[Arquivado] Virus "novogoogle"

[coxao 5]

Não consegui pegar o nome certo do vírus pois o Kaspersky parou de avisar que ele está em atividade, bloqueou total, simplesmente 3 computadores aqui da empresa onde trabalho ao abrir o navegador pede para EXECUTAR O JAVA, então eu clico em NÃO/CANCELAR e ele abre uma caixa de download para baixar um aplicativo "novogoogle" as vezes o nome é "novofacebook" ou novoqualqueroutracoisa :D

 

Passei o Kaspersky 6.0 encontrou alguns vírus mandei remover, passei o Malwarebytes e encontrou vários malwares, mandei remover.. porém o site do google é o único bloqueado, quando tento abri-lo acontece o citado acima.

 

Resolvi dar uma olha na config. do proxy e tinha algo bem estranho por lá http://proxy.com/PROXY5.dat .. o.O

 

Estou postando o relatório do HiJackThis para análise... um técnico passou aqui mas não conseguiu resolver o problema então resolvi recorrer a vocês.

 

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:28:12, on 22/05/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16421)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe

C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe

C:\HiJackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?AF=109867&babsrc=HP_ss&mntrId=c072bf8400000000000020cf30f2feb6

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.poony.info/

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll

O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll

O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll

O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe"

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200

O8 - Extra context menu item: Adicionar ao Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm

O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

O8 - Extra context menu item: Append to Existing PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

O8 - Extra context menu item: Baixar com Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm

O8 - Extra context menu item: Convert Link Target to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 - res://C:\Program Files (x86)\ScanSoft\PDF Converter 3.0\IEShellExt.dll /100

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

O9 - Extra button: Estatísticas do Antivírus de Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (file missing)

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{E24B2E39-9501-42CE-8A4D-2621198BDA6A}: NameServer = 192.168.10.101

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

O20 - AppInit_DLLs: C:\PROGRA~2\KASPER~1\KASPER~1.0FO\kloehk.dll,C:\PROGRA~2\KASPER~1\KASPER~1.0FO\adialhk.dll

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe

O23 - Service: DeviceVM Meta Data Export Service (DvmMDES) - DeviceVM, Inc. - C:\ASUS.SYS\config\DVMExportService.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit (mi-raysat_3dsmax2011_32) - Unknown owner - C:\Program Files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe

O23 - Service: mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit (mi-raysat_3dsmax2011_64) - Unknown owner - C:\Program Files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Samsung UPD Service - Unknown owner - C:\Windows\System32\SUPDSvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_Tablet.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: Wacom Consumer Touch Service (TouchServicePen) - Wacom Technology, Corp. - C:\Program Files\Tablet\Pen\Pen_TouchService.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

O23 - Service: X-Rite Device Services Manager (xrdd.exe) - X-Rite Inc. - C:\Program Files (x86)\X-Rite\Devices\Services\xrdd.exe

 

--

End of file - 12792 bytes

[DigRam 144]

Bom Dia! coxao

 

|- Baixe: < > ( ... by sUBs )

|- Salve-o no desktop! ( Área de trabalho! )

|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )

|- Feche algum programa/arquivo que esteja aberto.

|- Ps: Esteja conectado(a) à Internet.

|- Execute ComboFix.exe,com um duplo clique.

|- Ps: Instale o "Console de Recuperação",caso seja solicitado!

|- Ps: Ficará,portanto,à seu critério optar por sua instalação.

|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.

|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.

|- Abrir-se-á a janela Auto Scan.

|- Aguarde a finalização de todas as Etapas.

|- Durante o scan,evite utilizar o mouse ou teclado!

|- Concluindo,poste: C:\ComboFix.txt

|- "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."

 

Abraços!

[coxao 5]

fiz tudo solicitado !! o maldito ainda continua por aqui !!

 

segue o LOG !

 

 

ComboFix 12-05-22.02 - Dab 22/05/2012 13:55:28.2.4 - x64

Microsoft Windows 7 Professional 6.1.7601.1.1252.55.1046.18.16382.13398 [GMT -3:00]

Executando de: c:\users\Dab\Desktop\ComboFix.exe

AV: Kaspersky Anti-Virus *Disabled/Updated* {56547CC9-C9B2-849D-8FEF-A496150D6A06}

FW: Kaspersky Anti-Virus *Disabled* {6E6FFDEC-83DD-85C5-A4B0-0DA3EBDE2D7D}

SP: Kaspersky Anti-Virus *Disabled/Updated* {ED359D2D-EF88-8B13-B55F-9FE46E8A20BB}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-04-22 to 2012-05-22 ))))))))))))))))))))))))))))

.

.

2012-05-22 17:00 . 2012-05-22 17:00 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-05-22 14:06 . 2012-05-22 14:45 -------- d-----w- c:\programdata\Spybot - Search & Destroy

2012-05-22 14:06 . 2012-05-22 14:15 -------- d-----w- c:\program files (x86)\Spybot - Search & Destroy

2012-05-22 13:26 . 2012-05-22 13:26 388608 ----a-w- C:\HiJackThis.exe

2012-05-22 06:42 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A8E9A51-3453-4A89-9C6F-1318CCF77D23}\mpengine.dll

2012-05-21 19:11 . 2012-05-21 19:11 -------- d-----w- c:\users\Dab\AppData\Roaming\Malwarebytes

2012-05-21 19:10 . 2012-05-21 19:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-05-21 19:10 . 2012-05-21 19:10 -------- d-----w- c:\programdata\Malwarebytes

2012-05-21 19:10 . 2012-04-04 18:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-05-21 18:22 . 2012-01-12 12:28 57976 ----a-r- c:\windows\system32\drivers\SBREDrv.sys

2012-05-21 18:22 . 2012-05-22 11:53 -------- d-----w- c:\program files (x86)\STOPzilla!

2012-05-21 18:22 . 2012-05-22 11:53 -------- d-----w- c:\programdata\STOPzilla!

2012-05-16 14:53 . 2012-05-16 14:53 -------- d-----w- c:\users\Dab\AppData\Local\SSScan

2012-05-16 14:49 . 2010-10-06 14:04 142128 ----a-w- c:\windows\wiainst64.exe

2012-05-16 14:48 . 2012-05-16 14:48 -------- d-----w- c:\windows\twain_64

2012-05-16 14:48 . 2010-05-20 17:08 280064 ----a-w- c:\windows\system32\snWIAMUI.dll

2012-05-16 14:48 . 2012-05-16 14:48 -------- d-----w- c:\program files (x86)\Samsung

2012-05-14 10:54 . 2012-05-14 10:54 -------- d-----w- c:\programdata\Overwolf

2012-05-09 11:22 . 2012-03-03 06:35 1544704 ----a-w- c:\windows\system32\DWrite.dll

2012-05-09 11:22 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll

2012-05-09 11:21 . 2012-03-31 06:05 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-05-09 11:21 . 2012-03-31 03:10 3146240 ----a-w- c:\windows\system32\win32k.sys

2012-05-09 11:21 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2012-05-09 11:21 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2012-05-09 11:15 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys

2012-05-09 11:14 . 2012-03-30 11:35 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-05-09 11:14 . 2012-03-31 05:42 1732096 ----a-w- c:\program files\Windows Journal\NBDoc.DLL

2012-05-09 11:14 . 2012-03-31 05:40 1367552 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 11:14 . 2012-03-31 04:29 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll

2012-05-09 11:14 . 2012-03-31 05:40 1402880 ----a-w- c:\program files\Windows Journal\JNWDRV.dll

2012-05-09 11:14 . 2012-03-31 05:40 1393664 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll

2012-05-09 10:49 . 2012-05-22 12:50 -------- d-----w- c:\program files (x86)\ClocX

2012-05-08 11:36 . 2012-05-08 11:36 -------- d-----w- c:\users\Default\AppData\Local\Google

2012-05-08 11:27 . 2012-05-08 11:27 -------- d-----w- c:\programdata\gas

2012-05-04 15:50 . 2012-05-04 15:50 -------- d-----w- c:\users\Dab\AppData\Local\2K Games

2012-05-04 15:50 . 2012-05-04 15:50 -------- d-----w- c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP

2012-05-03 19:50 . 2012-05-17 14:52 -------- d-----w- c:\users\Dab\AppData\Roaming\EditPlus 3

2012-05-03 19:50 . 2012-05-03 19:50 -------- d-----w- c:\program files (x86)\EditPlus 3

2012-05-03 19:05 . 2012-05-03 19:06 -------- d-----w- c:\program files (x86)\Pantone Color Manager

2012-05-03 19:05 . 2004-03-29 19:23 90112 ----a-w- c:\windows\unvise32.exe

2012-05-02 11:58 . 2012-05-21 18:42 -------- d-----w- c:\users\Dab\AppData\Local\Overwolf

2012-05-02 00:46 . 2012-05-02 00:46 4472832 ----a-w- c:\windows\SysWow64\GPhotos.scr

2012-04-26 16:59 . 2012-04-26 16:59 -------- d-----w- c:\programdata\DualMonitor

2012-04-26 11:56 . 2012-04-26 11:56 -------- d-----w- c:\users\Dab\AppData\Roaming\Dual Monitor

2012-04-26 11:56 . 2012-04-26 11:56 -------- d-----w- c:\program files (x86)\Dual Monitor

2012-04-26 11:47 . 2012-04-26 11:47 -------- d-----w- c:\users\Dab\AppData\Local\johnsadventures.com

2012-04-26 11:38 . 2012-04-26 11:38 -------- d-----w- c:\users\Dab\AppData\Roaming\johnsadventures.com

2012-04-26 11:38 . 2012-04-26 11:38 -------- d-----w- c:\program files (x86)\johnsadventures.com

2012-04-25 20:33 . 2012-05-22 11:40 -------- d-s---w- c:\users\Dab\Google Drive

2012-04-25 20:31 . 2012-05-10 18:28 -------- d-----w- c:\program files (x86)\Google

2012-04-25 11:18 . 2012-04-25 12:59 -------- d-----w- c:\program files (x86)\Despertador

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-04-25 10:58 . 2012-03-29 19:16 249856 ------w- c:\windows\Setup1.exe

2012-04-25 10:58 . 2012-03-29 19:16 73216 ----a-w- c:\windows\ST6UNST.EXE

2012-04-19 16:01 . 2012-02-29 15:15 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2012-04-19 16:01 . 2012-02-29 15:02 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2012-04-19 16:01 . 2012-02-29 15:02 282864 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-04-13 18:25 . 2012-04-13 18:25 466520 ----a-w- c:\windows\system32\wrap_oal.dll

2012-04-13 18:25 . 2012-04-13 18:25 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-04-13 18:25 . 2012-04-13 18:25 122968 ----a-w- c:\windows\system32\OpenAL32.dll

2012-04-13 18:25 . 2012-04-13 18:25 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-03-09 06:28 . 2012-03-09 06:28 10857984 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-03-09 05:16 . 2012-03-09 05:16 159744 ----a-w- c:\windows\system32\atiapfxx.exe

2012-03-09 05:16 . 2012-02-15 03:18 791552 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-03-09 05:14 . 2011-12-06 03:16 958464 ----a-w- c:\windows\system32\aticfx64.dll

2012-03-09 05:11 . 2011-12-06 03:12 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll

2012-03-09 05:11 . 2012-03-09 05:11 496128 ----a-w- c:\windows\system32\atieclxx.exe

2012-03-09 05:10 . 2012-03-09 05:10 235520 ----a-w- c:\windows\system32\atiesrxx.exe

2012-03-09 05:08 . 2012-03-09 05:08 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-03-09 05:08 . 2012-03-09 05:08 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-03-09 05:07 . 2012-03-09 05:07 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-03-09 05:07 . 2012-03-09 05:07 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-03-09 05:04 . 2012-02-15 03:07 6200320 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-03-09 05:03 . 2012-03-09 05:03 26166784 ----a-w- c:\windows\system32\atio6axx.dll

2012-03-09 04:45 . 2011-12-06 02:51 7646208 ----a-w- c:\windows\system32\atidxx64.dll

2012-03-09 04:39 . 2012-03-09 04:39 19739136 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-03-09 04:36 . 2012-03-09 04:36 1113088 ----a-w- c:\windows\system32\atiumd6v.dll

2012-03-09 04:36 . 2012-03-09 04:36 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll

2012-03-09 04:35 . 2011-12-06 02:39 4958208 ----a-w- c:\windows\system32\atiumd6a.dll

2012-03-09 04:23 . 2012-02-15 02:29 5062656 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-03-09 04:23 . 2012-02-15 02:34 5954048 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-03-09 04:18 . 2012-03-09 04:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-03-09 04:18 . 2012-03-09 04:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-03-09 04:18 . 2012-03-09 04:18 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-03-09 04:18 . 2012-03-09 04:18 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-03-09 04:17 . 2012-03-09 04:17 16069632 ----a-w- c:\windows\system32\aticaldd64.dll

2012-03-09 04:12 . 2012-03-09 04:12 13715968 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-03-09 04:11 . 2011-12-06 02:24 7552000 ----a-w- c:\windows\system32\atiumd64.dll

2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\atimpc64.dll

2012-03-09 04:05 . 2012-03-09 04:05 54784 ----a-w- c:\windows\system32\amdpcom64.dll

2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-03-09 04:05 . 2012-03-09 04:05 53760 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-03-09 03:58 . 2011-12-06 02:13 512000 ----a-w- c:\windows\system32\atiadlxx.dll

2012-03-09 03:58 . 2012-02-15 02:13 356352 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-03-09 03:58 . 2012-03-09 03:58 17408 ----a-w- c:\windows\system32\atig6pxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 14336 ----a-w- c:\windows\system32\atiglpxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 39936 ----a-w- c:\windows\system32\atig6txx.dll

2012-03-09 03:58 . 2012-03-09 03:58 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-03-09 03:58 . 2012-03-09 03:58 328704 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-03-09 03:57 . 2011-12-06 02:11 43008 ----a-w- c:\windows\system32\atiuxp64.dll

2012-03-09 03:56 . 2011-12-06 02:11 33280 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-03-09 03:56 . 2011-12-06 02:11 39936 ----a-w- c:\windows\system32\atiu9p64.dll

2012-03-09 03:56 . 2011-12-06 02:11 30208 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-03-09 03:55 . 2012-03-09 03:55 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-03-09 03:47 . 2011-07-09 23:57 58880 ----a-w- c:\windows\system32\coinst.dll

2012-03-08 21:50 . 2012-03-08 21:50 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll

2012-03-08 11:14 . 2011-07-18 11:33 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-03-06 13:13 . 2012-03-06 13:13 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-03-01 16:17 . 2012-02-29 15:02 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-03-01 06:46 . 2012-04-12 06:00 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys

2012-03-01 06:38 . 2012-04-12 06:00 220672 ----a-w- c:\windows\system32\wintrust.dll

2012-03-01 06:33 . 2012-04-12 06:00 81408 ----a-w- c:\windows\system32\imagehlp.dll

2012-03-01 06:28 . 2012-04-12 06:00 5120 ----a-w- c:\windows\system32\wmi.dll

2012-03-01 05:37 . 2012-04-12 06:00 172544 ----a-w- c:\windows\SysWow64\wintrust.dll

2012-03-01 05:33 . 2012-04-12 06:00 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll

2012-03-01 05:29 . 2012-04-12 06:00 5120 ----a-w- c:\windows\SysWow64\wmi.dll

2012-02-28 16:38 . 2012-02-28 16:38 51200 ----a-w- c:\windows\system32\ATIODCLI.exe

2012-02-28 16:36 . 2012-02-28 16:36 332800 ----a-w- c:\windows\system32\ATIODE.exe

2012-02-28 06:56 . 2012-04-12 06:02 2311168 ----a-w- c:\windows\system32\jscript9.dll

2012-02-28 06:49 . 2012-04-12 06:02 1390080 ----a-w- c:\windows\system32\wininet.dll

2012-02-28 06:48 . 2012-04-12 06:02 1493504 ----a-w- c:\windows\system32\inetcpl.cpl

2012-02-28 06:42 . 2012-04-12 06:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-02-28 01:18 . 2012-04-12 06:02 1799168 ----a-w- c:\windows\SysWow64\jscript9.dll

2012-02-28 01:11 . 2012-04-12 06:02 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl

2012-02-28 01:11 . 2012-04-12 06:02 1127424 ----a-w- c:\windows\SysWow64\wininet.dll

2012-02-28 01:03 . 2012-04-12 06:02 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-02-23 13:18 . 2011-07-09 13:44 279656 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-05-22_12.53.02 )))))))))))))))))))))))))))))))))))))))))

.

+ 2011-07-10 00:19 . 2012-05-22 17:04 59672 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2009-07-14 05:10 . 2012-05-22 17:04 33448 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin

+ 2011-07-10 00:01 . 2012-05-22 13:05 18482 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2131050074-3047105822-3974924788-1000_UserData.bin

- 2011-12-16 09:59 . 2012-05-22 12:52 54741 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat

+ 2011-12-16 09:59 . 2012-05-22 17:02 54741 c:\windows\system32\config\systemprofile\AppData\Roaming\WTablet\Pen_Tablet.dat

+ 2011-07-09 23:36 . 2012-05-22 13:04 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2011-07-09 23:36 . 2012-05-21 19:03 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2011-07-09 23:36 . 2012-05-22 13:04 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2011-07-09 23:36 . 2012-05-21 19:03 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-07-14 04:54 . 2012-05-22 13:04 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-07-14 04:54 . 2012-05-21 19:03 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2012-05-22 12:52 . 2012-05-22 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

+ 2012-05-22 17:02 . 2012-05-22 17:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-05-22 12:52 . 2012-05-22 12:52 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-05-22 17:02 . 2012-05-22 17:02 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

- 2009-07-14 05:01 . 2012-05-22 12:51 695562 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2009-07-14 05:01 . 2012-05-22 17:00 695562 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

+ 2012-05-04 15:50 . 2012-05-22 15:48 200704 c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseCustomCalla.dll

- 2012-05-04 15:50 . 2012-05-21 15:45 200704 c:\windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP\WiseCustomCalla.dll

+ 2011-07-09 14:53 . 2012-05-22 17:00 9321868 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2131050074-3047105822-3974924788-1000-12288.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" [2010-03-12 311680]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 0 (0x0)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableLUA"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

"PromptOnSecureDesktop"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1.0FO\kloehk.dll c:\progra~2\KASPER~1\KASPER~1.0FO\adialhk.dll

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]

Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 gupdate;Serviço do Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 116648]

R3 AIDA64Driver;FinalWire AIDA64 Kernel Driver;c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64 [x]

R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-07-15 1436424]

R3 gupdatem;Serviço do Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 116648]

R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]

R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]

R3 Samsung UPD Service;Samsung UPD Service;c:\windows\System32\SUPDSvc.exe [x]

R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

R3 WSDPrintDevice;Suporte de Impressão WSD via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [x]

S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [x]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]

S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-09 361984]

S2 AODDriver4.01;AODDriver4.01;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-04 55936]

S2 DvmMDES;DeviceVM Meta Data Export Service;c:\asus.sys\config\DVMExportService.exe [2009-10-16 319488]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]

S2 mi-raysat_3dsmax2011_32;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 32-bit 32-bit;c:\program files (x86)\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_32server.exe [2010-03-10 86016]

S2 mi-raysat_3dsmax2011_64;mental ray 3.8 Satellite for Autodesk 3ds Max 2011 64-bit 64-bit;c:\program files\Autodesk\3ds Max 2011\mentalimages\satellite\raysat_3dsmax2011_64server.exe [2010-03-10 86016]

S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-12-10 381248]

S2 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [2011-09-08 6583160]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-03-19 2666880]

S2 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [2011-09-08 528760]

S2 xrdd.exe;X-Rite Device Services Manager;c:\program files (x86)\X-Rite\Devices\Services\xrdd.exe [2011-03-10 203088]

S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]

S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]

S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]

S3 KLFLTDEV;Kaspersky Lab KLFltDev;c:\windows\system32\DRIVERS\klfltdev.sys [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]

S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [x]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 20:31]

.

2012-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-25 20:31]

.

2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2131050074-3047105822-3974924788-1000Core.job

- c:\users\Dab\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 11:05]

.

2012-05-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2131050074-3047105822-3974924788-1000UA.job

- c:\users\Dab\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 11:05]

.

.

--------- x86-64 -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]

2012-05-02 21:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]

2012-05-02 21:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]

2012-05-02 21:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]

@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"

[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]

2012-05-02 21:31 779776 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"LoadAppInit_Dlls"=0x1

"AppInit_DLLs"=c:\progra~2\KASPER~1\KASPER~1.0FO\x64\kloehk.dll c:\progra~2\KASPER~1\KASPER~1.0FO\x64\adialhk.dll

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

uDefault_Search_URL = hxxp://www.google.com/ie

mStart Page = hxxp://www.poony.info/

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local

uSearchAssistant = hxxp://www.google.com/ie

uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

IE: &Enviar para o OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105

IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200

IE: Adicionar ao Anti-Banner - c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\ie_banner_deny.htm

IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Baixar com Mipony - file://c:\program files (x86)\MiPony\Browser\IEContext.htm

IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000

IE: Open with Scansoft PDF Converter 3.0 - c:\program files (x86)\ScanSoft\PDF Converter 3.0\IEShellExt.dll /100

TCP: Interfaces\{E24B2E39-9501-42CE-8A4D-2621198BDA6A}: NameServer = 192.168.10.101

FF - ProfilePath - c:\users\Dab\AppData\Roaming\Mozilla\Firefox\Profiles\5nv42lpl.default\

FF - prefs.js: network.proxy.type - 2

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109867

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.BabylonToolbar_i.id - c072bf8400000000000020cf30f2feb6

FF - user.js: extensions.BabylonToolbar_i.hardId - c072bf8400000000000020cf30f2feb6

FF - user.js: extensions.BabylonToolbar_i.instlDay - 15394

FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:40

FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar_i.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar_i.tlbrId - base

FF - user.js: extensions.BabylonToolbar_i.instlRef - sst

.

.

------- Associação de arquivos/ficheiros -------

.

.txt=

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\AIDA64Driver]

"ImagePath"="\??\c:\program files (x86)\FinalWire\AIDA64 Extreme Edition\kerneld.x64"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.032"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.abr"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ani"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.apd"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.arw"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.bay"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]

@Denied: (2) (S-1-5-21-2131050074-3047105822-3974924788-1000)

@Denied: (2) (LocalSystem)

"Progid"="PhotoViewer.FileAssoc.Bitmap"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.bw"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.cr2"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.crw"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.cs1"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.cur"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.dcr"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.dcx"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.dib"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.djv"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.djvu"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.dng"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.emf"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]

@Denied: (2) (S-1-5-21-2131050074-3047105822-3974924788-1000)

@Denied: (2) (LocalSystem)

"Progid"="Adobe.Illustrator.EPS"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.erf"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.fff"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.fpx"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]

@Denied: (2) (S-1-5-21-2131050074-3047105822-3974924788-1000)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.gif"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.hdr"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.icl"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.icn"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.iff"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ilbm"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.int"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.inta"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.iw4"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.j2c"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.j2k"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jbr"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jfif"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jif"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jp2"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpc"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]

@Denied: (2) (S-1-5-21-2131050074-3047105822-3974924788-1000)

@Denied: (2) (LocalSystem)

"Progid"="PhotoViewer.FileAssoc.Jpeg"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]

@Denied: (2) (S-1-5-21-2131050074-3047105822-3974924788-1000)

@Denied: (2) (LocalSystem)

"Progid"="PhotoViewer.FileAssoc.Jpeg"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]

@Denied: (2) (S-1-5-21-2131050074-3047105822-3974924788-1000)

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpg"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpk"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.jpx"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.kdc"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.lbm"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.mef"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.mos"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.mrw"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.nef"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.nrw"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.orf"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pbm"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pbr"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pcd"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pct"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pcx"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pef"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pgm"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pic"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pict"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pix"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]

@Denied: (2) (S-1-5-21-2131050074-3047105822-3974924788-1000)

@Denied: (2) (LocalSystem)

"Progid"="PhotoViewer.FileAssoc.Png"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ppm"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]

@Denied: (2) (S-1-5-21-2131050074-3047105822-3974924788-1000)

@Denied: (2) (LocalSystem)

"Progid"="Photoshop.Image.55"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.psp"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pspbrush"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.pspimage"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.raf"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ras"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.raw"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rgb"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rgba"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rle"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rsb"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rw2"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.rwl"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.sgi"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.sr2"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.srf"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srw\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.srw"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.tga"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.thm"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]

@Denied: (2) (S-1-5-21-2131050074-3047105822-3974924788-1000)

@Denied: (2) (LocalSystem)

"Progid"="PhotoViewer.FileAssoc.Tiff"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]

@Denied: (2) (S-1-5-21-2131050074-3047105822-3974924788-1000)

@Denied: (2) (LocalSystem)

"Progid"="PhotoViewer.FileAssoc.Tiff"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.ttc"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]

@Denied: (2) (S-1-5-21-2131050074-3047105822-3974924788-1000)

@Denied: (2) (LocalSystem)

"Progid"="ttffile"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50po\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.v50po"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50pp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.v50pp"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v50ppf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.v50ppf"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.wbm"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.wbmp"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.wmf"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.xbm"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.xif"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.xmp"

.

[HKEY_USERS\S-1-5-21-2131050074-3047105822-3974924788-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]

@Denied: (2) (LocalSystem)

"Progid"="ACDSee Pro 5.xpm"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]

"Version"=hex:8e,8d,95,56,96,fe,a1,8d,95,68,4f,6e,74,d3,b2,20,3c,87,ab,c0,cc,

6f,b3,55,f1,3a,ec,ba,26,d4,a3,51,95,70,d3,f1,b7,d8,3d,60,ea,75,af,41,e2,c3,\

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.10"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]

@Denied: (A 2) (Everyone)

@="IFlashBroker4"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]

"Version"=hex:8e,8d,95,56,96,fe,a1,8d,95,68,4f,6e,74,d3,b2,20,3c,87,ab,c0,cc,

6f,b3,55,f1,3a,ec,ba,26,d4,a3,51,95,70,d3,f1,b7,d8,3d,60,ea,75,af,41,e2,c3,\

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Outros Processos em Execução ------------------------

.

c:\program files (x86)\Bonjour\mDNSResponder.exe

c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe

c:\program files (x86)\Google\Update\1.3.21.111\GoogleCrashHandler.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-05-22 14:07:20 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-05-22 17:07

ComboFix2.txt 2012-05-22 13:00

.

Pré-execução: 67.935.125.504 bytes disponíveis

Pós execução: 67.863.085.056 bytes disponíveis

.

- - End Of File - - A1DB49C837921FF184980CB24CC76D94

[DigRam 144]

Boa Tarde! coxao

 

|- ComboFix não detectou malwares em potencial.

 

-/-/-

 

|- Baixe: < AVPTool >

 

|- < Link-2 >

 

|- Você será conduzido a uma página da Kaspersky,solicitando um email para cadastro.

|- Ps: Será pedido seu nome e sobrenome.

|- Ps: Somente o campo "email" é obrigatório.

 

|- Informe seu email e depois,clique no botão "Submit Form".

|- Ps: A página será recarregada!

|- Clique no botão "Download".

|- Salve-o em seu desktop!

|- Duplo clique no arquivo "setup".

|- Ps: Aguarde a instalação!

|- Ps: Na próxima tela,marque: "I accept the licence agreement"

|- À seguir,clique em "Start".

 

|- Clique no botão: < >

|- Marque:

 

|- <1> Meu Computador;

|- <2> Disco local ( C: ) ou ( D: );

 

|- Ps: Normalmente,a unidade em que esteja instalado o SO!

 

 

|- Clique em "Actions".

|- Ps: Deixe os dois quadrinhos marcados! <-- Importante!

|- Ps: Imprima estas orientações,para posterior consulta!

|- Clique na aba "Automatic Scan" e aguarde o término da verificação.

 

|- Clique no botão < >

|- Clique em"Detected threats".

|- Clique no botão "Save".

|- Ps: Copie o conteúdo do arquivo salvo. <-- Se houver algo detectado!

|- Poste-o em sua resposta!

 

-/-/-

 

|- Baixe: | ZHPDiag | *ºº* < > ( ... de Nicolas Coolman )

 

|- Estando na página,clique em: < >

 

|- Salve-o no desktop!

 

 

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

 

 

|- Confirme todos os passos,ao instalar ZHPDiag.

|- Conclua a instalação,clicando em "Termine".

 

 

|- Ps: Após a instalação,além de ZHPScript,estarão disponíveis no desktop:

 

|- <1> MBRCheck

|- <2> ZHPDiag2

|- <3> ZHPFix

 

 

|- Abra a ferramenta e clique no ícone do pergaminho. ( ZHPScript )

 

 

|- Clique na seta verde para atualizá-la e/ou baixar sua definição mais recente. ( Your version is update. )

|- Habilite todas as opções de diagnóstico,clicando em "Options".

 

 

|- Clique em All.

 

|-

 

|- Clique em "Calendar" e escolha 30 dias!

 

 

|- Dê início ao scan,clicando no ícone da lupa. ( Start Diagnosis )

|- Ao concluir,clique em "Save Report".

|- Ps: Salve-o em um local conveniente!

|- Anexe na sua resposta,ZHPDiag.txt.

|- Ps: Não poste,diretamente,esse arquivo texto.

|- Recomendo compactá-lo e anexar em sua resposta!

 

|- Ou envie-o à Pjjoint.malekal,clicando na seta azul! < >

 

|- Ou acesse: < >

 

|- Para enviar,siga o caminho: Selecionar arquivo... -> Abrir -> Upload file

|- Poste o endereço que estará em "Download link" ou "Forum link".

 

|- Ou acesse: < > ( Tire-o do zip ao enviar! )

 

|- Maiores informações: < |Link| >

 

Abraços!

[coxao 5]

Com o AVPTool não encontrou nada... e o ZHPDiag não conseguiu finalizar o diagnóstico, ele chega em 61% (as vezes vai até 63%) toda hora e trava, segue um print da tela LINK

 

O que faço ??? :upset:

[DigRam 144]

Bom Dia! coxao

 

|- Abra a ferramenta ZHPDiag e execute seu scan resumido. ( ZHPScan )

|- Atualize-a,caso haja necessidade,clicando na seta verde e siga o procedimento de nova instalação.

 

|- < >

 

|- Clique no ícone do 'capetinha!' < >

|- Poste o relatório: Rapport de ZHPScan

 

-/-/-

 

|- Baixe: < AdwCleaner > ( ... par Xplode )

 

|- Ao acessar,clique na imagem: < >

 

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como "administrador".

 

|- Dê início ao scan,clicando em "Recherche" < >

 

|- Ao concluir,poste o relatório: C:\AdwCleaner[R].txt

 

Abraços!

[wings 22]

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.