Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Flávio Marquim

[Resolvido] &nbspNotebook lento e travando

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Flávio Marquim    0

Flávio Marquim
Postado

De alguns dias pra cá meu notebook está ficando muito lento em determinados momentos e também travando alguns programas. em uma das vezes deu mensagem de pouca memória. Me ajudem para eliminar esse problema. Obrigado. segue o logo abaixo:

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:44, on 16/07/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Flávio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flávio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flávio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flávio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flávio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flávio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flávio\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/5
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=smt_hp_hao123_br
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} (Launcher Class) - http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Messenger Plus! Service (MsgPlusService) - Yuna Software - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11771 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Flávio Marquim

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < 51a612a8b27e2-Zoek.png zoek.exe >

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

startupall;
autoclean;
filesrcm;
silentrunners;
emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

Zoek_Reboot_zpscf60b3cf.jpg

|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

Flávio Marquim    0

Flávio Marquim
Postado

Fiz todo o procedimento e posto o relatório. Fico no aguardo de novas instruções. Obrigado.

 

 

Zoek.exe Version 4.0.0.4 Updated 14-July-2013
Tool run by Fl vio on 17/07/2013 at 9:54:33,83.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
==== System Restore Info ======================
17/07/2013 09:57:33 Zoek.exe System Restore Point Created Succesfully.
==== Creating Sample_072013_1000.zip ======================
Process chrome.exe killed
C:\Users\Public\Desktop\sample_072013_1000.zip created successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1210235661-1573419760-1918872127-1000\Software\Microsoft\Internet Explorer\SearchScopes\{DE753F1A-09F7-498A-AAC0-AEBB9B008BB5} deleted successfully
HKEY_USERS\S-1-5-21-1210235661-1573419760-1918872127-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
"C:\Users\Flávio\AppData\Roaming\Dell" not found
"C:\Users\Flávio\AppData\Roaming\PCDr" not found
"C:\Users\Flávio\AppData\Roaming\Roxio" not found
"C:\Users\Flávio\AppData\Roaming\unins000.exe" not found
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" deleted
"C:\windows\SysNative\Tasks\DealPly" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml" deleted
"C:\ProgramData\boost_interprocess" deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
====== C:\Users\FLVIO~1\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-07-11 06:11:02 BF1D2CFAE91C1E835902ECA27F8F7470 2706432 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
2013-07-11 06:11:01 6A32A12A2C76B729D6485D04FCFB2175 391168 ----a-w- C:\Windows\SysWOW64\ieui.dll
2013-07-11 06:10:59 B6A67646BD7E3A0AF2515703CBBD9A1C 61440 ----a-w- C:\Windows\SysWOW64\iesetup.dll
2013-07-11 06:10:58 F4A608A800C1BB6838797390CBBC1269 33280 ----a-w- C:\Windows\SysWOW64\iernonce.dll
2013-07-11 06:10:58 DED7DCF831A05D21F49510EA03F8F2C5 109056 ----a-w- C:\Windows\SysWOW64\iesysprep.dll
2013-07-11 06:10:58 0D2F075863C2FA4F84FB95AC00B95151 71680 ----a-w- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-07-11 06:10:57 FE29131E35902038066C924CF9C59DF8 2046976 ----a-w- C:\Windows\SysWOW64\iertutil.dll
2013-07-11 06:10:54 EED047A0C528813D6AAF4F4F8B2C40C4 493056 ----a-w- C:\Windows\SysWOW64\msfeeds.dll
2013-07-11 06:10:53 52F71A5790E1B6FFC34648F3B311EEE1 690688 ----a-w- C:\Windows\SysWOW64\jscript.dll
2013-07-11 06:10:50 CB811C14C225DD07B98E676DFB0221E6 2877440 ----a-w- C:\Windows\SysWOW64\jscript9.dll
2013-07-11 06:10:49 225D276C730DF08CC83EABAC407F0D75 1141248 ----a-w- C:\Windows\SysWOW64\urlmon.dll
2013-07-11 06:10:44 AC9A9B64AF7005E488390E38AE00D117 39424 ----a-w- C:\Windows\SysWOW64\jsproxy.dll
2013-07-11 06:10:43 9BF7C7654EFD098EE3A27B49492A382A 1767936 ----a-w- C:\Windows\SysWOW64\wininet.dll
2013-07-11 06:10:40 CC3FD6DEEE458D0BE9A69241E0749717 13760512 ----a-w- C:\Windows\SysWOW64\ieframe.dll
2013-07-11 06:10:31 AF31E7D2C385F647ADFD5F5736B3BA64 14329856 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2013-07-10 17:05:06 674EB817CF6E43B7DF3EC26E06E98D98 509440 ----a-w- C:\Windows\SysWOW64\qedit.dll
2013-07-10 17:05:03 56D61BE56DA22334829E14CDE6A8C1FE 1620480 ----a-w- C:\Windows\SysWOW64\WMVDECOD.DLL
2013-07-10 17:03:29 1C0E369575F387460E2A5F28269B2CC4 1247744 ----a-w- C:\Windows\SysWOW64\DWrite.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-07-11 06:11:02 C9EC09E4BF3290331C25F0D12C93CEBF 2706432 ----a-w- C:\Windows\Sysnative\mshtml.tlb
2013-07-11 06:11:00 17B4359BB4BD72F8EB4F92B1DC4E4EB5 526336 ----a-w- C:\Windows\Sysnative\ieui.dll
2013-07-11 06:10:58 CDB7670A5C0F7D230ADC72F542D41AD8 39936 ----a-w- C:\Windows\Sysnative\iernonce.dll
2013-07-11 06:10:58 AC127B02DD2C8FD41AC4162BA738F2ED 67072 ----a-w- C:\Windows\Sysnative\iesetup.dll
2013-07-11 06:10:58 6E1803473B6BCBA4C2FB31582DE12D7D 89600 ----a-w- C:\Windows\Sysnative\RegisterIEPKEYs.exe
2013-07-11 06:10:58 34EACF2330282CCABA61F8DC43F16FD5 51712 ----a-w- C:\Windows\Sysnative\ie4uinit.exe
2013-07-11 06:10:57 557F4ACCA6426112E28F19AAD734C971 136704 ----a-w- C:\Windows\Sysnative\iesysprep.dll
2013-07-11 06:10:55 9E0D8010D7368856617D3FE0FA5DA58F 2648576 ----a-w- C:\Windows\Sysnative\iertutil.dll
2013-07-11 06:10:54 5A41FA3CB4E47560A26B183429F41D73 603136 ----a-w- C:\Windows\Sysnative\msfeeds.dll
2013-07-11 06:10:53 4A3D82F996C5B700D42ACCA94C2B9ABD 855552 ----a-w- C:\Windows\Sysnative\jscript.dll
2013-07-11 06:10:51 BEFD16482A3859071F563D2614EE2484 3958784 ----a-w- C:\Windows\Sysnative\jscript9.dll
2013-07-11 06:10:47 792685A9538424CC1F3FA6A816FE147C 1365504 ----a-w- C:\Windows\Sysnative\urlmon.dll
2013-07-11 06:10:44 B7B4D3A39BE24D7ABC69C06F44FCC5B1 53248 ----a-w- C:\Windows\Sysnative\jsproxy.dll
2013-07-11 06:10:42 FAF6EC2460AD5FBBD38D8E1AE28B0D77 2241024 ----a-w- C:\Windows\Sysnative\wininet.dll
2013-07-11 06:10:37 391CD109EF28629644C267C855314DEE 15404032 ----a-w- C:\Windows\Sysnative\ieframe.dll
2013-07-11 06:10:36 9586EC4E1CC39CCBA26A5E7DFE774C9E 19238912 ----a-w- C:\Windows\Sysnative\mshtml.dll
2013-07-10 17:05:06 A3EC566925BEC505E2418C1AC14E541E 624128 ----a-w- C:\Windows\Sysnative\qedit.dll
2013-07-10 17:05:03 8B6CBE2FA2BAEDE2A3F5C96733481911 1887744 ----a-w- C:\Windows\Sysnative\WMVDECOD.DLL
2013-07-10 17:04:15 73601028E7C44154318AE91D2EB2EDB3 3153920 ----a-w- C:\Windows\Sysnative\win32k.sys
2013-07-10 17:03:29 DD85F00EC31F77315AE992B7B0411D65 1643520 ----a-w- C:\Windows\Sysnative\DWrite.dll
====== C:\Windows\Sysnative\drivers =====
2013-06-28 12:39:21 E86C64478D9A90D62255FE9EB0150C6E 175 ----a-w- C:\Windows\Sysnative\drivers\aswVmm.sys.sum
2013-06-27 11:25:25 A5F29AC2F0ADE8B995B49D7350CE3AC0 175 ----a-w- C:\Windows\Sysnative\drivers\aswSP.sys.sum
2013-06-27 11:25:25 2E83D2621E87C493AB45DC6655BA77D4 175 ----a-w- C:\Windows\Sysnative\drivers\aswSnx.sys.sum
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-06-27 11:56:53 -------- d-----w- C:\Program Files (x86)\Fotosizer
======= C: =====
2013-07-05 14:09:13 E9F427A8B93360BC06F5CDDA2311D136 13528 ----a-w- C:\AdwCleaner[s1].txt
2013-07-05 14:06:54 0EE3C15B746FDB66A3A5A4B2C8D33D9C 14027 ----a-w- C:\AdwCleaner[R1].txt
====== C:\Users\Fl vio\AppData\Roaming ======
2013-06-23 20:09:03 -------- d-----w- C:\users\Default\AppData\Local\Google
2013-06-23 20:09:03 -------- d-----w- C:\users\Default User\AppData\Local\Google
====== C:\Users\Fl vio ======
2013-07-01 13:39:43 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2013-06-27 11:56:53 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fotosizer
====== C: exe-files ==
2013-07-16 01:14:47 A6F8D4FBC12177A75AB4C06D059229B6 784664 ----a-w- C:\Users\Flávio\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateSetup.exe
2013-07-16 01:14:47 6466C051022547489D3409205128881B 59784 ----atw- C:\Users\Flávio\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateBroker.exe
2013-07-16 01:14:47 1CA3976D1B1FE826ADF339F90AC25C60 59784 ----atw- C:\Users\Flávio\AppData\Local\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe
2013-07-16 01:14:43 D9A08472D8D0218A0AE2C9D9F63EA531 290696 ----atw- C:\Users\Flávio\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
2013-07-16 01:14:43 8726802EA4FBFFA3FD54FD2449BF51D4 217992 ----atw- C:\Users\Flávio\AppData\Local\Google\Update\1.3.21.153\GoogleCrashHandler.exe
2013-07-16 01:14:43 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Users\Flávio\AppData\Local\Google\Update\1.3.21.153\GoogleUpdate.exe
2013-07-16 01:14:42 A6F8D4FBC12177A75AB4C06D059229B6 784664 ----a-w- C:\Users\Flávio\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.153\GoogleUpdateSetup.exe
2013-07-13 12:14:07 735D60EFA430ADFC184CB419E666D1D5 2026848 ----a-w- C:\Users\Flávio\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\28.0.1500.72\28.0.1500.72_28.0.1500.71_chrome_updater.exe
2013-07-13 02:13:35 6466C051022547489D3409205128881B 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleUpdateBroker.exe
2013-07-13 02:13:35 1CA3976D1B1FE826ADF339F90AC25C60 59784 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleUpdateOnDemand.exe
2013-07-13 02:13:34 A6F8D4FBC12177A75AB4C06D059229B6 784664 ----a-w- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleUpdateSetup.exe
2013-07-13 02:13:30 D9A08472D8D0218A0AE2C9D9F63EA531 290696 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler64.exe
2013-07-13 02:13:30 8726802EA4FBFFA3FD54FD2449BF51D4 217992 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe
2013-07-13 02:13:29 506708142BC63DABA64F2D3AD1DCD5BF 116648 ----atw- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleUpdate.exe
2013-07-13 02:13:28 A6F8D4FBC12177A75AB4C06D059229B6 784664 ----a-w- C:\Program Files (x86)\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.153\GoogleUpdateSetup.exe
2013-07-11 06:10:55 98C6F2A9A981A54222602B87C6310BDE 775256 ----a-w- C:\Program Files\Internet Explorer\iexplore.exe
2013-07-11 06:10:55 30E7CA4620500FE012EB464F0E1DE91E 770648 ----a-w- C:\Program Files (x86)\Internet Explorer\iexplore.exe
=== C: other files ==
2013-07-17 13:00:44 8DB8EC0FB1172BA02F34A35AFEB06263 491 ----a-w- C:\Users\Public\Desktop\sample_072013_1000.zip
2013-07-14 18:14:14 0BF8DA9037509AC12F0369324498312D 42033 ----a-w- C:\Users\Todos os Usuários\PCDr\6261\AddOnDownloaderCache\zipped\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.zip
2013-07-14 18:14:14 0BF8DA9037509AC12F0369324498312D 42033 ----a-w- C:\ProgramData\PCDr\6261\AddOnDownloaderCache\zipped\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.zip
2013-07-10 17:04:15 73601028E7C44154318AE91D2EB2EDB3 3153920 ----a-w- C:\Windows\System32\win32k.sys
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1210235661-1573419760-1918872127-1000\Software\Microsoft\Windows\CurrentVersion\Run]
@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"QuickSet"="c:\Program Files\Dell\QuickSet\QuickSet.exe"
"AtherosBtStack"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
"AthBtTray"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
"DellStage"=""C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14/06/2013 10:30]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1210235661-1573419760-1918872127-1000Core.job --a------ C:\Users\Flvio\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1210235661-1573419760-1918872127-1000UA.job --a------ C:\Users\Flvio\AppData\Local\FC:ebook\Update\FC:ebookUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14/08/2012 14:43]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14/08/2012 14:43]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1210235661-1573419760-1918872127-1000Core.job --a------ C:\Users\Flvio\AppData\Local\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1210235661-1573419760-1918872127-1000UA.job --a------ C:\Users\Flvio\AppData\LoC:al\Google\Update\GoogleUpdate.exe []
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[02/10/2012 12:14]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
apdfllckaahabafndbhieahigkjlhalf - C:\Users\FLVIO~1\AppData\Local\Google\Drive\apdfllckaahabafndbhieahigkjlhalf_live.crx[24/05/2013 10:47]
pgacfjdigcddmmncljpflgcfpfahebkh - No path found[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
==== Deleting Registry Keys ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh deleted successfully
==== Silent Runners ======================
"Silent Runners.vbs", revision 69.2, http://www.silentrunners.org/
Output limited to non-default values, except where indicated by "{++}"
Startup items buried in registry:
---------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
Apoint = C:\Program Files\DellTPad\Apoint.exe [Alps Electric Co., Ltd.]
SysTrayApp = C:\Program Files\IDT\WDM\sttray64.exe
IgfxTray = C:\Windows\system32\igfxtray.exe [intel Corporation]
HotKeysCmds = C:\Windows\system32\hkcmd.exe [intel Corporation]
Persistence = C:\Windows\system32\igfxpers.exe [intel Corporation]
QuickSet = c:\Program Files\Dell\QuickSet\QuickSet.exe [Dell Inc.]
AtherosBtStack = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [Atheros Communications]
AthBtTray = "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [Atheros Commnucations]
DellStage = "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\ {++}
avast = "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui [AVAST Software]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}\(Default) = (no title provided)
-> {HKLM...CLSID} = avast! Online Security
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [AVAST Software]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\(Default) = (no title provided)
-> {HKLM...CLSID} = Groove GFS Browser Helper
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = Java Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\ssv.dll [sun Microsystems, Inc.]
-> {HKLM...Wow...CLSID} = Java Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
-> {HKLM...Wow...CLSID} = Auxiliar de ConexÆo de Conta da Microsoft
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO
-> {HKLM...CLSID} = Skype add-on for Internet Explorer
\InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [skype Technologies S.A.]
-> {HKLM...Wow...CLSID} = Skype Browser Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]
-> {HKLM...Wow...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [MS]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = Java Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\jp2ssv.dll [sun Microsystems, Inc.]
-> {HKLM...Wow...CLSID} = Java Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\(Default) = (no title provided)
-> {HKLM...CLSID} = Java Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\ssv.dll [sun Microsystems, Inc.]
-> {HKLM...Wow...CLSID} = Java Plug-In SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\ssv.dll [Oracle Corporation]
{8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}\(Default) = IESpeakDoc
-> {HKLM...Wow...CLSID} = CIESpeechBHO Class
\InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [Atheros Commnucations]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\(Default) = (no title provided)
-> {HKLM...Wow...CLSID} = avast! Online Security
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]
{9030D464-4C02-4ABF-8ECC-5164760863C6}\(Default) = (no title provided)
-> {HKLM...CLSID} = Windows Live ID Sign-in Helper
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
-> {HKLM...Wow...CLSID} = Auxiliar de ConexÆo de Conta da Microsoft
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [MS]
{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\(Default) = SkypeIEPluginBHO
-> {HKLM...CLSID} = Skype add-on for Internet Explorer
\InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [skype Technologies S.A.]
-> {HKLM...Wow...CLSID} = Skype Browser Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]
{B4F3A835-0E21-4959-BA22-42B3008E02FF}\(Default) = URLRedirectionBHO
-> {HKLM...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [MS]
-> {HKLM...Wow...CLSID} = Office Document Cache Handler
\InProcServer32\(Default) = C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [MS]
{C41A1C0E-EA6C-11D4-B1B8-444553540000}\(Default) = G-Buster Browser Defense
-> {HKLM...Wow...CLSID} = GbIehObj Class
\InProcServer32\(Default) = C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [banco do Brasil]
{DBC80044-A445-435b-BC74-9C25C1C588A9}\(Default) = (no title provided)
-> {HKLM...CLSID} = Java Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files\Java\jre6\bin\jp2ssv.dll [sun Microsystems, Inc.]
-> {HKLM...Wow...CLSID} = Java Plug-In 2 SSV Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [Oracle Corporation]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A}
-> {HKCU...CLSID} = UpToDateOverlayHandler Class
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [MS]
SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}
-> {HKCU...CLSID} = SyncingOverlayHandler Class
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [MS]
SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524}
-> {HKCU...CLSID} = ErrorOverlayHandler Class
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll [MS]
00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]
DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.]
DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.]
DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.]
DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.]
GDriveBlacklistedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}
-> {HKLM...CLSID} = Google Drive Shell extension
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
GDriveSharedEditOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}
-> {HKLM...CLSID} = Google Drive Shell extension
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
GDriveSharedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}
-> {HKLM...CLSID} = Google Drive Shell extension
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
GDriveSharedViewOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}
-> {HKLM...CLSID} = Google Drive Shell extension
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
GDriveSyncedOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}
-> {HKLM...CLSID} = Google Drive Shell extension
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
GDriveSyncingOverlay\(Default) = {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}
-> {HKLM...CLSID} = Google Drive Shell extension
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [Google]
Groove Explorer Icon Overlay 1 (GFS Unread Stub)\(Default) = {99FD978C-D287-4F50-827F-B2C658EDA8E7}
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 2 (GFS Stub)\(Default) = {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)\(Default) = {920E6DB1-9907-4370-B3A0-BAFC03D81399}
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 3 (GFS Folder)\(Default) = {16F3DD56-1AF5-4347-846D-7C10C4192619}
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
Groove Explorer Icon Overlay 4 (GFS Unread Mark)\(Default) = {2916C86E-86A6-43FE-8112-43ABE6BF8DCC}
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\
SkyDrive1\(Default) = {F241C880-6982-4CE5-8CF7-7085BA96DA5A}
-> {HKCU...Wow...CLSID} = UpToDateOverlayHandler Class
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS]
SkyDrive2\(Default) = {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}
-> {HKCU...Wow...CLSID} = SyncingOverlayHandler Class
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS]
SkyDrive3\(Default) = {BBACC218-34EA-4666-9D7A-C78F2274A524}
-> {HKCU...Wow...CLSID} = ErrorOverlayHandler Class
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll [MS]
DropboxExt1\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...Wow...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.]
DropboxExt2\(Default) = {FB314EDA-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...Wow...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.]
DropboxExt3\(Default) = {FB314EDB-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...Wow...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.]
DropboxExt4\(Default) = {FB314EDC-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...Wow...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.]
HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.]
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.]
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.]
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} = DropboxExt
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{B8952421-0E55-400B-94A6-FA858FC0A39F} = Atheros BT Extension
-> {HKLM...CLSID} = AppShellPage Class
\InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [Atheros Commnucations]
{C865E0A2-40BF-4ca7-B3F3-162290A67572} = BtContextMenu
-> {HKLM...CLSID} = ContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtContextMenu.dll [Atheros Commnucations]
{AFF81F7B-6942-40c4-AADA-7214EF7B6DD1} = FTShellContext extension
-> {HKLM...CLSID} = FTShellContext Class
\InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [Atheros Commnucations]
{7F67036B-66F1-411A-AD85-759FB9C5B0DB} = ShellViewRTF
-> {HKLM...CLSID} = ShellViewRTF
\InProcServer32\(Default) = C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\PROTECTRP\Shellvrtf64.dll [XSS]
{23170F69-40C1-278A-1000-000100020000} = 7-Zip Shell Extension
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov]
{42042206-2D85-11D3-8CFF-005004838597} = Microsoft Office HTML Icon Handler
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\Microsoft Office\Office14\msohevi.dll [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} = Groove Namespace Extension
-> {HKLM...CLSID} = Espa‡os de Trabalho
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
{72853161-30C5-4D22-B7F9-0BBC1D38A37E} = Groove GFS Browser Helper
-> {HKLM...CLSID} = Groove GFS Browser Helper
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
{6C467336-8281-4E60-8204-430CED96822D} = Groove GFS Context Menu Handler
-> {HKLM...CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
{2A541AE1-5BF6-4665-A8A3-CFA9672E4291} = Groove GFS Explorer Bar
-> {HKLM...CLSID} = Groove Folder Synchronization
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
{16F3DD56-1AF5-4347-846D-7C10C4192619} = Groove Explorer Icon Overlay 3 (GFS Folder)
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 3 (GFS Folder)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
{B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
-> {HKLM...CLSID} = Groove GFS Stub Execution Hook
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
{A449600E-1DC6-4232-B948-9BD794D62056} = Groove GFS Stub Icon Handler
-> {HKLM...CLSID} = Groove GFS Stub Icon Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} = Groove Explorer Icon Overlay 2 (GFS Stub)
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 2 (GFS Stub)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
{920E6DB1-9907-4370-B3A0-BAFC03D81399} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
{2916C86E-86A6-43FE-8112-43ABE6BF8DCC} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 4 (GFS Unread Mark)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
{99FD978C-D287-4F50-827F-B2C658EDA8E7} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
-> {HKLM...CLSID} = Groove Explorer Icon Overlay 1 (GFS Unread Stub)
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
{387E725D-DC16-4D76-B310-2C93ED4752A0} = Groove XML Icon Handler
-> {HKLM...CLSID} = Groove XML Icon Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
{472083B0-C522-11CF-8763-00608CC02F24} = avast
-> {HKLM...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
{E37CB5F0-51F5-4395-A808-5FA49E399F83} = GbPlugin ShlObj
-> {HKLM...Wow...CLSID} = GbPluginObj Class
\InProcServer32\(Default) = C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [banco do Brasil]
{98C11555-BC81-40aa-A053-DAADC5630000} = GbExplorerPersistObj
-> {HKLM...Wow...CLSID} = GbExplorerPersistObj Class
\InProcServer32\(Default) = C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [banco do Brasil]
{7CCA70DB-DE7A-4FB7-9B2B-52E2335A3B5A} = Nameext
-> {HKLM...Wow...CLSID} = Projetos da Empresa
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\NAMEEXT.DLL [MS]
{0006F045-0000-0000-C000-000000000046} = Microsoft Outlook Custom Icon Handler
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files (x86)\Microsoft Office\Office14\OLKFSTUB.DLL [MS]
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} = Microsoft Office Thumbnail Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Thumbnail Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} = Microsoft Office Metadata Handler
-> {HKLM...Wow...CLSID} = Microsoft Office Metadata Handler
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll [MS]
{00F33137-EE26-412F-8D71-F84E4C2C6625} = (no title provided)
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} = Windows Live Photo Gallery Viewer Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} = Windows Live Photo Gallery Editor Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Editor Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} = Windows Live Photo Gallery Autoplay Drop Target Shim
-> {HKLM...Wow...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll [MS]
{472083B0-C522-11CF-8763-00608CC02F24} = avast
-> {HKLM...Wow...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\
<<!>> {B5A7F190-DDA6-4420-B3BA-52453494E6CD} = Groove GFS Stub Execution Hook
-> {HKLM...CLSID} = Groove GFS Stub Execution Hook
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = {807573E5-5146-11D5-A672-00B0D022E945}
-> {HKLM...CLSID} = Microsoft Office InfoPath XML Mime Filter
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL [MS]
HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\
<<!>> ms-help\CLSID = {314111c7-a502-11d2-bbca-00c04f8ec294}
-> {HKLM...CLSID} = HxProtocol Class
\InProcServer32\(Default) = C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll [MS]
<<!>> skype-ie-addon-data\CLSID = {91774881-D725-4E58-B298-07617B9B86A8}
-> {HKLM...CLSID} = Skype IE add-on Pluggable Protocol
\InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [skype Technologies S.A.]
HKCU\Software\Classes\*\shellex\ContextMenuHandlers\
DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.]
-> {HKCU...Wow...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.]
HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov]
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip32.dll [igor Pavlov]
Atheros\(Default) = {B8952421-0E55-400B-94A6-FA858FC0A39F}
-> {HKLM...CLSID} = AppShellPage Class
\InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvAppExt.dll [Atheros Commnucations]
avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]
-> {HKLM...Wow...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]
GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6}
-> {HKLM...CLSID} = GDContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\contextmenu64.dll [Google]
Roxio Burn\(Default) = {E8CB9D53-A47A-42B5-9F5B-96B037C9DD4C}
-> {HKLM...CLSID} = RBMenuHandler Class
\InProcServer32\(Default) = C:\Program Files\Roxio\Roxio Burn\RB_ContextMenu64.dll [TODO: <Company name>]
-> {HKLM...Wow...CLSID} = RBMenuHandler Class
\InProcServer32\(Default) = C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RB_ContextMenu.dll [TODO: <Company name>]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM...CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Classes\AllFilesystemObjects\shellex\ContextMenuHandlers\
00avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]
-> {HKLM...Wow...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]
FTShellContext\(Default) = {AFF81F7B-6942-40c4-AADA-7214EF7B6DD1}
-> {HKLM...CLSID} = FTShellContext Class
\InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\ShellContextExt.dll [Atheros Commnucations]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM...CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
HKCU\Software\Classes\Directory\shellex\ContextMenuHandlers\
DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.]
-> {HKCU...Wow...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.]
HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov]
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip32.dll [igor Pavlov]
GDContextMenu\(Default) = {BB02B294-8425-42E5-983F-41A1FA970CD6}
-> {HKLM...CLSID} = GDContextMenu Class
\InProcServer32\(Default) = C:\Program Files (x86)\Google\Drive\contextmenu64.dll [Google]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM...CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Classes\Directory\shellex\CopyHookHandlers\
Ath_CopyHook\(Default) = {8e10a039-fe03-4f9c-b7e1-c5eeeaf53735}
-> {HKLM...CLSID} = Ath_CopyHook
\InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthCopyHook.dll [Atheros Commnucations]
GbExplorerPersistObj\(Default) = {98C11555-BC81-40aa-A053-DAADC5630000}
-> {HKLM...Wow...CLSID} = GbExplorerPersistObj Class
\InProcServer32\(Default) = C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll [banco do Brasil]
HKLM\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\
7-Zip\(Default) = {23170F69-40C1-278A-1000-000100020000}
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip.dll [igor Pavlov]
-> {HKLM...Wow...CLSID} = (no title provided)
\InProcServer32\(Default) = C:\Program Files\7-Zip\7-zip32.dll [igor Pavlov]
HKCU\Software\Classes\Directory\Background\shellex\ContextMenuHandlers\
DropboxExt\(Default) = {FB314ED9-A251-47B7-93E1-CDD82E34AF8B}
-> {HKCU...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll [Dropbox, Inc.]
-> {HKCU...Wow...CLSID} = DropboxExt
\InProcServer32\(Default) = C:\Users\Fl vio\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll [Dropbox, Inc.]
HKLM\SOFTWARE\Classes\Directory\Background\shellex\ContextMenuHandlers\
igfxcui\(Default) = {3AB1675A-CCFF-11D2-8B20-00A0C93CB1F4}
-> {HKLM...CLSID} = GraphicsShellExt Class
\InProcServer32\(Default) = C:\Windows\system32\igfxpph.dll [intel Corporation]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM...CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = PDF Column Info
-> {HKLM...Wow...CLSID} = PDF Shell Extension
\InProcServer32\(Default) = C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll [Adobe Systems, Inc.]
HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
avast\(Default) = {472083B0-C522-11CF-8763-00608CC02F24}
-> {HKLM...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShA64.dll [AVAST Software]
-> {HKLM...Wow...CLSID} = avast
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\ashShell.dll [AVAST Software]
XXX Groove GFS Context Menu Handler XXX\(Default) = {6C467336-8281-4E60-8204-430CED96822D}
-> {HKLM...CLSID} = Groove GFS Context Menu Handler
\InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
Group Policies {GPedit.msc branch and setting}:
-----------------------------------------------
Note: detected settings may not have any effect.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\
NoRun = (REG_DWORD) dword:0x00000000
{unrecognized setting}
NoControlPanel = (REG_DWORD) dword:0x00000000
{unrecognized setting}
Active Desktop and Wallpaper:
-----------------------------
Active Desktop may be disabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState
Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
Wallpaper = C:\Users\Fl vio\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
Windows Portable Device AutoPlay Handlers
-----------------------------------------
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\
ASHAshampoo_Burning_Studio_2013BURNONARRIVAL\
Provider = Ashampoo Burning Studio 2013
InvokeProgID = Ashampoo.BurningStudio2013
InvokeVerb = autoplay-burn
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2013\shell\autoplay-burn\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2013\burningstudio2013.exe" -autoplay -selectdrive "%l" [Ashampoo]
ASHAshampoo_Burning_Studio_2013COPYONARRIVAL\
Provider = Ashampoo Burning Studio 2013
InvokeProgID = Ashampoo.BurningStudio2013
InvokeVerb = autoplay-copy
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2013\shell\autoplay-copy\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2013\burningstudio2013.exe" -autoplay -selectdrive "%l" -copy [Ashampoo]
ASHAshampoo_Burning_Studio_2013RIPONARRIVAL\
Provider = Ashampoo Burning Studio 2013
InvokeProgID = Ashampoo.BurningStudio2013
InvokeVerb = autoplay-rip
HKLM\SOFTWARE\Classes\Ashampoo.BurningStudio2013\shell\autoplay-rip\Command\(Default) = "C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 2013\burningstudio2013.exe" -autoplay -selectdrive "%l" -rip [Ashampoo]
BasicBurnAdd\
Provider = Roxio Burn
InvokeProgID = BasicBurn.PLAYADD
InvokeVerb = Add
HKLM\SOFTWARE\Classes\BasicBurn.PLAYADD\shell\Add\Command\(Default) = "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe" /BURN %L [null data]
BasicBurnCopy\
Provider = Roxio Burn
InvokeProgID = BasicBurn.PLAYCOPY
InvokeVerb = Copy
HKLM\SOFTWARE\Classes\BasicBurn.PLAYCOPY\shell\Copy\Command\(Default) = "C:\Program Files (x86)\Roxio\OEM\Roxio Burn\Roxio Burn.exe" /Copy %L [null data]
BridgeCS5.1ImportMediaOnArrival\
Provider = Adobe Bridge CS5.1
InvokeProgID = Adobe.adobebridgeCS5.1
InvokeVerb = launch
HKLM\SOFTWARE\Classes\Adobe.adobebridgeCS5.1\shell\launch\command\(Default) = C:\Program Files (x86)\Adobe\Adobe Bridge CS5.1\bridgeproxy.exe -v %1 [Adobe Systems, Inc.]
MPCPlayBluRayOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayBlurayMovie
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayBlurayMovie\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %L\BDMV\INDEX.BDMV [MPC-HC Team]
MPCPlayCDAudioOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayCDAudio
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayCDAudio\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /cd [MPC-HC Team]
MPCPlayDVDMovieOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayDVDMovie
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayDVDMovie\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 /dvd [MPC-HC Team]
MPCPlayMusicFilesOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayMusicFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayMusicFiles\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team]
MPCPlayVideoFilesOnArrival\
Provider = Media Player Classic
InvokeProgID = MediaPlayerClassic.Autorun
InvokeVerb = PlayVideoFiles
HKLM\SOFTWARE\Classes\MediaPlayerClassic.Autorun\shell\PlayVideoFiles\command\(Default) = "C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe" %1 [MPC-HC Team]
MSLivePhotoAcquireDropHandler\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.LivePhotoAcqDTShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.LivePhotoAcqDTShim.1\shell\open\DropTarget\CLSID = {00F33137-EE26-412F-8D71-F84E4C2C6625}
-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
MSLiveShowPicturesOnArrival\
Provider = @%ProgramFiles(x86)%\Windows Live\Photo Gallery\regres.dll,-10
InvokeProgID = Microsoft.Photos.LiveAutoplayShim.1
InvokeVerb = open
HKLM\SOFTWARE\Classes\Microsoft.Photos.LiveAutoplayShim.1\shell\open\DropTarget\CLSID = {00F30F90-3E96-453B-AFCD-D71989ECC2C7}
-> {HKLM...CLSID} = Windows Live Photo Gallery Viewer Autoplay Shim
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShimx64.dll [MS]
MSPlayCDAudioOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.AudioCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.AudioCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /device:AudioCD "%L" [MS]
MSPlayDVDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.DVD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.DVD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:DVD "%L" [MS]
MSPlaySuperVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSPlayVideoCDMovieOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.VCD
InvokeVerb = play
HKLM\SOFTWARE\Classes\WMP.VCD\shell\play\command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:4 /device:VCD "%L" [MS]
MSWMPBurnCDOnArrival\
Provider = @wmploc.dll,-6502
InvokeProgID = WMP.BurnCD
InvokeVerb = Burn
HKLM\SOFTWARE\Classes\WMP.BurnCD\shell\Burn\Command\(Default) = "C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:3 /Task:CDWrite /Device:"%L" [MS]
PDVD9PlayDVDMovieOnArrival\
Provider = PowerDVD 9.5
InvokeProgID = DVD
InvokeVerb = PlayWithPowerDVD9
HKLM\SOFTWARE\Classes\DVD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe" "%L" [CyberLink Corp.]
PDVD9PlaySVCDOnArrival\
Provider = PowerDVD 9.5
InvokeProgID = SVCD
InvokeVerb = PlayWithPowerDVD9
HKLM\SOFTWARE\Classes\SVCD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe" "%L" [CyberLink Corp.]
PDVD9PlayVCDMovieOnArrival\
Provider = PowerDVD 9.5
InvokeProgID = VCD
InvokeVerb = PlayWithPowerDVD9
HKLM\SOFTWARE\Classes\VCD\shell\PlayWithPowerDVD9\Command\(Default) = "C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD Cinema\PowerDVDCinema.exe" "%L" [CyberLink Corp.]
RoxioCreator12PlayCDAudioOnArrival\
Provider = Roxio Creator Classic
InvokeProgID = Creator12
InvokeVerb = open
HKLM\SOFTWARE\Classes\Creator12\shell\open\Command\(Default) = C:\Program Files (x86)\Roxio\OEM\Creator Classic 12\Creator12OEM.exe [sonic Solutions]
RoxioSCAudioCDTask50\
Provider = Roxio Home Audio
InvokeProgID = Roxio.RoxioCentral50
InvokeVerb = AudioCDTask
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral50\shell\AudioCDTask\Command\(Default) = C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe /Launch 10253C4C-229D-4c87-8D1D-169EFDFED869 [null data]
RoxioSCCopyCD50\
Provider = Roxio Home Copy
InvokeProgID = Roxio.RoxioCentral50
InvokeVerb = ExactCopyJob
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral50\shell\ExactCopyJob\Command\(Default) = C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe /Launch 20C35DAF-3B5B-4c2d-9DCD-5C866838F5CC [null data]
RoxioSCCopyDisc50\
Provider = Roxio Home Copy
InvokeProgID = Roxio.RoxioCentral50
InvokeVerb = ExactCopyJob
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral50\shell\ExactCopyJob\Command\(Default) = C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe /Launch 20C35DAF-3B5B-4c2d-9DCD-5C866838F5CC [null data]
RoxioSCDataProject50\
Provider = Roxio Home Data
InvokeProgID = Roxio.RoxioCentral50
InvokeVerb = DataGuide
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral50\shell\DataGuide\Command\(Default) = C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe /Launch 1FA905E4-5763-4ba8-999A-5E104D3CDE8C [null data]
RoxioSCDataTask50\
Provider = Roxio Home Data
InvokeProgID = Roxio.RoxioCentral50
InvokeVerb = DataTask
HKLM\SOFTWARE\Classes\Roxio.RoxioCentral50\shell\DataTask\Command\(Default) = C:\Program Files (x86)\Roxio\OEM\Roxio Central 5\RoxioCentralFx.exe /Launch 9CA0EEEE-5BC5-41e9-8242-BEE21643FFF0 [null data]
VLCPlayCDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.CDAudio
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.CDAudio\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file cdda:///%1 [VideoLAN]
VLCPlayDVDAudioOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]
VLCPlayDVDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.DVDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.DVDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file dvd:///%1 [VideoLAN]
VLCPlayMusicFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]
VLCPlaySVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.SVCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.SVCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]
VLCPlayVCDMovieOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.VCDMovie
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.VCDMovie\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file vcd:///%1 [VideoLAN]
VLCPlayVideoFilesOnArrival\
Provider = VideoLAN VLC media player
InvokeProgID = VLC.OPENFolder
InvokeVerb = Open
HKLM\SOFTWARE\Classes\VLC.OPENFolder\shell\Open\command\(Default) = "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" %1 [VideoLAN]
Windows Sidebar Gadgets: {++}
------------------------
C:\Users\Fl vio\AppData\Local\Microsoft\Windows Sidebar\Settings.ini
"C:%5CProgram%20Files%5CWindows%20Sidebar%5CShared%20Gadgets%5CaswSidebar.gadget"
Non-disabled Scheduled Tasks: {++}
-----------------------------
C:\Windows\System32\Tasks
Adobe Flash Player Updater -> launches: C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Adobe Systems Incorporated]
AdobeAAMUpdater-1.0-Fl vio-PC-Fl vio -> launches: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe -mode=scheduled [Adobe Systems Incorporated]
avast! Emergency Update -> (HIDDEN!) launches: C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [AVAST Software]
FacebookUpdateTaskUserS-1-5-21-1210235661-1573419760-1918872127-1000Core -> launches: C:\Users\Fl vio\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver [Facebook Inc.]
FacebookUpdateTaskUserS-1-5-21-1210235661-1573419760-1918872127-1000UA -> launches: C:\Users\Fl vio\AppData\Local\Facebook\Update\FacebookUpdate.exe /ua /installsource scheduler [Facebook Inc.]
GoogleUpdateTaskMachineCore -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskMachineUA -> launches: C:\Program Files (x86)\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-1210235661-1573419760-1918872127-1000Core -> launches: C:\Users\Fl vio\AppData\Local\Google\Update\GoogleUpdate.exe /c [Google Inc.]
GoogleUpdateTaskUserS-1-5-21-1210235661-1573419760-1918872127-1000UA -> launches: C:\Users\Fl vio\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler [Google Inc.]
PCDEventLauncherTask -> launches: "C:\Program Files\My Dell\sessionchecker.exe" [PC-Doctor, Inc.]
PCDoctorBackgroundMonitorTask -> launches: "C:\Program Files\My Dell\uaclauncher.exe" -backgroundmon scripts\backgroundmon.xml -st PCDoctorBackgroundMonitorTask --ignoresecondarysplash --runsilently [PC-Doctor, Inc.]
SidebarExecute -> launches: C:\Program Files\Windows Sidebar\sidebar.exe /addGadget [MS]
SystemToolsDailyTest -> launches: "uaclauncher.exe" -silentenumeration -st SystemToolsDailyTest --ignoresecondarysplash --runsilently [file not found]
Your File Updater -> launches: C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe [file not found]
{0B6E8EB4-96B9-4CB9-9FC0-225E20507938} -> launches: "c:\users\fl vio\appdata\local\google\chrome\application\chrome.exe" http://www.skype.com/go/downloading?source=lightinstaller&ver=5.5.0.117&LastError=404 [Google Inc.]
{23A857A7-6345-4E28-840E-1AB0E2BFA972} -> launches: C:\Windows\system32\pcalua.exe -a C:\Users\Fl vio\Downloads\Receitanet-1.03.exe -d C:\Users\Fl vio\Downloads [MS]
C:\Windows\System32\Tasks\Games
UpdateCheck_S-1-5-21-1210235661-1573419760-1918872127-1001 -> (HIDDEN!) launches: {CA22F5B1-E06F-4A2B-94FC-21E87FE53781}
-> {HKLM...CLSID} = GameUpdateTask Class
\InProcServer32\(Default) = C:\Windows\System32\gameux.dll [MS]
-> {HKLM...Wow...CLSID} = GameUpdateTask Class
\InProcServer32\(Default) = C:\Windows\SysWOW64\gameux.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Active Directory Rights Management Services Client
AD RMS Rights Policy Template Management (Manual) -> launches: {BF5CB148-7C77-4d8a-A53E-D81C70CF743C}
-> {HKLM...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
-> {HKLM...Wow...CLSID} = AD RMS Rights Policy Template Management (Manual) Task Handler
\InProcServer32\(Default) = C:\Windows\system32\msdrm.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Application Experience
AitAgent -> launches: aitagent [MS]
ProgramDataUpdater -> launches: %windir%\system32\rundll32.exe aepdu.dll,AePduRunUpdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Autochk
Proxy -> launches: %windir%\system32\rundll32.exe /d acproxy.dll,PerformAutochkOperations [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Bluetooth
UninstallDeviceTask -> launches: BthUdTask.exe $(Arg0) [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\CertificateServicesClient
SystemTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
UserTask -> launches: {58fb76b9-ac85-4e55-ac04-427593b1d060}
-> {HKLM...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
-> {HKLM...Wow...CLSID} = Certificate Services Client Task Handler
\InProcServer32\(Default) = C:\Windows\system32\dimsjob.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Customer Experience Improvement Program
Consolidator -> launches: %SystemRoot%\System32\wsqmcons.exe [MS]
KernelCeipTask -> (HIDDEN!) launches: {e7ed314f-2816-4c26-aeb5-54a34d02404c}
-> {HKLM...CLSID} = KernelCeipCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\kernelceip.dll [MS]
UsbCeip -> (HIDDEN!) launches: {c27f6b1d-fe0b-45e4-9257-38799fa69bc8}
-> {HKLM...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
-> {HKLM...Wow...CLSID} = UsbCeip
\InProcServer32\(Default) = C:\Windows\System32\usbceip.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Defrag
ScheduledDefrag -> launches: %windir%\system32\defrag.exe -c [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Diagnosis
Scheduled -> (HIDDEN!) launches: {c1f85ef8-bcc2-4606-bb39-70c523715eb3}
-> {HKLM...CLSID} = ScheduledDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\sdiagschd.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Location
Notifications -> launches: %windir%\System32\LocationNotifications.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Maintenance
WinSAT -> launches: {A9A33436-678B-4C9C-A211-7CC38785E79D}
-> {HKLM...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
-> {HKLM...Wow...CLSID} = WinSAT Task Manger Task
\InProcServer32\(Default) = C:\Windows\system32\WinSATAPI.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MemoryDiagnostic
CorruptionDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
DecompressionFailureDetector -> (HIDDEN!) launches: {190BA3F6-0205-4f46-B589-95C6822899D2}
-> {HKLM...CLSID} = MemoryDiagnosticCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\memdiag.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MobilePC
HotStart -> launches: {06DA0625-9701-43da-BFD7-FBEEA2180A1E}
-> {HKLM...CLSID} = HotStart User Agent
\InProcServer32\(Default) = C:\Windows\System32\HotStartUserAgent.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\MUI
LPRemove -> launches: %windir%\system32\lpremove.exe [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Multimedia
SystemSoundsService -> launches: {2DEA658F-54C1-4227-AF9B-260AB5FC3543}
-> {HKLM...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
-> {HKLM...Wow...CLSID} = Microsoft PlaySoundService Class
\InProcServer32\(Default) = C:\Windows\System32\PlaySndSrv.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\NetTrace
GatherNetworkInfo -> launches: %windir%\system32\gatherNetworkInfo.vbs [null data]
C:\Windows\System32\Tasks\Microsoft\Windows\Power Efficiency Diagnostics
AnalyzeSystem -> launches: %SystemRoot%\System32\powercfg.exe -energy -auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RAC
RacTask -> (HIDDEN!) launches: {42060D27-CA53-41f5-96E4-B1E8169308A6}
-> {HKLM...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
-> {HKLM...Wow...CLSID} = ReliabilityAnalysisCustomHandler
\InProcServer32\(Default) = C:\Windows\system32\RacEngn.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Ras
MobilityManager -> launches: {c463a0fc-794f-4fdf-9201-01938ceacafa}
-> {HKLM...CLSID} = RasMobilityManager
\InProcServer32\(Default) = C:\Windows\system32\rasmbmgr.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Registry
RegIdleBackup -> (HIDDEN!) launches: {ca767aa8-9157-4604-b64b-40747123d5f2}
-> {HKLM...CLSID} = RegistryIdleBackupHandler
\InProcServer32\(Default) = C:\Windows\System32\regidle.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\RemoteAssistance
RemoteAssistanceTask -> (HIDDEN!) launches: %windir%\system32\RAServer.exe /offerraupdate [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\SystemRestore
SR -> launches: %windir%\system32\rundll32.exe /d srrstr.dll,ExecuteScheduledSPPCreation [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Task Manager
Interactive -> (HIDDEN!) launches: {855fec53-d2e4-4999-9e87-3414e9cf0ff4}
-> {HKLM...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
-> {HKLM...Wow...CLSID} = RunTask
\InProcServer32\(Default) = C:\Windows\system32\wdc.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Tcpip
IpAddressConflict1 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPOffendingSystem [MS]
IpAddressConflict2 -> launches: %windir%\system32\rundll32.exe ndfapi.dll,NdfRunDllDuplicateIPDefendingSystem [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\TextServicesFramework
MsCtfMonitor -> (HIDDEN!) launches: {01575cfe-9a55-4003-a5e1-f38d1ebdcbe1}
-> {HKLM...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
-> {HKLM...Wow...CLSID} = MsCtfMonitor task handler
\InProcServer32\(Default) = C:\Windows\system32\MsCtfMonitor.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Time Synchronization
SynchronizeTime -> launches: %windir%\system32\sc.exe start w32time task_started [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\UPnP
UPnPHostConfig -> launches: sc.exe config upnphost start= auto [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WDI
ResolutionHost -> (HIDDEN!) launches: {900be39d-6be8-461a-bc4d-b0fa71f5ecb1}
-> {HKLM...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
-> {HKLM...Wow...CLSID} = DiagnosticInfrastructureCustomHandler
\InProcServer32\(Default) = C:\Windows\System32\wdi.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Error Reporting
QueueReporting -> launches: %windir%\system32\wermgr.exe -queuereporting [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Filtering Platform
BfeOnServiceStartTypeChange -> (HIDDEN!) launches: %windir%\system32\rundll32.exe bfe.dll,BfeOnServiceStartTypeChange [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Windows Media Sharing
UpdateLibrary -> launches: "%ProgramFiles%\Windows Media Player\wmpnscfg.exe" [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\WindowsBackup
ConfigNotification -> launches: %systemroot%\System32\sdclt.exe /CONFIGNOTIFICATION [MS]
C:\Windows\System32\Tasks\Microsoft\Windows\Wininet
CacheTask -> launches: {0358b920-0ac7-461f-98f4-58e32cd89148}
-> {HKLM...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
-> {HKLM...Wow...CLSID} = Wininet Cache task object
\InProcServer32\(Default) = C:\Windows\system32\wininet.dll [MS]
C:\Windows\System32\Tasks\Microsoft\Windows Defender
MP Scheduled Scan -> (HIDDEN!) launches: c:\program files\windows defender\MpCmdRun.exe Scan -ScheduleJob -WinTask -RestrictPrivilegesScan [MS]
C:\Windows\System32\Tasks\Microsoft\Windows Live\SOXE
Extractor Definitions Update Task -> launches: {3519154C-227E-47F3-9CC9-12C3F05817F1}
-> {HKLM...Wow...CLSID} = Windows Live Social Object Extractor Engine Definition Updater
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\SOXE\wlsoxe.dll [MS]
C:\Windows\System32\Tasks\WPD
SqmUpload_S-1-5-21-1210235661-1573419760-1918872127-1000 -> (HIDDEN!) launches: %windir%\system32\rundll32.exe portabledeviceapi.dll,#1 [MS]
Winsock2 Service Provider DLLs:
-------------------------------
Namespace Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000008\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\ {++}
000000000001\LibraryPath = %SystemRoot%\system32\NLAapi.dll [MS]
000000000002\LibraryPath = %SystemRoot%\system32\napinsp.dll [MS]
000000000003\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000004\LibraryPath = %SystemRoot%\system32\pnrpnsp.dll [MS]
000000000005\LibraryPath = %SystemRoot%\System32\mswsock.dll [MS]
000000000006\LibraryPath = %SystemRoot%\System32\winrnr.dll [MS]
000000000007\LibraryPath = %SystemRoot%\system32\wshbth.dll [MS]
000000000008\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
000000000009\LibraryPath = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [MS]
Transport Service Providers
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11
HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries64\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 11
Toolbars, Explorer Bars, Extensions:
------------------------------------
Toolbars
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\
{318A227B-5E9F-45BD-8999-7F8F10CA4CF5} = (no title provided)
-> {HKLM...CLSID} = avast! Online Security
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [AVAST Software]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\
{8E5E2654-AD2D-48BF-AC2D-D17F00898D06} = (no title provided)
-> {HKLM...Wow...CLSID} = avast! Online Security
\InProcServer32\(Default) = C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [AVAST Software]
Explorer Bars
HKLM\SOFTWARE\Classes\CLSID\{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}\(Default) = Groove Folder Synchronization
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [MS]
Extensions (Tools menu items, main toolbar menu buttons)
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{7815BE26-237D-41A8-A98F-F7BD75F71086}\
MenuText = Send by Bluetooth to
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\
ButtonText = Skype Click to Call
CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
-> {HKLM...CLSID} = Skype add-on for Internet Explorer (toolbar button)
\InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [skype Technologies S.A.]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\
{219C3416-8CB2-491A-A3C7-D9FCDDC9D600}\
ButtonText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004
MenuText = @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003
CLSIDExtension = {5F7B1267-94A9-47F5-98DB-E99415F33AEC}
-> {HKLM...Wow...CLSID} = BlogThisToolbarButton Class
\InProcServer32\(Default) = C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll [MS]
{7815BE26-237D-41A8-A98F-F7BD75F71086}\
MenuText = Send by Bluetooth to
CLSIDExtension = {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126}
-> {HKLM...Wow...CLSID} = CIESpeechBHO Class
\InProcServer32\(Default) = C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [Atheros Commnucations]
{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\
ButtonText = Skype Click to Call
CLSIDExtension = {898EA8C8-E7FF-479B-8935-AEC46303B9E5}
-> {HKLM...Wow...CLSID} = Skype Browser Helper
\InProcServer32\(Default) = C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [skype Technologies S.A.]
{A95FE080-8F5D-11D2-A20B-00AA003C157A}\
ButtonText = @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101
MenuText = @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101
Script = res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 [Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041]
Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------
Adobe Acrobat Update Service, AdobeARMservice, "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe" [Adobe Systems Incorporated]
Andrea ST Filters Service, AESTFilters, C:\Program Files\IDT\WDM\AESTSr64.exe [Andrea Electronics Corporation]
Atheros Bt&Wlan Coex Agent, Atheros Bt&Wlan Coex Agent, C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [Atheros]
AtherosSvc, AtherosSvc, C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [Atheros Commnucations]
Audio Service, STacSV, C:\Program Files\IDT\WDM\STacSV64.exe [iDT, Inc.]
avast! Antivirus, avast! Antivirus, "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [AVAST Software]
Gbp Service, GbpSv, C:\PROGRA~2\GbPlugin\GbpSv.exe [GAS Tecnologia]
Messenger Plus! Service, MsgPlusService, "C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe" [Yuna Software]
ScsiAccess, ScsiAccess, C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe [null data]
Skype C2C Service, Skype C2C Service, "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [skype Technologies S.A.]
SoftThinks Agent Service, SftService, "C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE" [softThinks SAS]
Windows Live ID Sign-in Assistant, wlidsvc, "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [MS]
Safe Mode Drivers & Services (subkey name, subkey default value):
-----------------------------------------------------------------
HKLM\System\CurrentControlSet\Control\SafeBoot\Minimal\
<<!>> MCODS,
<<!>> PEVSystemStart, Service
HKLM\System\CurrentControlSet\Control\SafeBoot\Network\
<<!>> MCODS,
<<!>> PEVSystemStart, Service
Print Monitors:
---------------
HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Epson Inbox Language Monitor01\Driver = EP0SLM01.DLL [sEIKO EPSON CORPORATION]
EPSON Stylus C92 Series 64MonitorBL\Driver = E_ILMBZL.DLL [sEIKO EPSON CORPORATION]
LIDIL hpzllw71\Driver = hpzllw71.dll [Hewlett-Packard Corporation]
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Flávio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Visita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Visita\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\FLVIO~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 17/07/2013 at 10:16:21,39 ======================

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Flávio Marquim

|- Baixe: < adwcleaner_logo.jpg > ( ... par Xplode )

|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como Executar_Administrador.jpg
|- Ps: Dê início ao scan,clicando em "Remover". < abpXmu2U.jpg >

acuDr4Nb.jpg

|- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt

-/-

|- Baixe: < ZHPDiag_Silent.jpg > ( ... par Nicolas Coolman )

|- Salve-o no desktop!

ZHPDiag_silent_Abrir_link_zps77a6fb10.jp

|- Ou clique direto na imagem,e escolha: "Abrir link em uma nova guia"
|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Caso utilize o Avast,estabeleça esta configuração à SandBox.
|- Para Windows Vista ou 7,clique direito e execute o arquivo como Executar_Administrador.jpg
|- Aguarde a conclusão do scan e clique em "Copier". <- Aguarde!

ZHPDiag_4cones.jpg

|- Além do relatório,teremos no desktop: ZHP_uninstall, MBRCheck, ZHPDiag, ZHPFix

abi6rX9e.jpg

|- Poste e/ou cole aqui,o link que será gerado,logo após o relatório.

|- Ou acesse: Cjoint_Logo.jpg

|- Ou acesse: abmdaZsE.jpg

|- Maiores informações: < |Link|

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

Flávio Marquim    0

Flávio Marquim
Postado
Bom dia


Fiz os procedimentos. O primeiro deu tudo certo. Segue abaixo o relatório do mesmo.

Já o segundo procedimento creio q fiz tudo corretamente. Desabilitei o antivirus e meu

Avast não tem SandBox pq é a versão free. A partir do desktop executei como administrador,

o programa começou normal e já perto do final deu o seguinte erro:



la rapport c:\users\flávio\desktop\ZHPDiag.txt est introuvable



cliquei em OK e automaticamente abriu uma janela do ZHPDiag Diagnostic Tool.



Não apareceu a opção de clicar em COPIER.



Por favor, me mande novas orientações. Fico no

aguardo e obrigado.



Relatório do primeiro procedimento:




# AdwCleaner v2.304 - Relatório criado em 05/07/2013 às 11:09:13

# Atualizado em 03/07/2013 por Xplode

# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)

# Usuário : Flávio - FLÁVIO-PC

# Modo de Boot : Normal

# Executado de : C:\Users\Flávio\Downloads\AdwCleaner.exe

# Opção [Remover]



***** [serviços] *****



***** [Arquivos/Pastas] *****


Arquivo Removido : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml

Arquivo Removido : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml

Arquivo Removido : C:\user.js

Pasta Removido : C:\Program Files (x86)\FindLyrics

Pasta Removido : C:\ProgramData\Babylon

Pasta Removido : C:\ProgramData\boost_interprocess

Pasta Removido : C:\Users\Flávio\AppData\Local\Babylon

Pasta Removido : C:\Users\Flávio\AppData\LocalLow\AskToolbar

Pasta Removido : C:\Users\Flávio\AppData\LocalLow\Minibar

Pasta Removido : C:\Users\Flávio\AppData\Roaming\Babylon

Pasta Removido : C:\Users\Flávio\AppData\Roaming\yourfiledownloader


***** [Registro] *****


Chave Removida : HKCU\Software\Iminent

Chave Removida : HKCU\Software\InstallCore

Chave Removida : HKCU\Software\Softonic

Chave Removida : HKCU\Software\YourFileDownloader

Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}

Chave Removida : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Chave Removida : HKLM\Software\Babylon

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Chave Removida : HKLM\SOFTWARE\Classes\AppID\escort.DLL

Chave Removida : HKLM\SOFTWARE\Classes\AppID\secman.DLL

Chave Removida : HKLM\SOFTWARE\Classes\Prod.cap

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}

Chave Removida : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

Chave Removida : HKLM\Software\Iminent

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Chave Removida : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}

Chave Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP

Chave Removida : HKLM\Software\YourFileDownloader

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

Chave Removida : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}


***** [Navegadores] *****


-\\ Internet Explorer v10.0.9200.16611


Substituído : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 --> hxxp://www.google.com


-\\ Mozilla Firefox v21.0 (pt-BR)


Arquivo : C:\Users\Flávio\AppData\Roaming\Mozilla\Firefox\Profiles\xv6ttmsm.default\prefs.js


[OK] Arquivo está limpo.


-\\ Google Chrome v27.0.1453.116


Arquivo : C:\Users\Flávio\AppData\Local\Google\Chrome\User Data\Default\Preferences


[OK] Arquivo está limpo.


-\\ Opera v [impossível ler a versão]


Arquivo : C:\Users\Flávio\AppData\Roaming\Opera\Opera\operaprefs.ini


[OK] Arquivo está limpo.


*************************


AdwCleaner[R1].txt - [14027 octets] - [05/07/2013 11:06:54]

AdwCleaner[s1].txt - [13495 octets] - [05/07/2013 11:09:13]


########## EOF - C:\AdwCleaner[s1].txt - [13556 octets] ##########


Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Ok! Flávio Marquim

 

|- Desinstale ZHPDiag. >> Clique: ( ZHP_uninstall ) <<

 

-/-

 

|- Baixe: < http://thisisudax.org/downloads/JRT.exe'>1268r49.png > ( ... by Oleg N. Scherbakov )

|- Salve-o no desktop!
|- Para Windows 7,clique direito em JRT.exe e execute-o ... Executar_Administrador.jpg
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )
|- Poste,também, HijackThis atualizado!
A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

Flávio Marquim    0

Flávio Marquim
Postado

Boa tarde. Seguem os dois relatórios pedidos. Aguardando novas orientações e obrigado.

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 5.1.6 (07.17.2013:4)
OS: Windows 7 Home Basic x64
Ran by Fl vio on 19/07/2013 at 12:12:28,67
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-1210235661-1573419760-1918872127-1000\Software\Microsoft\Internet Explorer\Main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\tracing\askpartnercobrandingtool_rasmancs
~~~ Files
~~~ Folders
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{0443DDFE-3BBC-4459-B436-4AA2F557C076}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{04741831-DC53-45A5-924E-9710D0D48D8F}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{04F32420-C633-41BB-B7DF-04A87D8A78FD}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{05038BA8-564C-4835-939F-34B11018ECEB}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{05C2420E-34F8-4311-A6DD-92DE1AB6575D}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{0655E4BB-93A1-4D51-B498-ADFE5DD2A416}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{06B9B4C4-BDA5-451A-8C94-89939EED504B}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{06F619DB-AA4D-4B1B-A39E-4EA00A319F0A}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{06F914EF-5060-400B-82B3-666509332F02}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{070DB56D-AB28-47E4-9BEA-65E5D1B3DE6F}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{07507880-58CD-473A-9132-53C12DD60275}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{0815CAF6-57FF-42C3-BC6B-7C0A940B2AC4}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{0A205368-6DF0-4276-9B17-59EAF115E9D0}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{0E012ACD-21FD-4F43-BE4E-2C01AF268F66}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{0E0F109D-0180-4B17-A817-6C1ED9A1F55E}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{0FEB8EFF-970D-4DF7-9A82-8E1CD7371DE5}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{12820291-B7D9-4D43-8A4C-C38149F3E5CA}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{1474D196-21DB-4C05-ABED-D1EDCC53C4B0}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{14B776A9-15A2-4697-878F-E96841FC807B}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{14F84AEE-4268-4BD3-96B2-8B0E52EF7C90}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{16A12C75-6218-4F64-8160-486B937E66B2}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{17659073-AB05-422A-8721-D58D57B766F1}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{17AD4046-414B-40F4-A7BE-8BF21549DA62}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{18D96D7A-CF23-4EE2-B30F-08614455F4B4}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{1982C604-6CB4-40AC-A24B-A7BBFF806E44}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{1A7C96FE-4406-4E81-AF59-EB2F575897DF}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{1B87D307-FCF3-4B9B-AEEF-BFDB7EE84A5C}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{1BEE5234-E267-44C9-A1FD-965B4ECE614A}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{1D047096-0871-46D1-BB36-352A4E259804}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{1D9AB965-E265-426F-A7ED-014EB0A7E8B4}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{1DEFDCEA-D6BA-422C-B5B2-71197AF56959}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{1FDB3429-0422-444E-8EAD-5B6559E8C206}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{20AB386C-0547-49E7-8E6B-D2497A43444F}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{2246F05B-1391-48E7-9946-BA2AE7AABD5B}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{2296151C-6BBA-46DD-8095-FA71F0069875}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{22FA37D6-BF8F-4C5D-9B10-24F5C210F97B}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{2404B927-6905-429A-B836-8ADD7ABB275F}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{245B72E2-512E-44F5-A959-5608CFFCF1DA}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{24F46E77-7EF0-443E-8A00-226FE7295BEF}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{2523118D-B700-499C-B664-74CF0C2C7EAB}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{25B786B4-3DA4-4618-A674-4D5F996C017D}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{25FCB474-2719-401E-A947-E7EB6D2F08EB}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{264A516F-B592-451B-A0D4-FC023BE025DF}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{277EB64F-A4D8-4660-AA11-858941CAE1F5}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{27C54D60-74D5-4A7C-9A75-F9752EC0C615}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{28C320DA-35B7-49B9-A212-139DB4BDF645}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{28CDE0EB-CF64-442F-9BFE-4255F9E13743}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{29E152E8-A89B-44D7-9945-34F5439CA155}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{2AF48E8A-1B99-427F-8E4B-2F5BDA61E73F}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{2BECD97F-3D88-46BB-924A-5F2192B15E6C}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{2C712131-48AE-472F-87E1-BAEDBC0E0F76}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{2C7CF289-5DB1-48FB-9400-5941A2271D4D}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{2CA14680-3F9E-4457-AF05-D1328F6D2FA0}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{2CE41DC2-49E2-42BE-A417-C2D0666B98C7}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{2CE4DCEE-831C-4C3C-B7B5-851806419C42}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{2DBF29CC-D584-4E8B-848E-A436CC55A8C2}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{2DC8001F-1BF1-4AF6-BDD6-B1B8FCB2B63C}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{2F562B6D-AEC7-48ED-B4B7-ED2E1D675E8D}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{30454DEC-0EFA-4D1B-A5C1-D8AB8D278646}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{32489835-7474-4114-89A5-6D06A90C7CBF}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{3305684E-E105-4B3E-BED3-7581222D5685}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{350260D9-28B5-45D9-B6E6-17B5FC0D11ED}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{36CFB297-1AD1-4076-A49D-98880E5AC0A0}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{3707AE00-CCD4-4482-BDCA-82254614956B}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{37135AB1-5D24-4A71-90E3-79A7EA4EDD1B}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{37D6105E-08A2-4B61-8D21-D30E57DBDE61}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{395C3479-2792-4A15-8AFD-E8DA8109E09C}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{3AC55C60-966A-4E20-979A-5F44019246A7}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{3B82313A-5CFB-4659-8B39-857A27934569}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{3E237F00-BEEE-48B8-87EE-217C71451996}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{3E5F7EF0-0875-4A87-B121-67E61B8DE229}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{3F551B73-1582-42CD-84E1-7EDC4EE90D1E}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{3FF8ED07-137A-4481-A5DC-CD1A636291D9}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{40DCAF41-647A-43B2-9649-BD89994B2792}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{411A9CB1-D61D-46DC-8B4D-B6929E070510}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{4126DDB4-C18A-4AD1-87B6-D495406CFD03}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{413AF6F0-C825-4CA9-999F-F1CD42E7E81D}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{414A856C-1732-4D62-B673-26AF2DBD06A4}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{42340E38-80F5-4215-BE58-FA6879ADFA63}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{4347DBAC-FC26-451D-8629-A4681B8CFCFC}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{434E5F1B-9A7D-4836-A8E5-5965A4F1D8AF}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{444AD089-F302-49CC-946E-542DB8B8DD13}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{44A5CCF7-667C-4323-90B9-E6C3D98232B0}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{4516F117-D845-4887-8C12-0D231CBEFF26}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{45198C71-EBC9-4E26-9120-EF7348D1A3C0}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{4536C321-3E22-45FB-8476-6DFC7D143489}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{45D29460-3B67-432E-B500-C1C509469FFC}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{461748B4-8C5E-458C-9ACE-177EB43681B0}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{4B01526B-6809-4CFA-A69A-40C76142D8E0}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{4B5B1494-3D00-46CD-B1DC-FA56B8453E8E}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{4BBE9434-0948-47D9-BD9C-BE583BB3BBEF}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{4D769C45-3763-493C-B943-D1C12BA84864}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{4DE8CB86-2EF7-4DF9-96F7-2FE153E5B557}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{504A4CCE-E2E0-4D3B-8506-53A3860BF5FB}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{51411336-A7C8-495D-9FBB-7A0BCD85442A}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{51C4864A-BF8D-473D-B390-530A06572247}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{543C4899-041D-4A93-8549-B844F05B070F}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{54C71F50-A024-4E61-8070-CF71652CE315}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{563740CF-ED35-49F0-98ED-44CEFE26FAD8}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{567497A0-C541-4646-9533-82983AFCC5A7}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{5695892B-6D70-45B1-8BF9-56DAB2421E9D}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{56F874D4-9C27-48B0-B8A3-AD68F36A1D48}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{576BDB6D-0181-4644-A844-28339D7D4630}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{5AC17430-16AD-4F3E-960D-63E8BA39B0E6}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{5AC54550-15CD-4A88-996F-798D9E4B56F8}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{5B0C4866-1245-44F8-AF35-DB687E8A5765}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{5B76ED88-2ED4-48BB-A2B6-B89B3202BE93}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{5BA276D0-A034-4C9C-BBBD-D99F95FC6E0D}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{5C0F341D-414A-4C1E-9410-72B0347755D6}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{5C34C9E4-FDA4-4A82-857E-17EC2C9D57D1}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{5CA23B75-B844-4611-BE02-673E7C99192A}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{5E5EDEFD-751E-4134-93C0-0FF1A12777AC}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{5EA0816A-BF0B-47D1-9E7C-372848EFDCF2}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{5EF78077-7FD2-44A8-AEE0-F6DF64E43A2D}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{5F96ED13-7C35-4614-9418-DEC409319272}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{5FD62C83-03D0-449B-A42E-6E8DC2C3F248}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{600BE152-6BE5-478F-90DF-D3DD01ED3F17}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{60175143-1D67-4E6B-94A2-44B10E74DA14}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{60F80A76-1BEF-433D-9001-D8BE7D15818E}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{61E751D1-BF81-43C0-B2D0-C7E34330FF47}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{6230E6BA-745E-428F-9DD4-D66D0FEEDEC6}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{623A054C-C120-4966-A3E7-464F9C1F0919}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{6247BC4D-BA30-48D0-B980-D9B0038EB556}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{633AD806-66A8-40AC-BDD2-8FC2886C5204}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{63B2E39B-45F1-44B0-82E0-A3EB82FC451C}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{6463E8C9-9E82-48C6-A397-649C9BEB7DC5}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{6571DB95-8182-4F1A-974B-9716A6581C67}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{668AE303-2FDC-4B4B-8D0A-8FD43EF5C8E3}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{66933493-C386-4A0D-B581-D121550F876D}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{688A8C37-C7F0-4728-85EC-586C5E8EB982}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{6904F39C-570E-4AE2-8D17-773A45BF13C5}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{69348699-749D-4BE2-BFEF-8BFD81A9B452}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{69DC2BE2-5E62-4B6C-A656-1ED38830C2E3}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{6A7756CD-0AC0-4266-BB1C-E0968F9E6C18}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{6FB24DD1-433D-4C21-B132-C52268FA8CFC}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{702C14F3-D07A-418B-9B43-E822428EA471}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{7034E8AB-7F10-436B-AB6A-542AE2A64BC4}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{710F8D7A-25F9-4EB1-A66A-8AA1AC659275}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{7301AB18-4B9D-4B60-BCD1-797F068E4127}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{75126783-1EA3-4B64-BB0E-CBC275356F77}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{758693A4-D65C-4A47-9D4D-73B4BAC1B078}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{7641630E-7105-425A-863A-664D03192A66}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{76D4586B-C5FE-4B87-93C5-5A27C256B1DC}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{76E5B28A-D2AA-455B-8B1E-EEBEEC9D0AB7}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{780B4BDB-F121-427D-91EE-24969D946D27}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{78888E14-19EC-4A78-8621-7E97C77FDFE2}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{78B001B6-D0CF-4A11-B454-05176743B835}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{78E142E9-B420-41CC-9E09-352E1ADB0589}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{79AEFB42-D3B5-4BF9-BD53-76B83826B6A4}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{79C2D0E7-A773-4CFD-A713-259F3B0CC965}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{79EE9FF8-8765-4DD8-924A-A5C5378D3E48}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{7A8E815F-0B51-430D-B49D-E9588EAD2A2F}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{7AE26A2E-9C70-4E2F-A94D-A29D183EEE3B}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{7B5D5782-A0D1-424A-B796-D3BD64F2C79E}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{7D0F6B66-6258-464B-9062-F5204F961281}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{7DE4C0BC-EE04-424A-8C82-11DCBB7D8037}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{7DF73BB3-9BAA-42B0-AF42-4C68F4283E3F}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{7F0DF3F3-2D5F-4AC0-8282-DCD2A4401442}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{7FA082C8-9FF8-44B3-9206-12E320565060}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{7FBC0626-F2C5-4082-9180-B171BBA1B9EC}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{834C1126-DE93-4F6D-97B6-1F55EA372517}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{838B848D-3B66-47C0-8416-E7E400D4D7BB}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{839B00E5-3CA1-4D15-9325-6DD71121F901}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{870144E6-3FA5-4933-B1DB-809B65697B5B}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{89664F22-B3BF-4472-A854-B3EBCA25FED2}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{897A3D12-E6A4-4C9D-A3B5-6F51F8D9F729}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{8A071BB5-3AD8-4099-BF4D-8EFD80B96457}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{8A0EFE44-6947-4278-88E4-61725F30F8F6}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{8AE555A3-280A-4C64-A7A6-CA1BC6802493}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{8C170468-4017-498A-808A-A1B840D6116A}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{8C8C7C74-9E9D-4881-8A3B-428C6B4D7E24}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{8CB31C4B-093D-450C-99EC-E7E1EF0BE338}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{8F074FB6-6836-412E-9140-CDE0D6E18A84}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{8FEF5A4E-4F09-4439-B510-45AE44C519C7}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{90EF7512-42A4-42F8-9789-D44A29853538}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{91103E1A-1E02-4848-80EA-8CFCBB51B717}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{912B74AE-C110-432B-B5D1-D0F8C95B2C24}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{9130A585-CDB4-420D-B465-B7D31C44E0C1}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{92984584-C1DE-4CD1-BBCD-941D56926A00}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{92D5EE03-F9E9-48AA-BF32-1B9B74313B86}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{92E9D160-9239-4625-AA50-DF4D3C11EB28}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{92EEA52E-2795-40DA-A972-95E130712D0B}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{9411DFBF-4BF4-4A47-A9D8-1CB022B42FD1}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{943D2F6E-8409-44CB-BAE7-79B0D863A2B0}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{9459EA7B-EFD1-492B-BBC7-137F5669209B}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{985DD67F-E7F2-41AB-9B2B-F0D005D87FBE}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{98BEE4D7-51F1-417C-92AC-CBE297FA37DA}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{99D21137-C891-472D-9F6F-0C869F1ACD1A}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{9A2C9477-7DE8-462C-81D4-C15BB4AC1193}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{9C2F072D-98AA-424C-841A-38DABC5B38E4}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{9C40125E-D060-4E12-9B40-943636300CB0}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{9E284F64-CBE2-4CF6-8050-1794DB7420EE}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{9E7F5CD2-7673-4BDC-ACD1-FFA4BFD58CBD}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{A04B7F5C-B3AB-4D49-B3EE-7667B5E43228}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{A1D7831B-E14F-40CB-92B3-ACD8D768FB11}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{A2F3B566-A254-43C2-938D-F235D0FEBD65}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{A3056E6D-742F-4292-B8B5-4208EC67D732}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{A394BEDE-C602-4B0A-BF86-634F7F31856F}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{A3C48669-7594-40EC-BB70-BC9DF4071828}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{A6E9BA53-DDB8-4C80-80EA-01D10A164359}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{A70DF265-2903-4108-8D98-6DA6023BF09D}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{A715448B-6E0A-41AE-A2EF-0B517C9633DC}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{A82481FA-DA81-484A-97BA-198ACF1DFF09}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{A89B3DA4-A730-422B-BF84-A6B27C9F2BD4}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{A95EE4C1-0D97-4774-A9BC-465A3CE2A66D}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{AA07FE15-0121-4E0E-A6D8-E59745B88C5F}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{AA4730D1-772E-465D-B21B-6B22823143CC}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{AB366666-060C-47DD-82FF-EFC0C848F7B5}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{ABCD0382-81F5-423D-8550-17BB15B9F3E6}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{AD120F3D-8306-4D98-91C5-DA1F87E32B97}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{AD596D54-C068-497A-9726-F2206EA20A4C}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{AD6E2573-0AF2-4655-8790-32CF1F6D974F}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{AE183B23-C9CE-4891-842B-3AD467488693}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{AEF24F2A-CB6E-4C5B-8A88-A8EB2FCE01AF}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{AF4278C2-CCBD-4F89-9C54-9FA2DDD317C5}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{AF5FDF41-BC7C-46A0-B4E4-9F00CF8EF5CA}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{B1478646-947D-4F26-B6FC-19C921BE3029}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{B36F3A41-E1AC-44EE-B903-1478FC04C80D}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{B419E016-8639-49E5-8AA9-8202E4384D86}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{B43DE5FE-DAC3-4414-8D0D-EB9699FFFE8E}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{B44C26A5-6742-43F3-9F44-B14E9B69955C}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{B4989312-AE2A-4FA2-9394-3E0011CAD433}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{B6BD79B2-8746-4FEB-9F54-A97C2FC67134}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{B77B7E02-CA9D-41F8-8E93-21F6CA868EB7}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{B8188895-5568-4E3F-AD59-83900162F70F}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{B97F8888-FAFE-4158-A43C-A807FF511D9A}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{BA07AD2B-4347-4EDD-8A9C-07F3D6595A15}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{BA3486B8-8E32-4864-8902-31A4FA59A142}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{BD55B167-9291-4BBA-B902-739576AC6882}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{BD6D4DE0-3F2C-47D6-9F30-EA44BE83236F}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{BE07C895-8745-45E4-BF6D-96B77090B6EA}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{BE6F5141-FC85-4944-BD9A-9CB840EFB899}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{BE9B2FCB-C515-42D0-81FB-E0E24B5387A9}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{BEDB4449-D970-44E8-A751-ACAC7B23630A}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{C0D34170-B400-4555-9A2F-812D9AB85DE7}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{C15940C1-8FE9-4ED7-97CD-A94E9F626F12}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{C2D06AA5-254B-4E4E-B70F-450514FD582C}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{C34387D4-ECBF-4053-860C-43D32F2CC2BB}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{C35C227E-D6AC-4400-9F36-9CC19F12B84C}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{C43B835D-E6B6-4969-8FEF-F98FB33A730A}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{C4A6683E-A39C-4165-A628-D66695EC5E38}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{C6E649DE-E6E2-42A8-8815-B1CE5D791EF5}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{C8A68EB5-6062-4049-9C20-8A7A1C03ADB8}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{C9A41382-8A0D-4EEE-A52C-11FA3BAC30E3}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{CAD36B0A-3882-413F-B08B-D552C983EC8F}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{CB5E1DB4-45FC-4B02-B906-11AA51DB1B53}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{CC08F113-FC60-4D1D-9456-1E1462FE1CA3}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{CC2CABC1-E73A-49A4-8259-BED245B46B3E}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{CDF4453C-04B7-4D87-A097-2BF903BE8D47}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{CE496DDA-8DA8-4289-9D61-00CFC2B95F23}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{D17CC334-11C2-4C90-A31E-F0B74E032FCD}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{D25FD80C-7C1D-4678-B626-92D1753D6D9B}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{D28BD82E-014D-4BF2-9A42-892D112E0C08}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{D433C497-382E-46BB-BB44-B171488D98F9}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{D436C645-6EC6-48B1-8E28-5004B501BCCD}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{D55DD31F-3AD3-45C0-8DDC-E26E69CE6F1A}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{D6DEF49C-E515-49E4-A8B9-AB68C16C10BE}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{D9899A00-79C0-4BFD-868F-BB546BD23C8C}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{DA73FC09-8268-4F3D-95F3-0ADE5D2F29C7}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{DAD33173-0C33-4497-A2E3-0A35C3BA24B4}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{DB5409DB-1070-4C76-9F62-C3C780D3AC52}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{DC1B2449-A869-4989-9273-77E8A79F4A88}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{DC945CE0-0827-49B8-9A7B-928717C885B1}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{DD72538A-F2A7-4D7F-A319-DAA672E5A16F}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{DE592992-A1C3-4183-BA59-12560AEC5F88}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{DFD0E13B-C1E2-4F50-BD57-933B2C1CA1E2}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{DFF487C9-0A75-424A-AD01-5685F93816F2}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{E1927AEB-6FD9-43E0-9B30-7D286F5AE908}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{E4667AEF-DA51-464B-AF2C-AE4D489AD986}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{E596FA8E-0072-41E6-9FA8-1C1FCE9637F7}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{E6BB82AD-B60C-44EA-953D-FDB50AA75AD9}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{E7D22BCB-126B-4F46-BDCA-A837CC32BC77}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{E859459A-9975-4E5A-8607-2E400FAEEE2F}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{E8F5A80D-2E1F-4DB9-AC33-1446C1BEA98B}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{E9CDEA0C-8F30-4BE6-ACC1-514C73A9FF10}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{EA52D9C3-934D-4647-83DE-688FBFF6ED68}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{EAF29137-CAB3-47A8-A9CB-BFDC6B1CEDD3}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{EC78BDC7-C054-4928-91ED-E45D044B2C13}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{ED818584-8C04-4DD9-8E16-62FFFDC7F706}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{EDBFE6D6-230C-48B0-9C8E-021CED5E6807}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{EE1657B6-2917-4C63-A853-271FFB553CCD}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{EF657403-F607-46A4-8188-B7548715D794}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{F05B4212-9427-4271-BBBA-D19F28D33927}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{F32FC8C3-CC70-498C-9F04-FC0EBD2E796B}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{F3B50D22-7029-4923-899C-5DA415083ED3}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{F3D5E4EC-343A-4CC0-91DB-BBC334872972}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{F5C60A77-20BC-4C77-8111-2D0660D70CB5}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{F9A37FEC-B490-48DF-A6D0-3357361CDFD1}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{F9B0E26D-E3ED-4AD1-85C9-6D0499B6FCB1}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{FA58514E-32E9-4A7F-984B-FF60F6FAA8F5}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{FAE86C48-A108-48B7-847F-F5592F8ADDF7}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{FAEDE925-2571-4DD1-B5CC-C6DE0B254E42}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{FBE99066-904E-4788-85EF-B18269DCCD7A}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{FBEBD239-075F-45AC-A64E-54A2B51AE4C1}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{FCBF99E4-03A1-4751-B3B8-72C484169488}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{FCDDE255-D4FC-4575-9CBF-9E5E46AC303B}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{FCFB0F95-9045-4337-BA17-BD2E9798EF1A}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{FEB1C921-3026-4F95-AE5E-95BBC390364E}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{FED974EE-1768-49A4-A39F-994F5F7C2C91}
Successfully deleted: [Empty Folder] C:\Users\Fl vio\appdata\local\{FEE239EE-ED02-4432-9ADE-C6703C0162DC}
~~~ FireFox
Emptied folder: C:\Users\Fl vio\AppData\Roaming\mozilla\firefox\profiles\xv6ttmsm.default\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 19/07/2013 at 12:19:18,28
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:38:05, on 19/07/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16635)
Boot mode: Normal
Running processes:
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\Flávio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flávio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flávio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flávio\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Flávio\Downloads\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/5
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {682C59F5-478C-4421-9070-AD170D143B77} (Launcher Class) - http://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} (Creative Software AutoUpdate) - http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
O16 - DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} (DellSystemLite.Scanner) - http://support.dell.com/systemprofiler/DellSystemLite.CAB
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package 2) - http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Messenger Plus! Service (MsgPlusService) - Yuna Software - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
O23 - Service: Roxio Hard Drive Watcher 12 (RoxWatch12) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11225 bytes

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! Flávio Marquim

 

|- Baixe: |DelFix| ( ... de Xplode )
DelFix_SetaVerde.jpg
|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.
delfix.gif
|- Execute-a!
|- Com as 3 checkbox marcadas!
|- Clique "Run".
_//_
|- Otimize o Notebook com o JetClean + JetBoost.

|- Baixe: < JetClean 1.5.0 > ( ... by BlueSprig.com )
< Maiores informações! > << Leia aqui!
|- Salve-o em Arquivos de programas. ( jetclean-setup.exe )
adzVh9sP.jpg
|- Instale o software e na guia "1-Click",escolha a opção "Registry Clean".
|- Vá em "Scan Now" e escolha: Shut down PC after Repair
adkBv5Jp.jpg
|- Ou escolhendo a opção "Repair",sem o reboot do PC.
adcx3QVr.jpg
|- À seguir,tente melhorar a performance com o JetBoost.
|- Tudo Ok?
A+

 

Compartilhar este post

Link para o post
Compartilhar em outros sites

Flávio Marquim    0

Flávio Marquim
Postado

Bom dia. Meu notebook continua do mesmo modo. Começa bem e após uma meia hora fica muito lento de novo e sem abrir determinadas coisas como o Explorer por exemplo. Ou seja, dá a impressão de q nada foi feito até aqui. Fiz tudo conforme vc pediu na última orientação. Muito lento ainda. O q pode ser? Me ajude. Espero novas instruções e obrigado.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
Bom Dia! Flávio Marquim
|- Instalou algum software no período?
|- Baixe,novamente,a ferramenta Zoek.
installedprogs;
startupall;
|- Cole estas linhas,àcima,no campo e clique "Run Script".
|- Poste o relatório!
-/-
|- Baixe: < desktopicon.png > ( ... by Swearware )
|- Salve-o no desktop! ( Área de trabalho! )
|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )
|- Feche algum programa/arquivo que esteja aberto.
|- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )
|- Ps: Esteja conectado(a) à Internet. <- Importante!
|- É preciso estar logado no sistema com privilégios de administrador.
|- Execute ComboFix.exe,com um duplo clique.
|- Ps: Instale o "Console de Recuperação",caso seja solicitado! <- Somente XP!
|- Ps: Ficará,portanto,à seu critério optar por sua instalação.
Safe-Mode.jpg
|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.
|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.
|- Abrir-se-á a janela Auto Scan.
etapas.jpg
|- Aguarde a finalização de todas as Etapas.
|- Durante o scan,evite utilizar o mouse ou teclado!
|- Concluindo,poste: C:\ComboFix.txt

"Tentativa de operaçao ilegal em uma chave do Registro marcada para exclusão."

|- Ao ocorrer este erro,basta reiniciar o computador!
|- "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."
Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Flávio Marquim    0

Flávio Marquim
Postado

Boa noite

 

Eu não instalei nenhum software nesse período, a n ser atualizações de antivirus. Fiz os novos procedimentos e seguem abaixo os relatórios. Aguardo novas orientações e obrigado.

 

 

Zoek.exe Version 4.0.0.4 Updated 21-07-2013
Tool run by Fl vio on 22/07/2013 at 19:33:44,29.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Flávio\Desktop\zoek.exe [script inserted]
==== System Restore Info ======================
22/07/2013 19:36:54 Zoek.exe System Restore Point Created Succesfully.
==== Installed Programs ======================
7-Zip 9.21 (x64 edition)
Adobe AIR
Adobe Community Help
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Photoshop CS5.1
Adobe Reader X (10.1.7) - Portuguˆs
Advanced Audio FX Engine
AIDA64 Extreme Edition v2.50
Any DVD Converter Professional 3.7.3
Ares 2.1.8
Ashampoo Burning Studio 2013 v.11.0.5
avast Free Antivirus
AVIcodec (remove only)
BitTorrent
Bluetooth Win7 Suite (64)
CCleaner
CyberLink PowerDVD 9.5
D3DX10
Definition Update for Microsoft Office 2010 (KB982726) 64-Bit Edition
Dell Bluetooth Installation
Dell DataSafe Local Backup
Dell Edoc Viewer
Dell Getting Started Guide
Dell PhotoStage
Dell Touchpad
Dell VideoStage
Dell Webcam Central
DirectX 9 Runtime
Dropbox
DVD Shrink 3.2
Evernote v. 4.5.4
Facebook Video Calling 1.2.0.287
Flashtool
FormatFactory 2.95
Fotosizer 2.03
Free MP3 Cutter 1.01
Free Mp3 Wma Converter V 2.1
Galeria de Fotos
Google Chrome
Google Drive
Google Earth
Google Update Helper
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
Intel® Processor Graphics
IRPF2012 - Declara‡Æo de Ajuste Anual, Final de Esp¢lio e Sa¡da Definitiva do Pa¡s
IRPF2013 - Declara‡Æo de Ajuste Anual, Final de Esp¢lio e Sa¡da Definitiva do Pa¡s
Java 7 Update 25
Java Auto Updater
Java 6 Update 39 (64-bit)
JDownloader 0.9
JetBoost
JetClean
Junk Mail filter update
K-Lite Codec Pack 7.9.0 (Full)
Messenger Plus 5
Messenger Plus for Skype
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile PTB Language Pack
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (Portuguese (Brazil)) 2010
Microsoft Office Excel MUI (Portuguese (Brazil)) 2010
Microsoft Office Groove MUI (Portuguese (Brazil)) 2010
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010
Microsoft Office Office 32-bit Components 2010
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (Portuguese (Brazil)) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (Portuguese (Brazil)) 2010
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared 32-bit MUI (Portuguese (Brazil)) 2010
Microsoft Office Shared MUI (Portuguese (Brazil)) 2010
Microsoft Office Word MUI (Portuguese (Brazil)) 2010
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
M¢dulo de Seguran‡a - Banco do Brasil
Movie Maker
Mozilla Firefox 22.0 (x86 pt-BR)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
My Dell
MyFreeCodec
Pacote de Driver do Windows - Sony Ericsson Mobile Communications (ggsemc) USB (02/22/2011 2.2.0.5)
Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Portuguˆs (Brasil)
Palco de M£sica da Dell
Palco Dell
PDF Settings CS5
Photo Common
Photo Gallery
Photodex Presenter
PhotoShowExpress
ProShow Producer
Quickset64
RBVirtualFolder64Inst
Receitanet
Roxio Activation Module
Roxio BackOnTrack
Roxio Burn
Roxio Creator Starter
Roxio Express Labeler 3
Roxio File Backup
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Excel 2010 (KB2597126) 64-Bit Edition
Security Update for Microsoft Filter Pack 2.0 (KB2553501) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2687422) 64-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2760406) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687276) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687501) 64-Bit Edition
Security Update for Microsoft Office 2010 (KB2687510) 64-Bit Edition
Security Update for Microsoft OneNote 2010 (KB2760600) 64-Bit Edition
Security Update for Microsoft Publisher 2010 (KB2553147) 64-Bit Edition
Security Update for Microsoft Visio 2010 (KB2810068) 64-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2687505) 64-Bit Edition
Security Update for Microsoft Word 2010 (KB2760410) 64-Bit Edition
SEFIP 8.40
Shared C Run-time for x64
Skype Click to Call
SkypeT 6.3
Software para Impressoras EPSON
Sonic CinePlayer Decoder Pack
Subtitle Workshop 2.51
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft Office 2010 (KB2494150)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553092)
Update for Microsoft Office 2010 (KB2553181) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 64-Bit Edition
Update for Microsoft Office 2010 (KB2553378) 64-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2598242) 64-Bit Edition
Update for Microsoft Office 2010 (KB2687509) 64-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 64-Bit Edition
Update for Microsoft Office 2010 (KB2767886) 64-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2597090) 64-Bit Edition
Update for Microsoft Outlook 2010 (KB2687623) 64-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 64-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2598240) 64-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2589371) 64-Bit Edition
Visual Studio 2010 x64 Redistributables
VLC media player 2.0.7
VobSub v2.23 (Remove Only)
WinAVI Video Converter 9.0
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Player Firefox Plugin
WinPcap 4.1.1
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
[HKEY_USERS\S-1-5-21-1210235661-1573419760-1918872127-1000\Software\Microsoft\Windows\CurrentVersion\Run]
@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
@="C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="C:\Program Files\DellTPad\Apoint.exe"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"QuickSet"="c:\Program Files\Dell\QuickSet\QuickSet.exe"
"AtherosBtStack"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
"AthBtTray"="C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
"DellStage"=""C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup"
==== Task Scheduler Jobs ======================
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14/06/2013 10:30]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1210235661-1573419760-1918872127-1000Core.job --a------ C:\Users\Flvio\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1210235661-1573419760-1918872127-1000UA.job --a------ C:\Users\Flvio\AppData\Local\Facebook\Update\FacebookUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14/08/2012 14:43]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [14/08/2012 14:43]
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1210235661-1573419760-1918872127-1000Core.job --a------ C:\Users\Flvio\AppData\Local\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1210235661-1573419760-1918872127-1000UA.job --a------ C:\Users\Flvio\AppData\Local\Google\Update\GoogleUpdate.exe []
==== EOF on 22/07/2013 at 19:38:39,74 ======================
ComboFix 13-07-22.01 - Flávio 22/07/2013 19:58:15.1.4 - x64
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.4004.784 [GMT -3:00]
Executando de: c:\users\Flßvio\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\programdata\PCDr\6261\AddOnDownloaded\0d06f79c-d0e6-4610-9a2b-d8f1a48f4252.dll
c:\programdata\PCDr\6261\AddOnDownloaded\10c3e5d4-52a2-480a-8f7a-8e884993029b.dll
c:\programdata\PCDr\6261\AddOnDownloaded\1a3879e8-dfe0-4d00-87f6-f2db19ac1eee.dll
c:\programdata\PCDr\6261\AddOnDownloaded\237e3e77-d56f-4b53-9d86-d9d8b40ebff3.dll
c:\programdata\PCDr\6261\AddOnDownloaded\31e827f4-bf26-41e4-9984-6422402c51da.dll
c:\programdata\PCDr\6261\AddOnDownloaded\3648a8b0-3389-4840-be40-db026cb0b248.dll
c:\programdata\PCDr\6261\AddOnDownloaded\ab0b7706-a6c8-49aa-9f56-0787e2a45b0b.dll
c:\programdata\PCDr\6261\AddOnDownloaded\b9659de3-009a-489a-9910-f3747d7d70c2.dll
c:\programdata\PCDr\6261\AddOnDownloaded\ba005e12-3139-4327-9f7a-9f2ea6a6c841.dll
c:\programdata\PCDr\6261\AddOnDownloaded\c088a81a-a965-4da7-8b79-eda53ddfa390.dll
c:\programdata\PCDr\6261\AddOnDownloaded\dfd672c1-69ab-446f-b44e-a23e9b8c7410.dll
c:\programdata\PCDr\6261\AddOnDownloaded\f1976bc0-a058-4065-9607-d863f6a63893.dll
c:\programdata\PCDr\6261\AddOnDownloaded\f6023957-62a3-406c-842a-e25d2b71072a.dll
c:\programdata\PCDr\6261\AddOnDownloaded\f80f957a-a781-4825-977a-a4ab79468916.dll
c:\users\Flávio\AppData\Roaming\unins000.exe
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2013-06-22 to 2013-07-22 ))))))))))))))))))))))))))))
.
.
2013-07-22 02:38 . 2013-07-22 02:38 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA26970F-CE2A-4603-8E1C-A44EF50FE84C}\offreg.dll
2013-07-22 02:31 . 2013-07-22 02:31 -------- d-----w- c:\programdata\BlueSprig
2013-07-22 02:17 . 2013-07-22 02:17 -------- d-----w- c:\users\Flávio\AppData\Roaming\BlueSprig
2013-07-22 02:17 . 2013-07-22 02:31 -------- d-----w- c:\program files (x86)\BlueSprig
2013-07-22 02:05 . 2013-07-22 02:07 -------- d-----w- c:\windows\system32\MRT
2013-07-19 15:12 . 2013-07-19 15:12 -------- d-----w- c:\windows\ERUNT
2013-07-19 15:10 . 2013-07-02 08:34 9460976 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AA26970F-CE2A-4603-8E1C-A44EF50FE84C}\mpengine.dll
2013-07-17 13:11 . 2013-07-22 23:16 -------- d-----w- c:\users\Flávio\AppData\Local\Temp
2013-07-17 13:11 . 2013-07-17 13:11 -------- d-----w- c:\users\Flßvio
2013-07-11 06:11 . 2013-06-07 03:22 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-07-11 06:11 . 2013-06-07 02:37 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-07-11 06:11 . 2013-06-11 23:42 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-07-11 06:11 . 2013-06-11 23:42 235520 ----a-w- c:\program files (x86)\Internet Explorer\IEShims.dll
2013-07-11 06:11 . 2013-06-11 23:25 701952 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-07-11 06:11 . 2013-06-11 23:25 526336 ----a-w- c:\windows\system32\ieui.dll
2013-07-11 06:11 . 2013-06-11 23:25 356864 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-07-10 17:05 . 2013-05-27 05:50 1011712 ----a-w- c:\program files\Windows Defender\MpSvc.dll
2013-07-10 17:05 . 2013-05-27 05:50 571904 ----a-w- c:\program files\Windows Defender\MpClient.dll
2013-07-10 17:05 . 2013-05-27 05:50 314880 ----a-w- c:\program files\Windows Defender\MpCommu.dll
2013-07-10 17:05 . 2013-05-27 04:57 4608 ----a-w- c:\program files (x86)\Windows Defender\MsMpLics.dll
2013-07-10 17:05 . 2013-05-27 04:57 54784 ----a-w- c:\program files (x86)\Windows Defender\MpOAV.dll
2013-07-10 17:05 . 2013-05-27 04:57 392704 ----a-w- c:\program files (x86)\Windows Defender\MpClient.dll
2013-07-10 17:05 . 2013-05-27 03:15 9216 ----a-w- c:\program files (x86)\Windows Defender\MpAsDesc.dll
2013-07-10 17:05 . 2013-06-04 06:00 624128 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 17:05 . 2013-06-04 04:53 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 17:05 . 2013-05-06 06:03 1887744 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-07-10 17:05 . 2013-05-06 04:56 1620480 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-07-10 17:04 . 2013-06-05 03:34 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-07-10 17:04 . 2013-04-10 05:46 1367040 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 17:04 . 2013-04-10 05:03 936448 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 17:03 . 2013-04-09 23:34 1247744 ----a-w- c:\windows\SysWow64\DWrite.dll
2013-07-10 17:03 . 2013-04-02 22:51 1643520 ----a-w- c:\windows\system32\DWrite.dll
2013-06-27 11:56 . 2013-06-27 11:56 -------- d-----w- c:\program files (x86)\Fotosizer
2013-06-25 12:41 . 2013-06-25 12:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-06-25 12:41 . 2013-06-25 12:41 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 12:35 . 2013-07-10 19:40 -------- d-----w- c:\programdata\GAS Tecnologia
2013-06-25 12:35 . 2013-06-25 12:35 -------- d-----w- c:\users\Flávio\AppData\Local\GAS Tecnologia
2013-06-23 20:09 . 2013-06-23 20:09 -------- d-----w- c:\users\Default\AppData\Local\Google
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-28 12:39 . 2013-04-16 18:11 378944 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-06-28 12:39 . 2013-04-16 18:11 1030952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-06-28 12:39 . 2013-04-16 18:11 189936 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-06-25 12:41 . 2012-08-23 00:34 867240 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-06-25 12:41 . 2011-09-23 03:02 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-24 03:57 . 2011-11-07 13:12 78277128 ----a-w- c:\windows\system32\MRT.exe
2013-06-14 13:30 . 2012-04-03 22:17 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-14 13:30 . 2011-09-23 02:53 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-14 13:30 . 2013-06-14 13:30 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-05-13 05:51 . 2013-06-12 14:21 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-05-13 05:51 . 2013-06-12 14:21 1464320 ----a-w- c:\windows\system32\crypt32.dll
2013-05-13 05:51 . 2013-06-12 14:21 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-05-13 05:50 . 2013-06-12 14:21 52224 ----a-w- c:\windows\system32\certenc.dll
2013-05-13 04:45 . 2013-06-12 14:21 1160192 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-05-13 04:45 . 2013-06-12 14:21 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-05-13 04:45 . 2013-06-12 14:21 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-05-13 03:43 . 2013-06-12 14:21 1192448 ----a-w- c:\windows\system32\certutil.exe
2013-05-13 03:08 . 2013-06-12 14:21 903168 ----a-w- c:\windows\SysWow64\certutil.exe
2013-05-13 03:08 . 2013-06-12 14:21 43008 ----a-w- c:\windows\SysWow64\certenc.dll
2013-05-12 18:35 . 2012-07-17 17:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-10 05:49 . 2013-06-12 14:22 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-05-10 03:20 . 2013-06-12 14:22 24576 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-05-09 08:59 . 2013-04-16 18:11 72016 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-05-09 08:59 . 2013-04-16 18:11 64288 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-05-09 08:59 . 2013-04-16 18:11 65336 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-05-09 08:59 . 2013-04-16 18:11 33400 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-05-09 08:59 . 2013-04-16 18:11 80816 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-05-09 08:58 . 2013-04-16 18:10 41664 ----a-w- c:\windows\avastSS.scr
2013-05-09 08:58 . 2013-04-16 18:11 287840 ----a-w- c:\windows\system32\aswBoot.exe
2013-05-08 12:52 . 2011-11-07 15:33 49536 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys
2013-05-08 06:39 . 2013-06-12 14:22 1910632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-02 13:22 . 2013-05-02 13:22 2274480 ----a-w- c:\windows\system32\coin94.dll
2013-05-02 05:06 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-26 05:51 . 2013-06-12 14:22 751104 ----a-w- c:\windows\system32\win32spl.dll
2013-04-26 04:55 . 2013-06-12 14:22 492544 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-04-25 23:30 . 2013-06-12 14:21 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2011-09-16 18:12 . 2011-11-07 17:34 3623592 ----a-w- c:\program files (x86)\Common Files\ApnToolbarInstaller.exe
2011-09-16 18:12 . 2011-11-07 17:34 143240 ----a-w- c:\program files (x86)\Common Files\ApnStub.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-13 11:47 220632 ----a-w- c:\users\Flávio\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-13 11:47 220632 ----a-w- c:\users\Flávio\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-13 11:47 220632 ----a-w- c:\users\Flávio\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Flávio\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Flávio\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Flávio\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 130736 ----a-w- c:\users\Flávio\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2013-05-23 13:47 1389096 ------w- c:\program files (x86)\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys;c:\windows\SYSNATIVE\drivers\gbpkm.sys [x]
R2 RoxWatch12;Roxio Hard Drive Watcher 12;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys;c:\windows\SYSNATIVE\DRIVERS\CtClsFlt.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys;c:\windows\SYSNATIVE\DRIVERS\ggflt.sys [x]
R3 Impcd;Impcd;c:\windows\system32\drivers\Impcd.sys;c:\windows\SYSNATIVE\drivers\Impcd.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RoxMediaDB12OEM;RoxMediaDB12OEM;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe;c:\program files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe;c:\program files\IDT\WDM\AESTSr64.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 MsgPlusService;Messenger Plus! Service;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe;c:\program files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys;c:\windows\SYSNATIVE\DRIVERS\dc3d.sys [x]
S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-07-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 13:30]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-14 17:43]
.
2013-07-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-14 17:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-02-13 11:47 244696 ----a-w- c:\users\Flávio\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-02-13 11:47 244696 ----a-w- c:\users\Flávio\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-02-13 11:47 244696 ----a-w- c:\users\Flávio\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Flávio\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Flávio\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Flávio\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-04-04 22:12 164016 ----a-w- c:\users\Flávio\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2011-03-29 608112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-05-27 1128448]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-03-30 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-03-30 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-03-30 418840]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-05-20 627360]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-05-20 379552]
"DellStage"="c:\program files (x86)\Dell Stage\Dell Stage\stage_primary.exe" [2011-04-29 2055016]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
IE: Add to Evernote 4.0 - c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\www
TCP: DhcpNameServer = 200.175.5.139 200.175.89.139
DPF: {682C59F5-478C-4421-9070-AD170D143B77} - hxxp://www.dell.com/support/troubleshooting/Content/Ode/pcd86.cab
FF - ProfilePath - c:\users\Flávio\AppData\Roaming\Mozilla\Firefox\Profiles\xv6ttmsm.default\
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\Flávio\AppData\Roaming\unins000.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-1210235661-1573419760-1918872127-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-1210235661-1573419760-1918872127-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Photodex\ProShowProducer\ScsiAccess.exe
c:\program files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
.
**************************************************************************
.
Tempo para conclusão: 2013-07-22 20:20:53 - Máquina reiniciou
ComboFix-quarantined-files.txt 2013-07-22 23:20
.
Pré-execução: 416.272.822.272 bytes disponíveis
Pós execução: 415.549.517.824 bytes disponíveis
.
- - End Of File - - 9FC45D2EF763FBD846D9EE73D9F1D11C
D41D8CD98F00B204E9800998ECF8427E

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Tarde! Flávio Marquim

 

|- Baixe: < Pre_Scan > ( ... par g3n-h@ckm@n & Saachaa )
abdEsti0.jpg
|- Ou aqui: < Pre-Scan > Mirror!
|- Ou aqui: < Pre_Scan.pif > Caso ocorra impedimentos por malwares!
|- Estando na página,clique na seta verde ou Mirror 1.
|- Salve-o no desktop! < images_2.jpg ( winlogon ) >
|- Desabilite seu antivírus,antispyware,sandbox e/ou firewall.
|- Feche programas que estejam abertos e execute a ferramenta!
< acqtsq8m.jpg >
|- Duplo-clique em Pre_scan.exe.
|- Ps: Durante o scan,sua área de trabalho irá desaparecer e janelas pretas irão surgir na tela. Tudo isso é normal e faz parte do funcionamento da ferramenta.
Pre_Scan_Kill.jpg
|- Encontrando infecções,pode ocorrer reinicialização e aparecer essa tela,logo àcima.
|- Ps: Caso apareça e não mostre nenhuma solicitação,clique em "Kill".
|- Neste caso,haverá novo scan e,ao final,será disponibilizado o relatório.
|- Poderá haver reboot(s) e prosseguimento do scan. << Aguarde!
|- Poste ao concluir,o relatório! ( Pre_Scan.txt ) << Link ao relatório!
|- Para enviar,acesse!: Cjoint_Logo.jpg
|- Ou...1fichier.com

 

|- Ou...myfile.tk
A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

Flávio Marquim    0

Flávio Marquim
Postado

Boa noite

 

Estou postando aqui pq n entendi como usar da forma q vc indicou. Espero q n afete suas análises. Outra coisa é q usei o programa uma vez e ao final achei estranho pq nem o notebook reiniciou nem gerou o relatório automaticamente. Resolvi reiniciar e executei de novo o programa e o mesmo terminou da mesmo forma sem reiniciar ou gerar automaticamente o relatório. Reiniciei mais uma vez e agora envio pra sua anáise dois relatórios: o do primeiro scan e o do segundo. Espero n ter feito nada errado e aguardo novas orientações. Obrigado.

 

 

Primeiro Scan:

 

 

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.0722 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 15:45:05
~ Update on 22/07/2013 | 14.20 by g3n-h@ckm@n
~ [Flávio (Administrator)] - [FLÁVIO-PC]
~ SID = S-1-5-21-1210235661-1573419760-1918872127-1000
~ System : Windows 7 Home Basic (64 bits) HomeBasic Service Pack 1
~ ProcessorNameString : Intel® Core i5-2410M CPU @ 2.30GHz
~ Identifier : Intel64 Family 6 Model 42 Stepping 7
~ Mémory RAM = Total (MB) : 4100 | Free (MB) : 744
~ Pagefile = Total (MB) : 8199 | Free (MB) : 4685
~ Virtual = Total (MB) : 4194 | Free (MB) : 4057
¤¤¤¤¤¤¤¤¤¤ | Boot's scripts
C:\Windows\Setup\Scripts\labelc2rdrive.exe
C:\Windows\Setup\Scripts\labelc2rdrive.exe.config
C:\Windows\Setup\Scripts\SetupComplete.cmd
C:\Windows\Setup\Scripts\oobe.cmd
¤¤¤¤¤¤¤¤¤¤ | Drives
c:\-> [Fixed] | [OS] | Total : 463330 Mo | Free : 396250 Mo -> NTFS
¤¤¤¤¤¤¤¤¤¤ | Windows Updates
No windows updates detected !!!
¤¤¤¤¤¤¤¤¤¤ | Sessions
~ C:\Windows\system32\config\systemprofile
~ C:\Windows\ServiceProfiles\LocalService
~ C:\Windows\ServiceProfiles\NetworkService
~ C:\Users\Flávio
~ C:\Users\Visita
New restorepoint created
Standby deleted !
¤¤¤¤¤¤¤¤¤¤ | stopped Processes
(880) -- gbpsv.exe
(1028) -- stacsv64.exe
(1596) -- spoolsv.exe
(1724) -- armsvc.exe
(1752) -- AESTSr64.exe
(1780) -- Ath_CoexAgent.exe
(1804) -- AdminService.exe
(1876) -- MsgPlusForSkypeService.exe
(1964) -- scsiaccess.exe
(1280) -- SftService.exe
(1472) -- c2c_service.exe
(2180) -- WLIDSVC.EXE
(2508) -- WLIDSVCM.EXE
(3028) -- taskhost.exe
(1920) -- explorer.exe
(3488) -- Toaster.exe
(3496) -- DSUpd.exe
(3720) -- STService.exe
(3584) -- Apoint.exe
(2980) -- sttray64.exe
(2976) -- igfxtray.exe
(3428) -- hkcmd.exe
(3304) -- igfxpers.exe
(3616) -- BtvStack.exe
(2868) -- AthBtTray.exe
(4256) -- SearchIndexer.exe
(4488) -- ApMsgFwd.exe
(4756) -- ApntEx.exe
(4764) -- wmpnetwk.exe
(4788) -- conhost.exe
(4812) -- hidfind.exe
(4668) -- chrome.exe
(5344) -- chrome.exe
(5140) -- chrome.exe
(5692) -- chrome.exe
(2292) -- mscorsvw.exe
(4680) -- TrustedInstaller.exe
¤¤¤¤¤¤¤¤¤¤ | Running processes
Boot : Normal
[10/04/2013 06:59:42] - 396 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Gerenciador de Sessão do Windows.) - (6.1.7601.18113) -> \SystemRoot\System32\smss.exe [112640 Ko]
[13/07/2009 20:19:49] - 492 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [7680 Ko]
[13/07/2009 20:52:37] - 592 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) - (6.1.7600.16385) -> wininit.exe [129024 Ko]
[13/07/2009 20:19:49] - 620 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [7680 Ko]
[13/07/2009 20:19:46] - 660 | C:\Windows\system32\services.exe (.Microsoft Corporation - Aplicativo de serviços e controle.) - (6.1.7600.16385) -> C:\Windows\system32\services.exe [328704 Ko]
[17/01/2012 20:16:10] - 676 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.17725) -> C:\Windows\system32\lsass.exe [31232 Ko]
[21/11/2010 00:23:53] - 684 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Serviço do Gerenciador de Sessão Local.) - (6.1.7601.17514) -> C:\Windows\system32\lsm.exe [343040 Ko]
[13/07/2009 20:31:13] - 800 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch [27136 Ko]
[21/11/2010 00:24:29] - 920 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Aplicativo de Logon do Windows.) - (6.1.7601.17514) -> winlogon.exe [390656 Ko]
[13/07/2009 20:31:13] - 972 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS [27136 Ko]
[13/07/2009 20:31:13] - 292 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 Ko]
[13/07/2009 20:31:13] - 512 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [27136 Ko]
[13/07/2009 20:31:13] - 496 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService [27136 Ko]
[13/07/2009 20:31:13] - 680 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs [27136 Ko]
[13/07/2009 20:31:13] - 1196 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k GPSvcGroup [27136 Ko]
[13/07/2009 20:31:13] - 1308 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService [27136 Ko]
[18/05/2013 00:34:53] - 1444 | C:\Program Files\AVAST Software\Avast\AvastSvc.exe (.AVAST Software - avast! Service.) - (8.0.1489.300) -> "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [46808 Ko]
[13/07/2009 20:31:13] - 1632 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [27136 Ko]
[13/07/2009 20:31:13] - 2100 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k imgsvc [27136 Ko]
[13/07/2009 20:31:13] - 2148 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k secsvcs [27136 Ko]
[13/07/2009 20:37:38] - 1232 | C:\Windows\system32\Dwm.exe (.Microsoft Corporation - Gerenciador de Janelas da Área de Trabalho.) - (6.1.7600.16385) -> "C:\Windows\system32\Dwm.exe" [120320 Ko]
[13/07/2009 20:31:13] - 3100 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k bthsvcs [27136 Ko]
[13/07/2009 20:31:13] - 3220 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [27136 Ko]
[13/07/2009 20:31:13] - 3388 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [27136 Ko]
[18/05/2013 00:34:53] - 4192 | C:\Program Files\AVAST Software\Avast\AvastUI.exe (.AVAST Software - avast! Antivirus.) - (8.0.1489.300) -> "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui [4858968 Ko]
[18/03/2010 13:27:14] - 5104 | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (.Microsoft Corporation - .NET Runtime Optimization Service.) - (4.0.30319.1) -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 Ko]
[13/07/2009 20:59:17] - 2792 | C:\Windows\system32\DllHost.exe (.Microsoft Corporation - COM Surrogate.) - (6.1.7600.16385) -> C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} [9728 Ko]
[24/07/2013 15:39:50] - 6272 | C:\Users\Flávio\Desktop\winlogon.exe (. - g3n-h@ckm@n.) - (3.0.7.22) -> "C:\Users\Flávio\Desktop\winlogon.exe" [2437701 Ko]
[23/09/2011 05:38:17] - 1336 | C:\Windows\Explorer.exe (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) -> Explorer.exe [2871808 Ko]
[25/06/2013 09:35:37] - 2140 | C:\PROGRA~2\GbPlugin\GbpSv.exe (.GAS Tecnologia - G-Buster Browser Defense - Service.) - (2.4.13.1) -> C:\PROGRA~2\GbPlugin\GbpSv.exe [410152 Ko]
[17/07/2012 15:14:44] - 1040 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4311.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [2292480 Ko]
[17/07/2012 15:14:44] - 1120 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4311.0) -> WLIDSvcM.exe 1040 [223488 Ko]
[23/09/2011 05:38:19] - 3952 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexador do Microsoft Windows Search.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding [591872 Ko]
[21/11/2010 00:25:05] - 3192 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Serviço de Compartilhamento de Rede do Windows Media Player.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1525248 Ko]
[20/08/2012 10:24:57] - 5200 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Aplicativo de subsistema de spooler.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe [559104 Ko]
[18/03/2010 12:16:28] - 6564 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (.Microsoft Corporation - .NET Runtime Optimization Service.) - (4.0.30319.1) -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 Ko]
[21/11/2010 00:24:03] - 6692 | C:\Windows\servicing\TrustedInstaller.exe (.Microsoft Corporation - Instalador de Módulos do Windows.) - (6.1.7601.17514) -> C:\Windows\servicing\TrustedInstaller.exe [194048 Ko]
[13/07/2009 20:59:17] - 4964 | C:\Windows\system32\DllHost.exe (.Microsoft Corporation - COM Surrogate.) - (6.1.7600.16385) -> C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683} [9728 Ko]
[12/12/2012 22:26:46] - 4040 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.2.9200.16398) -> C:\Windows\system32\wbem\wmiprvse.exe [432128 Ko]
¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK !
¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine
Repaired : [HKLM | Winlogon]|[userinit] : C:\Windows\system32\userinit.exe, -> C:\Windows\SysWOW64\userinit.exe,
Repaired : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]|[userinit] : C:\Windows\SysWOW64\userinit.exe, -> C:\Windows\System32\userinit.exe,
¤¤¤¤¤¤¤¤¤¤ | Associations
Repaired : [HKCR\Folder\shell\open\command] : %SystemRoot%\Explorer.exe -> C:\Windows\Explorer.exe
¤
Repaired : [HKLM\Software\Clients\StartMenuInternet\Firefox.exe\shell\open\command] : C:\Program Files (x86)\Mozilla Firefox\firefox.exe -> "C:\Program Files (x86)\Mozilla Firefox\Firefox.exe"
¤¤¤¤¤¤¤¤¤¤ | Registry
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0
Repaired : [HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0
Repaired : [HKU\S-1-5-21-1210235661-1573419760-1918872127-1000\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0
¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair
Safeboot Keys are O.K
Alternate shell is OK !
¤
Safeboot Minimal Subkeys : O.K !
¤
Safeboot Network Subkeys : O.K !
¤¤¤¤¤¤¤¤¤¤ | IFEO : OK !
¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 : OK !
¤¤¤¤¤¤¤¤¤¤ | Windows
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
Winsrv : OK !
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0
¤¤¤¤¤¤¤¤¤¤ | Security Center : OK !
¤¤¤¤¤¤¤¤¤¤ | Services Corrections
Repaired : [HKLM | Services\agp440] : 3 -> 2
Repaired : [HKLM | Services\EapHost] : 3 -> 2
Repaired : [HKLM | Services\wudfsvc] : 3 -> 2
Repaired : [HKLM | Services\WerSvc] : 3 -> 2
¤¤¤¤¤¤¤¤¤¤ | Internet Explorer
Repaired : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main]|[start Page] : http://www.google.com -> http://www.google.com/
Repaired : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main]|[start Page] : http://www.google.com -> http://www.google.com/
Repaired : [HKU\S-1-5-21-1210235661-1573419760-1918872127-1000\Software\Microsoft\Internet Explorer\Main]|[start Page] : http://www.google.com -> http://www.google.com/
Repaired : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main]|[start Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> http://www.google.com/
Repaired : [HKU\S-1-5-21-1210235661-1573419760-1918872127-1000\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Search]|[searchAssistant] : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> http://www.google.com/ie
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[start Page] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157
Repaired : [HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157
¤
Hijack.Internet : OK
¤¤¤¤¤¤¤¤¤¤ | Hosts
C:\Windows\System32\Drivers\etc\hosts : Cleaned
¤¤¤¤¤¤¤¤¤¤ | reparsepoint
¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry
Moved to quarantine successfully : C:\Users\Flávio\AppData\Roaming\unins000.dat
Will be moved at reboot : C:\ProgramData\Hewlett-Packard
Moved to quarantine successfully : C:\ProgramData\NTUSER.DAT{3a1495e8-724d-11e2-8734-9439e520b668}.TM.blf
Moved to quarantine successfully : C:\ProgramData\NTUSER.DAT{3a1495e8-724d-11e2-8734-9439e520b668}.TMContainer00000000000000000001.regtrans-ms
Moved to quarantine successfully : C:\ProgramData\NTUSER.DAT{3a1495e8-724d-11e2-8734-9439e520b668}.TMContainer00000000000000000002.regtrans-ms
Will be moved at reboot : C:\ProgramData\PC-Doctor for Windows
Moved to quarantine successfully : C:\ProgramData\regid.1986-12.com.adobe
Moved to quarantine successfully : C:\Windows\assembly\tmp\
Moved to quarantine successfully : C:\Users\Flávio\AppData\LocalLow\Sun\Java\Deployment\cache\6.0
Moved to quarantine successfully : C:\Users\Flávio\AppData\LocalLow\Sun\Java\Deployment\cache\security
Prefetch -> Emptied
Suspect : C:\Users\Flávio\AppData\Roaming\dvdcss\$1.anv
Suspect : C:\ProgramData\DVD Shrink\Analysis Results.ebd40c36
Suspect : C:\ProgramData\DVD Shrink\Analysis Results.18e5dcdd
Suspect : C:\ProgramData\Licenses\MFRPMA.lic
Segundo Scan:
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | Saachaa | 3.0722 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
~ ¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 20:37:49
~ Update on 22/07/2013 | 14.20 by g3n-h@ckm@n
~ [Flávio (Administrator)] - [FLÁVIO-PC]
~ SID = S-1-5-21-1210235661-1573419760-1918872127-1000
~ System : Windows 7 Home Basic (64 bits) HomeBasic Service Pack 1
~ ProcessorNameString : Intel® Core i5-2410M CPU @ 2.30GHz
~ Identifier : Intel64 Family 6 Model 42 Stepping 7
~ Mémory RAM = Total (MB) : 4100 | Free (MB) : 773
~ Pagefile = Total (MB) : 8199 | Free (MB) : 4468
~ Virtual = Total (MB) : 4194 | Free (MB) : 4061
¤¤¤¤¤¤¤¤¤¤ | Boot's scripts
C:\Windows\Setup\Scripts\labelc2rdrive.exe
C:\Windows\Setup\Scripts\labelc2rdrive.exe.config
C:\Windows\Setup\Scripts\SetupComplete.cmd
C:\Windows\Setup\Scripts\oobe.cmd
¤¤¤¤¤¤¤¤¤¤ | Drives
c:\-> [Fixed] | [OS] | Total : 463330 Mo | Free : 395800 Mo -> NTFS
¤¤¤¤¤¤¤¤¤¤ | Windows Updates
No windows updates detected !!!
¤¤¤¤¤¤¤¤¤¤ | Sessions
~ C:\Windows\system32\config\systemprofile
~ C:\Windows\ServiceProfiles\LocalService
~ C:\Windows\ServiceProfiles\NetworkService
~ C:\Users\Flávio
~ C:\Users\Visita
New restorepoint created
Standby deleted !
¤¤¤¤¤¤¤¤¤¤ | stopped Processes
(868) -- gbpsv.exe
(984) -- stacsv64.exe
(1636) -- spoolsv.exe
(1800) -- taskhost.exe
(1892) -- explorer.exe
(1532) -- taskeng.exe
(1748) -- armsvc.exe
(1480) -- AESTSr64.exe
(728) -- Ath_CoexAgent.exe
(608) -- AdminService.exe
(2072) -- MsgPlusForSkypeService.exe
(2388) -- scsiaccess.exe
(2488) -- SftService.exe
(2544) -- c2c_service.exe
(3068) -- WLIDSVC.EXE
(2216) -- WLIDSVCM.EXE
(3316) -- SearchIndexer.exe
(3408) -- Toaster.exe
(3416) -- Apoint.exe
(3424) -- DSUpd.exe
(3544) -- sttray64.exe
(3572) -- igfxtray.exe
(3588) -- hkcmd.exe
(3596) -- igfxpers.exe
(3680) -- ApMsgFwd.exe
(3712) -- BtvStack.exe
(3756) -- ApntEx.exe
(3772) -- conhost.exe
(3804) -- hidfind.exe
(3812) -- AthBtTray.exe
(3924) -- STService.exe
(4432) -- wmpnetwk.exe
(976) -- mscorsvw.exe
(2712) -- sppsvc.exe
¤¤¤¤¤¤¤¤¤¤ | Running processes
Boot : Normal
[10/04/2013 06:59:42] - 396 | C:\Windows\System32\smss.exe (.Microsoft Corporation - Gerenciador de Sessão do Windows.) - (6.1.7601.18113) -> \SystemRoot\System32\smss.exe [112640 Ko]
[13/07/2009 20:19:49] - 496 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [7680 Ko]
[13/07/2009 20:52:37] - 596 | C:\Windows\system32\wininit.exe (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) - (6.1.7600.16385) -> wininit.exe [129024 Ko]
[13/07/2009 20:19:49] - 620 | C:\Windows\system32\csrss.exe (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.1.7600.16385) -> %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 [7680 Ko]
[13/07/2009 20:19:46] - 660 | C:\Windows\system32\services.exe (.Microsoft Corporation - Aplicativo de serviços e controle.) - (6.1.7600.16385) -> C:\Windows\system32\services.exe [328704 Ko]
[17/01/2012 20:16:10] - 676 | C:\Windows\system32\lsass.exe (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.17725) -> C:\Windows\system32\lsass.exe [31232 Ko]
[21/11/2010 00:23:53] - 684 | C:\Windows\system32\lsm.exe (.Microsoft Corporation - Serviço do Gerenciador de Sessão Local.) - (6.1.7601.17514) -> C:\Windows\system32\lsm.exe [343040 Ko]
[13/07/2009 20:31:13] - 792 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k DcomLaunch [27136 Ko]
[21/11/2010 00:24:29] - 908 | C:\Windows\system32\winlogon.exe (.Microsoft Corporation - Aplicativo de Logon do Windows.) - (6.1.7601.17514) -> winlogon.exe [390656 Ko]
[13/07/2009 20:31:13] - 960 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k RPCSS [27136 Ko]
[13/07/2009 20:31:13] - 324 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted [27136 Ko]
[13/07/2009 20:31:13] - 428 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [27136 Ko]
[13/07/2009 20:31:13] - 552 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalService [27136 Ko]
[13/07/2009 20:31:13] - 488 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k netsvcs [27136 Ko]
[13/07/2009 20:31:13] - 1148 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k GPSvcGroup [27136 Ko]
[13/07/2009 20:31:13] - 1280 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkService [27136 Ko]
[18/05/2013 00:34:53] - 1468 | C:\Program Files\AVAST Software\Avast\AvastSvc.exe (.AVAST Software - avast! Service.) - (8.0.1489.300) -> "C:\Program Files\AVAST Software\Avast\AvastSvc.exe" [46808 Ko]
[13/07/2009 20:31:13] - 1664 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork [27136 Ko]
[13/07/2009 20:37:38] - 1860 | C:\Windows\system32\Dwm.exe (.Microsoft Corporation - Gerenciador de Janelas da Área de Trabalho.) - (6.1.7600.16385) -> "C:\Windows\system32\Dwm.exe" [120320 Ko]
[13/07/2009 20:59:17] - 2276 | C:\Windows\system32\DllHost.exe (.Microsoft Corporation - COM Surrogate.) - (6.1.7600.16385) -> C:\Windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5} [9728 Ko]
[13/07/2009 20:31:13] - 2960 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k imgsvc [27136 Ko]
[13/07/2009 20:31:13] - 3016 | C:\Windows\System32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\System32\svchost.exe -k secsvcs [27136 Ko]
[13/07/2009 20:31:13] - 3348 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k bthsvcs [27136 Ko]
[13/07/2009 20:31:13] - 3500 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted [27136 Ko]
[18/05/2013 00:34:53] - 3976 | C:\Program Files\AVAST Software\Avast\AvastUI.exe (.AVAST Software - avast! Antivirus.) - (8.0.1489.300) -> "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui [4858968 Ko]
[13/07/2009 20:31:13] - 3972 | C:\Windows\system32\svchost.exe (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) -> C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [27136 Ko]
[18/03/2010 13:27:14] - 2400 | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe (.Microsoft Corporation - .NET Runtime Optimization Service.) - (4.0.30319.1) -> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [138576 Ko]
[24/07/2013 15:39:50] - 1340 | C:\Users\Flávio\Desktop\winlogon.exe (. - g3n-h@ckm@n.) - (3.0.7.22) -> "C:\Users\Flávio\Desktop\winlogon.exe" [2437701 Ko]
[23/09/2011 05:38:17] - 1316 | C:\Windows\Explorer.exe (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) -> Explorer.exe [2871808 Ko]
[25/06/2013 09:35:37] - 3460 | C:\PROGRA~2\GbPlugin\GbpSv.exe (.GAS Tecnologia - G-Buster Browser Defense - Service.) - (2.4.13.1) -> C:\PROGRA~2\GbPlugin\GbpSv.exe [410152 Ko]
[23/09/2011 05:38:19] - 2600 | C:\Windows\system32\SearchIndexer.exe (.Microsoft Corporation - Indexador do Microsoft Windows Search.) - (7.0.7601.17610) -> C:\Windows\system32\SearchIndexer.exe /Embedding [591872 Ko]
[21/11/2010 00:25:05] - 1812 | C:\Program Files\Windows Media Player\wmpnetwk.exe (.Microsoft Corporation - Serviço de Compartilhamento de Rede do Windows Media Player.) - (12.0.7601.17514) -> "C:\Program Files\Windows Media Player\wmpnetwk.exe" [1525248 Ko]
[17/07/2012 15:14:44] - 1868 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4311.0) -> "C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE" [2292480 Ko]
[17/07/2012 15:14:44] - 2180 | C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4311.0) -> WLIDSvcM.exe 1868 [223488 Ko]
[20/08/2012 10:24:57] - 4312 | C:\Windows\System32\spoolsv.exe (.Microsoft Corporation - Aplicativo de subsistema de spooler.) - (6.1.7601.17777) -> C:\Windows\System32\spoolsv.exe [559104 Ko]
[18/03/2010 12:16:28] - 4700 | C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (.Microsoft Corporation - .NET Runtime Optimization Service.) - (4.0.30319.1) -> C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [130384 Ko]
[21/11/2010 00:23:56] - 3576 | C:\Windows\system32\sppsvc.exe (.Microsoft Corporation - Serviço da Plataforma de Proteção de Software da Microsoft.) - (6.1.7601.17514) -> C:\Windows\system32\sppsvc.exe [3524608 Ko]
[12/12/2012 22:26:46] - 3908 | C:\Windows\system32\wbem\wmiprvse.exe (.Microsoft Corporation - WMI Provider Host.) - (6.2.9200.16398) -> C:\Windows\system32\wbem\wmiprvse.exe [432128 Ko]
¤¤¤¤¤¤¤¤¤¤ | Winlogon User : OK !
¤¤¤¤¤¤¤¤¤¤ | Winlogon Machine
Repaired : [HKLM | Winlogon]|[userinit] : C:\Windows\System32\userinit.exe, -> C:\Windows\SysWOW64\userinit.exe,
Repaired : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon]|[userinit] : C:\Windows\SysWOW64\userinit.exe, -> C:\Windows\System32\userinit.exe,
¤¤¤¤¤¤¤¤¤¤ | Associations : OK !
¤
Navigators settings associations are OK !
¤¤¤¤¤¤¤¤¤¤ | Registry : OK !
¤¤¤¤¤¤¤¤¤¤ | SafeBoot | Control | Repair
Safeboot Keys are O.K
Alternate shell is OK !
¤
Safeboot Minimal Subkeys : O.K !
¤
Safeboot Network Subkeys : O.K !
¤¤¤¤¤¤¤¤¤¤ | IFEO : OK !
¤¤¤¤¤¤¤¤¤¤ | Mountpoints2 : OK !
¤¤¤¤¤¤¤¤¤¤ | Windows
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon
Winsrv : OK !
[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0
[HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0
¤¤¤¤¤¤¤¤¤¤ | Security Center : OK !
¤¤¤¤¤¤¤¤¤¤ | Services Corrections
Repaired : [HKLM | Services\agp440] : 3 -> 2
Repaired : [HKLM | Services\EapHost] : 3 -> 2
Repaired : [HKLM | Services\wudfsvc] : 3 -> 2
Repaired : [HKLM | Services\WerSvc] : 3 -> 2
¤¤¤¤¤¤¤¤¤¤ | Internet Explorer
Browsers settings for Users : OK
Browsers settings for Machine : OK
¤
Hijack.Internet : OK
¤¤¤¤¤¤¤¤¤¤ | Hosts
C:\Windows\System32\Drivers\etc\hosts : Cleaned
¤¤¤¤¤¤¤¤¤¤ | reparsepoint
¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry
Will be moved at reboot : C:\ProgramData\Hewlett-Packard
Will be moved at reboot : C:\ProgramData\PC-Doctor for Windows
Will be moved at reboot : C:\ProgramData\regid.1986-12.com.adobe
Moved to quarantine successfully : C:\Users\Flávio\AppData\LocalLow\Sun\Java\Deployment\cache\
Prefetch -> Emptied
Suspect : C:\Users\Flávio\AppData\Roaming\dvdcss\$1.anv
Suspect : C:\ProgramData\DVD Shrink\Analysis Results.ebd40c36
Suspect : C:\ProgramData\DVD Shrink\Analysis Results.18e5dcdd
Suspect : C:\ProgramData\Licenses\MFRPMA.lic

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
Bom Dia! Flávio Marquim

snapback.png : Flávio Marquim, em 24/07/2013, said:

Estou postando aqui pq n entendi como usar da forma q você indicou. Espero q n afete suas análises. Outra coisa é q usei o programa uma vez e ao final achei estranho pq nem o notebook reiniciou nem gerou o relatório automaticamente. Resolvi reiniciar e executei de novo o programa e o mesmo terminou da mesmo forma sem reiniciar ou gerar automaticamente o relatório. Reiniciei mais uma vez e agora envio pra sua anáise dois relatórios: o do primeiro scan e o do segundo. Espero n ter feito nada errado e aguardo novas orientações. Obrigado.

|- O canned de Pre_Scan está desatualizado,e não traduz as novas versões da ferramenta em seus procedimentos.
|- Baixe: < otlDesktopIcon.png > ( ... by OldTimer Tools )
|- Salve-o no desktop!
|- Duplo clique em OTL.exe >> Executar ou Executar_Administrador.jpg
|- Ps: Tendo dificuldades ao executar OTL.exe,delete o arquivo e baixe-o daqui ou aqui.
< Explorer_ > << OTL
|- Ou... baixe-o daqui,que está renomeado,e não será bloqueado por malwares.
acbYKMx0.jpg
|- Configure a ferramenta,segundo a screenshot!
|- Em "Exame Extra do Registro",assinale "Nenhum".
SAVEMBR:0
*crack* /s 
*keygen* /s 
*serial* /s 
*AutoKMS* /s
*loader* /s
*netsvcs*
*msconfig*
*activex*
*drivers32*
%SYSTEMDRIVE%\*.*
%APPDATA%\Local\*.
%APPDATA%\*.exe /s
%APPDATA%\*.
%systemdrive%\drivers\*.exe
%USERPROFILE%\AppData\Local\*.*
%USERPROFILE%\AppData\Roaming\*.*
%systemroote%\*. /mp /s
%systemroot%\system32\*.ini
%systemroot%\Tasks\*.*
%systemroot%\system32\tasks\*.* /s /64
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\drivers\*.* /90
%systemroot%\assembly\tmp\*.* /S /MD5
%systemroot%\assembly\temp\*.* /S /MD5
%systemroot%\assembly\GAC\*.* /S /MD5
%systemroot%\assembly\GAC_32\*.* /S /MD5
%systemroot%\assembly\GAC_64\*.* /S /MD5
%systemroot%\system32\config\systemprofile\AppData\Local\*.*
%windir%\ServiceProfiles\LocalService\AppData\Local\Temp\*.*
%windir%\ServiceProfiles\NetworkService\AppData\Local\Temp\*.*
%systemdrive%\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.*
%systemdrive%\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\*.* 
HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings
/md5start
services.exe
/md5stop
regedit /e c:\registrybackup.reg /c
%windir%\tasks\*.* /s
|- Copie estas informações que estão no Code,para o Bloco de Notas.
|- Salve-as em Meus Documentos ou desktop,com o nome scan. << Texto!
|- Clique na área "Exames Personalizados/Correções".
acvcVUrd.jpg
|- Clique em Ok para procurar um arquivo com exame personalizado.
|- Clique "Abrir". ( scan.txt )
acqlW68e.jpg
|- Após colar as informações na área branca,clique em acng1cS9.jpg
|- Concluindo,poste o relatório: OTL.txt << Link ao relatório!
abmdaZsE.jpg
|- Para enviar,acesse: < MyFile.tk >
|- Ou acesse: < Cjoint_Logo.jpg >
|- Maiores informações: < |Link| >
A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
Boa Tarde! Flávio Marquim


####

3,91 Gb Total Physical Memory | 0,22 Gb Available Physical Memory | 5,68% Memory free

####


|- Há pouca memória livre em seu PC. Procure desinstalar softwares não-essenciais e que consomem recurssos,para aumentar essa porcentagem. (5,68%)

|- Ps: Não encontrei 'vírus',causando problemas de lentidão!


-/-



|- Baixe e execute este arquivo: < Windows Desktop Search 3.0.1 >

|- Ou | Aqui |.

|- Tire-o do zip,ao executá-lo!



-/-


|- Desinstale:


|- <1> C:\Program Files (x86)\Yuna Software <<

|- <2> C:\PROGRA~2\GbPlugin << Se não utiliza online banking!


-/-


|- Baixe: < SFTGC > ( ... de Pierre13 )

|- Salve-o no desktop!

|- Para Windows Vista e 7,execute "SFTGC.exe" como administrador!


SFTGC_Go_zps151dad06.jpg


|- Execute-o e clique "Go".

|- Aguarde seu término,que é rápido.

|- Poste o relatório! ( SFT.txt )

|- Ps: De acordo com o tamanho do relatório,não poste-o diretamente!


|- Acesse,para essa tarefa! < Cjoint_Logo.jpg >


-/-


|- Execute a ferramenta OTL.exe.

|- Copie estas informações que estão em vermelho,para o campo clipboard da ferramenta. ( "Exames Personalizados/Correções" )


:OTL

SRV - [2013/05/07 10:16:21 | 000,128,000 | ---- | M] (Yuna Software) [Auto | Running] -- C:\Program Files (x86)\c\Messenger Plus! for Skype\MsgPlusForSkypeService.exe -- (MsgPlusService)

SRV - [2013/06/14 10:30:15 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013/03/01 12:11:32 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

FF - user.js - File not found

O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found

O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - Reg Error: Key error. File not found

O18:64bit: - Protocol\Handler\livecall - No CLSID value found

O18:64bit: - Protocol\Handler\msnim - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found

O18:64bit: - Protocol\Handler\wlpg - No CLSID value found

O18 - Protocol\Handler\livecall - No CLSID value found

O18 - Protocol\Handler\ms-help - No CLSID value found

O18 - Protocol\Handler\msnim - No CLSID value found

[2011/11/07 14:34:13 | 003,623,592 | ---- | C] (Ask) -- C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe

[2011/11/07 14:34:13 | 000,143,240 | ---- | C] (Ask.com) -- C:\Program Files (x86)\Common Files\ApnStub.exe

[2012/07/24 09:49:45 | 000,047,616 | ---- | M] () -- \Program Files (x86)\Yuna Software\Messenger Plus!\MsgPlus-WLMLoader.dll

[2012/04/03 19:17:11 | 000,000,902 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job

[2012/08/14 14:43:10 | 000,001,064 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

[2012/08/14 14:43:11 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

[2012/01/18 19:51:10 | 000,003,584 | ---- | C] () -- C:\Users\Flávio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2013/07/26 13:48:28 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/07/25 09:31:16 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013/07/25 09:18:06 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job


:Files

type C:\Windows\SysNative\tasks\{0B6E8EB4-96B9-4CB9-9FC0-225E20507938} /C

type C:\Windows\SysNative\tasks\{23A857A7-6345-4E28-840E-1AB0E2BFA972} /C


:reg

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]

"DoNotAskAgain" = -


:commands

[reboot]


|- Clique no botão Consertar -> Aguarde a conclusão!

|- O computador vai reiniciar! -> Clique em "Executar".


OTL_RunFix.jpg


|- Para versões em Inglês,clique em Run Fix que é o mesmo que Consertar.

|- Poste o relatório: C:\_OTL\MovedFiles\*.log


A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

Flávio Marquim    0

Flávio Marquim
Postado

Boa noite

 

Desinstalei vários programas que n utilizo com frequencia e em seguida executei os procedimentos. Segue abaixo o link do relatório do primeiro procedimento:

 

http://cjoint.com/?3GCw10OP6sH

 

Segue agora o relatório do segundo procedimento e fico aguardando novas instruções:

 

 

========== OTL ==========
Error: No service named MsgPlusService was found to stop!
Service\Driver key MsgPlusService not found.
File C:\Program Files (x86)\c\Messenger Plus! for Skype\MsgPlusForSkypeService.exe not found.
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe moved successfully.
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
C:\Program Files (x86)\Skype\Updater\Updater.exe moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7815BE26-237D-41A8-A98F-F7BD75F71086}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ not found.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ not found.
File Protocol\Handler\wlpg - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ not found.
File Protocol\Handler\livecall - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ not found.
File Protocol\Handler\msnim - No CLSID value found not found.
C:\Program Files (x86)\Common Files\ApnToolbarInstaller.exe moved successfully.
C:\Program Files (x86)\Common Files\ApnStub.exe moved successfully.
File \Program Files (x86)\Yuna Software\Messenger Plus!\MsgPlus-WLMLoader.dll not found.
C:\Windows\Tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Users\Flávio\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
File C:\Windows\tasks\GoogleUpdateTaskMachineCore.job not found.
File C:\Windows\tasks\Adobe Flash Player Updater.job not found.
File C:\Windows\tasks\GoogleUpdateTaskMachineUA.job not found.
========== FILES ==========
< type C:\Windows\SysNative\tasks\{0B6E8EB4-96B9-4CB9-9FC0-225E20507938} /C >
No captured output from command...
C:\Users\Flávio\Desktop\cmd.bat deleted successfully.
< type C:\Windows\SysNative\tasks\{23A857A7-6345-4E28-840E-1AB0E2BFA972} /C >
No captured output from command...
C:\Users\Flávio\Desktop\cmd.bat deleted successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\DoNotAskAgain deleted successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.69.0 log created on 07282013_173854

Compartilhar este post

Link para o post
Compartilhar em outros sites

Flávio Marquim    0

Flávio Marquim
Postado

Boa noite

 

Voltei pra dizer q o notebook n mudou absolutamente nada. Continua lento demais. Já deletei tudo q podia e nada mudou. Chega um momento em q depois de uns 30 minutos tenho de reiniciar o notebook pq aparece a mensagem de pouca memória e fico sem conseguir usar. O q tenho de fazer? Ainda tem jeito ou tenho de formatar? Aproveitando, o q significa TASK HOST WINDOW q aparece sempre q vou desligar ou reiniciar o windows? Fico no aguardo e obrigado.

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! Flávio Marquim

< Download de hotfix disponível >

|- Estando na página,baixe e instale este hotfix.

-/-

|- Abra o OTL.exe >> Clique OTL_Limpeza_zps0873a931.jpg
|- Confirme essa solicitação!
|- Aceite o reboot!

snapback.png : Flávio Marquim, em 28/07/2013, said:
Ainda tem jeito ou tenho de formatar?

|- Se houver disponibilidade para isso,pode formatar.
|- Nada mais à realizar,seus logs estão limpos.

Abs!

Compartilhar este post

Link para o post
Compartilhar em outros sites

Flávio Marquim    0

Flávio Marquim
Postado

Boa tarde

 

Como está tudo limpo, creio q vou formatar sim. Mas me diz só mais uma coisa: se meus logs estão limpos o q pode estar causando essa lentidão exagerada do notebook? até 15 dias atrás ele estava uma bala como sempre foi e de repente ficou assim. Tenho até menos programas do q antes já q segui seu conselho ontem e apaguei várias coisas. Então o q pode estar causando isso?

 

Mais uma coisa: vc acha q meu antivirus (Avast) é uma boa? Vale a pena comprar a versão paga dele q é mais completo?

 

Espero resposta e obrigado.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito