Ir para conteúdo

Foto

Pop up abre sozinho ao iniciar explorer

pop up explorer

Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
11 respostas neste tópico

#1
vane_tiemi

vane_tiemi

    Novato

  • Novato
  • Pip
  • 14 posts

Boa noite,

Estou com problemas de vírus ao algo parecido que o meu antivírus não conseguiu detectar.O meu notebook que abre páginas de propaganda quando eu inicio o interne explorer.

Segui o passo a passo fornecido pelo site e gerei os arquivos necessários.

Agradeço desde já se alguém puder me ajudar.

Obs.: Precisei compactar o arquivo MbrSacan pois não foi possível fazer o upload. 

Arquivo(s) anexado(s)



#2
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.565 posts

vane_tiemi,

 

Por favor, observe o seguinte:

  • NÃO tente realizar sozinho nenhum procedimento de limpeza. Em especial, não execute por conta própria ferramentas utilizadas no fórum Remoção de Malware. O uso indevido de algumas ferramentas poderá danificar o seu computador ou, no mínimo, remover parcialmente os sinais de uma infecção que serviriam de informação ao analista. A equipe não será responsabilizada por consequências resultantes de uso indevido e/ou não-informado das ferramentas. - Regra nº8 da Remoção de Malwares
  • Não inicie novo tópico sobre esse problema. Poste suas respostas sempre neste tópico.
  • Clique em button_seguir.png (se localiza no canto superior direito do post principal) para que receba notificação por e-mail quando o mesmo for respondido. Você também pode verificar os tópicos assinados usando a opção Conteúdo que sigo acessível através do Painel de Controle do fórum.
  • As análises podem levar algum tempo, portanto seja paciente.
  • As instruções são específicas para o seu computador, e devem ser aplicadas somente nele.
  • Se algo der errado, não importa. Sempre acompanhe seu tópico, informando-me dos resultados, até que seu computador esteja limpo.
  • Aviso: Evite utilizar as tags <QUOTE> ou <CODE> nos logs, isso prejudica a leitura na hora da analise.
  • Não abandone seu tópico. Para nós é importante saber se a remoção foi bem sucedida.
  • Se você não receber uma resposta minha em até 5 dias. Me envie uma MP

 

Execute os procedimentos abaixo.

1)

Baixe o AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Execute o arquivo adwcleaner.exe

*** Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo adwcleaner.exe, depois clique em execadmin.png.

Clique em Remover.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

2)

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Baixe 1268r49.png e salve no desktop. Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

* No Windows Vista e Windows 7:

Clique com o direito sobre o JRT.exe e selecione run_as_adm1.png

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

3)

Baixe o Malwarebytes' Anti-Malware (MBAM)
http://www.majorgeek..._malware,1.html

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

  • Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
  • Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.
  • Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.
  • Ao final da desinfecção, abrirá o Bloco de notas com um log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
  • O log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.
  • Selecione, copie e cole todo o conteúdo deste log na sua próxima resposta.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

Em caso de dúvidas, leia o tutorial do programa:
http://linhadefensiv...showtopic=75554



#3
vane_tiemi

vane_tiemi

    Novato

  • Novato
  • Pip
  • 14 posts

Boa noite CarlosTurco. Desculpa a demora da resposta, não consegui realizar os procedimentos antes. 

Aqui estão os resultados:

 

# AdwCleaner v2.303 - Relatório criado em 26/06/2013 às 14:26:21
# Atualizado em 08/06/2013 por Xplode
# Sistema Operacional : Windows 8 Single Language  (64 bits)
# Usuário : vanessatiemi - VANESSA
# Modo de Boot : Normal
# Executado de : C:\Users\vanessatiemi\Desktop\adwcleaner.exe
# Opção [Remover]
 
 
***** [Serviços] *****
 
 
***** [Arquivos/Pastas] *****
 
Pasta Removido : C:\ProgramData\boost_interprocess
Pasta Removido : C:\Users\vanessatiemi\AppData\Roaming\pdfforge
 
***** [Registro] *****
 
Chave Removida : HKCU\Software\InstallCore
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Chave Removida : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Chave Removida : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{25A3A431-30BB-47C8-AD6A-E1063801134F}
Valor Removida : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{25A3A431-30BB-47C8-AD6A-E1063801134F}]
 
***** [Navegadores] *****
 
-\\ Internet Explorer v10.0.9200.16537
 
[OK] Registro está limpo.
 
-\\ Google Chrome v27.0.1453.116
 
Arquivo : C:\Users\vanessatiemi\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] Arquivo está limpo.
 
*************************
 
AdwCleaner[S1].txt - [1301 octets] - [26/06/2013 14:26:21]
 
########## EOF - C:\AdwCleaner[S1].txt - [1361 octets] ##########
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.4 (05.06.2013:1)
OS: Windows 8 Single Language x64
Ran by vanessatiemi on 28/06/2013 at 17:42:50,52
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ Chrome
 
Failed to delete: [Registry Key] hkey_current_user\software\policies\google\chrome\extensioninstallforcelist
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/06/2013 at 17:54:28,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Versão da Base de Dados:  v2013.06.27.11
 
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16599
vanessatiemi :: VANESSA [administrador]
 
Proteção: Permitir
 
28/06/2013 03:16:29
mbam-log-2013-06-28 (03-16-29).txt
 
Tipo de Verificação:  Verificação Rápida 
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados:  216255
Tempo decorrido: 14 minuto(s), 14 segundo(s)
 
Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)
 
Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)
 
Arquivos Detectados: 0
(Não foram detectados ítens maliciosos)
 
(fim)
 
 
As janelas de propaganda não estão mais aparecendo. Está resolvido?


#4
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.565 posts

 

As janelas de propaganda não estão mais aparecendo. Está resolvido?
 
Vamos fazer mais uma verificação.
 

Desative temporiariamente seu AntiVirus  

  • Segure o botão Ctrl e clique neste link para abrir o ESET Online Scanner em uma nova janela.
  • Clique neste botão: j9Byf.png?1
  • Para navegadores alternativos: (Caso use o Internet Explorer, pule esta etapa)esetsmartinstaller_enu.png
    • Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Intaller. Salve-o em seu desktop.
    • Duplo clique no ícone em seu desktop.
  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Em scan settings, marque "Scan Archives" e "Remove found threats"
  • Clique em Advanced settings e marque o seguinte:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats
  • Copie e cole o conteúdo em sua próxima resposta. Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

Poste também um novo log do HijackThis.



#5
vane_tiemi

vane_tiemi

    Novato

  • Novato
  • Pip
  • 14 posts

Realmente, o problema não está resolvido rs.

Aqui estão os resultados, CarlosTurco. 

 

C:\Users\All Users\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll probably a variant of Win32/Adware.Yontoo.B application
C:\Users\Todos os Usuários\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll probably a variant of Win32/Adware.Yontoo.B application
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined
C:\Program Files (x86)\WebCake\WebCakeIEClient.dll probably a variant of Win32/Adware.Yontoo.A application cleaned by deleting - quarantined
C:\ProgramData\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setupx.dll probably a variant of Win32/Adware.Yontoo.B application cleaned by deleting - quarantined
C:\Users\vanessatiemi\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WEDH28QV\WebCakesetup[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\vanessatiemi\AppData\Local\Temp\is701137889\22589507_Setup.EXE Win32/OpenCandy application cleaned by deleting - quarantined
 
Hijackthis
 
Logfile of HijackThis v1.99.1
Scan saved at 02:21:25, on 30/06/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
 
Running processes:
C:\Users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Users\vanessatiemi\AppData\Roaming\WebCake\WebCakeDesktop.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Users\vanessatiemi\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\DBRUpd.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\vanessatiemi\AppData\Local\Akamai\netsession_win.exe
C:\Users\vanessatiemi\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\vanessatiemi\Documents\Vírus\HijackThis\HijackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Lyrics On - {73C1CE1A-2075-4350-A7B4-EBA78BA45FA8} - C:\Program Files (x86)\LyricsOn\lrcson.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\vanessatiemi\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [6B2F606736E8A68F094617B184DDAF804537109D._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [WebCake Desktop] "C:\Users\vanessatiemi\AppData\Roaming\WebCake\WebCakeDesktop.exe"
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64"
O4 - Startup: Dropbox.lnk = vanessatiemi\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix: 
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CyberLink Product - 2013/06/18 23:29:52 (CLKMSVC10_38F51D56) - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe" /svc (file missing)
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CxUtilSvc - Conexant Systems, Inc. - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: McAfee Home Network (HomeNetSvc) - Unknown owner - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: Tecnologia de armazenamento Intel® Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - Unknown owner - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - Unknown owner - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee OOBE Service2 (McOobeSv2) - Unknown owner - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee Platform Services (mcpltsvc) - Unknown owner - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - Unknown owner - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel® Turbo Boost Technology Monitor 2.6 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WebCake Desktop Updater - Unknown owner - C:\Program Files (x86)\WebCake\WebCakeDesktop.Updater.exe" "C:\Users\vanessatiemi\AppData\Roaming\WebCake\WebCakeDesktop.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - %ProgramFiles%\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
 


#6
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.565 posts

Ok,

 

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix
http://www.bleepingc...nload/combofix/

Salve-o na sua área de trabalho.

  • Feche todas as janelas e programas. Rode o ComboFix.
  • Dê um duplo-clique no combofix.exe e tecle "Sim" para prosseguir.
  • Quando perguntado se deseja instalar o Console de Recuperação, clique em Sim e agüarde.
  • Clique em OK para aceitar o EULA, e depois clique em Sim para continuar a busca por malwares.

Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Poste o conteúdo do arquivo C:\ComboFix.txt na sua próxima resposta.

Importante:

  • É necessário estar conectado durante o procedimento com o ComboFix;
  • É preciso estar logado no sistema com privilégios de administrador.
  • Baixe e SALVE o ComboFix. Na janela de download, onde aparecem as opções Executar / Salvar, clique em Salvar. Não execute o ComboFix na janela do seu navegador.
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  • Caso você já tenha usado o Combofix anteriormente, então delete-o e baixe-o novamente.
  • Caso o Console de Recuperação já esteja instalado nesta máquina, o ComboFix não irá lhe sugerir a instalação.
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  • O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um an


#7
vane_tiemi

vane_tiemi

    Novato

  • Novato
  • Pip
  • 14 posts

Boa noite CarlosTurco, instalei o rodei o programa que você passou. Não sei se deu certo, pois ao finalizar o processo o meu notebook desligou, tipo no modo sleep, e eu liguei de novo. Na tela inicial estava aquela janela de fundo azul do programa dizendo que o relatório estava sendo gerado, eu sei que não devia mexer no computador enquanto o processo estava em andamento, mas eu lembrei que os programas de antivirus estavam ligados de novo, e eu os desativei. O resultado foi este:

 

ComboFix 13-06-28.02 - vanessatiemi 30/06/2013   2:47.1.4 - x64
Microsoft Windows 8 Single Language  6.2.9200.0.1252.55.1046.18.6013.3428 [GMT -3:00]
Executando de: c:\users\vanessatiemi\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Criado um novo ponto de restauração
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LyricsOn\lrCSon.dll
c:\programdata\PCDr\6261\AddOnDownloaded\173c4dd2-e93c-4725-b006-db1d8f465192.dll
c:\programdata\PCDr\6261\AddOnDownloaded\739db3eb-d3cd-4c86-a6ea-01a49984fa3b.dll
c:\programdata\PCDr\6261\AddOnDownloaded\7bd83798-7a02-4f50-83a2-b91cabcbd1f9.dll
c:\programdata\PCDr\6261\AddOnDownloaded\934f6059-2d35-4bd9-a130-a17cb5563507.dll
c:\programdata\PCDr\6261\AddOnDownloaded\a61f44a8-21a3-4c4a-a04b-993dfb73bf96.dll
c:\programdata\PCDr\6261\AddOnDownloaded\ddb9fe5d-525c-4d5d-ac37-0bd10f2864f8.dll
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\_ctypes.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\_elementtree.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\_hashlib.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\_multiprocessing.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\_socket.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\_ssl.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\pyexpat.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\pysqlite2._sqlite.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\python27.dll
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\pythoncom27.dll
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\PyWinTypes27.dll
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\select.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\unicodedata.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\win32api.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\win32com.shell.shell.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\win32crypt.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\win32event.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\win32file.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\win32inet.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\win32pdh.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\win32process.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\win32profile.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\win32security.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\win32ts.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\windows._cacheinvalidation.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\wx._controls_.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\wx._core_.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\wx._gdi_.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\wx._html2.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\wx._misc_.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\wx._windows_.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\wx._wizard.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\wxbase294u_net_vc90.dll
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\wxbase294u_vc90.dll
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\wxmsw294u_adv_vc90.dll
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\wxmsw294u_core_vc90.dll
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\wxmsw294u_html_vc90.dll
c:\users\VANESS~1\AppData\Local\Temp\_MEI53522\wxmsw294u_webview_vc90.dll
c:\users\VANESS~1\AppData\Local\Temp\7zS046D\HPSLPSVC64.DLL
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\_ctypes.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\_elementtree.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\_hashlib.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\_multiprocessing.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\_socket.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\_ssl.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\pyexpat.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\pysqlite2._sqlite.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\python27.dll
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\pythoncom27.dll
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\PyWinTypes27.dll
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\select.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\unicodedata.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\win32api.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\win32com.shell.shell.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\win32crypt.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\win32event.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\win32file.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\win32inet.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\win32pdh.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\win32process.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\win32profile.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\win32security.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\win32ts.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\windows._cacheinvalidation.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\wx._controls_.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\wx._core_.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\wx._gdi_.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\wx._html2.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\wx._misc_.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\wx._windows_.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\wx._wizard.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\wxbase294u_net_vc90.dll
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\wxbase294u_vc90.dll
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\wxmsw294u_adv_vc90.dll
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\wxmsw294u_core_vc90.dll
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\wxmsw294u_html_vc90.dll
c:\users\vanessatiemi\AppData\Local\Temp\_MEI53522\wxmsw294u_webview_vc90.dll
c:\users\vanessatiemi\AppData\Local\Temp\7zS046D\HPSLPSVC64.DLL
c:\users\vanessatiemi\AppData\Roaming\unins000.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_HPSLPSVC
-------\Service_HPSLPSVC
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-05-28 to 2013-06-30  ))))))))))))))))))))))))))))
.
.
2013-06-29 18:26 . 2013-06-29 18:26 -------- d-----w- c:\program files (x86)\ESET
2013-06-28 22:26 . 2013-06-29 22:22 -------- d-----w- c:\program files (x86)\uTorrent
2013-06-28 22:24 . 2013-06-30 05:02 -------- d-----w- c:\program files (x86)\WebCake
2013-06-28 22:24 . 2013-06-28 22:24 -------- d-----w- c:\programdata\Tarma Installer
2013-06-28 06:13 . 2013-06-28 06:13 -------- d-----w- c:\programdata\Malwarebytes
2013-06-28 06:13 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-28 06:13 . 2013-06-28 06:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-26 18:39 . 2013-06-26 18:39 -------- d-----w- c:\windows\ERUNT
2013-06-26 18:39 . 2013-06-28 20:42 -------- d-----w- C:\JRT
2013-06-26 03:27 . 2013-06-26 03:27 -------- d-----w- c:\windows\LastGood.Tmp
2013-06-25 20:42 . 2013-05-10 02:21 16642560 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-25 20:41 . 2013-05-10 02:42 17271808 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-25 01:50 . 2013-06-25 01:51 -------- d-----w- c:\program files (x86)\PDF Architect
2013-06-25 01:50 . 2013-04-09 18:13 110264 ----a-w- c:\windows\system32\pdfcmon.dll
2013-06-25 01:50 . 2013-01-09 18:52 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2013-06-25 01:50 . 2012-05-05 14:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2013-06-25 01:50 . 2012-05-05 14:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2013-06-25 01:50 . 2013-06-25 01:51 -------- d-----w- c:\program files (x86)\PDFCreator
2013-06-25 00:19 . 2013-06-25 00:19 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-06-24 18:09 . 2013-06-24 18:09 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-06-24 17:37 . 2013-05-15 22:35 144384 ----a-w- c:\windows\system32\tssdisai.dll
2013-06-24 13:35 . 2013-06-26 02:20 -------- d-----w- c:\programdata\GAS Tecnologia
2013-06-24 06:08 . 2013-06-24 06:08 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2013-06-24 06:08 . 2013-06-25 00:20 -------- d-----w- c:\programdata\Microsoft Help
2013-06-24 06:08 . 2013-06-24 06:09 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2013-06-24 06:06 . 2013-06-24 06:06 -------- d-----w- c:\program files\Common Files\Corel
2013-06-24 06:06 . 2013-06-24 06:06 -------- d-----w- c:\program files\Common Files\Protexis
2013-06-24 06:02 . 2013-06-24 06:02 -------- d-----w- c:\program files\Corel
2013-06-24 05:56 . 2013-06-24 05:57 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-06-24 05:42 . 2013-06-24 05:43 -------- d-----w- c:\programdata\Protexis
2013-06-24 05:41 . 2013-06-26 21:01 -------- d-----w- c:\programdata\Corel
2013-06-24 05:41 . 2013-06-24 05:41 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2013-06-24 05:38 . 2013-06-24 05:38 -------- d-----w- c:\program files (x86)\Corel
2013-06-24 01:07 . 2013-06-24 01:07 -------- d-----w- c:\programdata\FLEXnet
2013-06-23 23:43 . 2013-06-02 20:11 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-23 18:26 . 2013-06-30 05:54 -------- d-----w- c:\program files (x86)\LyricsOn
2013-06-23 01:31 . 2013-06-23 01:31 -------- d-----w- c:\programdata\WEBREG
2013-06-23 01:24 . 2008-10-06 18:39 254464 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp083.dll
2013-06-23 01:22 . 2013-06-23 01:22 -------- d-----w- c:\program files (x86)\Microsoft
2013-06-23 01:20 . 2013-06-23 01:20 -------- d-----w- c:\programdata\HP Product Assistant
2013-06-23 01:17 . 2013-06-23 01:17 -------- d-----w- c:\program files (x86)\Common Files\HP
2013-06-23 01:17 . 2013-06-23 01:17 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2013-06-23 01:15 . 2008-10-06 18:39 134144 ----a-w- c:\windows\system32\hpf3l083.dll
2013-06-23 01:14 . 2013-06-23 01:21 -------- d-----w- c:\program files (x86)\HP
2013-06-23 00:57 . 2008-10-30 08:35 362328 ----a-w- c:\windows\system32\hpzids40.dll
2013-06-23 00:57 . 2008-10-30 08:38 966656 ----a-w- c:\windows\system32\hposwia_d02a.dll
2013-06-23 00:57 . 2008-10-30 08:38 761856 ----a-w- c:\windows\system32\hpost_d02a.dll
2013-06-23 00:57 . 2008-10-30 08:38 512512 ----a-w- c:\windows\system32\hposc_d02a.dll
2013-06-22 21:58 . 2013-06-23 01:26 -------- d-----w- c:\programdata\HP
2013-06-22 19:11 . 2013-06-04 22:09 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-22 19:11 . 2013-06-04 22:09 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-22 16:09 . 2013-06-22 16:09 -------- d-----w- c:\programdata\SketchUp
2013-06-22 16:09 . 2013-06-22 16:09 -------- d-----w- c:\program files (x86)\SketchUp
2013-06-22 14:17 . 2013-06-22 14:17 -------- d-----w- c:\programdata\PC-Doctor for Windows
2013-06-22 14:15 . 2013-06-22 14:17 -------- d-----w- c:\program files\My Dell
2013-06-22 13:25 . 2012-10-24 03:25 26624 ----a-w- c:\windows\system32\ReAgentc.exe
2013-06-22 13:25 . 2012-10-24 02:48 24064 ----a-w- c:\windows\SysWow64\ReAgentc.exe
2013-06-22 10:59 . 2013-03-22 03:49 2382336 ----a-w- c:\windows\SysWow64\esent.dll
2013-06-22 10:59 . 2013-03-21 22:47 2851840 ----a-w- c:\windows\system32\esent.dll
2013-06-22 09:25 . 2013-06-22 09:25 -------- d-----w- c:\programdata\FARO
2013-06-22 08:08 . 2012-05-28 13:28 197264 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-06-22 08:02 . 2013-06-22 08:02 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2013-06-22 07:43 . 2013-06-22 08:18 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2013-06-22 07:43 . 2013-06-22 09:25 -------- d-----w- c:\program files\Autodesk
2013-06-22 06:04 . 2013-04-02 23:37 25088 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-22 06:04 . 2013-04-02 23:12 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-22 06:04 . 2013-06-22 06:04 -------- d-----w- c:\program files (x86)\Autodesk
2013-06-22 06:03 . 2013-06-22 06:03 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2013-06-22 06:03 . 2013-06-22 06:03 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-06-22 05:56 . 2013-06-22 05:52 563328 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-06-22 05:52 . 2013-06-22 08:00 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2013-06-22 05:48 . 2013-06-22 05:49 -------- d-----w- c:\program files\Microsoft Office 15
2013-06-22 05:32 . 2013-06-24 17:35 -------- d-----w- c:\programdata\Autodesk
2013-06-22 04:48 . 2013-06-22 16:58 -------- d-----w- C:\Autodesk
2013-06-22 04:47 . 2013-06-28 21:54 -------- d-----w- c:\program files (x86)\Google
2013-06-21 20:03 . 2013-05-30 23:24 1257472 ----a-w- c:\windows\system32\kernel32.dll
2013-06-21 20:02 . 2013-03-02 02:45 1161728 ----a-w- c:\windows\system32\sppobjs.dll
2013-06-21 20:02 . 2013-03-02 02:43 1933312 ----a-w- c:\windows\system32\wbem\cimwin32.dll
2013-06-21 20:02 . 2013-03-02 02:45 1627648 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-21 20:02 . 2013-03-02 08:23 1338880 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-21 20:02 . 2013-03-02 02:44 1048576 ----a-w- c:\windows\system32\mfasfsrcsnk.dll
2013-06-21 20:00 . 2013-03-02 08:21 145408 ----a-w- c:\windows\SysWow64\powercfg.cpl
2013-06-21 20:00 . 2013-03-02 02:45 240640 ----a-w- c:\windows\system32\fsquirt.exe
2013-06-21 20:00 . 2013-03-02 02:45 71168 ----a-w- c:\windows\system32\WSDPrintProxy.DLL
2013-06-21 20:00 . 2013-03-02 02:44 49152 ----a-w- c:\windows\system32\DevDispItemProvider.dll
2013-06-21 20:00 . 2013-03-02 08:23 100864 ----a-w- c:\windows\SysWow64\SettingSyncInfo.dll
2013-06-21 20:00 . 2013-03-02 02:44 128512 ----a-w- c:\windows\system32\SettingSyncInfo.dll
2013-06-21 20:00 . 2013-03-02 02:15 26112 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-06-21 20:00 . 2013-03-02 08:23 195072 ----a-w- c:\program files (x86)\Windows NT\Accessories\WordpadFilter.dll
2013-06-21 20:00 . 2013-03-02 02:45 235008 ----a-w- c:\program files\Windows NT\Accessories\WordpadFilter.dll
2013-06-21 20:00 . 2013-03-02 08:21 36352 ----a-w- c:\windows\SysWow64\DevDispItemProvider.dll
2013-06-21 20:00 . 2013-03-01 04:56 30720 ----a-w- c:\windows\system32\drivers\monitor.sys
2013-06-21 19:57 . 2013-05-04 06:57 708096 ----a-w- c:\windows\system32\AppXDeploymentExtensions.dll
2013-06-21 19:55 . 2013-05-15 02:25 888320 ----a-w- c:\windows\system32\autochk.exe
2013-06-21 19:55 . 2013-05-15 02:25 542208 ----a-w- c:\windows\system32\untfs.dll
2013-06-21 19:55 . 2013-05-15 02:24 482816 ----a-w- c:\windows\SysWow64\untfs.dll
2013-06-21 19:55 . 2013-05-15 02:24 793088 ----a-w- c:\windows\SysWow64\autochk.exe
2013-06-21 19:55 . 2013-05-23 23:01 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-06-21 19:55 . 2013-05-23 22:27 1022464 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-06-21 19:54 . 2013-04-09 04:51 3552768 ----a-w- c:\windows\system32\tquery.dll
2013-06-21 19:54 . 2013-04-09 04:51 14267904 ----a-w- c:\windows\system32\wmp.dll
2013-06-21 19:54 . 2013-04-09 04:50 2107904 ----a-w- c:\windows\system32\mssrch.dll
2013-06-21 19:54 . 2013-04-08 21:51 2767360 ----a-w- c:\windows\SysWow64\tquery.dll
2013-06-21 19:52 . 2013-04-09 04:49 281088 ----a-w- c:\windows\system32\mfreadwrite.dll
2013-06-21 19:37 . 2013-04-11 06:40 6987528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-21 19:36 . 2013-04-16 02:34 1455368 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-06-21 19:36 . 2013-05-15 22:35 19230720 ----a-w- c:\windows\system32\mshtml.dll
2013-06-21 19:36 . 2013-04-28 22:27 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-06-21 19:36 . 2013-04-28 22:28 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-21 19:36 . 2013-04-28 22:28 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-21 19:36 . 2013-04-28 22:30 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-21 19:34 . 2012-11-10 04:22 126976 ----a-w- c:\windows\system32\RDWebAI.dll
2013-06-21 19:34 . 2012-11-10 04:22 122880 ----a-w- c:\windows\system32\VmHostAI.dll
2013-06-21 19:34 . 2012-11-10 04:20 135680 ----a-w- c:\windows\system32\appserverai.dll
2013-06-21 19:34 . 2012-11-10 04:23 132608 ----a-w- c:\windows\SysWow64\poqexec.exe
2013-06-21 19:34 . 2012-11-10 04:23 148480 ----a-w- c:\windows\system32\poqexec.exe
2013-06-21 19:33 . 2013-04-23 22:55 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-06-21 19:33 . 2013-04-23 23:12 1569792 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-21 19:33 . 2013-04-23 22:56 1255936 ----a-w- c:\windows\system32\certutil.exe
2013-06-21 19:33 . 2013-04-23 23:13 1013248 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-21 19:33 . 2013-04-23 23:12 109056 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-21 19:33 . 2013-04-23 22:55 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-21 19:33 . 2013-04-23 22:55 141312 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-21 19:31 . 2013-05-04 07:45 2233600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-21 19:31 . 2013-03-02 09:59 411880 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-21 18:37 . 2013-06-21 18:37 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-06-21 18:33 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-19 06:31 . 2013-06-19 06:31 39936 ----a-w- c:\windows\apppatch\apppatch64\acspecfc.dll
2013-06-19 06:31 . 2013-06-19 06:31 310784 ----a-w- c:\windows\apppatch\AcRes.dll
2013-06-19 06:30 . 2012-07-26 07:24 2207232 ----a-w- c:\windows\SysWow64\PrintConfig.dll
2013-04-13 05:56 . 2013-06-22 05:04 444416 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-03 16:37 . 2012-11-09 09:40 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-04-03 16:34 . 2012-11-09 09:37 342416 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-04-03 16:33 . 2012-11-09 09:35 772944 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-04-03 16:32 . 2012-11-09 09:34 516608 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-04-03 16:31 . 2012-11-09 09:34 309968 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-04-03 16:31 . 2012-11-09 09:33 179664 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-04-03 16:18 . 2012-11-09 09:35 69240 ----a-w- c:\windows\system32\drivers\mfeelamk.sys
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-22 21:42 222832 ----a-w- c:\users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-22 21:42 222832 ----a-w- c:\users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-22 21:42 222832 ----a-w- c:\users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\users\vanessatiemi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\users\vanessatiemi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\users\vanessatiemi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\vanessatiemi\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 1081224]
"SkyDrive"="c:\users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-06-22 257136]
"6B2F606736E8A68F094617B184DDAF804537109D._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-06-15 825808]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-07 19676256]
"WebCake Desktop"="c:\users\vanessatiemi\AppData\Roaming\WebCake\WebCakeDesktop.exe" [2013-06-21 47896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-10-23 102928]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2013-01-03 179928]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-02-28 454600]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-06-14 2236816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 1081224]
.
c:\users\vanessatiemi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\vanessatiemi\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-13 29335608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2011-4-29 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/06/18 23:29;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
R3 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [x]
S2 CxUtilSvc;CxUtilSvc;c:\program files\Conexant\SA3\CxUtilSvc.exe;c:\program files\Conexant\SA3\CxUtilSvc.exe [x]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 McOobeSv2;McAfee OOBE Service2;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 OfficeSvc;Serviço do Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 WebCake Desktop Updater;WebCake Desktop Updater;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe;c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Driver de Baixa Energia do Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 ETD;Dell Touchpad;c:\windows\System32\drivers\ETD.sys;c:\windows\SYSNATIVE\drivers\ETD.sys [x]
S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-22 04:55 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 04:47]
.
2013-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 04:47]
.
2013-06-30 c:\windows\Tasks\Lyrics On Update.job
- c:\program files (x86)\LyricsOn\lyricupdater.exe [2013-06-02 20:34]
.
2013-06-23 c:\windows\Tasks\WebReg HP Deskjet F4400 series.job
- c:\program files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2011-04-29 11:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-06-12 02:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-06-12 02:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-06-12 02:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-22 21:42 261744 ----a-w- c:\users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-22 21:42 261744 ----a-w- c:\users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-22 21:42 261744 ----a-w- c:\users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-06-22 05:57 2324576 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-06-22 05:57 2324576 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-06-22 05:57 2324576 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 164016 ----a-w- c:\users\vanessatiemi\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 164016 ----a-w- c:\users\vanessatiemi\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 164016 ----a-w- c:\users\vanessatiemi\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 164016 ----a-w- c:\users\vanessatiemi\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-10-31 2780048]
"SmartAudio"="c:\program files\CONEXANT\SA3\SACpl.exe" [2012-06-13 1647616]
"IntelTBRunOnce"="wscript.exe" [2012-07-26 160256]
"BtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe" [2012-09-14 764544]
"BtvStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-09-14 127616]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-06 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-06 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-06 441888]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.gmail.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 200.204.0.10 200.204.0.138
.
- - - - ORFÃOS REMOVIDOS - - - -
.
BHO-{73C1CE1A-2075-4350-A7B4-EBA78BA45FA8} - c:\program files (x86)\LyricsOn\lrcson.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
AddRemove-HijackThis - c:\users\vanessatiemi\Desktop\HijackThis\HijackThis.exe
AddRemove-{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1 - c:\users\vanessatiemi\AppData\Roaming\unins000.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exe
c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
c:\users\vanessatiemi\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Tempo para conclusão: 2013-06-30  03:05:29 - Máquina reiniciou
ComboFix-quarantined-files.txt  2013-06-30 06:05
.
Pré-execução: 911.970.975.744 bytes disponíveis
Pós execução: 917.067.231.232 bytes disponíveis
.
- - End Of File - - 9CB3BEBDBCF6F74E6542F059FC93FF62
D41D8CD98F00B204E9800998ECF8427E


#8
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.565 posts

Ok,
 
Desative seu antivirus, antispywares e firewall, para não causar conflitos. Mantenha-os desativados até terminar as instruções.

Selecione e copie o texto dentro do CODE. Abra o Bloco de Notas e cole o que copiou. Salve então, na área de trabalho, com o nome de CFScript.txt.

OBS: Certifique-se de copiar começando pela letra "F".
 

File::
c:\windows\Tasks\Lyrics On Update.job

Folder::
c:\program files (x86)\WebCake
c:\programdata\Tarma Installer
c:\program files (x86)\LyricsOn
c:\users\vanessatiemi\AppData\Roaming\WebCake

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WebCake Desktop"=-

Driver::
WebCake Desktop Updater

ClearJavaCache::
 
Reboot::

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.


cfscript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.
* Caso isso não aconteça, então reinicie manualmente.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.


Quando acabar, será gerado um log, que estará em C:\ComboFix.txt.

Poste também um novo log do HijackThis.



#9
vane_tiemi

vane_tiemi

    Novato

  • Novato
  • Pip
  • 14 posts

Fiz o que você falou. Os resultados:

 

ComboFix 13-06-28.02 - vanessatiemi 30/06/2013   3:32.2.4 - x64
Microsoft Windows 8 Single Language  6.2.9200.0.1252.55.1046.18.6013.3555 [GMT -3:00]
Executando de: c:\users\vanessatiemi\Desktop\ComboFix.exe
Comandos utilizados :: c:\users\vanessatiemi\Desktop\CFScript.txt..txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Lyrics On Update.job"
.
.
(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\LyricsOn
c:\program files (x86)\LyricsOn\chrome.crx
c:\program files (x86)\LyricsOn\chrome.manifest
c:\program files (x86)\LyricsOn\FF\chrome.manifest
c:\program files (x86)\LyricsOn\FF\chrome\content\icon.png
c:\program files (x86)\LyricsOn\FF\chrome\content\main.js
c:\program files (x86)\LyricsOn\FF\chrome\content\overlay.xul
c:\program files (x86)\LyricsOn\FF\install.rdf
c:\program files (x86)\LyricsOn\lyricupdater.exe
c:\program files (x86)\LyricsOn\Uninstall.exe
c:\program files (x86)\WebCake
c:\program files (x86)\WebCake\OptChrome.exe
c:\program files (x86)\WebCake\sqlite3.exe
c:\program files (x86)\WebCake\WebCakeDesktop.Updater.exe
c:\program files (x86)\WebCake\WebCakeLayers.crx
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setup.dll
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\_Setupx.dll
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.dat
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.exe
c:\programdata\Tarma Installer\{361E80BE-388B-4270-BF54-A10C2B756504}\Setup.ico
c:\programdata\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\_Setup.dll
c:\programdata\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.dat
c:\programdata\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.exe
c:\programdata\Tarma Installer\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}\Setup.ico
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\_ctypes.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\_elementtree.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\_hashlib.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\_multiprocessing.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\_socket.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\_ssl.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\pyexpat.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\pysqlite2._sqlite.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\python27.dll
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\pythoncom27.dll
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\PyWinTypes27.dll
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\select.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\unicodedata.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\win32api.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\win32com.shell.shell.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\win32crypt.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\win32event.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\win32file.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\win32inet.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\win32pdh.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\win32process.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\win32profile.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\win32security.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\win32ts.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\windows._cacheinvalidation.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\wx._controls_.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\wx._core_.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\wx._gdi_.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\wx._html2.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\wx._misc_.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\wx._windows_.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\wx._wizard.pyd
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\wxbase294u_net_vc90.dll
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\wxbase294u_vc90.dll
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\wxmsw294u_adv_vc90.dll
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\wxmsw294u_core_vc90.dll
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\wxmsw294u_html_vc90.dll
c:\users\VANESS~1\AppData\Local\Temp\_MEI49962\wxmsw294u_webview_vc90.dll
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\_ctypes.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\_elementtree.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\_hashlib.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\_multiprocessing.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\_socket.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\_ssl.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\pyexpat.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\pysqlite2._sqlite.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\python27.dll
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\pythoncom27.dll
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\PyWinTypes27.dll
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\select.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\unicodedata.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\win32api.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\win32com.shell.shell.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\win32crypt.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\win32event.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\win32file.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\win32inet.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\win32pdh.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\win32process.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\win32profile.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\win32security.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\win32ts.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\windows._cacheinvalidation.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\wx._controls_.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\wx._core_.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\wx._gdi_.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\wx._html2.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\wx._misc_.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\wx._windows_.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\wx._wizard.pyd
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\wxbase294u_net_vc90.dll
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\wxbase294u_vc90.dll
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\wxmsw294u_adv_vc90.dll
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\wxmsw294u_core_vc90.dll
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\wxmsw294u_html_vc90.dll
c:\users\vanessatiemi\AppData\Local\Temp\_MEI49962\wxmsw294u_webview_vc90.dll
c:\users\vanessatiemi\AppData\Roaming\WebCake
c:\users\vanessatiemi\AppData\Roaming\WebCake\dat\Desktop.OS.dll
c:\users\vanessatiemi\AppData\Roaming\WebCake\WebCakeDesktop.exe
c:\windows\Tasks\Lyrics On Update.job
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_WebCake Desktop Updater
.
.
((((((((((((((((   Arquivos/Ficheiros criados de 2013-05-28 to 2013-06-30  ))))))))))))))))))))))))))))
.
.
2013-06-30 06:37 . 2013-06-30 06:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-29 18:26 . 2013-06-29 18:26 -------- d-----w- c:\program files (x86)\ESET
2013-06-28 22:26 . 2013-06-29 22:22 -------- d-----w- c:\program files (x86)\uTorrent
2013-06-28 06:13 . 2013-06-28 06:13 -------- d-----w- c:\programdata\Malwarebytes
2013-06-28 06:13 . 2013-04-04 17:50 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-06-28 06:13 . 2013-06-28 06:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-06-26 18:39 . 2013-06-26 18:39 -------- d-----w- c:\windows\ERUNT
2013-06-26 18:39 . 2013-06-28 20:42 -------- d-----w- C:\JRT
2013-06-26 03:27 . 2013-06-26 03:27 -------- d-----w- c:\windows\LastGood.Tmp
2013-06-25 20:42 . 2013-05-10 02:21 16642560 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-25 20:41 . 2013-05-10 02:42 17271808 ----a-w- c:\program files\Common Files\Microsoft Shared\Microsoft Camera Codec Pack\MicrosoftRawCodec.dll
2013-06-25 01:50 . 2013-06-25 01:51 -------- d-----w- c:\program files (x86)\PDF Architect
2013-06-25 01:50 . 2013-04-09 18:13 110264 ----a-w- c:\windows\system32\pdfcmon.dll
2013-06-25 01:50 . 2013-01-09 18:52 1070152 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2013-06-25 01:50 . 2012-05-05 14:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2013-06-25 01:50 . 2012-05-05 14:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2013-06-25 01:50 . 2013-06-25 01:51 -------- d-----w- c:\program files (x86)\PDFCreator
2013-06-25 00:19 . 2013-06-25 00:19 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2013-06-24 18:09 . 2013-06-24 18:09 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2013-06-24 17:37 . 2013-05-15 22:35 144384 ----a-w- c:\windows\system32\tssdisai.dll
2013-06-24 13:35 . 2013-06-26 02:20 -------- d-----w- c:\programdata\GAS Tecnologia
2013-06-24 06:08 . 2013-06-24 06:08 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2013-06-24 06:08 . 2013-06-25 00:20 -------- d-----w- c:\programdata\Microsoft Help
2013-06-24 06:08 . 2013-06-24 06:09 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 9.0
2013-06-24 06:06 . 2013-06-24 06:06 -------- d-----w- c:\program files\Common Files\Corel
2013-06-24 06:06 . 2013-06-24 06:06 -------- d-----w- c:\program files\Common Files\Protexis
2013-06-24 06:02 . 2013-06-24 06:02 -------- d-----w- c:\program files\Corel
2013-06-24 05:56 . 2013-06-24 05:57 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-06-24 05:42 . 2013-06-24 05:43 -------- d-----w- c:\programdata\Protexis
2013-06-24 05:41 . 2013-06-26 21:01 -------- d-----w- c:\programdata\Corel
2013-06-24 05:41 . 2013-06-24 05:41 -------- d-----w- c:\program files (x86)\Common Files\Protexis
2013-06-24 05:38 . 2013-06-24 05:38 -------- d-----w- c:\program files (x86)\Corel
2013-06-24 01:07 . 2013-06-24 01:07 -------- d-----w- c:\programdata\FLEXnet
2013-06-23 23:43 . 2013-06-02 20:11 75825640 ----a-w- c:\windows\system32\MRT.exe
2013-06-23 01:31 . 2013-06-23 01:31 -------- d-----w- c:\programdata\WEBREG
2013-06-23 01:24 . 2008-10-06 18:39 254464 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpfpp083.dll
2013-06-23 01:22 . 2013-06-23 01:22 -------- d-----w- c:\program files (x86)\Microsoft
2013-06-23 01:20 . 2013-06-23 01:20 -------- d-----w- c:\programdata\HP Product Assistant
2013-06-23 01:17 . 2013-06-23 01:17 -------- d-----w- c:\program files (x86)\Common Files\HP
2013-06-23 01:17 . 2013-06-23 01:17 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2013-06-23 01:15 . 2008-10-06 18:39 134144 ----a-w- c:\windows\system32\hpf3l083.dll
2013-06-23 01:14 . 2013-06-23 01:21 -------- d-----w- c:\program files (x86)\HP
2013-06-23 00:57 . 2008-10-30 08:35 362328 ----a-w- c:\windows\system32\hpzids40.dll
2013-06-23 00:57 . 2008-10-30 08:38 966656 ----a-w- c:\windows\system32\hposwia_d02a.dll
2013-06-23 00:57 . 2008-10-30 08:38 761856 ----a-w- c:\windows\system32\hpost_d02a.dll
2013-06-23 00:57 . 2008-10-30 08:38 512512 ----a-w- c:\windows\system32\hposc_d02a.dll
2013-06-22 21:58 . 2013-06-23 01:26 -------- d-----w- c:\programdata\HP
2013-06-22 19:11 . 2013-06-04 22:09 78200 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-22 19:11 . 2013-06-04 22:09 693112 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-06-22 16:09 . 2013-06-22 16:09 -------- d-----w- c:\programdata\SketchUp
2013-06-22 16:09 . 2013-06-22 16:09 -------- d-----w- c:\program files (x86)\SketchUp
2013-06-22 14:17 . 2013-06-22 14:17 -------- d-----w- c:\programdata\PC-Doctor for Windows
2013-06-22 14:15 . 2013-06-22 14:17 -------- d-----w- c:\program files\My Dell
2013-06-22 13:25 . 2012-10-24 03:25 26624 ----a-w- c:\windows\system32\ReAgentc.exe
2013-06-22 13:25 . 2012-10-24 02:48 24064 ----a-w- c:\windows\SysWow64\ReAgentc.exe
2013-06-22 10:59 . 2013-03-22 03:49 2382336 ----a-w- c:\windows\SysWow64\esent.dll
2013-06-22 10:59 . 2013-03-21 22:47 2851840 ----a-w- c:\windows\system32\esent.dll
2013-06-22 09:25 . 2013-06-22 09:25 -------- d-----w- c:\programdata\FARO
2013-06-22 08:08 . 2012-05-28 13:28 197264 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2013-06-22 08:02 . 2013-06-22 08:02 -------- d-----w- c:\program files\Common Files\Macrovision Shared
2013-06-22 07:43 . 2013-06-22 08:18 -------- d-----w- c:\program files\Common Files\Autodesk Shared
2013-06-22 07:43 . 2013-06-22 09:25 -------- d-----w- c:\program files\Autodesk
2013-06-22 06:04 . 2013-04-02 23:37 25088 ----a-w- c:\windows\SysWow64\cryptdlg.dll
2013-06-22 06:04 . 2013-04-02 23:12 30720 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-22 06:04 . 2013-06-22 06:04 -------- d-----w- c:\program files (x86)\Autodesk
2013-06-22 06:03 . 2013-06-22 06:03 -------- d-----w- c:\program files (x86)\Microsoft SkyDrive
2013-06-22 06:03 . 2013-06-22 06:03 -------- d-----w- c:\programdata\Microsoft SkyDrive
2013-06-22 05:56 . 2013-06-22 05:52 563328 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-06-22 05:52 . 2013-06-22 08:00 -------- d-----w- c:\program files (x86)\Common Files\Autodesk Shared
2013-06-22 05:48 . 2013-06-22 05:49 -------- d-----w- c:\program files\Microsoft Office 15
2013-06-22 05:32 . 2013-06-24 17:35 -------- d-----w- c:\programdata\Autodesk
2013-06-22 04:48 . 2013-06-22 16:58 -------- d-----w- C:\Autodesk
2013-06-22 04:47 . 2013-06-28 21:54 -------- d-----w- c:\program files (x86)\Google
2013-06-21 20:03 . 2013-05-30 23:24 1257472 ----a-w- c:\windows\system32\kernel32.dll
2013-06-21 20:02 . 2013-03-02 02:45 1161728 ----a-w- c:\windows\system32\sppobjs.dll
2013-06-21 20:02 . 2013-03-02 02:43 1933312 ----a-w- c:\windows\system32\wbem\cimwin32.dll
2013-06-21 20:02 . 2013-03-02 02:45 1627648 ----a-w- c:\windows\system32\WindowsCodecs.dll
2013-06-21 20:02 . 2013-03-02 08:23 1338880 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2013-06-21 20:02 . 2013-03-02 02:44 1048576 ----a-w- c:\windows\system32\mfasfsrcsnk.dll
2013-06-21 20:00 . 2013-03-02 08:21 145408 ----a-w- c:\windows\SysWow64\powercfg.cpl
2013-06-21 20:00 . 2013-03-02 02:45 240640 ----a-w- c:\windows\system32\fsquirt.exe
2013-06-21 20:00 . 2013-03-02 02:45 71168 ----a-w- c:\windows\system32\WSDPrintProxy.DLL
2013-06-21 20:00 . 2013-03-02 02:44 49152 ----a-w- c:\windows\system32\DevDispItemProvider.dll
2013-06-21 20:00 . 2013-03-02 08:23 100864 ----a-w- c:\windows\SysWow64\SettingSyncInfo.dll
2013-06-21 20:00 . 2013-03-02 02:44 128512 ----a-w- c:\windows\system32\SettingSyncInfo.dll
2013-06-21 20:00 . 2013-03-02 02:15 26112 ----a-w- c:\windows\system32\drivers\mouhid.sys
2013-06-21 20:00 . 2013-03-02 08:23 195072 ----a-w- c:\program files (x86)\Windows NT\Accessories\WordpadFilter.dll
2013-06-21 20:00 . 2013-03-02 02:45 235008 ----a-w- c:\program files\Windows NT\Accessories\WordpadFilter.dll
2013-06-21 20:00 . 2013-03-02 08:21 36352 ----a-w- c:\windows\SysWow64\DevDispItemProvider.dll
2013-06-21 20:00 . 2013-03-01 04:56 30720 ----a-w- c:\windows\system32\drivers\monitor.sys
2013-06-21 19:57 . 2013-05-04 06:57 708096 ----a-w- c:\windows\system32\AppXDeploymentExtensions.dll
2013-06-21 19:55 . 2013-05-15 02:25 888320 ----a-w- c:\windows\system32\autochk.exe
2013-06-21 19:55 . 2013-05-15 02:25 542208 ----a-w- c:\windows\system32\untfs.dll
2013-06-21 19:55 . 2013-05-15 02:24 482816 ----a-w- c:\windows\SysWow64\untfs.dll
2013-06-21 19:55 . 2013-05-15 02:24 793088 ----a-w- c:\windows\SysWow64\autochk.exe
2013-06-21 19:55 . 2013-05-23 23:01 1300992 ----a-w- c:\windows\system32\gdi32.dll
2013-06-21 19:55 . 2013-05-23 22:27 1022464 ----a-w- c:\windows\SysWow64\gdi32.dll
2013-06-21 19:54 . 2013-04-09 04:51 3552768 ----a-w- c:\windows\system32\tquery.dll
2013-06-21 19:54 . 2013-04-09 04:51 14267904 ----a-w- c:\windows\system32\wmp.dll
2013-06-21 19:54 . 2013-04-09 04:50 2107904 ----a-w- c:\windows\system32\mssrch.dll
2013-06-21 19:54 . 2013-04-08 21:51 2767360 ----a-w- c:\windows\SysWow64\tquery.dll
2013-06-21 19:52 . 2013-04-09 04:49 281088 ----a-w- c:\windows\system32\mfreadwrite.dll
2013-06-21 19:37 . 2013-04-11 06:40 6987528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-21 19:36 . 2013-04-16 02:34 1455368 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-06-21 19:36 . 2013-05-15 22:35 19230720 ----a-w- c:\windows\system32\mshtml.dll
2013-06-21 19:36 . 2013-04-28 22:27 15404544 ----a-w- c:\windows\system32\ieframe.dll
2013-06-21 19:36 . 2013-04-28 22:28 3958784 ----a-w- c:\windows\system32\jscript9.dll
2013-06-21 19:36 . 2013-04-28 22:28 2241024 ----a-w- c:\windows\system32\wininet.dll
2013-06-21 19:36 . 2013-04-28 22:30 1767936 ----a-w- c:\windows\SysWow64\wininet.dll
2013-06-21 19:34 . 2012-11-10 04:22 126976 ----a-w- c:\windows\system32\RDWebAI.dll
2013-06-21 19:34 . 2012-11-10 04:22 122880 ----a-w- c:\windows\system32\VmHostAI.dll
2013-06-21 19:34 . 2012-11-10 04:20 135680 ----a-w- c:\windows\system32\appserverai.dll
2013-06-21 19:34 . 2012-11-10 04:23 132608 ----a-w- c:\windows\SysWow64\poqexec.exe
2013-06-21 19:34 . 2012-11-10 04:23 148480 ----a-w- c:\windows\system32\poqexec.exe
2013-06-21 19:33 . 2013-04-23 22:55 1889280 ----a-w- c:\windows\system32\crypt32.dll
2013-06-21 19:33 . 2013-04-23 23:12 1569792 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-06-21 19:33 . 2013-04-23 22:56 1255936 ----a-w- c:\windows\system32\certutil.exe
2013-06-21 19:33 . 2013-04-23 23:13 1013248 ----a-w- c:\windows\SysWow64\certutil.exe
2013-06-21 19:33 . 2013-04-23 23:12 109056 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-06-21 19:33 . 2013-04-23 22:55 68096 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-21 19:33 . 2013-04-23 22:55 141312 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-21 19:31 . 2013-05-04 07:45 2233600 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-21 19:31 . 2013-03-02 09:59 411880 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-06-21 19:30 . 2013-03-06 06:31 19758592 ----a-w- c:\windows\system32\shell32.dll
2013-06-21 19:29 . 2013-03-06 06:31 222208 ----a-w- c:\windows\system32\shdocvw.dll
.
.
(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-21 18:37 . 2013-06-21 18:37 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2013-06-21 18:33 . 2012-07-26 08:13 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-06-19 06:31 . 2013-06-19 06:31 39936 ----a-w- c:\windows\apppatch\apppatch64\acspecfc.dll
2013-06-19 06:31 . 2013-06-19 06:31 310784 ----a-w- c:\windows\apppatch\AcRes.dll
2013-06-19 06:30 . 2012-07-26 07:24 2207232 ----a-w- c:\windows\SysWow64\PrintConfig.dll
2013-04-13 05:56 . 2013-06-22 05:04 444416 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-03 16:37 . 2012-11-09 09:40 70112 ----a-w- c:\windows\system32\drivers\cfwids.sys
2013-04-03 16:34 . 2012-11-09 09:37 342416 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2013-04-03 16:33 . 2012-11-09 09:35 772944 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2013-04-03 16:32 . 2012-11-09 09:34 516608 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2013-04-03 16:31 . 2012-11-09 09:34 309968 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2013-04-03 16:31 . 2012-11-09 09:33 179664 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2013-04-03 16:18 . 2012-11-09 09:35 69240 ----a-w- c:\windows\system32\drivers\mfeelamk.sys
.
.
((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{73C1CE1A-2075-4350-A7B4-EBA78BA45FA8}]
c:\program files (x86)\LyricsOn\lrcson.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-22 21:42 222832 ----a-w- c:\users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-22 21:42 222832 ----a-w- c:\users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-22 21:42 222832 ----a-w- c:\users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\users\vanessatiemi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\users\vanessatiemi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 130736 ----a-w- c:\users\vanessatiemi\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Akamai NetSession Interface"="c:\users\vanessatiemi\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 1081224]
"SkyDrive"="c:\users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-06-22 257136]
"6B2F606736E8A68F094617B184DDAF804537109D._service_run"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-06-15 825808]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-06-07 19676256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-09-12 56128]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2012-10-23 102928]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2013-01-03 179928]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2013-02-28 454600]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-05-09 4858968]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-09 49208]
"Adobe Creative Cloud"="c:\program files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" [2013-06-14 2236816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Autodesk Sync"="c:\program files\Autodesk\Autodesk Sync\AdSync.exe" [2013-02-05 1081224]
.
c:\users\vanessatiemi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\vanessatiemi\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-6-13 29335608]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\StartUp\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2011-4-29 276328]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R0 mfeelamk;McAfee Inc. mfeelamk;c:\windows\system32\drivers\mfeelamk.sys;c:\windows\SYSNATIVE\drivers\mfeelamk.sys [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2013/06/18 23:29;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [x]
R2 PDF Architect Service;PDF Architect Service;c:\program files (x86)\PDF Architect\ConversionService.exe;c:\program files (x86)\PDF Architect\ConversionService.exe [x]
R3 Autodesk Content Service;Autodesk Content Service;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe;c:\program files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\SeaPort.exe [x]
R3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys;c:\windows\SYSNATIVE\DRIVERS\igdpmd64.sys [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe;c:\progra~1\COMMON~1\mcafee\actwiz\mcawfwk.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.6;c:\program files\Intel\TurboBoost\TurboBoost.exe;c:\program files\Intel\TurboBoost\TurboBoost.exe [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\System32\drivers\amdkmpfd.sys;c:\windows\SYSNATIVE\drivers\amdkmpfd.sys [x]
S0 aswRvrt;aswRvrt; [x]
S0 aswVmm;aswVmm; [x]
S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 CLVirtualDrive;CLVirtualDrive;c:\windows\system32\DRIVERS\CLVirtualDrive.sys;c:\windows\SYSNATIVE\DRIVERS\CLVirtualDrive.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.355.0\BBSvc.exe [x]
S2 CxUtilSvc;CxUtilSvc;c:\program files\Conexant\SA3\CxUtilSvc.exe;c:\program files\Conexant\SA3\CxUtilSvc.exe [x]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 IAStorDataMgrSvc;Tecnologia de armazenamento Intel® Rapid;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel® Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 McOobeSv2;McAfee OOBE Service2;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 OfficeSvc;Serviço do Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files (x86)\PDF Architect\HelperService.exe;c:\program files (x86)\PDF Architect\HelperService.exe [x]
S2 PSI_SVC_2_x64;Protexis Licensing V2 x64;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe;c:\program files\Common Files\Protexis\License Service\PsiService_2.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell Backup and Recovery\SftService.exe;c:\program files (x86)\Dell Backup and Recovery\SftService.exe [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys;c:\windows\SYSNATIVE\DRIVERS\TurboB.sys [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 BthLEEnum;Driver de Baixa Energia do Bluetooth;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 ETD;Dell Touchpad;c:\windows\System32\drivers\ETD.sys;c:\windows\SYSNATIVE\drivers\ETD.sys [x]
S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUVStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUVStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ   hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-06-22 04:55 1165776 ----a-w- c:\program files (x86)\Google\Chrome\Application\27.0.1453.116\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2013-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 04:47]
.
2013-06-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-06-22 04:47]
.
2013-06-23 c:\windows\Tasks\WebReg HP Deskjet F4400 series.job
- c:\program files (x86)\HP\Digital Imaging\bin\hpqwrg.exe [2011-04-29 11:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco1]
@="{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}"
[HKEY_CLASSES_ROOT\CLSID\{AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47}]
2013-06-12 02:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco2]
@="{853B7E05-C47D-4985-909A-D0DC5C6D7303}"
[HKEY_CLASSES_ROOT\CLSID\{853B7E05-C47D-4985-909A-D0DC5C6D7303}]
2013-06-12 02:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ AccExtIco3]
@="{42D38F2E-98E9-4382-B546-E24E4D6D04BB}"
[HKEY_CLASSES_ROOT\CLSID\{42D38F2E-98E9-4382-B546-E24E4D6D04BB}]
2013-06-12 02:58 3316080 ----a-w- c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync_v_1_1_0_x64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-22 21:42 261744 ----a-w- c:\users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-22 21:42 261744 ----a-w- c:\users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-22 21:42 261744 ----a-w- c:\users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-06-22 05:57 2324576 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-06-22 05:57 2324576 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-06-22 05:57 2324576 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-05-09 08:58 133840 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 164016 ----a-w- c:\users\vanessatiemi\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 164016 ----a-w- c:\users\vanessatiemi\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 164016 ----a-w- c:\users\vanessatiemi\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-06-13 23:00 164016 ----a-w- c:\users\vanessatiemi\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-07 02:57 778192 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDCtrl"="c:\program files\Elantech\ETDCtrl.exe" [2012-10-31 2780048]
"SmartAudio"="c:\program files\CONEXANT\SA3\SACpl.exe" [2012-06-13 1647616]
"IntelTBRunOnce"="wscript.exe" [2012-07-26 160256]
"BtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe" [2012-09-14 764544]
"BtvStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2012-09-14 127616]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-06-03 472984]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-10-06 171040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-10-06 399392]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-10-06 441888]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.gmail.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 200.204.0.10 200.204.0.138
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-HijackThis - c:\users\vanessatiemi\Desktop\HijackThis\HijackThis.exe
AddRemove-lyricson@lyricson.net - c:\program files (x86)\LyricsOn\uninstall.exe
AddRemove-{83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1 - c:\users\vanessatiemi\AppData\Roaming\unins000.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Google\Update\1.3.21.149\GoogleCrashHandler.exe
c:\users\vanessatiemi\AppData\Roaming\Dropbox\bin\Dropbox.exe
c:\program files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
c:\program files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
c:\program files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
c:\program files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
c:\program files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
c:\program files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Tempo para conclusão: 2013-06-30  03:46:17 - Máquina reiniciou
ComboFix-quarantined-files.txt  2013-06-30 06:46
ComboFix2.txt  2013-06-30 06:05
.
Pré-execução: 917.122.551.808 bytes disponíveis
Pós execução: 916.591.345.664 bytes disponíveis
.
- - End Of File - - 99E60421415A4AE1CF32A2F0C4724873
D41D8CD98F00B204E9800998ECF8427E
 
 
Logfile of HijackThis v1.99.1
Scan saved at 03:48:49, on 30/06/2013
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
 
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Users\vanessatiemi\AppData\Local\Akamai\netsession_win.exe
C:\Users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Users\vanessatiemi\AppData\Local\Akamai\netsession_win.exe
C:\Users\vanessatiemi\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe
C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
C:\Program Files (x86)\Dell Backup and Recovery\FACTORYSETUP\FACTORYSETUP.EXE
C:\Users\vanessatiemi\Documents\Vírus\HijackThis\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.gmail.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft..../?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft..../?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Lyrics On - {73C1CE1A-2075-4350-A7B4-EBA78BA45FA8} - C:\Program Files (x86)\LyricsOn\lrcson.dll (file missing)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.355.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [StartCCC] "c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\vanessatiemi\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\vanessatiemi\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [6B2F606736E8A68F094617B184DDAF804537109D._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - Startup: Dropbox.lnk = vanessatiemi\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix: 
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AtherosSvc - Qualcomm Atheros Commnucations - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: CyberLink Product - 2013/06/18 23:29:52 (CLKMSVC10_38F51D56) - Unknown owner - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe" /svc (file missing)
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: CxUtilSvc - Conexant Systems, Inc. - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: McAfee Home Network (HomeNetSvc) - Unknown owner - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: Tecnologia de armazenamento Intel® Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - Unknown owner - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - Unknown owner - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee OOBE Service2 (McOobeSv2) - Unknown owner - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee Platform Services (mcpltsvc) - Unknown owner - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee Proxy Service (McProxy) - Unknown owner - C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - Unknown owner - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe" /McCoreSvc (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PDF Architect Helper Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GmbH - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\SftService.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Intel® Turbo Boost Technology Monitor 2.6 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Wlan Agent - Atheros - C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
 


#10
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.565 posts

vane_tiemi,
 

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}

 
Desinstale um dos antivírus.
 
 
No mais, os logs estão limpos. :)
 
Para finalizar:

  • Vá em Iniciar > Executar > digite (ou copie e cole): ComboFix /Uninstall

    2egd02b.png

    Dê o OK. Aguarde, pois isso irá desinstalar o ComboFix.
  • iconjava.png Atualize o Java. Versões antigas têm vunerabilidades que alguns malwares podem usar para infectar seu sistema.
    • Faça download da última versão do Java SE 7u25.
    • Clique em JRE Download
    • Marque a caixa Accept License Agreement..
    • Clique no link para download Windows x86 Offline 30.25 MB jre-7u25-windows-i586.exe e salve no seu desktop.
    • Feche qualquer programa que esteja executando, especialmente navegadores.
    • Vá em Iniciar > Painel de Controle duplo clique em Adicionar ou Remover Programas e remova todas as versões antigas do Java.
      Exemplos de versões antigas
      Java 2 Runtime Environment, SE v1.4.2
      J2SE Runtime Environment 5.0
      J2SE Runtime Environment 5.0 Update 6
    • Selecione qualquer item com nome Java Runtime Environment (JRE ou J2SE).
    • Clique no botão Remover ou Alterar/Remover.
    • Repita quantas vezes for necessária para remover cada versão do Java.
    • Reincie seu computador uma vez que todas as versões do Java tenham sido removidas.
    • Agora vá no seu desktop, clique duas vezes em jre-7u25-windows-i586.exe para instalar a mais nova versão.
    • ATENÇÃO: Desmarque a caixa de instalação da ASK Toolbar.
  • iconadobe.png  Atualize o Adobe Reader. Versões antigas têm vulnerabilidades que são exploradas por malwares.

    Clique aqui e instale a mais nova versão.
  • iconflash.png Mantenha o Flash Player atualizado. Versões antigas também têm vulnerabilidades que são exploradas por malwares. Clique aqui e instale a mais nova versão.
  • worm.pngWorms USB (vírus de pendrive) podem infectar qualquer tipo de dispositivo de armazenamento removível (pendrives, mp3, mp4, celulares, cartões de memória, câmeras fotográficas). Este tipo de malware explora um recurso nativo do Windows chamado Autorun, ou Autoplay (é aquele assistente que aparece quando você insere um cd ou pendrive, perguntando com qual programa você deseja abri-lo). O Autoplay precisa de um arquivo chamado autorun.inf para funcionar.

    Mantenha um cópia limpa e protegida do arquivo autorun.inf em todos os dispositivos removíveis e em todas as unidades do sistema. Deste modo, se acaso você plugar o seu pendrive em algum pc infectado, o malware não vai conseguir sobreescrever o arquivo pré-existente. Mas ainda assim ele poderá copiar seus executáveis maliciosos para o pendrive, tais como .EXE, .SCR, .CMD, .PIF, .BAT, .COM.
    Se você plugar este pendrive em uma máquina limpa e executar algum desses arquivos maliciosos, esse sistema será infectado da mesma forma. Portanto, tenha cuidado e use o bom senso.

    Para criar um arquivo autorun.inf protegido no Windows XP:

    Faça o download do Flash_Disinfector.exe e salve na sua área de trabalho.
    • Conecte todos os dispositivos de armazenamento removível nas portas USBs. Salve o que achar necessário, EXCETO arquivos executáveis, depois formate as mídias, indo em Meu Computador e clicando com o direito sobre a unidade da mídia, escolhendo a opção "Formatar"
    • Execute o Flash_Disinfector.exe.
    • Vá seguindo os prompts que poderão aparecer.
    • Espere até que o programa conclua a busca e depois saia do programa.
    Para Windows Vista e 7: Panda USB Vaccine
  • TFC_icon.pngPara manutenção de sistema, remoção de arquivos temporários e inválidos, baixe TFC, by OldTimer.

    Feche TODOS os programas e execute o TFC. Clique no botão Start e aguarde. Sua área de trabalho irá desaparecer, não se preocupe, isso faz parte do processo.

    Tenha paciência, conforme a quantidade de dados a serem excluídos, o processo pode demorar mais de 2 minutos.

    Quando terminar, você será solicitado a reiniciar seu computador. REINICIE.

    Caso não lhe seja solicitado, reinicie manualmente.
  • iconwu.pngVisite o Windows Update regularmente e verifique por atualizações.
    Novas brechas de segurança são descobertas com freqüência. Muitos malwares exploram essas brechas, infectando sistemas sem depender de nenhuma ação do usuário. A Microsoft corrige essas brechas através das atualizações.
    Por isso é fundamental manter o seu sistema atualizado.
  • Desative e ative novamente a Restauração do Sistema.
  • Aprenda alguns cuidados e dicas para manter seu computador limpo. Leia o artigo Proteja seu pc:
    http://linhadefensiv...proteja-seu-pc/
  • Se não há mais nenhum problema relacionado a malwares, clique no botão denunld.png e peça para fecharem seu tópico.

Se você tiver alguma dúvida relacionada a informática e tecnologia, sinta-se à vontade para postar em qualquer área do forum Linha Defensiva.

Abraço. :legal:



#11
vane_tiemi

vane_tiemi

    Novato

  • Novato
  • Pip
  • 14 posts

Já desinstalei o antivírus avast e deixei apenas o McAfee. Realizei todos os outros procedimentos que você falou.

Muito obrigada pela sua atenção e ajuda!! É realmente legal isso que o grupo da linha defensiva faz!!

Parabéns pelo trabalho e mais uma vez OBRIGADA!

Abraço! :)



#12
CarlosTurco

CarlosTurco

    Assistente

  • Assistente
  • 24.565 posts
PROBLEMA RESOLVIDO
 
Caso queira solicitar a reabertura do tópico, utilize o botão Denunciar para entrar em contato com a moderação.

Nota: Somente o autor pode realizar essa solicitação na área Remoção de Malware.