Ir ao conteúdo
  • Cadastre-se
Entre para seguir isso  
Keick

Problema com Malware(LinkBucks)

Recommended Posts

Bom, meu computador está com um problema em que qualquer link que eu clico me redireciona para um site chamado linkbucks e isto está sendo um incomodo. Além de que qualquer pagina que eu acesse o Google Chrome(Navegador que utilizo) pede permissão para executar o Java, toda pagina (até aqui no Clube do Hardware).

http://i1101.photobucket.com/albums/g423/Kira23Kato/Java-Problema.jpg

E notei que meu navegador ficou muito mais lento.

Quando eu vou baixar o Gmer aparece esta mensagem.

http://i1101.photobucket.com/albums/g423/Kira23Kato/nginxerro.jpg

DDS Resultado:

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16514 BrowserJavaVersion: 10.45.2

Run by Administrador at 7:27:29 on 2013-10-22

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.1791.719 [GMT -2:00]

.

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Windows\system32\nvvsvc.exe

C:\Program Files\AVAST Software\Avast\AvastSvc.exe

C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe

C:\Windows\system32\nvvsvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Spyware Terminator\st_rsser.exe

C:\Windows\system32\viakaraokesrv.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe

C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe

C:\Program Files\DAEMON Tools Pro\DTShellHlp.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe

C:\Program Files\HP\HP Software Update\hpwuSchd2.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe

C:\Users\Administrador\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe

C:\Users\Administrador\AppData\Local\Akamai\netsession_win.exe

C:\Windows\system32\SearchIndexer.exe

C:\Users\Administrador\AppData\Local\Akamai\netsession_win.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

C:\Windows\System32\WUDFHost.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\wuauclt.exe

C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\taskeng.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Users\Administrador\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k hpdevmgmt

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\system32\svchost.exe -k SDRSVC

.

============== Pseudo HJT Report ===============

.

uSearch Bar = Preserve

uProxyOverride = <local>

mURLSearchHooks: uTorrentBar_PT Toolbar: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - c:\program files\utorrentbar_pt\prxtbuTor.dll

BHO: Octh Class: {000123B4-9B42-4900-B3F7-F4B073EFC214} - c:\program files\orbitdownloader\orbitcth.dll

BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - c:\program files\hp\digital imaging\smart web printing\hpswp_printenhancer.dll

BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - c:\users\administrador\appdata\roaming\complitly\Complitly.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: IEExtension.VDownloaderBHO: {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} -

BHO: ArcPluginIEBHO Class: {84BFE29A-8139-402a-B2A4-C23AE9E1A75F} - c:\program files\perfect world entertainment\arc\plugins\ArcPluginIE.dll

BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: uTorrentBar_PT Toolbar: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - c:\program files\utorrentbar_pt\prxtbuTor.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

TB: uTorrentBar_PT Toolbar: {E0301295-AB3E-4AF3-979F-3D453C5F9F48} - c:\program files\utorrentbar_pt\prxtbuTor.dll

TB: uTorrentBar_PT Toolbar: {e0301295-ab3e-4af3-979f-3d453c5f9f48} - c:\program files\utorrentbar_pt\prxtbuTor.dll

TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - c:\program files\hp\digital imaging\smart web printing\hpswp_bho.dll

uRun: [Google Update] "c:\users\administrador\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"

uRun: [Facebook Update] "c:\users\administrador\appdata\local\facebook\update\FacebookUpdate.exe" /c /nocrashserver

uRun: [DAEMON Tools Pro Agent] "c:\program files\daemon tools pro\DTAgent.exe" -autorun

uRun: [Octoshape Streaming Services] "c:\users\administrador\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun

uRun: [Akamai NetSession Interface] "c:\users\administrador\appdata\local\akamai\netsession_win.exe"

uRun: [AdobeBridge] <no file>

uRunOnce: [uninstall c:\users\administrador\appdata\local\microsoft\skydrive\16.4.6010.0727] c:\windows\system32\cmd.exe /q /c rmdir /s /q "c:\users\administrador\appdata\local\microsoft\skydrive\16.4.6010.0727"

uRunOnce: [uninstall c:\users\administrador\appdata\local\microsoft\skydrive\16.4.6013.0910] c:\windows\system32\cmd.exe /q /c rmdir /s /q "c:\users\administrador\appdata\local\microsoft\skydrive\16.4.6013.0910"

uRunOnce: [uninstall c:\users\administrador\appdata\local\microsoft\skydrive\17.0.2010.0530] c:\windows\system32\cmd.exe /q /c rmdir /s /q "c:\users\administrador\appdata\local\microsoft\skydrive\17.0.2010.0530"

uRunOnce: [uninstall c:\users\administrador\appdata\local\microsoft\skydrive\17.0.2011.0627] c:\windows\system32\cmd.exe /q /c rmdir /s /q "c:\users\administrador\appdata\local\microsoft\skydrive\17.0.2011.0627"

mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"

mRun: [bCSSync] "c:\program files\microsoft office\office14\BCSSync.exe" /DelayServices

mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe

mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui

mRun: [Tutorials] <no file>

mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript

StartupFolder: c:\users\admini~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\imvu.lnk - c:\users\administrador\appdata\roaming\imvuclient\IMVUQualityAgent.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-System: ConsentPromptBehaviorAdmin = dword:5

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: HideFastUserSwitching = dword:1

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll

IE: {d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\administrador\appdata\roaming\microsoft\windows\start menu\programs\imvu\Run IMVU.lnk

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab

DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab

TCP: NameServer = 192.168.2.1 198.24.180.250 8.8.4.4

TCP: Interfaces\{008FACF0-9797-4F26-B515-F7850470108F} : NameServer = 8.26.56.26,8.20.247.20

TCP: Interfaces\{008FACF0-9797-4F26-B515-F7850470108F} : DHCPNameServer = 192.168.2.1 198.24.180.250 8.8.4.4

TCP: Interfaces\{368ABDE9-7F65-411A-9462-450A46404464} : DHCPNameServer = 200.169.117.222 200.169.117.221

TCP: Interfaces\{B85D8CAD-D56A-46CF-A78B-79EC36B735BD} : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{B85D8CAD-D56A-46CF-A78B-79EC36B735BD}\5444E414 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{E53C01CF-9D1C-43A0-932A-6830307A3615} : DHCPNameServer = 77.234.40.79

Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

AppInit_DLLs= c:\progra~2\bprote~1\22463~1.83\protec~1.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL

.

============= SERVICES / DRIVERS ===============

.

R0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [2013-9-14 61488]

R0 aswRvrt;aswRvrt;c:\windows\system32\drivers\aswRvrt.sys [2013-4-5 49376]

R0 aswVmm;aswVmm;c:\windows\system32\drivers\aswVmm.sys [2013-4-5 177864]

R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-6-27 770344]

R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-6-27 369584]

R1 sp_rsdrv2;Spyware Terminator 2012 Realtime Shield Driver;c:\windows\system32\drivers\sp_rsdrv2.sys [2013-10-21 32768]

R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2012-6-27 29816]

R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-6-27 66336]

R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-10-4 46808]

R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files\spyware terminator\st_rsser.exe [2013-10-21 587912]

R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-10-23 242240]

R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2013-3-23 1841272]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 KMService;KMService;c:\windows\system32\srvany.exe [2012-6-27 8192]

S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-10-21 418376]

S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2013-10-21 701512]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-6-21 162408]

S3 apf003;apf003;c:\windows\system32\apf003.sys [2013-3-8 13232]

S3 ArcService;Arc Service;c:\program files\perfect world entertainment\arc\ArcService.exe [2013-9-5 88424]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 62464]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-10-21 22856]

S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]

S3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\overwolf\OverwolfUpdater.exe [2013-10-6 18360]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-29 14848]

S3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\drivers\RTL85n86.sys [2010-3-23 1812512]

S3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 77184]

S3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-11-29 24064]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-29 49664]

S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-11-29 27136]

S3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 112640]

.

=============== Created Last 30 ================

.

2013-10-22 09:26:05 54016 ----a-w- c:\windows\system32\drivers\awkqiw.sys

2013-10-21 20:21:54 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2013-10-21 20:21:52 -------- d-----w- c:\users\administrador\appdata\roaming\Spyware Terminator

2013-10-21 20:21:52 -------- d-----w- c:\programdata\Spyware Terminator

2013-10-21 20:21:43 -------- d-----w- c:\program files\Spyware Terminator

2013-10-21 19:07:05 -------- d-----w- c:\users\administrador\appdata\roaming\Malwarebytes

2013-10-21 19:06:46 -------- d-----w- c:\programdata\Malwarebytes

2013-10-21 19:06:40 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-10-21 19:06:39 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-10-21 19:06:15 -------- d-----w- c:\users\administrador\appdata\roaming\UpdaterEX

2013-10-21 18:34:20 -------- d-----w- c:\programdata\Oracle

2013-10-21 18:34:00 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-10-15 09:39:57 7328304 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1491f532-be5b-41e2-8afb-cd24c13e7b27}\mpengine.dll

2013-10-15 09:18:05 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys

2013-10-15 09:18:04 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys

2013-10-15 09:18:02 530432 ----a-w- c:\windows\system32\comctl32.dll

2013-10-15 09:15:38 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-10-15 09:14:37 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys

2013-10-15 09:14:37 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2013-10-11 12:13:37 386416 ----a-w- c:\windows\system32\networkdlllsp.dll

2013-10-11 12:12:51 -------- d-----w- c:\users\administrador\appdata\roaming\NetworkTunnel

2013-10-09 06:10:56 -------- d-----w- c:\users\administrador\appdata\roaming\Python-Eggs

2013-10-09 06:10:24 -------- d-----w- c:\users\administrador\appdata\roaming\BitLord

2013-10-09 06:06:27 -------- d-----w- c:\program files\BitLord 2

2013-10-08 18:36:29 -------- d-----w- c:\program files\Orbitdownloader

2013-10-06 19:17:58 -------- d-----w- c:\users\administrador\appdata\local\Purplizer

2013-10-06 19:12:15 -------- d-----w- c:\program files\common files\Overwolf

2013-10-06 19:12:10 -------- d-----w- c:\program files\Overwolf

2013-09-24 17:35:10 -------- d-----w- c:\program files\Perfect World Entertainment

2013-09-24 03:53:51 -------- d-----w- c:\programdata\Steam

2013-09-24 03:37:08 -------- d-----w- c:\program files\Age of Empires II HD

.

==================== Find3M ====================

.

2013-10-09 02:30:29 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-09 02:30:29 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-22 10:22:59 1800704 ----a-w- c:\windows\system32\jscript9.dll

2013-09-22 10:14:39 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2013-09-22 10:13:22 1129472 ----a-w- c:\windows\system32\wininet.dll

2013-09-22 10:08:41 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2013-09-22 10:06:58 420864 ----a-w- c:\windows\system32\vbscript.dll

2013-09-22 10:03:18 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2013-09-14 00:48:58 338944 ----a-w- c:\windows\system32\drivers\afd.sys

2013-09-13 21:50:58 61488 ----a-r- c:\windows\system32\drivers\360HookOem.sys

2013-09-13 21:50:58 29744 ----a-r- c:\windows\system32\drivers\360RegOem.sys

2013-09-13 21:50:58 152880 ----a-r- c:\windows\system32\drivers\360FileOem.sys

2013-09-08 02:07:12 1294272 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-09-08 02:03:58 231424 ----a-w- c:\windows\system32\mswsock.dll

2013-08-30 07:48:13 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-08-30 07:48:12 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-08-30 07:48:12 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-08-30 07:48:12 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-08-30 07:48:11 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-08-30 07:47:40 41664 ----a-w- c:\windows\avastSS.scr

2013-08-29 01:51:45 3969472 ----a-w- c:\windows\system32\ntkrnlpa.exe

2013-08-29 01:51:45 3914176 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-08-29 01:50:30 1289096 ----a-w- c:\windows\system32\ntdll.dll

2013-08-29 01:50:16 619520 ----a-w- c:\windows\system32\tdh.dll

2013-08-29 01:48:17 640512 ----a-w- c:\windows\system32\advapi32.dll

2013-08-28 01:04:30 2348544 ----a-w- c:\windows\system32\win32k.sys

2013-08-28 00:57:20 434688 ----a-w- c:\windows\system32\scavengeui.dll

2013-08-13 11:38:04 32328 ----a-w- c:\windows\Launcher.exe

2013-08-07 07:22:04 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-08-05 01:56:47 133056 ----a-w- c:\windows\system32\drivers\ataport.sys

2013-08-02 01:50:36 169984 ----a-w- c:\windows\system32\winsrv.dll

2013-08-02 01:49:19 293376 ----a-w- c:\windows\system32\KernelBase.dll

2013-08-02 00:52:57 271360 ----a-w- c:\windows\system32\conhost.exe

2013-08-02 00:43:05 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43:05 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43:05 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43:05 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-08-01 11:03:36 729024 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys

2013-07-25 08:57:27 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2012-02-24 21:38:26 887624 ----a-w- c:\program files\common files\AutoCompleteInstaller-VD.exe

.

============= FINISH: 7:29:55,33 ===============

Attach-

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 27/06/2012 18:20:41

System Uptime: 22/10/2013 06:28:32 (1 hours ago)

.

Motherboard: ASRock | | N68-VS3 UCC

Processor: AMD Athlon II X2 4400e Processor | CPUSocket | 2700/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 74 GiB total, 16,385 GiB free.

D: is CDROM ()

E: is Removable

F: is Removable

G: is Removable

H: is Removable

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: avast! SecureLine TAP Adapter

Device ID: ROOT\NET\0000

Manufacturer: TAP-Windows Provider V9

Name: avast! SecureLine TAP Adapter

PNP Device ID: ROOT\NET\0000

Service: tap0901

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: Realtek 8185 Extensible 802.11b/g Wireless Device

Device ID: PCI\VEN_10EC&DEV_8185&SUBSYS_822510EC&REV_20\4&2F735D55&0&5020

Manufacturer: Realtek Semiconductor Corp

Name: Realtek 8185 Extensible 802.11b/g Wireless Device

PNP Device ID: PCI\VEN_10EC&DEV_8185&SUBSYS_822510EC&REV_20\4&2F735D55&0&5020

Service: RTL85n86

.

==== System Restore Points ===================

.

RP321: 21/10/2013 22:52:34 - Ponto de Verificação Agendado

.

==== Installed Programs ======================

.

32 Bit HP CIO Components Installer

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Photoshop CS6

Adobe Reader X (10.1.6)

Age of Empires II HD © Microsoft Studios version 1

AIO_Scan

Akamai NetSession Interface

Arc

Arquivo do WinRAR

Ashampoo Burning Studio 2012 v10.0.15

µTorrent

Atualizações da NVIDIA 1.10.8

aTube Catcher

Auslogics Disk Defrag

avast! Free Antivirus

BitLord 2.3

BufferChm

C4200

c4200_Help

CCleaner

Copy

DAEMON Tools Pro

Daum PotPlayer 1.5.35491

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations

DeviceDiscovery

DocProc

ExitLag

Extended Update

Facebook Video Calling 1.2.0.287

foobar2000 v1.1.13

FormatFactory 3.00

Gerenciador de Downloads

Google Chrome

Google Earth Plug-in

Google Update Helper

GPBaseService2

HP Imaging Device Functions 13.0

HP Photosmart C4200 All-In-One Driver Software 13.0 Rel. 1

HP Photosmart Essential 3.5

HP Smart Web Printing 4.51

HP Solution Center 13.0

HP Update

HPPhotoGadget

HPPhotoSmartDiscLabelContent1

HPPhotosmartEssential

HPProductAssistant

Java 7 Update 45

Java Auto Updater

JavaFX 2.0.2 SDK

League of Legends

Malwarebytes Anti-Malware versão 1.75.0.1300

MegaScale MultiDesktop Manager

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Client Profile PTB Language Pack

Microsoft Application Error Reporting

Microsoft Office 2010 Service Pack 1 (SP1)

Microsoft Office Access MUI (Portuguese (Brazil)) 2010

Microsoft Office Excel MUI (Portuguese (Brazil)) 2010

Microsoft Office Groove MUI (Portuguese (Brazil)) 2010

Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2010

Microsoft Office OneNote MUI (Portuguese (Brazil)) 2010

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (Portuguese (Brazil)) 2010

Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2010

Microsoft Office Professional Plus 2010

Microsoft Office Proof (English) 2010

Microsoft Office Proof (Portuguese (Brazil)) 2010

Microsoft Office Proof (Spanish) 2010

Microsoft Office Proofing (Portuguese (Brazil)) 2010

Microsoft Office Publisher MUI (Portuguese (Brazil)) 2010

Microsoft Office Shared MUI (Portuguese (Brazil)) 2010

Microsoft Office Word MUI (Portuguese (Brazil)) 2010

Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit

Microsoft Silverlight

Microsoft SkyDrive

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

Microsoft_VC80_CRT_x86

Microsoft_VC90_CRT_x86

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

Nero 7 Ultra Edition

neroxml

NVIDIA Display Control Panel

NVIDIA Driver de gráficos 307.83

NVIDIA Drivers

NVIDIA ForceWare Network Access Manager

NVIDIA Install Application

NVIDIA PhysX

NVIDIA Update Components

OCR Software by I.R.I.S. 13.0

Octoshape Streaming Services

Orbit Downloader

Overwolf

Pacote de Idiomas do Microsoft .NET Framework 4 Client Profile - Português (Brasil)

Painel de controle da NVIDIA 307.83

Pando Media Booster

PDF Settings CS6

Platform

PS_AIO_Software_min

PVSonyDll

Quake Live Mozilla Plugin

RaidCall

Scan

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)

Security Update for Microsoft Excel 2010 (KB2826033) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2687422) 32-Bit Edition

Security Update for Microsoft InfoPath 2010 (KB2760406) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826023) 32-Bit Edition

Security Update for Microsoft Office 2010 (KB2826035) 32-Bit Edition

Security Update for Microsoft Outlook 2010 (KB2794707) 32-Bit Edition

Security Update for Microsoft Publisher 2010 (KB2553147) 32-Bit Edition

Security Update for Microsoft Visio 2010 (KB2810068) 32-Bit Edition

Skype™ 6.6

SmartWebPrinting

SolutionCenter

Spyware Terminator 2012

Status

TeamSpeak 3 Client

Toolbox

TrayApp

Unity Web Player

UnloadSupport

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939)

Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)

Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition

Update for Microsoft Filter Pack 2.0 (KB2810071) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553065)

Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition

Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition

Update for Microsoft Office 2010 (KB2566458)

Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition

Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition

Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition

Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition

Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition

Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition

Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition

Update for Microsoft Office 2010 (KB2826026) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition

Update for Microsoft OneNote 2010 (KB2810072) 32-Bit Edition

Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition

Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition

Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition

Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition

Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition

Update for Microsoft Word 2010 (KB2827323) 32-Bit Edition

uTorrentBar_PT Toolbar

VIA Gerenciador de dispositivo de plataforma

WebReg

Windows Media Player Firefox Plugin

WinPcap 4.1.1

XP Codec Pack

.

==== End Of File ===========================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça o download do Malwarebytes Anti-Malware:

  • Link1
  • Link alternativo
    • Clique duas vezes em mbam-setup.exe, escolha a linguagem e siga as instruções para o software ser instalado.
    • Certifique-se que esteja marcada a caixa Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware, e clique em concluir.
    • Se existirem atualizações, elas serão baixadas e instaladas.
    • Quando as atualizações terminarem, abrirá uma janela do programa. Marque "Verificação Rápida", e depois clique no botão Verificar.
    • O scan iniciará e poderá ser demorado. Por favor seja paciente.
    • Quando o scan estiver completo, clique em Ok, depois em Mostrar Resultados para ver o log.
    • Se algo for encontrado, certifique-se que tudo está marcado e clique em Remover.
    • Quando a desinfecção terminar, automaticamente um log surgirá aberto num documento do Bloco de Notas e pode ser questionado para reiniciar o PC. (Leia a nota)
    • O log é automaticamente guardado e pode ser consultado clicando na tab Logs do menu principal.
    • Copie e cole o conteúdo desse log na sua próxima resposta.

Nota: Em infecções mais complicadas, poderá haver a necessidade de reiniciar o PC. Caso lhe seja pedido para reiniciar, por favor, faça-o imediatamente.

Depois,

Leia as instruções contidas neste link:

Nas instruções contidas no link acima, poderá verificar quais os fóruns onde os Analistas estão devidamente habilitados a utilizar corretamente a ferramenta:"Fóruns para receber ajuda com logs do ComboFix"

  1. Faça o download do ComboFix de um dos links oficiais listados abaixo e salve no seu desktop:

[*]Temporariamente e durante a execução destas instruções, é muito importante que mantenha desabilitados os seus programas de proteção (Antivirus, Antispyware e Firewall). Reative as proteções após a execução do(s) procedimento(s) abaixo mencionado(s).[*]Duplo clique no icone desktopicon.png que está no desktop.[*]Leia e aceite as condições, digitando 1 e enter.[*]Computadores com Windows XP deverão instalar o Console de Recuperação:

  • Se o seu computador tem instalado o Windows XP e ainda não tem instalado o Console de Recuperação, por favor certifique-se que está conectado à Internet, e clique em "Sim".
  • Clique em "OK" ao EULA.
  • Quando o Console de Recuperação estiver já instalado, clique em "SIM" para continuar.

[*]O ComboFix será executado, por favor seja paciente e aguarde. [*]Atenção: Não utilize o mouse nem o teclado enquanto a ferramenta estiver sendo executada, isso pode fazer com que o computador pare.[*]Poderá surgir o aviso que é necessário reiniciar o computador.

NÃO REINICIE!!! O ComboFix reiniciará o computador automaticamente.[*]Quando a ferramenta terminar de rodar, gerará um log (o arquivo C:\ComboFix.txt). Copie e cole o conteúdo desse arquivo na sua proxima resposta.

NÃO utilize a ferramenta por conta própria. É uma ferramenta poderosa criada pra lidar com infecções sofisticadas e caso não a utilize corretamente poderá danificar o seu computador.

  • Existem vários malwares que impedem a execução correta da ferramenta e com isso danificar gravemente o computador. Analistas habilitados a utilizar o ComboFix conhecem esses casos e sabem lidar com estas situações.
  • Muitos dos Analistas não respondem a topicos em que vejam que o ComboFix foi utilizado sem supervisão.
  • Existem varias ferramentas anti-malware generalistas em que os autores ao elaborarem a programação das mesmas, estão pensando nos usuários finais e para serem usadas sem supervisão. O Combofix não é uma ferramenta desse tipo, e assim sendo e até por respeito ao autor da ferramenta, não utilize sem supervisão.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes Anti-Malware (Trial) 1.75.0.1300

www.malwarebytes.org

Versão da Base de Dados: v2013.10.22.06

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Administrador :: PC-PC [administrador]

Proteção: Permitir

22/10/2013 13:18:19

mbam-log-2013-10-22 (13-18-19).txt

Tipo de Verificação: Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados: 244892

Tempo decorrido: 18 minuto(s), 29 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 1

HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj (PUP.FunMoods) -> Enviado para a Quarentena e deletado com sucesso.

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 0

(Não foram detectados ítens maliciosos)

(fim)

ComboFix 13-10-21.01 - Administrador 22/10/2013 13:44:17.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.1791.974 [GMT -2:00]

Executando de: c:\users\Administrador\Downloads\ComboFix.exe

AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Administrador\AppData\Local\.#

c:\users\Administrador\AppData\Local\.#\MBX@10A8@9171A58.###

c:\users\Administrador\AppData\Local\.#\MBX@10A8@9171A68.###

c:\users\Administrador\AppData\Local\.#\MBX@10A8@9171A78.###

c:\users\Administrador\AppData\Local\.#\MBX@1430@9E51A58.###

c:\users\Administrador\AppData\Local\.#\MBX@1430@9E51A68.###

c:\users\Administrador\AppData\Local\.#\MBX@1430@9E51A78.###

c:\users\Administrador\AppData\Local\.#\MBX@1520@381A58.###

c:\users\Administrador\AppData\Local\.#\MBX@1520@381A68.###

c:\users\Administrador\AppData\Local\.#\MBX@1520@381A78.###

c:\users\Administrador\AppData\Local\.#\MBX@15F0@9CB1A58.###

c:\users\Administrador\AppData\Local\.#\MBX@15F0@9CB1A68.###

c:\users\Administrador\AppData\Local\.#\MBX@15F0@9CB1A78.###

c:\users\Administrador\AppData\Local\.#\MBX@1710@9C61A58.###

c:\users\Administrador\AppData\Local\.#\MBX@1710@9C61A68.###

c:\users\Administrador\AppData\Local\.#\MBX@1710@9C61A78.###

c:\users\Administrador\AppData\Local\.#\MBX@17D4@9C01A58.###

c:\users\Administrador\AppData\Local\.#\MBX@17D4@9C01A68.###

c:\users\Administrador\AppData\Local\.#\MBX@17D4@9C01A78.###

c:\users\Administrador\AppData\Local\.#\MBX@6D4@9EC1A58.###

c:\users\Administrador\AppData\Local\.#\MBX@6D4@9EC1A68.###

c:\users\Administrador\AppData\Local\.#\MBX@6D4@9EC1A78.###

c:\windows\system32\Cache

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2013-09-22 to 2013-10-22 ))))))))))))))))))))))))))))

.

.

2013-10-21 20:21 . 2011-06-21 13:24 32768 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys

2013-10-21 19:07 . 2013-10-21 19:07 -------- d-----w- c:\users\Administrador\AppData\Roaming\Malwarebytes

2013-10-21 19:06 . 2013-10-21 19:06 -------- d-----w- c:\programdata\Malwarebytes

2013-10-21 19:06 . 2013-04-04 16:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys

2013-10-21 19:06 . 2013-10-21 19:06 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2013-10-21 18:34 . 2013-10-21 18:34 -------- d-----w- c:\programdata\Oracle

2013-10-21 18:34 . 2013-10-21 18:34 -------- d-----w- c:\program files\Common Files\Java

2013-10-21 18:34 . 2013-10-08 09:50 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2013-10-15 09:39 . 2013-09-05 05:02 7328304 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1491F532-BE5B-41E2-8AFB-CD24C13E7B27}\mpengine.dll

2013-10-15 09:18 . 2013-07-03 03:36 55808 ----a-w- c:\windows\system32\drivers\hidclass.sys

2013-10-15 09:18 . 2013-07-03 03:36 25728 ----a-w- c:\windows\system32\drivers\hidparse.sys

2013-10-15 09:18 . 2013-07-04 11:50 530432 ----a-w- c:\windows\system32\comctl32.dll

2013-10-15 09:15 . 2013-06-25 22:56 527064 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2013-10-15 09:14 . 2013-07-12 10:08 146816 ----a-w- c:\windows\system32\drivers\usbvideo.sys

2013-10-15 09:14 . 2013-07-12 10:07 86016 ----a-w- c:\windows\system32\drivers\usbcir.sys

2013-10-11 12:13 . 2013-08-09 06:25 386416 ----a-w- c:\windows\system32\networkdlllsp.dll

2013-10-09 06:10 . 2013-10-19 22:05 -------- d-----w- c:\users\Administrador\AppData\Roaming\BitLord

2013-10-09 06:06 . 2013-10-09 06:09 -------- d-----w- c:\program files\BitLord 2

2013-10-08 18:36 . 2013-10-08 18:36 -------- d-----w- c:\program files\Orbitdownloader

2013-10-06 19:17 . 2013-10-06 19:55 -------- d-----w- c:\users\Administrador\AppData\Local\Purplizer

2013-10-06 19:12 . 2013-10-06 19:12 -------- d-----w- c:\program files\Common Files\Overwolf

2013-10-06 19:12 . 2013-10-06 19:13 -------- d-----w- c:\program files\Overwolf

2013-09-24 17:35 . 2013-09-24 17:35 -------- d-----w- c:\program files\Perfect World Entertainment

2013-09-24 03:53 . 2013-09-24 03:53 -------- d-----w- c:\programdata\Steam

2013-09-24 03:37 . 2013-10-11 20:36 -------- d-----w- c:\program files\Age of Empires II HD

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-10-09 02:30 . 2012-06-27 21:32 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2013-10-09 02:30 . 2012-06-27 21:32 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2013-09-13 21:50 . 2013-09-14 11:34 29744 ----a-r- c:\windows\system32\drivers\360RegOem.sys

2013-09-13 21:50 . 2013-09-14 11:34 152880 ----a-r- c:\windows\system32\drivers\360FileOem.sys

2013-09-13 21:50 . 2013-09-14 11:34 61488 ----a-r- c:\windows\system32\drivers\360HookOem.sys

2013-08-30 07:48 . 2013-04-05 12:26 177864 ----a-w- c:\windows\system32\drivers\aswVmm.sys

2013-08-30 07:48 . 2012-06-27 22:03 369584 ----a-w- c:\windows\system32\drivers\aswSP.sys

2013-08-30 07:48 . 2012-06-27 22:03 56080 ----a-w- c:\windows\system32\drivers\aswTdi.sys

2013-08-30 07:48 . 2013-04-05 12:26 49376 ----a-w- c:\windows\system32\drivers\aswRvrt.sys

2013-08-30 07:48 . 2012-06-27 22:03 61680 ----a-w- c:\windows\system32\drivers\aswRdr2.sys

2013-08-30 07:48 . 2012-06-27 22:03 770344 ----a-w- c:\windows\system32\drivers\aswSnx.sys

2013-08-30 07:48 . 2012-06-27 22:03 29816 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys

2013-08-30 07:48 . 2012-06-27 22:03 66336 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys

2013-08-30 07:47 . 2012-06-27 22:03 41664 ----a-w- c:\windows\avastSS.scr

2013-08-30 07:47 . 2012-06-27 22:03 229648 ----a-w- c:\windows\system32\aswBoot.exe

2013-08-13 11:38 . 2013-09-14 00:53 32328 ----a-w- c:\windows\Launcher.exe

2013-08-07 07:22 . 2012-06-27 21:07 238872 ------w- c:\windows\system32\MpSigStub.exe

2013-08-05 01:56 . 2013-09-14 01:03 133056 ----a-w- c:\windows\system32\drivers\ataport.sys

2013-08-02 01:50 . 2013-09-14 01:03 169984 ----a-w- c:\windows\system32\winsrv.dll

2013-08-02 01:49 . 2013-09-14 01:03 293376 ----a-w- c:\windows\system32\KernelBase.dll

2013-08-02 01:48 . 2013-09-14 01:03 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2013-08-02 01:48 . 2013-09-14 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2013-08-02 00:52 . 2013-09-14 01:03 271360 ----a-w- c:\windows\system32\conhost.exe

2013-08-02 00:43 . 2013-09-14 01:03 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2013-08-02 00:43 . 2013-09-14 01:03 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2013-08-02 00:43 . 2013-09-14 01:03 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2013-08-02 00:43 . 2013-09-14 01:03 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2013-07-25 08:57 . 2013-08-17 10:11 1620992 ----a-w- c:\windows\system32\WMVDECOD.DLL

2012-02-24 21:38 . 2012-07-04 16:59 887624 ----a-w- c:\program files\Common Files\AutoCompleteInstaller-VD.exe

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]

2011-05-09 09:49 176936 ----a-w- c:\program files\uTorrentBar_PT\prxtbuTor.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{e0301295-ab3e-4af3-979f-3d453c5f9f48}"= "c:\program files\uTorrentBar_PT\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]

.

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]

"{E0301295-AB3E-4AF3-979F-3D453C5F9F48}"= "c:\program files\uTorrentBar_PT\prxtbuTor.dll" [2011-05-09 176936]

.

[HKEY_CLASSES_ROOT\clsid\{e0301295-ab3e-4af3-979f-3d453c5f9f48}]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]

@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"

[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

2013-08-14 16:15 222832 ----a-w- c:\users\Administrador\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]

@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"

[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]

2013-08-14 16:15 222832 ----a-w- c:\users\Administrador\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]

@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"

[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]

2013-08-14 16:15 222832 ----a-w- c:\users\Administrador\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\SkyDriveShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2013-08-30 07:47 121968 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]

"Facebook Update"="c:\users\Administrador\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-08-21 138096]

"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]

"Octoshape Streaming Services"="c:\users\Administrador\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2011-03-24 107800]

"Akamai NetSession Interface"="c:\users\Administrador\AppData\Local\Akamai\netsession_win.exe" [2013-06-05 4489472]

"SkyDrive"="c:\users\Administrador\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-08-14 257136]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]

"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]

"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-09 153136]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2013-08-30 4858968]

"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-12-15 478984]

"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

"AdobeCS6ServiceManager"="c:\program files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]

"HDAudDeck"="c:\program files\VIA\VIAudioi\VDeck\VDeck.exe" [2000-01-01 4045432]

"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]

"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

"HideFastUserSwitching"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"aux"=wdmaud.drv

.

R2 KMService;KMService;c:\windows\system32\srvany.exe [2003-04-18 8192]

R2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-06-21 162408]

R3 apf001;apf001;c:\game\SoftnyxGame\LoveRitmoPS\apf001.sys [x]

R3 apf003;apf003;c:\windows\system32\apf003.sys [2013-03-08 13232]

R3 ArcService;Arc Service;c:\program files\Perfect World Entertainment\Arc\ArcService.exe [2013-09-05 88424]

R3 AsrCDDrv;AsrCDDrv;c:\windows\system32\Drivers\AsrCDDrv.sys [x]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-20 62464]

R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]

R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 22856]

R3 ncvet.dll;ncvet.dll;c:\windows\Temp\ncvet.dll [x]

R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [2012-10-15 4513136]

R3 OverwolfUpdaterService;Overwolf Updater Service;c:\program files\Overwolf\OverwolfUpdater.exe [2013-08-22 18360]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 14848]

R3 RTL85n86;Realtek 8180/8185 Extensible 802.11 Wireless Device Driver;c:\windows\system32\DRIVERS\RTL85n86.sys [2010-03-23 1812512]

R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-20 77184]

R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 24064]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 49664]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vtany;vtany;c:\windows\vtany.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-28 1343400]

R3 XDva399;XDva399;c:\windows\system32\XDva399.sys [x]

R3 XDva400;XDva400;c:\windows\system32\XDva400.sys [x]

R3 xhunter1;xhunter1;c:\windows\xhunter1.sys [x]

R3 xsherlock;xsherlock;c:\windows\system32\xsherlock.xem [2012-07-18 654944]

S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [2013-09-13 61488]

S0 aswRvrt;aswRvrt; [x]

S0 aswVmm;aswVmm; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-08-30 66336]

S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-01-27 50704]

S2 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2000-01-01 27768]

S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-10-23 242240]

S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2000-01-01 1841272]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-10-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 02:30]

.

2013-10-19 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-PC-Administrador.job

- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2012-12-15 12:13]

.

2013-10-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3142119637-575472587-4045705051-500Core.job

- c:\users\Administrador\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-21 16:20]

.

2013-10-22 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3142119637-575472587-4045705051-500UA.job

- c:\users\Administrador\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-21 16:20]

.

2013-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-29 11:13]

.

2013-10-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-09-29 11:13]

.

2013-10-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3142119637-575472587-4045705051-1000Core.job

- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-27 21:29]

.

2013-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3142119637-575472587-4045705051-1000UA.job

- c:\users\PC\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-27 21:29]

.

2013-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3142119637-575472587-4045705051-500Core.job

- c:\users\Administrador\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-29 11:04]

.

2013-10-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3142119637-575472587-4045705051-500UA.job

- c:\users\Administrador\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-29 11:04]

.

.

------- Scan Suplementar -------

.

uInternet Settings,ProxyOverride = <local>

IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IMVU\Run IMVU.lnk

TCP: DhcpNameServer = 192.168.2.1 198.24.180.250 8.8.4.4

TCP: Interfaces\{008FACF0-9797-4F26-B515-F7850470108F}: NameServer = 8.26.56.26,8.20.247.20

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

WebBrowser-{CDF97EE2-DED0-4369-835E-99DD08225FA5} - (no file)

HKCU-Run-AdobeBridge - (no file)

HKLM-Run-Tutorials - (no file)

c:\users\Administrador\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IMVU.lnk - c:\users\Administrador\AppData\Roaming\IMVUClient\IMVUQualityAgent.exe "--startup"

.

.

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]

"ImagePath"="c:\windows\system32\GameMon.des -service"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\xsherlock]

"ImagePath"="c:\windows\system32\xsherlock.xem"

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{8E5E2654-AD2D-48BF-AC2D-D17F00898D06}"=hex:51,66,7a,6c,4c,1d,38,12,3a,25,4d,

8a,1f,e3,d1,0d,d3,3b,92,3f,05,d7,c9,12

"{E0301295-AB3E-4AF3-979F-3D453C5F9F48}"=hex:51,66,7a,6c,4c,1d,38,12,fb,11,23,

e4,0c,e5,9d,0f,e8,89,7e,05,39,01,db,5c

"{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}"=hex:51,66,7a,6c,4c,1d,38,12,82,71,d1,

a0,ac,a3,a0,0f,d9,e4,d6,18,c2,ac,da,e7

"{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12,

04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00

"{0FB6A909-6086-458F-BD92-1F8EE10042A0}"=hex:51,66,7a,6c,4c,1d,38,12,67,aa,a5,

0b,b4,2e,e1,00,c2,84,5c,ce,e4,5e,06,b4

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,

76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a

"{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}"=hex:51,66,7a,6c,4c,1d,38,12,c4,b3,f8,

71,26,0c,da,09,ef,fa,a0,a0,7b,93,40,e3

"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07,

72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57

"{7B523E7C-F096-4E36-A0CB-7EFEB5C675C1}"=hex:51,66,7a,6c,4c,1d,38,12,12,3d,41,

7f,a4,be,58,0b,df,dd,3d,be,b0,98,31,d5

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{9FDDE16B-836F-4806-AB1F-1455CBEFF289}"=hex:51,66,7a,6c,4c,1d,38,12,05,e2,ce,

9b,5d,cd,68,0d,d4,09,57,15,ce,b1,b6,9d

"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,38,12,5b,ab,e0,

b0,13,40,37,0c,c5,34,01,f3,05,d0,46,eb

"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db,

df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd

"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,

2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:eb,da,54,48,e2,64,cd,01

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (Administrator)

"Timestamp"=hex:a5,ee,d7,f7,30,b2,ce,01

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (Administrator)

"6256FFB019F8FDFBD36745B06F4540E9AEAF222A25"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,85,eb,03,66,31,e1,4b,b6,5d,1d,\

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,26,85,eb,03,66,31,e1,4b,b6,5d,1d,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,9b,59,4d,a0,1d,01,17,4f,8f,cc,1f,\

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.3G2"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.3GP"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.3GP2"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.3GPP"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.AAC"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AC3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.AC3"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.ADTS"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AIFF"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AMR\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.AMR"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AMV\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.AMV"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.APE"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.ASF"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ASS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.ASS"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.ASX"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.AVI"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crdownload\UserChoice]

@Denied: (2) (Administrator)

"Progid"="crdownload_auto_file"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.CUE"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dat\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.DAT"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIVX\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.DIVX"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DMSKM\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.DMSKM"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DPG\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.DPG"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DPL\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.dpl"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dsf\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.dsf"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DTS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.DTS"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dvr-ms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.DVR-MS"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.EVO\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.EVO"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.FLAC"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.FLV\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.FLV"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML.Administrador"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML.Administrador"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IDX\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.IDX"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.IFO\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.IFO"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.K3G\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.K3G"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.LMP4\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.LMP4"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M1A\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.M1A"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.M1V"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2A\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.M2A"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.M2T"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.M2TS"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.M2V"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.M3U"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.M4A"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M4B\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.M4B"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M4P\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.M4P"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.M4V"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MKA\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.MKA"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.MKV"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.MOD"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.MOV"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.MP2"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.MP2V"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.MP3"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.MP4"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.MP4"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.MPA"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPC\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.MPC"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.MPE"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.MPEG"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.MPG"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MPLS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.MPLS"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.MPV2"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MQV\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.MQV"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.MTS"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSR\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.NSR"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.NSV\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.NSV"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGG\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.OGG"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGM\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.OGM"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.OGV\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.OGV"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PLS\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.PLS"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.QT\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.QT"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RA\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.RA"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RAM\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.RAM"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RM\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.RM"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.RMVB"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.RPM\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.RPM"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML.Administrador"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SKM\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.SKM"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SMI\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.SMI"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.AU"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SRT\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.SRT"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SSA\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.SSA"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SUB\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.SUB"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.SWF\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.SWF"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TAK\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.TAK"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TP\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.TP"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TPR\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.TPR"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TRP\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.TRP"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.TS"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.TTS"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.VOB"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.WAV"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.WAX"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WEBM\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.WEBM"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.WM"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.WMA"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMD"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WMP\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.WMP"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMS"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.WMV"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.WMX"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WMZ"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]

@Denied: (2) (Administrator)

"Progid"="WMP11.AssocFile.WPL"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WV\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.WV"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]

@Denied: (2) (Administrator)

"Progid"="PotPlayerMini.WVX"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML.Administrador"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

@Denied: (2) (Administrator)

"Progid"="ChromeHTML.Administrador"

.

[HKEY_USERS\S-1-5-21-3142119637-575472587-4045705051-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings]

@Denied: (2) (Administrator)

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-10-22 13:58:07

ComboFix-quarantined-files.txt 2013-10-22 15:58

.

Pré-execução: 17.184.493.568 bytes disponíveis

Pós execução: 18.665.664.512 bytes disponíveis

.

- - End Of File - - 70A42FB6EC50B1B6B673B3345FDCB9E0

A36C5E4F47E84449FF07ED3517B43A31

Compartilhar este post


Link para o post
Compartilhar em outros sites

O problema inicial persiste?

Compartilhar este post


Link para o post
Compartilhar em outros sites

  • Faça download do ADWCleaner.
  • Feche todos os aplicativos, principalmente seus navegadores.
  • Execute a ferramenta.
  • Marque para excluir cada vez que lhe for perguntado a ação que deseja tomar.
  • Seus ícones no desktop podem sumir momentanemante, não se assuste.
  • Após o fim do scan, seu computador será reiniciado.
  • Quando voltar, um arquivo de texto aparecerá, salve o seu conteúdo e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Novamente, o problema ainda persiste. vou tentar rodar de novo.

# AdwCleaner v3.010 - Relatório criado 24/10/2013 às 14:07:55

# Atualizado 20/10/2013 por Xplode

# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)

# Usuário : Administrador - PC-PC

# Executando de : C:\Users\Administrador\Downloads\adwcleaner.exe

# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Users\Administrador\AppData\Roaming\UpdaterEX

Arquivo Deletada : C:\Windows\Tasks\UpdaterEX.job

Arquivo Deletada : C:\Windows\System32\Tasks\UpdaterEX

***** [ Atalhos ] *****

***** [ Registro ] *****

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CBBF26DF-6173-4132-A829-18F202D1A00B}

[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CBBF26DF-6173-4132-A829-18F202D1A00B}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16514

-\\ Google Chrome v

[ Arquivo : C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\preferences ]

[ Arquivo : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R2].txt - [1511 octets] - [24/10/2013 14:06:46]

AdwCleaner[s2].txt - [1485 octets] - [24/10/2013 14:07:55]

########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1545 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Kaspersky AVP Tool de um desses 2 links:

http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/

http://dnl-us6.kaspersky-labs.com/devbuilds/AVPTool/

Você será conduzido a uma página da Kaspersky, solicitando um email para cadastro, nome e sobrenome. Somente o campo "email" é obrigatório.

Informe seu email depois clique no botão Submit Form.

A página será recarregada. Clique no botão Download

Salve-o em sua área de trabalho.

Execute o arquivo e aguarde a instalação.

** Usuários do Windows Vista e Windows 7:

Clique com o direito sobre o arquivo, depois clique em Executar como administrador

Na tela do contrato de licença, marque a opção I accept the license agreement e depois clique no botão Start. Aparentemente o programa congela e nada acontece. É normal, apenas aguarde até aparecer a tela inicial do programa, e então clique no ícone Settings:

KRT_settings.png

Nesta tela, marque a caixa ao lado de:

  • Meu Computador
  • Disco local (C:)

Marque também todas as unidades que aparecem abaixo de Disco Local, caso houverem. Depois clique na aba Automatic Scan

KRT_install2_.png

De volta à tela inicial do programa, clique no botão Start scanning

Tenha paciência, é um pouco demorado.

Quando terminar, caso tenha detectado algo, o programa irá lhe perguntar o que fazer.

Marque o quadradinho ao lado de Apply to all objects e depois clique em Skip (queremos apenas o log).

KRT_detection_.png

Enquanto durar o exame, a tela inicial exibirá uma barra de progresso. Quando terminar, o programa exibirá o status concluído e um botão que ficará na cor laranja, caso nada tenha sido detectado, e na cor vermelha, caso tenha encontrado algo.

Caso tenha detectado algo, o programa também exibirá uma tela de alerta, avisando que o seu sistema está desprotegido e sugerindo um produto da Kaspersky. Clique no botão No, thanks.

De volta à tela principal, caso tenha sido detectado algo, então salve o log. Se você fechar o programa e esquecer de salvar o log, terá que repetir todo o scan novamente.

Para salvar o log, clique no ícone Reports (ao lado do ícone "Settings"). Na próxima janela, clique em Detected Threats, depois clique no ícone de disquete para salvar o log.

Escolha um local de fácil acesso e salve como log.txt

Copie todo o conteúdo desse bloco de notas e cole na sua próxima resposta.

Se nada for detectado, então não precisa salvar o log. Apenas poste aqui avisando.

Para sair do programa, basta clicar no X no canto superior direito.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Status: Detected (events: 11)

25/10/2013 15:07:27 Detected Trojan program HEUR:Exploit.Java.CVE-2013-2465.gen C:\Documents and Settings\Administrador\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\22244fd9-59d3b84a High

25/10/2013 15:38:21 Detected Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Documents and Settings\Administrador\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\14fd6ab2-429abf5c High

25/10/2013 15:08:04 Detected Trojan program Exploit.Java.CVE-2012-4681.l C:\Documents and Settings\Administrador\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\14fd6ab2-429abf5c/EWqgwkDsaH/OqeTYEo.class High

25/10/2013 16:03:57 Detected Trojan program HEUR:Exploit.Java.CVE-2013-2465.gen C:\Users\Administrador\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\22244fd9-59d3b84a High

25/10/2013 16:04:00 Detected Trojan program HEUR:Exploit.Java.CVE-2012-1723.gen C:\Users\Administrador\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\14fd6ab2-429abf5c High

25/10/2013 16:03:58 Detected Trojan program Exploit.Java.CVE-2012-4681.l C:\Users\Administrador\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\14fd6ab2-429abf5c/EWqgwkDsaH/OqeTYEo.class High

25/10/2013 16:22:21 Detected Trojan program HEUR:Trojan.Win32.Generic C:\Windows\erdnt\cache\tcpip.sys High

25/10/2013 16:32:35 Detected adware not-a-virus:AdWare.Win32.D365.a C:\Windows\System32\msvcp100.dll Medium

25/10/2013 16:32:35 Detected adware not-a-virus:AdWare.Win32.D365.a C:\Windows\System32\msvcr100.dll Medium

25/10/2013 16:35:21 Detected Trojan program HEUR:Trojan.Win32.Generic C:\Windows\System32\drivers\tcpip.sys High

25/10/2013 16:48:43 Detected Trojan program HEUR:Trojan.Win32.Generic C:\Windows\winsxs\Backup\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18254_none_b4fa2013c4c8ebf1_tcpip.sys_3339bd51 High

Compartilhar este post


Link para o post
Compartilhar em outros sites

Configure o Windows para mostrar todos os arquivos

Acesse este site: http://virustotal.com/

Em Choose File coloque: C:\Windows\System32\drivers\tcpip.sys

Em seguida clique em Submit

Copie e poste o resultado deste exame.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Quando tento acessar o site virus total que você me passou acontece o bendito Welcome to Nginx!

http://i1101.photobucket.com/albums/g423/Kira23Kato/Erro_nginx.png?t=1383156088

Além do redirecionador do link bucks ainda estar aqui e o java pedindo permissão em todo site de entro... Eu não executo por medo de instalar algum virus.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Cara consegui resolver o problema. Muito obrigado pela atenção em todo esse tempo, e deixo aqui a solução para quem tiver o mesmo problema.

Bem... eu tenho um roteador e o problema do Linkbucks estava tando no meu pc qto no Note, então pensei, pode não sei um problema do Computador e sim da Rede. Pesquisei um pouco e vi um tutorial para mudar o DNS para um mais seguro. Por fim eu realizei o teste e o problema com o LinkBucks e o Welcome Nginx SUMIRAM !!! deixo aqui o link do tutorial.

http://canaltech.com.br/tutorial/internet/Troque-o-seu-servidor-DNS-no-Windows-7-e-deixe-a-sua-internet-mais-rapida/

OBS: utilizei o DNS da Google. Até agora o problema sumiu e estou muito feliz. Obrigado mais uma vez pela atenção!!!!!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Para finalizar faça o seguinte:

Vá em Iniciar > Executar e digite ComboFix /Uninstall . Isso desinstalará o ComboFix de sua máquina.

Faça download do OTC

  • Salve no seu desktop (área/ambiente de trabalho).
  • Duplo-clique no icone do OTC.
  • Clique no botão "Cleanup" 8gehxg0.gif
  • Permita que o seu computador seja reiniciado.

Sugiro que rode o CCleaner para fazer uma limpeza em sua máquina. Faça o download dele aqui CCleaner

  • Abra o programa e clique em Executar Limpeza;
  • Após isto, clique em Erros >> Procurar erros >> Corrigir Erros

Sugiro também que consulte este artigo: Proteja seu PC

Compartilhar este post


Link para o post
Compartilhar em outros sites

Caso o autor necessite, o mesmo será reaberto, para isso deverá entrar em contato com a moderação solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.
Entre para seguir isso  





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×