Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

jrodrigues190

[Resolvido] Máquina e browsers lentos. Ponteiro/cursor tremendo

Recommended Posts

Senhores,

 

Peço ajuda. tentei rodar o bankerfix, combofix mas dá erro de "Vbscript". Já tentei reinstalar o arquivo como o Einstein informou, fui ao prompt tb e nada. Segue log do hijack:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:14:09, on 02/04/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17496)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\JPH\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: bteagleget.com - {1E871FF8-029C-4732-8AA7-39E3D3872057} - C:\Program Files (x86)\EagleGet\eagleSniffer.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
O4 - HKLM\..\Run: [suiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [OOTag] C:\Program Files (x86)\Acer\OOBEOffer\OOTag.exe
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [Adobe Speed Launcher] 1428015905
O4 - HKUS\S-1-5-18\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [isMyWinLockerReboot] msiexec.exe /qn /x{voidguid} (User 'Default user')
O4 - Startup: Dropbox.lnk = JPH\AppData\Roaming\Dropbox\bin\Dropbox.exe
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - Avast Software s.r.o. - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: AvastVBox COM Service (AvastVBoxSvc) - Avast Software - C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: Acer ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: GamesAppIntegrationService - WildTangent - C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: GREGService - Acer Incorporated - C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) - Orolix Desenvolvimento de Software LTDA. - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13576 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Boa Noite! jrodrigues190 /!\

> O que ocorre?

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Máquina lenta, ponteiro do mouse anda mexendo sozinho (não é o mouse), chrome consumindo memória demais...


Tentei rodar o bankerfix e combo fix deu um erro "não é possível encontrar o mecanismo de script "VBscript" para script "C:\Linhadefensiva\Iniciar-..." Já extraí o arquivo e nada...

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Boa Noite! jrodrigues190 /!\

 

> Baixe: < ZHPDiag2.exe > < NicolasCoolman.jpg > ( ... de Nicolas Coolman )
> Ou aqui! << Link!
> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
ZHPDiag_Pergaminho2_zps6e758639.jpg
> Execute o ícone do pergaminho. ( ZHPDiag )
Vnc4TryL.jpg
> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
> Ps: Como o log será extenso,envie-o à Pjjoint.malekal.
> Ou acesse: < Cjoint_Logo.jpg >
> Maiores informações: < |Link| > << Hospedagem!
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
/!\ Boa Noite! jrodrigues190 /!\


> Execute este script na ferramenta ZHPFix.

> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.

> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )

> À seguir,minimize o Bloco de Notas.


Script ZHPFix

FirewallRaz

EmptyPrefetch

EmptyTemp

EmptyFlash

HiddenFix

O1 - Hosts: 170.66.1.60 www14.bancobrasil.com.br # GbPlugin

C:\ProgramData\boost_interprocess

[MD5.169180F02ABCECA5DE72FC5EEBC861BB] [sPRF][18/01/2015] (.No owner - Setup/Uninstall.) -- C:\Users\JPH\AppData\Roaming\unins001.exe [730322]

[MD5.00000000000000000000000000000000] [APT] [{0E3CBEF6-A02C-414B-8E54-B5568F5D864E}] (...) -- C:\Users\JPH\Desktop\bankerfix.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{30C9A945-7B09-4ECF-B782-C56D163AE9CE}] (...) -- C:\Users\JPH\Desktop\bankerfix.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{3685E624-DC3D-4351-82C5-47D70DCA3C95}] (...) -- C:\Users\JPH\Desktop\bankerfix.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{36DB7A4D-0529-48CB-BE3E-FA1D7B5065AF}] (...) -- C:\Users\JPH\Downloads\51942_bankerfix_30.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{3ADC6732-0FC5-4577-894B-E4DFB5DC1165}] (...) -- C:\Users\JPH\Desktop\WebInstallerJD2.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{45D6D26C-6F79-447C-AFA2-847D336AB030}] (...) -- C:\Users\JPH\Desktop\bankerfix.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{60BB93FB-AD33-42E5-A180-3070C935F475}] (...) -- C:\Users\JPH\Desktop\bankerfix.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{610474C8-F9E5-4807-829A-BED9DC92AB42}] (...) -- C:\Users\JPH\Documents\Meus textos\LIVROS DIGITAIS\Minha Biblioteca\Direito\ADE_2.0_Installer.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{6F94C3CA-1EBB-4945-B617-EE5B26136C1A}] (...) -- C:\Users\JPH\Desktop\bankerfix.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{775EF1F6-AA47-4D5D-A4CC-F8E600ABE13D}] (...) -- C:\Users\JPH\Desktop\Nova pasta\IRPF2009win32v2.0.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{9D10BAEF-7631-4BE1-A450-2AE86A4EAC57}] (...) -- C:\Users\JPH\Desktop\bankerfix (1).exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{AF246081-4228-439C-9FD3-185784667672}] (...) -- G:\Receitanet-1.04.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{C1D5F0F6-CA11-4F55-9587-68A6E5F49102}] (...) -- C:\Users\JPH\Downloads\pdf995.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{F41328D3-C685-455C-BA41-2E2A0FDC476E}] (...) -- C:\Arquivos de Programas RFB\IRPF2011\uninstall.exe (.not file.) [0]

[MD5.00000000000000000000000000000000] [APT] [{FBC0F997-F552-43ED-B5CB-611F781BA8FA}] (...) -- C:\Users\JPH\Downloads\iGBPCEFsf (2).exe (.not file.) [0]

O3 - Toolbar: (no name) - [HKLM]{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} Chave orfã

O43 - CFD: 17/09/2013 - 09:38:08 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2008

O43 - CFD: 18/09/2013 - 08:12:22 - [0] ----D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2009

O44 - LFC:[MD5.AAD660BF6017BDDED3A0EB6DCA6709E6] - 02/04/2015 - 20:28:59 ---A- . (...) -- C:\Windows\IE11_main.log [7716]

O44 - LFC:[MD5.C4CE2B790E74B75EB5A9ED942D92CB4F] - 02/04/2015 - 20:41:50 ---A- . (...) -- C:\Windows\scripten_i.log [1508]

O44 - LFC:[MD5.79A9C964D8DE548FD99A02450B45BAC8] - 19/03/2015 - 22:32:22 ---A- . (...) -- C:\Windows\System32\2015-03-20-01-31-57.070-AvastVBoxSVC.exe-5024.log [197]

O44 - LFC:[MD5.53D37BF62BAC12340DAB2A4EA8298CE2] - 20/03/2015 - 20:07:14 ---A- . (...) -- C:\Windows\System32\2015-03-20-23-06-52.001-AvastVBoxSVC.exe-4576.log [197]

O44 - LFC:[MD5.F3A430A4809974BD4955229C15486020] - 21/03/2015 - 12:19:27 ---A- . (...) -- C:\Windows\System32\2015-03-21-15-19-01.062-AvastVBoxSVC.exe-4764.log [197]

O44 - LFC:[MD5.A13883C4E13A42690ACE0AA0DCF11A3C] - 22/03/2015 - 09:26:24 ---A- . (...) -- C:\Windows\System32\2015-03-22-12-26-12.032-AvastVBoxSVC.exe-3972.log [197]

O44 - LFC:[MD5.63333962BCAC193D8DD7292CE8E227D9] - 22/03/2015 - 12:56:41 ---A- . (...) -- C:\Windows\System32\2015-03-22-15-56-40.089-AvastVBoxSVC.exe-3248.log [197]

O61 - LFC: 02/04/2015 - 21:05:14 ---A- . (...) -- C:\Users\JPH\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxdfo5f.dll [43008]

O61 - LFC: 28/03/2015 - 21:05:14 ---A- . (.GAS Tecnologia.) -- C:\Users\JPH\AppData\Local\Temp\GAS Tecnologia\GBBD\warsaw_setup.exe [824232]

O61 - LFC: 29/03/2015 - 21:05:14 ---A- . (...) -- C:\Users\JPH\AppData\Local\Temp\Quarantine.exe [606208]


Proxyfix

HostFix


sysrestore


> Abra a ferramenta ZHPFix. < ZHPFix_logo2_zpsea0f2aa4.jpg >

> Clique IMPORTAÇÃO >> OK.

> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.

> Clique "GO".

> Poste o relatório!


434264.gif

< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >


A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tive que fazer duas vezes:

 

Primeira vez:

 

Rapport de ZHPFix 2015.3.18.4 par Nicolas Coolman, Update du 18/03/2015
Fichier d'export Registre :
Run by JPH at 02/04/2015 21:45:20
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 03s)
Prefetcher vazio
========== Processo memória ==========
ELIMINÉ: Memory Process: C:\Users\JPH\AppData\Roaming\unins001.exe
========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: Toolbar: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
ELIMINÉ Temporários windows (38)
ELIMINÉ Flash Cookies (0)
ELIMINÉ: c:\programdata\boost_interprocess
ELIMINÉ: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2008
ELIMINÉ: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2009
========== Ficheiros ==========
ELIMINÉ Temporários windows (70) (15.703.705 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: c:\windows\ie11_main.log
ELIMINÉ: c:\windows\scripten_i.log
========== Ficheiro HOSTS ==========
O ficheiro Hosts não foi reparado, por favor, desative o seu antivírus.
========== Tarefa planificada ==========
ELIMINÉ: {0E3CBEF6-A02C-414B-8E54-B5568F5D864E}
ELIMINÉ: {30C9A945-7B09-4ECF-B782-C56D163AE9CE}
ELIMINÉ: {3685E624-DC3D-4351-82C5-47D70DCA3C95}
ELIMINÉ: {36DB7A4D-0529-48CB-BE3E-FA1D7B5065AF}
ELIMINÉ: {3ADC6732-0FC5-4577-894B-E4DFB5DC1165}
ELIMINÉ: {45D6D26C-6F79-447C-AFA2-847D336AB030}
ELIMINÉ: {60BB93FB-AD33-42E5-A180-3070C935F475}
ELIMINÉ: {610474C8-F9E5-4807-829A-BED9DC92AB42}
ELIMINÉ: {6F94C3CA-1EBB-4945-B617-EE5B26136C1A}
ELIMINÉ: {775EF1F6-AA47-4D5D-A4CC-F8E600ABE13D}
ELIMINÉ: {9D10BAEF-7631-4BE1-A450-2AE86A4EAC57}
ELIMINÉ: {AF246081-4228-439C-9FD3-185784667672}
ELIMINÉ: {C1D5F0F6-CA11-4F55-9587-68A6E5F49102}
ELIMINÉ: {F41328D3-C685-455C-BA41-2E2A0FDC476E}
ELIMINÉ: {FBC0F997-F552-43ED-B5CB-611F781BA8FA}
========== Pastas/Ficheiros ocultos restaurados ==========
Mes images (My Pictures) : 1 restaurados com sucesso
Ma musique (My Music) : 195 restaurados com sucesso
Ma Video (My Video) : 1 restaurados com sucesso
Mes Favoris (My Favorites) : 3 restaurados com sucesso
Mes Documents (My Documents) : 31 restaurados com sucesso
Mon Bureau (My Desktop) : 2 restaurados com sucesso
Menu demarrer (Programs) : 9 restaurados com sucesso
Dossier utilisateur (AppData) : 36 restaurados com sucesso
Programmes (Program Files) : 26 restaurados com sucesso
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Processo memória
9 : Valores do Registo
5 : Pastas
4 : Ficheiros
1 : Ficheiro HOSTS
15 : Tarefa planificada
304 : Pastas/Ficheiros ocultos restaurados
1 : Restauração Sistema
End of clean in 02mn 41s
========== Caminho do ficheiro do relatório ==========
C:\Users\JPH\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/04/2015 21:45:24 [3144]

 

Segunda vez:

 

Rapport de ZHPFix 2015.3.18.4 par Nicolas Coolman, Update du 18/03/2015
Fichier d'export Registre :
Run by JPH at 02/04/2015 21:49:30
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 01s)
Prefetcher vazio
========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
ELIMINÉ Temporários windows (2)
ELIMINÉ Flash Cookies (0)
========== Ficheiros ==========
ELIMINÉ Temporários windows (12) (3.772.197 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Pastas/Ficheiros ocultos restaurados ==========
Mes images (My Pictures) : 0
Ma musique (My Music) : 0
Ma Video (My Video) : 0
Mes Favoris (My Favorites) : 0
Mes Documents (My Documents) : 0
Mon Bureau (My Desktop) : 0
Menu demarrer (Programs) : 0
Dossier utilisateur (AppData) : 0
Programmes (Program Files) : 0
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
8 : Valores do Registo
2 : Pastas
2 : Ficheiros
0 : Pastas/Ficheiros ocultos restaurados
1 : Restauração Sistema
End of clean in 00mn 50s
========== Caminho do ficheiro do relatório ==========
C:\Users\JPH\AppData\Roaming\ZHP\ZHPFix[R1].txt - 02/04/2015 21:45:24 [3222]
C:\Users\JPH\AppData\Roaming\ZHP\ZHPFix[R2].txt - 02/04/2015 21:49:32 [1584]

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Boa Noite! jrodrigues190 /!\

 

> Baixe: < FRST_Logo.jpg > ( ... by Farbar )
> No banner àcima,é para sistemas 32bits!
> No link àcima,é para sistemas 64bits!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".
FRST_Addition_Scan_zpsa9fe21c8.jpg
> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste os relatórios! (FRST.txt + Addition.txt)
> Como o log será extenso,envie-o à Cjoint_Logo.jpg >
acrVh6GY.jpg
> O link ao relatório,que é este assinalado,deverá ser colado em sua resposta.
Copierlelien_zpsd51f499f.jpg
> Ou clique "Copier le lien (*)" e cole o link ao seu Post.
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Boa Tarde! jrodrigues190 /!\

 

 

 

Detalhe: o driver do realtech não está funcionando... será que foi porque atualizei os arquivos através do windows update ou tem que ver com essa limpeza?

 

> Restaure o Sistema,pois ZHPDiag estabeleceu um Ponto para isso.

 

 

========== Restauração Sistema ==========

Ponto de restauro do sistema criado com sucesso

 

> Foi criado,para reverter alguma remoção ou efeito desagradável.

> Informe,caso tenha restaurado!

> Após isso,farei o fixlist para uso na FRST.

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
/!\ Boa Tarde! jrodrigues190 /!\


> Caso a Restauração tenha removido a FRST,baixe-a novamente ao desktop.

> Copie estas informações que estão em vermelho,para o Bloco de Notas.

> Salve-as com o nome fixlist. << Texto!

> Salve-as no desktop! ( Área de trabalho ... ) # C:\Users\JPH\Desktop #


start

CloseProcesses:

emptytemp:

HKLM-x32\...\Run: [] => [X]

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

HKU\S-1-5-21-1127668838-1590155687-431786801-1237\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION

S3 catchme; \??\C:\ComboFix\catchme.sys [X]

2015-04-02 21:49 - 2015-04-02 21:49 - 00001662 _____ () C:\Users\JPH\Desktop\ZHPFixReport.txt

2015-04-02 21:08 - 2015-04-02 21:08 - 00129152 _____ () C:\Users\JPH\Desktop\ZHPDiag.txt

2015-04-02 20:35 - 2015-04-02 20:35 - 00000000 ____D () C:\LinhaDefensiva

2015-04-02 20:14 - 2015-04-02 20:14 - 00013578 _____ () C:\Users\JPH\Desktop\hijackthis.log

2015-04-02 20:12 - 2015-04-02 20:13 - 00388608 _____ (Trend Micro Inc.) C:\Users\JPH\Desktop\HijackThis.exe

2015-04-02 19:59 - 2015-04-02 20:02 - 00000000 ____D () C:\AdwCleaner

2015-03-31 10:12 - 2015-03-31 10:12 - 00178597 _____ (Igor Pavlov) C:\Users\JPH\Downloads\bankerfix.exe

2015-03-28 16:37 - 2015-03-28 16:38 - 00001024 _____ () C:\.rnd

2015-03-22 10:36 - 2015-03-22 10:36 - 00024381 _____ () C:\ComboFix.txt

2015-03-22 09:43 - 2015-03-22 10:37 - 00000000 ____D () C:\ComboFix

2015-03-22 09:26 - 2015-03-22 09:26 - 00000197 _____ () C:\Windows\system32\2015-03-22-12-26-12.032-AvastVBoxSVC.exe-3972.log

2015-03-21 12:19 - 2015-03-21 12:19 - 00000197 _____ () C:\Windows\system32\2015-03-21-15-19-01.062-AvastVBoxSVC.exe-4764.log

2015-03-20 20:06 - 2015-03-20 20:07 - 00000197 _____ () C:\Windows\system32\2015-03-20-23-06-52.001-AvastVBoxSVC.exe-4576.log

2015-03-19 22:31 - 2015-03-19 22:32 - 00000197 _____ () C:\Windows\system32\2015-03-20-01-31-57.070-AvastVBoxSVC.exe-5024.log

2015-03-18 19:42 - 2015-03-18 19:42 - 00000197 _____ () C:\Windows\system32\2015-03-18-22-42-08.054-AvastVBoxSVC.exe-3464.log

2015-03-17 18:53 - 2015-03-17 18:53 - 00000197 _____ () C:\Windows\system32\2015-03-17-21-53-14.056-AvastVBoxSVC.exe-4296.log

2015-03-17 08:14 - 2015-03-17 08:14 - 00000197 _____ () C:\Windows\system32\2015-03-17-11-14-55.031-AvastVBoxSVC.exe-4060.log

2015-03-16 20:20 - 2015-03-16 20:21 - 00000197 _____ () C:\Windows\system32\2015-03-16-23-20-55.066-AvastVBoxSVC.exe-3996.log

2015-03-15 12:21 - 2015-03-15 12:21 - 00000197 _____ () C:\Windows\system32\2015-03-15-15-21-54.075-AvastVBoxSVC.exe-3980.log

2015-03-14 10:39 - 2015-03-14 10:39 - 00000197 _____ () C:\Windows\system32\2015-03-14-13-39-35.063-AvastVBoxSVC.exe-4444.log

2015-03-13 18:31 - 2015-03-13 18:31 - 00000197 _____ () C:\Windows\system32\2015-03-13-21-31-05.068-AvastVBoxSVC.exe-2544.log

2015-03-12 20:15 - 2015-03-12 20:16 - 00000197 _____ () C:\Windows\system32\2015-03-12-23-15-53.061-AvastVBoxSVC.exe-3788.log

2015-03-11 20:15 - 2015-03-11 20:15 - 00000197 _____ () C:\Windows\system32\2015-03-11-23-15-14.091-AvastVBoxSVC.exe-3188.log

2015-03-10 19:19 - 2015-03-10 19:20 - 00000197 _____ () C:\Windows\system32\2015-03-10-22-19-41.013-AvastVBoxSVC.exe-3812.log

2015-03-09 18:02 - 2015-03-09 18:03 - 00000197 _____ () C:\Windows\system32\2015-03-09-21-02-42.007-AvastVBoxSVC.exe-3868.log

2015-03-09 02:43 - 2015-03-09 02:43 - 00000197 _____ () C:\Windows\system32\2015-03-09-05-43-31.007-AvastVBoxSVC.exe-4320.log

2015-03-08 19:35 - 2015-03-08 19:36 - 00000197 _____ () C:\Windows\system32\2015-03-08-22-35-39.082-AvastVBoxSVC.exe-4008.log

2015-03-07 12:49 - 2015-03-07 12:49 - 00000197 _____ () C:\Windows\system32\2015-03-07-15-49-01.072-AvastVBoxSVC.exe-3660.log

2015-03-06 20:00 - 2015-03-06 20:00 - 00000197 _____ () C:\Windows\system32\2015-03-06-23-00-29.029-AvastVBoxSVC.exe-3788.log

2015-03-05 20:02 - 2015-03-05 20:02 - 00000197 _____ () C:\Windows\system32\2015-03-05-23-02-17.055-AvastVBoxSVC.exe-3980.log

2015-03-04 19:22 - 2015-03-04 19:22 - 00000197 _____ () C:\Windows\system32\2015-03-04-22-22-05.069-AvastVBoxSVC.exe-512.log

2015-03-22 10:36 - 2014-12-20 21:36 - 00000000 ____D () C:\Qoobox

Task: {11810952-7F61-4495-A70C-7171FDE806B2} - System32\Tasks\Adobe ARM => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-11-20] (Adobe Systems Incorporated)

CreateRestorePoint:

Reboot:

end


> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!

> Na mensagem,clique Executar.

> Poste o relatório! (Fixlog.txt)


434264.gif

< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >


A+


Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia Moderador

 

Tive que restaurar e atualizar a máquina novamente. Foi complicado. Nenhum arquivo atoexecutável ou desinstalação estava funcionando. No momento a máquina funciona bem.

 

Rodei o Combofix:

 

ComboFix 15-04-01.01 - JPH 06/04/2015 12:14:36.2.4 - x64
Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.3948.2305 [GMT -3:00]
Executando de: c:\users\JPH\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 6A
O arquivo já está sendo usado por outro processo.
O arquivo já está sendo usado por outro processo.
O arquivo já está sendo usado por outro processo.
O arquivo já está sendo usado por outro processo.
O arquivo já está sendo usado por outro processo.
O arquivo já está sendo usado por outro processo.
O arquivo já está sendo usado por outro processo.
O arquivo já está sendo usado por outro processo.
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\JPH\AppData\Roaming\unins000.exe
c:\windows\msdownld.tmp
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2015-03-06 to 2015-04-06 ))))))))))))))))))))))))))))
.
.
2015-04-06 15:45 . 2015-04-06 15:45 -------- d-----w- c:\users\Public\AppData\Local\temp
2015-04-06 15:45 . 2015-04-06 15:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-04-06 04:02 . 2015-04-06 14:55 -------- d-s---w- c:\windows\system32\GWX
2015-04-06 04:02 . 2015-04-06 04:02 -------- d-s---w- c:\windows\SysWow64\GWX
2015-04-05 14:15 . 2015-02-20 04:41 41984 ----a-w- c:\windows\system32\lpk.dll
2015-04-05 14:15 . 2015-02-20 04:40 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-04-05 14:15 . 2015-02-20 04:40 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-04-05 14:15 . 2015-02-20 04:40 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-04-05 14:15 . 2015-02-20 04:13 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-04-05 14:15 . 2015-02-20 04:13 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-04-05 14:15 . 2015-02-20 04:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-04-05 14:15 . 2015-02-20 04:12 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-04-05 14:15 . 2015-02-20 03:29 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-04-05 14:15 . 2015-02-20 03:09 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-04-05 14:11 . 2015-01-31 03:48 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2015-04-05 14:11 . 2015-01-31 03:48 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-04-05 14:11 . 2015-01-30 23:56 243200 ----a-w- c:\windows\system32\rdpudd.dll
2015-04-05 14:07 . 2015-03-06 05:42 341504 ----a-w- c:\windows\system32\schannel.dll
2015-04-05 14:05 . 2015-02-03 03:31 1424896 ----a-w- c:\windows\system32\WindowsCodecs.dll
2015-04-05 14:04 . 2015-02-04 03:16 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2015-04-05 14:04 . 2015-02-04 02:54 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2015-04-05 13:53 . 2015-04-03 05:37 283248 ----a-w- c:\program files (x86)\Mozilla Firefox\crashreporter.exe
2015-04-05 13:53 . 2015-04-03 05:37 109680 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2015-04-05 13:53 . 2015-04-03 05:37 20592 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
2015-04-05 13:53 . 2010-05-26 18:41 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2015-04-05 02:30 . 2015-04-05 04:17 -------- d-----w- c:\users\JPH\AppData\Local\Popcorn-Time
2015-04-05 02:22 . 2015-04-05 02:25 -------- d-----w- c:\users\JPH\AppData\Local\Popcorn Time
2015-04-05 00:53 . 2015-04-05 00:53 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AC73BEC-AA46-4D11-AA8E-95575B2020A2}\offreg.dll
2015-04-05 00:45 . 2015-04-05 00:45 -------- d-----w- c:\users\JPH\.ssh
2015-04-05 00:40 . 2015-03-23 05:32 12002392 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AC73BEC-AA46-4D11-AA8E-95575B2020A2}\mpengine.dll
2015-04-05 00:37 . 2015-04-05 00:57 -------- d-----w- c:\users\JPH\AppData\Local\GitHub
2015-04-05 00:37 . 2015-04-05 00:57 -------- d-----w- c:\users\JPH\AppData\Roaming\GitHub
2015-04-05 00:37 . 2015-04-05 00:36 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-05 00:36 . 2015-04-05 00:36 43112 ----a-w- c:\windows\avastSS.scr
2015-04-05 00:34 . 2015-04-05 00:34 -------- d-----w- c:\users\JPH\AppData\Local\Apps
2015-04-05 00:34 . 2015-04-05 00:55 -------- d-----w- c:\users\JPH\AppData\Local\Deployment
2015-04-05 00:23 . 2015-04-05 00:23 -------- d-----w- c:\program files (x86)\Common Files\Java
2015-04-04 23:54 . 2015-01-09 03:14 91136 ----a-w- c:\windows\system32\wdi.dll
2015-04-04 23:54 . 2015-01-09 03:14 950272 ----a-w- c:\windows\system32\perftrack.dll
2015-04-04 23:54 . 2015-01-09 03:14 29696 ----a-w- c:\windows\system32\powertracker.dll
2015-04-04 23:54 . 2015-01-09 02:48 76800 ----a-w- c:\windows\SysWow64\wdi.dll
2015-04-04 23:54 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-04-04 23:54 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-04-04 23:54 . 2014-12-08 03:09 406528 ----a-w- c:\windows\system32\scesrv.dll
2015-04-04 23:54 . 2014-12-08 02:46 308224 ----a-w- c:\windows\SysWow64\scesrv.dll
2015-04-04 23:13 . 2015-04-04 23:16 -------- d-----w- c:\users\Instalador
2015-04-04 22:49 . 2015-04-04 23:11 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-04-04 21:43 . 2015-02-13 18:47 33592 ----a-w- c:\windows\system32\WinDivert.dll
2015-04-04 21:42 . 2015-02-13 18:47 37592 ----a-w- c:\windows\system32\WinDivert64.sys
2015-04-04 18:09 . 2015-04-06 15:10 -------- d-----w- c:\users\Administrador Beta
2015-04-04 15:53 . 2015-04-04 23:53 -------- dc----w- c:\users\JPH\AppData\Local\MigWiz
2015-04-03 14:24 . 2015-04-03 14:24 -------- d-----w- C:\DRIVERS
2015-04-03 14:07 . 2015-04-03 14:07 -------- d-----w- c:\program files (x86)\oTweak
2015-04-03 13:21 . 2015-04-03 13:23 -------- d-----w- C:\FRST
2015-04-03 00:07 . 2015-04-03 00:07 512 ----a-w- C:\PhysicalDisk0_MBR.bin
2015-04-03 00:01 . 2015-04-04 18:46 -------- d-----w- c:\program files (x86)\ZHPDiag
2015-04-03 00:01 . 2015-04-03 00:49 -------- d-----w- c:\users\JPH\AppData\Roaming\ZHP
2015-04-02 22:59 . 2015-04-02 23:02 -------- d-----w- C:\AdwCleaner
2015-04-02 01:24 . 2015-04-02 01:24 -------- d-----w- C:\KVRT_Data
2015-03-28 19:36 . 2015-04-04 21:43 -------- d-----w- c:\programdata\Package Cache
2015-03-28 19:35 . 2015-04-04 21:07 -------- d--h--w- c:\program files (x86)\GAS Tecnologia
2015-03-28 19:35 . 2015-04-03 14:59 -------- d--h--w- c:\program files (x86)\Diebold
2015-03-28 19:35 . 2015-03-28 19:35 -------- d-----w- c:\program files\Diebold
2015-03-22 21:05 . 2015-03-22 21:05 -------- d-----w- c:\programdata\gbas
2015-03-22 21:01 . 2015-04-04 21:27 -------- d-----w- c:\users\JPH\AppData\Local\Aplicativo Itau
2015-03-22 20:37 . 2015-03-22 20:37 -------- d-----w- c:\users\JPH\Tracing
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-04-05 00:37 . 2013-12-31 17:18 136752 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-05 00:36 . 2014-06-08 16:59 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-05 00:36 . 2013-03-13 16:58 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-05 00:36 . 2013-03-13 16:58 271200 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-05 00:36 . 2013-03-13 16:58 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-05 00:36 . 2013-03-13 16:58 88408 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-05 00:36 . 2013-03-13 16:58 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-05 00:36 . 2013-03-13 16:58 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-05 00:27 . 2012-12-09 22:35 778928 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-05 00:27 . 2011-07-26 17:10 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-05 00:22 . 2014-09-24 00:19 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-03-11 20:04 . 2015-02-06 00:39 535576 ----a-w- c:\windows\system32\drivers\RapportKE64.sys
2015-02-27 00:14 . 2012-12-08 17:46 122905848 ----a-w- c:\windows\system32\MRT.exe
2015-02-24 07:17 . 2010-11-21 03:27 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-17 18:26 . 2015-02-17 18:26 1217184 ----a-w- c:\windows\SysWow64\FM20.DLL
2015-02-13 18:50 . 2015-04-04 21:43 1856 ----a-w- c:\windows\Fonts\Warsaw Bold.ttf
2015-01-18 19:19 . 2013-11-02 14:58 730322 ----a-w- c:\users\JPH\AppData\Roaming\unins001.exe
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\JPH\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\JPH\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 152544 ----a-w- c:\users\JPH\AppData\Roaming\Dropbox\bin\DropboxExt.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2011-06-21 341360]
"BackupManagerTray"="c:\program files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" [2011-04-24 297280]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\OOTag.exe" [2010-02-23 13856]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-07-01 1103440]
"Dolby Advanced Audio v2"="c:\dolby pcee4\pcee4.exe" [2011-02-03 506712]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-08-20 150016]
"HPUsageTrackingLEDM"="c:\program files (x86)\HP\HP UT LEDM\bin\hppusg.exe" [2009-08-04 30264]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-11-20 1021128]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-04-05 5512912]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2015-02-11 335232]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
2015-01-13 20:02 1836928 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys;c:\windows\SYSNATIVE\drivers\GbpKm.sys [x]
R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 jrdusbser;Olicard Mobile Connector Device for Legacy Serial Communication;c:\windows\system32\DRIVERS\jrdusbser.sys;c:\windows\SYSNATIVE\DRIVERS\jrdusbser.sys [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 mvusbews;USB EWS Device;c:\windows\system32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 Olicard155net;Olicard155 USB-NDIS miniport;c:\windows\system32\DRIVERS\Olicard155Usbnet.sys;c:\windows\SYSNATIVE\DRIVERS\Olicard155Usbnet.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys;c:\windows\SYSNATIVE\Drivers\RapportKE64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 RapportCerberus_80128;RapportCerberus_80128;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_80128.sys [x]
S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [x]
S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 HP LaserJet Service;HP LaserJet Service;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe;c:\program files (x86)\HP\HPLaserJetService\HPLaserJetService.exe [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [x]
S2 OrolixDeviceMonitor;Orolix Device Monitor;c:\program files (x86)\TIM Communicator\module\devicemon.exe;c:\program files (x86)\TIM Communicator\module\devicemon.exe [x]
S2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 VBoxAswDrv;VBoxAsw Support Driver;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys;c:\program files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [x]
S2 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe;c:\program files\Diebold\Warsaw\core.exe [x]
S3 AvastVBoxSvc;AvastVBox COM Service;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe;c:\program files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [x]
S3 b57xdbd;Broadcom xD Picture Bus Driver Service;c:\windows\system32\DRIVERS\b57xdbd.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdbd.sys [x]
S3 b57xdmp;Broadcom xD Picture vstorp client drv;c:\windows\system32\DRIVERS\b57xdmp.sys;c:\windows\SYSNATIVE\DRIVERS\b57xdmp.sys [x]
S3 bScsiMSa;bScsiMSa;c:\windows\system32\DRIVERS\bScsiMSa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiMSa.sys [x]
S3 bScsiSDa;bScsiSDa;c:\windows\system32\DRIVERS\bScsiSDa.sys;c:\windows\SYSNATIVE\DRIVERS\bScsiSDa.sys [x]
S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 Warsaw_PP;Warsaw Protector;c:\progra~2\GbPlugin\wsftprp64.sys;c:\progra~2\GbPlugin\wsftprp64.sys [x]
S4 WinDivert1.1;WinDivert1.1;c:\windows\system32\WinDivert64.sys;c:\windows\SYSNATIVE\WinDivert64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2015-04-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-09 00:27]
.
2015-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-04 22:53]
.
2015-04-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-04 22:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-05 00:36 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\JPH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\JPH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\JPH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2015-02-11 01:12 185824 ----a-w- c:\users\JPH\AppData\Roaming\Dropbox\bin\DropboxExt64.25.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 416024]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [bU]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-21 2207848]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-05-10 1831528]
"OOTag"="c:\program files (x86)\Acer\OOBEOffer\ootag.exe" [2010-02-23 13856]
"CertificateRegistration"="aetcrss1.exe" [2011-04-21 191488]
"Diebold - Warsaw"="c:\program files\Diebold\Warsaw\core.exe" [2015-02-13 847160]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Enviar para o OneNote - c:\progra~2\MICROS~4\Office14\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000
Trusted Zone: bancobrasil.com.br\www
Trusted Zone: bancobrasil.com.br\www14
Trusted Zone: bancobrasil.com.br\www2
Trusted Zone: bb.com.br\seg
Trusted Zone: bb.com.br\www
Trusted Zone: caixa.gov.br\internetbanking
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\JPH\AppData\Roaming\Mozilla\Firefox\Profiles\ysf9990j.default-1421608495388\
FF - prefs.js: browser.search.defaulturl - hxxps://www.google.com/search/?trackid=sp-006
FF - prefs.js: browser.search.selectedEngine - Google (avast)
FF - prefs.js: browser.startup.homepage - hxxps://www.google.com/?trackid=sp-006
FF - prefs.js: keyword.URL - hxxps://www.google.com/search/?trackid=sp-006
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\JPH\AppData\Roaming\unins000.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_134_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_134.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2015-04-06 12:59:44
ComboFix-quarantined-files.txt 2015-04-06 15:59
ComboFix2.txt 2015-03-22 13:36
ComboFix3.txt 2014-12-21 01:03
.
Pré-execução: 390.848.540.672 bytes disponíveis
Pós execução: 390.580.588.544 bytes disponíveis
.
- - End Of File - - D9CFEB58667599D99AF343C096971439

Compartilhar este post


Link para o post
Compartilhar em outros sites

/!\ Boa Tarde! jrodrigues190 /!\

 

> Poste,somente,relatórios de ferramentas que foram solicitadas.

--

--

> Poste: Fixlog.txt

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Moderador, não encontro o arquivo.

 

Acho que foi porque restaurei o sistema.

 

Como a máquina está funcionando bem, vou parar por aqui.

 

Agradeço a atenção!

 

Grato!

Compartilhar este post


Link para o post
Compartilhar em outros sites
dTzoFBZ3.jpg
> Leia as várias dicas que estão contidas na Cartilha de Segurança e fique livre de infecções!
< D6VX88q.jpgAvira Browser Safety > << Link!
> Instale este complemento ao Google Chrome ou Spark e navegue tranquilamente!
> Instale este complemento ao Firefox e navegue tranquilamente!
CASO RESOLVIDO
> Necessitando nova verificação,para este computador,basta abrir "Novo Tópico" e relatar o problema.

PROBLEMA RESOLVIDO

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.