503d08553b43c5e04103da91_fce8395f8fd8a848_6229ccd76215aea1_0_0.toc scheduled to be moved on reboot.
C:\Users\Pedro\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Pedro\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
File move failed. C:\Windows\temp\vmware-SYSTEM\vmauthd.log scheduled to be moved on reboot.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-3448.log moved successfully.

Registry entries deleted on Reboot...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! Pedroalves

 

> Abra a ferramenta OTS e clique: CleanUp

> O computador irá reiniciar!

> Tudo OK com os navegadores?

> A janela com o comando,ainda,lhe incomoda?

> Vamos remover as ferramentas que foram utilizadas na desinfecção!
> Baixe: < delfix_108_zps75ef8ba4.jpg > ( ... de Xplode )
DelFix_Download_zpsb5d944c7.jpg
> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.
DelFix_RCL_zpscdf4940b.jpg
> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema
> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Tudo Ok?
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

os nevagores estao ok

em relação o processo cmd pra ja ainda não me apareceu mas vou esperar os dias para ter acertesa que o problema desapareceu

o que podia estar me a causar o meu problema

devo passar o ccleaner para limpar o resto que ficou tipo registo e ficheiros temporarios

Compartilhar este post


Link para o post
Compartilhar em outros sites

os nevagores estao ok

em relação o processo cmd pra ja ainda não me apareceu mas vou esperar os dias para ter acertesa que o problema desapareceu

o que podia estar me a causar o meu problema

devo passar o ccleaner para limpar o resto que ficou tipo registo e ficheiros temporarios

Boa Tarde! Pedroalves

 

> Seus problemas estavam relacionados ao Advanced System Care,que é muito invasivo e lança várias funções de ferramentas,para otimizar o computador.

> Pode passar o CCleaner conforme relatou.

> Bom trabalho! :)

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.