Scribd Logo
Upload

Welcome to Scribd!

  • Combo Fix

    Uploaded by

    Flash Tyler
    24 views15 pages

    Original Title

    ComboFix.txt

    Copyright

    © Attribution Non-Commercial (BY-NC)

    Available Formats

    TXT, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    24 views15 pages

    Combo Fix

    Uploaded by

    Flash Tyler

    Copyright:

    Attribution Non-Commercial (BY-NC)
    Download as TXT, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 15

    ComboFix 13-10-19.02 - vanderson 20/10/2013 14:34:42.2.

    4 - x64
    Microsoft Windows 7 Home Basic 6.1.7601.1.1252.55.1046.18.3948.2525 [GMT -2:00
    ]
    Executando de: c:\users\vanderson\Desktop\ComboFix.exe
    AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA
    47CD1}
    SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A05672
    3366C}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((((((((((((((( Outras Excluses )))))))))))))))))))))))
    ))))))))))))))))))))))))))))
    .
    .
    C:\DFx7515.tmp
    c:\windows\SysWow64\Packet.dll
    c:\windows\SysWow64\pthreadVC.dll
    c:\windows\SysWow64\wpcap.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Servios )))))))))))))))))))))
    ))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_NPF
    -------\Service_npf
    .
    .
    (((((((((((((((( Arquivos/Ficheiros criados de 2013-09-20 to 2013-10-20 )))))
    )))))))))))))))))))))))
    .
    .
    2013-10-20 16:46 . 2013-10-20 16:46
    -------d-----wc:\users
    \Public\AppData\Local\temp
    2013-10-20 16:46 . 2013-10-20 16:46
    -------d-----wc:\users
    \Default\AppData\Local\temp
    2013-10-17 11:14 . 2013-10-17 11:14
    -------d-----wc:\progr
    amdata\Oracle
    2013-10-17 11:13 . 2013-10-17 11:13
    -------d-----wc:\progr
    am files (x86)\Common Files\Java
    2013-10-17 11:12 . 2013-10-08 10:50
    96168 ----a-wc:\windows\SysWo
    w64\WindowsAccessBridge-32.dll
    2013-10-16 12:43 . 2013-10-16 12:43
    -------d-----wc:\progr
    am files (x86)\Microsoft SQL Server Compact Edition
    2013-10-16 12:42 . 2013-10-16 12:42
    -------dc----wc:\windo
    ws\system32\DRVSTORE
    2013-10-16 12:42 . 2013-02-06 01:06
    57840 ----a-wc:\windows\syste
    m32\drivers\fssfltr.sys
    2013-10-16 12:42 . 2013-10-16 12:42
    -------d-----wc:\progr
    am files\Windows Live
    2013-10-16 12:42 . 2013-10-16 12:42
    -------d-----wc:\windo
    ws\PCHEALTH
    2013-10-16 12:41 . 2013-10-16 12:43
    -------d-----wc:\progr
    am files (x86)\Windows Live
    2013-10-16 12:40 . 2010-06-02 07:55
    77656 ----a-wc:\windows\syste
    m32\XAPOFX1_5.dll
    2013-10-16 12:40 . 2010-06-02 07:55
    74072 ----a-wc:\windows\SysWo
    w64\XAPOFX1_5.dll
    2013-10-16 12:40 . 2010-06-02 07:55
    527192 ----a-wc:\windows\SysWo

    w64\XAudio2_7.dll
    2013-10-16 12:40 . 2010-06-02 07:55
    518488 ----a-wc:\windows\syste
    m32\XAudio2_7.dll
    2013-10-16 12:40 . 2010-05-26 14:41
    2526056 ----a-wc:\windows\syste
    m32\D3DCompiler_43.dll
    2013-10-16 12:40 . 2010-05-26 14:41
    2106216 ----a-wc:\windows\SysWo
    w64\D3DCompiler_43.dll
    2013-10-16 12:40 . 2010-05-26 14:41
    276832 ----a-wc:\windows\syste
    m32\d3dx11_43.dll
    2013-10-16 12:40 . 2010-05-26 14:41
    248672 ----a-wc:\windows\SysWo
    w64\d3dx11_43.dll
    2013-10-16 12:38 . 2013-10-16 12:38
    -------d-----wc:\progr
    am files (x86)\Microsoft SkyDrive
    2013-10-16 12:38 . 2013-10-16 12:36
    5659096 ----a-wc:\program files
    (x86)\Common Files\Windows Live\.cache\56f1df561ceca6c06\skydrivesetup.exe
    2013-10-16 12:38 . 2013-10-16 12:38
    -------d-----rc:\users
    \vanderson\SkyDrive
    2013-10-16 12:37 . 2013-10-16 12:37
    -------d-----wc:\progr
    amdata\Microsoft SkyDrive
    2013-10-16 12:36 . 2013-10-16 12:36
    94040 ----a-wc:\program files
    (x86)\Common Files\Windows Live\.cache\53e138791ceca6c04\DSETUP.dll
    2013-10-16 12:36 . 2013-10-16 12:36
    525656 ----a-wc:\program files
    (x86)\Common Files\Windows Live\.cache\53e138791ceca6c04\DXSETUP.exe
    2013-10-16 12:36 . 2013-10-16 12:36
    1691480 ----a-wc:\program files
    (x86)\Common Files\Windows Live\.cache\53e138791ceca6c04\dsetup32.dll
    2013-10-16 12:36 . 2013-10-16 12:36
    89944 ----a-wc:\program files
    (x86)\Common Files\Windows Live\.cache\5140ba301ceca6c03\DSETUP.dll
    2013-10-16 12:36 . 2013-10-16 12:36
    537432 ----a-wc:\program files
    (x86)\Common Files\Windows Live\.cache\5140ba301ceca6c03\DXSETUP.exe
    2013-10-16 12:36 . 2013-10-16 12:36
    1801048 ----a-wc:\program files
    (x86)\Common Files\Windows Live\.cache\5140ba301ceca6c03\dsetup32.dll
    2013-10-16 12:36 . 2013-10-16 12:36
    89944 ----a-wc:\program files
    (x86)\Common Files\Windows Live\.cache\49044cc11ceca6c01\DSETUP.dll
    2013-10-16 12:36 . 2013-10-16 12:36
    537432 ----a-wc:\program files
    (x86)\Common Files\Windows Live\.cache\49044cc11ceca6c01\DXSETUP.exe
    2013-10-16 12:36 . 2013-10-16 12:36
    1801048 ----a-wc:\program files
    (x86)\Common Files\Windows Live\.cache\49044cc11ceca6c01\dsetup32.dll
    2013-10-16 12:35 . 2013-10-16 13:13
    -------d-----wc:\users
    \vanderson\AppData\Local\Windows Live
    2013-10-11 14:45 . 2013-09-04 12:12
    343040 ----a-wc:\windows\syste
    m32\drivers\usbhub.sys
    2013-10-11 14:45 . 2013-09-04 12:11
    325120 ----a-wc:\windows\syste
    m32\drivers\usbport.sys
    2013-10-11 14:45 . 2013-09-04 12:11
    99840 ----a-wc:\windows\syste
    m32\drivers\usbccgp.sys
    2013-10-11 14:45 . 2013-09-04 12:11
    52736 ----a-wc:\windows\syste
    m32\drivers\usbehci.sys
    2013-10-11 14:45 . 2013-09-04 12:11
    30720 ----a-wc:\windows\syste
    m32\drivers\usbuhci.sys
    2013-10-11 14:45 . 2013-09-04 12:11
    25600 ----a-wc:\windows\syste
    m32\drivers\usbohci.sys
    2013-10-11 14:45 . 2013-09-04 12:11
    7808
    ----a-wc:\windows\syste
    m32\drivers\usbd.sys
    2013-10-11 06:14 . 2013-09-22 23:27
    257536 ----a-wc:\program files
    (x86)\Internet Explorer\ieproxy.dll
    2013-10-11 06:14 . 2013-09-22 22:54
    526336 ----a-wc:\windows\syste
    m32\ieui.dll
    2013-10-11 06:14 . 2013-09-21 03:38
    2706432 ----a-wc:\windows\syste
    m32\mshtml.tlb
    2013-10-11 06:14 . 2013-09-21 03:30
    2706432 ----a-wc:\windows\SysWo

    w64\mshtml.tlb
    2013-10-10 09:01 . 2013-07-04 12:50
    633856 ----a-wc:\windows\syste
    m32\comctl32.dll
    2013-10-10 09:00 . 2013-07-20 10:33
    102608 ----a-wc:\windows\SysWo
    w64\PresentationCFFRasterizerNative_v0300.dll
    2013-10-10 09:00 . 2013-07-20 10:33
    124112 ----a-wc:\windows\syste
    m32\PresentationCFFRasterizerNative_v0300.dll
    2013-10-10 09:00 . 2013-08-01 12:09
    983488 ----a-wc:\windows\syste
    m32\drivers\dxgkrnl.sys
    2013-10-10 09:00 . 2013-08-28 01:12
    461312 ----a-wc:\windows\syste
    m32\scavengeui.dll
    2013-10-10 01:44 . 2013-10-10 01:44
    614400 ----a-wc:\windows\AutoK
    MS.exe
    2013-10-06 13:48 . 2013-10-06 13:48
    -------d-----wc:\progr
    am files (x86)\WildTangent Games
    2013-10-06 00:49 . 2013-10-19 18:07
    -------d-----wc:\users
    \vanderson\Tracing
    .
    .
    .
    ((((((((((((((((((((((((((((((((((((( Relatrio Find3M )))))))))))))))))))))))
    )))))))))))))))))))))))))))))
    .
    2013-10-20 16:48 . 2013-07-25 14:15
    31088 ----a-wc:\windows\SysWo
    w64\drivers\gbpndisrd.sys
    2013-10-16 13:14 . 2012-07-17 17:37
    22240 ----a-wc:\programdata\M
    icrosoft\IdentityCRL\production\ppcrlconfig600.dll
    2013-10-11 06:04 . 2013-08-01 14:24
    80541720
    ----a-wc:\windo
    ws\system32\MRT.exe
    2013-10-09 17:54 . 2013-07-25 19:21
    71048 ----a-wc:\windows\SysWo
    w64\FlashPlayerCPLApp.cpl
    2013-10-09 17:54 . 2013-07-25 19:21
    692616 ----a-wc:\windows\SysWo
    w64\FlashPlayerApp.exe
    2013-10-03 02:39 . 2013-10-03 02:39
    22
    ----a-wc:\windows\SysWo
    w64\.zip
    2013-09-09 14:57 . 2013-09-09 14:57
    1054720 ----a-wc:\windows\syste
    m32\MsSpellCheckingFacility.exe
    2013-09-09 14:57 . 2013-09-09 14:57
    226304 ----a-wc:\windows\syste
    m32\elshyph.dll
    2013-09-09 14:57 . 2013-09-09 14:57
    185344 ----a-wc:\windows\SysWo
    w64\elshyph.dll
    2013-09-09 14:57 . 2013-09-09 14:57
    158720 ----a-wc:\windows\SysWo
    w64\msls31.dll
    2013-09-09 14:57 . 2013-09-09 14:57
    719360 ----a-wc:\windows\SysWo
    w64\mshtmlmedia.dll
    2013-09-09 14:57 . 2013-09-09 14:57
    523264 ----a-wc:\windows\SysWo
    w64\vbscript.dll
    2013-09-09 14:57 . 2013-09-09 14:57
    150528 ----a-wc:\windows\SysWo
    w64\iexpress.exe
    2013-09-09 14:57 . 2013-09-09 14:57
    138752 ----a-wc:\windows\SysWo
    w64\wextract.exe
    2013-09-09 14:57 . 2013-09-09 14:57
    73728 ----a-wc:\windows\SysWo
    w64\SetIEInstalledDate.exe
    2013-09-09 14:57 . 2013-09-09 14:57
    61952 ----a-wc:\windows\SysWo
    w64\tdc.ocx
    2013-09-09 14:57 . 2013-09-09 14:57
    48640 ----a-wc:\windows\SysWo
    w64\mshtmler.dll
    2013-09-09 14:57 . 2013-09-09 14:57
    38400 ----a-wc:\windows\SysWo
    w64\imgutil.dll
    2013-09-09 14:57 . 2013-09-09 14:57
    361984 ----a-wc:\windows\SysWo

    w64\html.iec
    2013-09-09 14:57 . 2013-09-09
    w64\ieUnatt.exe
    2013-09-09 14:57 . 2013-09-09
    w64\mshta.exe
    2013-09-09 14:57 . 2013-09-09
    w64\IEAdvpack.dll
    2013-09-09 14:57 . 2013-09-09
    w64\licmgr10.dll
    2013-09-09 14:57 . 2013-09-09
    w64\inetcpl.cpl
    2013-09-09 14:57 . 2013-09-09
    m32\mshtmled.dll
    2013-09-09 14:57 . 2013-09-09
    m32\mshtmlmedia.dll
    2013-09-09 14:57 . 2013-09-09
    m32\icardie.dll
    2013-09-09 14:57 . 2013-09-09
    m32\ieapfltr.dll
    2013-09-09 14:57 . 2013-09-09
    m32\dxtmsft.dll
    2013-09-09 14:57 . 2013-09-09
    m32\html.iec
    2013-09-09 14:57 . 2013-09-09
    m32\dxtrans.dll
    2013-09-09 14:57 . 2013-09-09
    m32\licmgr10.dll
    2013-09-09 14:57 . 2013-09-09
    m32\iedkcs32.dll
    2013-09-09 14:57 . 2013-09-09
    m32\webcheck.dll
    2013-09-09 14:57 . 2013-09-09
    m32\url.dll
    2013-09-09 14:57 . 2013-09-09
    m32\msls31.dll
    2013-09-09 14:57 . 2013-09-09
    m32\msrating.dll
    2013-09-09 14:57 . 2013-09-09
    m32\inetcpl.cpl
    2013-09-09 14:57 . 2013-09-09
    m32\ieapfltr.dat
    2013-09-09 14:57 . 2013-09-09
    m32\inseng.dll
    2013-09-09 14:57 . 2013-09-09
    m32\SetIEInstalledDate.exe
    2013-09-09 14:57 . 2013-09-09
    m32\tdc.ocx
    2013-09-09 14:57 . 2013-09-09
    m32\pngfilt.dll
    2013-09-09 14:57 . 2013-09-09
    m32\vbscript.dll
    2013-09-09 14:57 . 2013-09-09
    m32\msfeedsbs.dll
    2013-09-09 14:57 . 2013-09-09
    m32\imgutil.dll
    2013-09-09 14:57 . 2013-09-09
    m32\mshtmler.dll
    2013-09-09 14:57 . 2013-09-09
    m32\ieUnatt.exe
    2013-09-09 14:57 . 2013-09-09

    14:57

    137216 ----a-w-

    c:\windows\SysWo

    14:57

    12800

    ----a-w-

    c:\windows\SysWo

    14:57

    110592 ----a-w-

    c:\windows\SysWo

    14:57

    23040

    ----a-w-

    c:\windows\SysWo

    14:57

    1441280 ----a-w-

    c:\windows\SysWo

    14:57

    97280

    ----a-w-

    c:\windows\syste

    14:57

    905728 ----a-w-

    c:\windows\syste

    14:57

    81408

    ----a-w-

    c:\windows\syste

    14:57

    762368 ----a-w-

    c:\windows\syste

    14:57

    452096 ----a-w-

    c:\windows\syste

    14:57

    441856 ----a-w-

    c:\windows\syste

    14:57

    281600 ----a-w-

    c:\windows\syste

    14:57

    27648

    ----a-w-

    c:\windows\syste

    14:57

    270848 ----a-w-

    c:\windows\syste

    14:57

    247296 ----a-w-

    c:\windows\syste

    14:57

    235008 ----a-w-

    c:\windows\syste

    14:57

    216064 ----a-w-

    c:\windows\syste

    14:57

    197120 ----a-w-

    c:\windows\syste

    14:57

    1509376 ----a-w-

    c:\windows\syste

    14:57

    1400416 ----a-w-

    c:\windows\syste

    14:57

    102912 ----a-w-

    c:\windows\syste

    14:57

    92160

    ----a-w-

    c:\windows\syste

    14:57

    77312

    ----a-w-

    c:\windows\syste

    14:57

    62976

    ----a-w-

    c:\windows\syste

    14:57

    599552 ----a-w-

    c:\windows\syste

    14:57

    52224

    ----a-w-

    c:\windows\syste

    14:57

    51200

    ----a-w-

    c:\windows\syste

    14:57

    48640

    ----a-w-

    c:\windows\syste

    14:57

    173568 ----a-w-

    c:\windows\syste

    14:57

    167424 ----a-w-

    c:\windows\syste

    m32\iexpress.exe
    2013-09-09 14:57 . 2013-09-09 14:57
    149504 ----a-wm32\occache.dll
    2013-09-09 14:57 . 2013-09-09 14:57
    144896 ----a-wm32\wextract.exe
    2013-09-09 14:57 . 2013-09-09 14:57
    13824 ----a-wm32\mshta.exe
    2013-09-09 14:57 . 2013-09-09 14:57
    136192 ----a-wm32\iepeers.dll
    2013-09-09 14:57 . 2013-09-09 14:57
    135680 ----a-wm32\IEAdvpack.dll
    2013-09-09 14:57 . 2013-09-09 14:57
    12800 ----a-wm32\msfeedssync.exe
    2013-08-29 01:48 . 2013-10-10 09:01
    44032 ----a-wtch\acwow64.dll
    2013-08-05 02:25 . 2013-09-11 17:17
    155584 ----a-wm32\drivers\ataport.sys
    2013-08-02 02:14 . 2013-09-11 17:12
    215040 ----a-wm32\winsrv.dll
    2013-08-02 02:13 . 2013-09-11 17:12
    424448 ----a-wm32\KernelBase.dll
    2013-08-02 02:13 . 2013-09-11 17:12
    1161216 ----a-wm32\kernel32.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    43520 ----a-wm32\csrsrv.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    6144
    ---ha-wm32\api-ms-win-security-base-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    4608
    ---ha-wm32\api-ms-win-core-threadpool-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    4096
    ---ha-wm32\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    4096
    ---ha-wm32\api-ms-win-core-synch-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3072
    ---ha-wm32\api-ms-win-core-xstate-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3072
    ---ha-wm32\api-ms-win-core-util-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3072
    ---ha-wm32\api-ms-win-core-string-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    6656
    ----a-wm32\apisetschema.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    4608
    ---ha-wm32\api-ms-win-core-processthreads-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    4096
    ---ha-wm32\api-ms-win-core-localregistry-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3584
    ---ha-wm32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3584
    ---ha-wm32\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3584
    ---ha-wm32\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3584
    ---ha-wm32\api-ms-win-core-misc-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3584
    ---ha-wm32\api-ms-win-core-memory-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3072
    ---ha-wm32\api-ms-win-core-profile-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    4096
    ---ha-wm32\api-ms-win-core-localization-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3584
    ---ha-w-

    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\apppa
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste
    c:\windows\syste

    m32\api-ms-win-core-libraryloader-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3584
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-heap-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-io-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-interlocked-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-handle-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    5120
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-file-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-fibers-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-errorhandling-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-delayload-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-debug-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-datetime-l1-1-0.dll
    2013-08-02 02:12 . 2013-09-11 17:12
    3072
    ---ha-wc:\windows\syste
    m32\api-ms-win-core-console-l1-1-0.dll
    2013-08-02 01:50 . 2013-09-11 17:12
    274944 ----a-wc:\windows\SysWo
    w64\KernelBase.dll
    2013-08-02 01:48 . 2013-09-11 17:12
    5120
    ---ha-wc:\windows\SysWo
    w64\api-ms-win-core-file-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 17:12
    4608
    ---ha-wc:\windows\SysWo
    w64\api-ms-win-core-processthreads-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 17:12
    4096
    ---ha-wc:\windows\SysWo
    w64\api-ms-win-core-sysinfo-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 17:12
    4096
    ---ha-wc:\windows\SysWo
    w64\api-ms-win-core-synch-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 17:12
    4096
    ---ha-wc:\windows\SysWo
    w64\api-ms-win-core-misc-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 17:12
    4096
    ---ha-wc:\windows\SysWo
    w64\api-ms-win-core-localregistry-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 17:12
    3584
    ---ha-wc:\windows\SysWo
    w64\api-ms-win-core-processenvironment-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 17:12
    3584
    ---ha-wc:\windows\SysWo
    w64\api-ms-win-core-namedpipe-l1-1-0.dll
    2013-08-02 01:48 . 2013-09-11 17:12
    3584
    ---ha-wc:\windows\SysWo
    w64\api-ms-win-core-memory-l1-1-0.dll
    .
    .
    (((((((((((((((((((((((((( Pontos de Carregamento do Registro ))))))))))))))
    )))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legtimas por padro no so apresentadas.
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{ecd019d5-1d87
    -4399-af96-c6f3b7f6f0ae}]
    c:\program files (x86)\LyriXeeker\128.dll [BU]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explor
    er\shelliconoverlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]

    2013-10-16 12:38
    220632 ----a-wc:\users\vanderson\AppData\Local
    \Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explor
    er\shelliconoverlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-10-16 12:38
    220632 ----a-wc:\users\vanderson\AppData\Local
    \Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explor
    er\shelliconoverlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-10-16 12:38
    220632 ----a-wc:\users\vanderson\AppData\Local
    \Microsoft\SkyDrive\16.4.6013.0910\SkyDriveShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2013-05-08
    3581816]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [20
    13-04-04 958576]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusch
    ed.exe" [2013-07-02 254336]
    .
    c:\users\vanderson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
    \
    PC App Store Uninstall 3.8.8.1435.lnk - c:\windows\System32\rundll32.exe "c:\use
    rs\vanderson\AppData\Roaming\Baidu Security\PC App Store\3.8.8.1435\Uninstall\PC
    App Store Uninstall\0\InstallUtility.dll", _OpenUrl -run "PC App Store Uninstal
    l" -ini "OpenUrl.ini" [2009-7-13 45568]
    .
    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\h
    pqtra08.exe [2009-9-20 270336]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
    \ GbPluginBb]
    2013-10-07 14:32
    1487912 ----a-wc:\program files (x86)\GbPlugin\
    gbieh.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\win
    dows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\dri
    vers32]
    "aux"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AutoUpdateDisableNotify"=dword:00000001
    .
    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys;c:\windows\SYSNATI

    VE\drivers\GbpKm.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c
    :\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft
    .NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\wind
    ows\SYSNATIVE\drivers\BprotectEx.sys [x]
    R3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys;c
    :\windows\SYSNATIVE\DRIVERS\clwvd.sys [x]
    R3 GamesAppIntegrationService;GamesAppIntegrationService;c:\program files (x86)\
    WildTangent Games\App\GamesAppIntegrationService.exe;c:\program files (x86)\Wild
    Tangent Games\App\GamesAppIntegrationService.exe [x]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\
    GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService
    .exe [x]
    R3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfil
    ter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
    R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcd
    nsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
    R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\3.7.0.0
    \PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\3.7.0.0\PCFApi
    Util64.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\wi
    ndows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    R3 sprd_acm_modem;sprd_acm_modem;c:\windows\system32\DRIVERS\sprd_acm.sys;c:\win
    dows\SYSNATIVE\DRIVERS\sprd_acm.sys [x]
    R3 sprd_enum;sprd_enum;c:\windows\system32\DRIVERS\sprd_enum.sys;c:\windows\SYSN
    ATIVE\DRIVERS\sprd_enum.sys [x]
    R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNAT
    IVE\DRIVERS\VSTAZL6.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNAT
    IVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\S
    YSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATI
    VE\drivers\tsusbflt.sys [x]
    R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys;
    c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
    S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRI
    VERS\eamonm.sys [x]
    S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVER
    S\ehdrv.sys [x]
    S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERT
    Sr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Micr
    osoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Fil
    es\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\
    program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
    S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATI
    VE\DRIVERS\epfwwfpr.sys [x]
    S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.e
    xe [x]
    S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\
    Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\HewlettPackard\HP Wireless Assistant\HPWA_Service.exe [x]
    S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Ser
    vices\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\H
    PClientServices.exe [x]
    S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewle
    tt-Packard\Shared\HPDrvMntSvc.exe;c:\program files (x86)\Hewlett-Packard\Shared\

    HPDrvMntSvc.exe [x]
    S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWM
    ISVC.exe;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
    S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Int
    el\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)
    \Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
    S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\R
    IconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    [x]
    S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys;c:\windows\SYSNATIVE\DRI
    VERS\idmwfp.sys [x]
    S2 scpVista;scpVista;c:\program files (x86)\Scpad\scpVista.exe;c:\program files
    (x86)\Scpad\scpVista.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Ap
    plication Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft App
    lication Virtualization Client\sftlist.exe [x]
    S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Connect Mana
    ger\AssistantServices.exe;c:\program files (x86)\Connect Manager\AssistantServic
    es.exe [x]
    S2 UNS;Intel(R) Management and Security Application User Notification Service;c:
    \program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\
    program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
    S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPSto
    r.sys;c:\windows\SYSNATIVE\DRIVERS\RtsPStor.sys [x]
    S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\D
    RIVERS\rtl8192Ce.sys;c:\windows\SYSNATIVE\DRIVERS\rtl8192Ce.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIV
    ERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIV
    E\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNA
    TIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\D
    RIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Micros
    oft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsof
    t Application Virtualization Client\sftvsa.exe [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svc
    host]
    hpdevmgmt
    REG_MULTI_SZ
    hpqcxs08 hpqddsvc
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed compon
    ents\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
    start [BU]
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed compon
    ents\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2013-10-16 19:18
    1185744 ----a-wc:\program files (x86)\Google\Ch
    rome\Application\30.0.1599.101\Installer\chrmstp.exe
    .
    Contedo da pasta 'Tarefas Agendadas'
    .
    2013-10-20 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-25 17
    :54]
    .
    2013-10-20 c:\windows\Tasks\AutoKMS.job
    - c:\windows\AutoKMS.exe [2013-10-10 01:44]
    .

    2013-10-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2744802199-3569519766
    -426708692-1000Core.job
    - c:\users\vanderson\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-1
    8 14:59]
    .
    2013-10-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2744802199-3569519766
    -426708692-1000UA.job
    - c:\users\vanderson\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-08-1
    8 14:59]
    .
    2013-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-31 11:53]
    .
    2013-10-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-07-31 11:53]
    .
    .
    --------- X64 Entries ----------.
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
    overlayidentifiers\ SkyDrive1]
    @="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
    [HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
    2013-10-16 12:38
    244696 ----a-wc:\users\vanderson\AppData\Local
    \Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
    overlayidentifiers\ SkyDrive2]
    @="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
    [HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
    2013-10-16 12:38
    244696 ----a-wc:\users\vanderson\AppData\Local
    \Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
    overlayidentifiers\ SkyDrive3]
    @="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
    [HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
    2013-10-16 12:38
    244696 ----a-wc:\users\vanderson\AppData\Local
    \Microsoft\SkyDrive\16.4.6013.0910\amd64\SkyDriveShell64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
    overlayidentifiers\00Zecter]
    @="{D25B32FE-CB96-491A-98FF-AD59DA382D69}"
    [HKEY_CLASSES_ROOT\CLSID\{D25B32FE-CB96-491A-98FF-AD59DA382D69}]
    2010-12-11 02:32
    2240000 ----a-wc:\program files (x86)\Hewlett-P
    ackard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
    overlayidentifiers\01Zecter]
    @="{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}"
    [HKEY_CLASSES_ROOT\CLSID\{EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5}]
    2010-12-11 02:32
    2240000 ----a-wc:\program files (x86)\Hewlett-P
    ackard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
    overlayidentifiers\02Zecter]
    @="{B3C78E40-6B64-47C3-AE34-60B770881EB8}"
    [HKEY_CLASSES_ROOT\CLSID\{B3C78E40-6B64-47C3-AE34-60B770881EB8}]
    2010-12-11 02:32
    2240000 ----a-wc:\program files (x86)\Hewlett-P

    ackard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
    overlayidentifiers\03Zecter]
    @="{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}"
    [HKEY_CLASSES_ROOT\CLSID\{622AFE52-33F6-4D9F-9966-E0BC52D7D69D}]
    2010-12-11 02:32
    2240000 ----a-wc:\program files (x86)\Hewlett-P
    ackard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
    overlayidentifiers\04Zecter]
    @="{855156F0-2A0F-11DE-8C30-0800200C9A66}"
    [HKEY_CLASSES_ROOT\CLSID\{855156F0-2A0F-11DE-8C30-0800200C9A66}]
    2010-12-11 02:32
    2240000 ----a-wc:\program files (x86)\Hewlett-P
    ackard\HP CloudDrive\ShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellicon
    overlayidentifiers\IDM Shell Extension]
    @="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
    [HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
    2012-11-15 23:07
    23496 ----a-wc:\program files (x86)\Internet
    Download Manager\IDMShellExt64.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
    "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-20 167960]
    "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-20 391704]
    "Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-20 418328]
    "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-01-11 660285
    6]
    "HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\De
    layedAppStarter.exe" [2010-07-21 8192]
    "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-03-21 6330568
    ]
    .
    ------- Scan Suplementar ------.
    uStart Page = hxxp://www.google.com.br/
    uLocal Page = c:\windows\system32\blank.htm
    mLocal Page = c:\windows\SysWOW64\blank.htm
    IE: &Enviar para o OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
    IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3
    000
    IE: Fazer o download de todos os links usando o IDM - c:\program files (x86)\Int
    ernet Download Manager\IEGetAll.htm
    IE: Fazer o download usando o IDM - c:\program files (x86)\Internet Download Man
    ager\IEExt.htm
    Trusted Zone: bancobrasil.com.br\www
    Trusted Zone: bancobrasil.com.br\www14
    Trusted Zone: bancobrasil.com.br\www2
    Trusted Zone: bb.com.br\www
    TCP: DhcpNameServer = 192.168.1.1
    TCP: Interfaces\{085E907E-DCA0-4ADA-B5CC-3FDEBFC878DE}: NameServer = 8.8.8.8,8.8
    .4.4
    FF - ProfilePath - c:\users\vanderson\AppData\Roaming\Mozilla\Firefox\Profiles\k
    9yjxbkq.default\
    FF - ExtSQL: 2013-09-05 10:34; {9c51bd27-6ed8-4000-a2bf-36cb95c0c947}; c:\users\
    vanderson\AppData\Roaming\Mozilla\Firefox\Profiles\k9yjxbkq.default\extensions\{
    9c51bd27-6ed8-4000-a2bf-36cb95c0c947}.xpi
    FF - ExtSQL: 2013-09-05 15:03; smartwebprinting@hp.com; c:\program files (x86)\H

    P\Digital Imaging\Smart Web Printing\MozillaAddOn3


    FF - ExtSQL: 2013-09-12 11:16; mozilla_cc@internetdownloadmanager.com; c:\users\
    vanderson\AppData\Roaming\IDM\idmmzcc5
    FF - ExtSQL: !HIDDEN! 2013-09-05 15:03; smartwebprinting@hp.com; c:\program file
    s (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
    .
    - - - - ORFOS REMOVIDOS - - - .
    AddRemove-lyrix@lyrixeeker.co - c:\program files (x86)\LyriXeeker\uninstall.exe
    AddRemove-{36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1 - c:\users\vanderson\AppDat
    a\Roaming\unins000.exe
    AddRemove-{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4} - c:\program files (x86)\Instal
    lShield Installation Information\{9FEFA8C2-80EB-4B7A-BDE0-E077D94C36C4}\setup.ex
    e
    .
    .
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS --------------------.
    [HKEY_USERS\S-1-5-21-2744802199-3569519766-426708692-1000_Classes\Wow6432Node\CL
    SID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "scansk"=hex(0):21,ae,67,7d,52,34,8e,72,54,36,6a,a3,20,f5,da,0b,c7,39,f0,d1,c0,
    1a,7b,44,98,6a,77,1c,0b,6d,3e,b9,d4,84,ea,72,50,b6,b6,c1,00,00,00,00,00,00,\
    .
    [HKEY_USERS\S-1-5-21-2744802199-3569519766-426708692-1000_Classes\Wow6432Node\CL
    SID\{a3a750ee-58c0-4e2c-9843-ce51864c6456}]
    @Denied: (Full) (Everyone)
    @Allowed: (Read) (RestrictedCode)
    "Model"=dword:000000f7
    "Therad"=dword:0000001f
    "MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
    38,95,44,95,9a,18,11,e5,5b,f7,85,cc,0b,c8,e0,99,c4,42,7f,ff,a3,b4,84,c1,25,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
    }]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900
    _117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
    }\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
    }\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66
    }\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
    9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C

    9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C
    9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900
    _117_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C40800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"

    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B
    0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B
    0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B
    0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actio
    ns\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0
    ]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\Actio
    nsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-

    08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0001\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC108002BE10318}\0002\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Outros Processos em Execuo -----------------------.
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\windows\SysWOW64\rundll32.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    c:\program files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
    .
    **************************************************************************
    .
    Tempo para concluso: 2013-10-20 15:02:29 - Mquina reiniciou
    ComboFix-quarantined-files.txt 2013-10-20 17:02
    ComboFix2.txt 2013-08-21 16:04
    .
    Pr-execuo: 195.820.261.376 bytes disponveis
    Ps execuo: 200.093.622.272 bytes disponveis
    .
    - - End Of File - - E83C5CF9F9590D7D183C8410218A3216

    You might also like