Ir para conteúdo

mutley2

Participante
  • Postagens

    491
  • Desde

  • Última visita

Sobre mutley2

Últimos Visitantes

5.112 visualizações
  1. Log para análise

    Boa noite , segue o novo log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:25:41, on 27/07/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.15063.0000) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe C:\Program Files\AVAST Software\SecureLine\SecureLine.exe C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\HijackThis_2.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer15.msn.com/?PC=ACTE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll O4 - HKLM\..\Run: [abDocsDllLoader] C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKCU\..\Run: [OneDrive] "C:\Users\muttley\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [AcerPortal] "C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe" startup O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [SyncManPath] "C:\Users\muttley\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe" -autostart O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C2A58C7EA14048D79EF16F8E3BBBDB4C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 O4 - HKCU\..\Run: [uTorrent] "C:\Users\muttley\Downloads\UTORRENT\uTorrentPortable\App\uTorrent\uTorrent.exe" O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: Download all with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dlall.htm O8 - Extra context menu item: Download selected with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dlselected.htm O8 - Extra context menu item: Download with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dllink.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm O8 - Extra context menu item: LastPass - file://C:\Users\muttley\AppData\LocalLow\LastPass\context.html?cmd=lastpass O8 - Extra context menu item: Preenchimento de formulários LastPass - file://C:\Users\muttley\AppData\LocalLow\LastPass\context.html?cmd=fillforms O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.amazon.com O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: www.google.com.br O15 - Trusted Zone: www.itau.b.br O15 - Trusted Zone: *.itau.b.br O15 - Trusted Zone: bankline.itau.com.br O15 - Trusted Zone: banklineplus.itau.com.br O15 - Trusted Zone: clickbanking.itau.com.br O15 - Trusted Zone: guardiao.itau.com.br O15 - Trusted Zone: www.itau.com.br O15 - Trusted Zone: http://www.itau.com.br O15 - Trusted Zone: *.itau.com.br O15 - Trusted Zone: www.itaupersonnalite.com.br O15 - Trusted Zone: http://www.itaupersonnalite.com.br O17 - HKLM\System\CCS\Services\Tcpip\..\{138f45ae-6c19-4d78-9f63-7173a5cf7128}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = synchro.com.br O17 - HKLM\System\CS1\Services\Tcpip\..\{138f45ae-6c19-4d78-9f63-7173a5cf7128}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = synchro.com.br O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - (no file) O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - (no file) O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - (no file) O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - (no file) O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Gbp Service (GbpSv) - Unknown owner - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: WPS Office Update Service (Kingsoft_WPS_UpdateService) - Zhuhai Kingsoft Office Software Co.,Ltd - C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: SAPSetup Automatic Workstation Update Service (NWSAPAutoWorkstationUpdateSvc) - SAP AG - C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe O23 - Service: Quick Access Local Service (QALSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Quick Access\QALSvc.exe O23 - Service: Quick Access Service (QASvc) - Acer Incorporated - C:\Program Files\Acer\Acer Quick Access\QASvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Dell SonicWALL Global VPN Client Service (SWGVCSvc) - Dell SonicWALL, Inc. - C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe O23 - Service: The vSnapshot Service (ThevSnapshotService) - Unknown owner - C:\Program Files (x86)\vSnapshot\1.2.0.0\vSnapshotServ.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: User Experience Improvement Program (UEIPSvc) - acer - C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 17882 bytes
  2. Boa Noite Tenho um SO win10 que veio junto num Note da ACER, o problema é que por muitas vezes ele está ficando lento, e quando tento executar chkdsk c: /f /v para verificar algum erro, obiviamente como administrador quando eu dou boot para poder executar ele trava e diz que se eu quero voltar a versão original de fábrica, o problema é que tenho muita coisa neste computador e não tenho por agora um HD sobrando para guardar meus dados e voltar a versão de fábrica, e desde que o comprei já houve muitas atualizações dos builds, gostaria de saber se há esperança, se pode ser algum trojan ou vírus, já que a licença do meu antivírus venceu em Maio e estou usando somente o Defender Segue o Log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:49:36, on 27/07/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.15063.0000) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe C:\Program Files\AVAST Software\SecureLine\SecureLine.exe C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe C:\Users\muttley\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer15.msn.com/?PC=ACTE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll O2 - BHO: McAfee WebAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll O4 - HKLM\..\Run: [abDocsDllLoader] C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start O4 - HKCU\..\Run: [OneDrive] "C:\Users\muttley\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [AcerPortal] "C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe" startup O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [SyncManPath] "C:\Users\muttley\AppData\Roaming\Yandex\YandexDisk\YandexDisk.exe" -autostart O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C2A58C7EA14048D79EF16F8E3BBBDB4C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 O4 - HKCU\..\Run: [uTorrent] "C:\Users\muttley\Downloads\UTORRENT\uTorrentPortable\App\uTorrent\uTorrent.exe" O4 - HKCU\..\RunOnce: [Uninstall 17.3.6917.0607_1\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\muttley\AppData\Local\Microsoft\OneDrive\17.3.6917.0607_1\amd64" O4 - HKCU\..\RunOnce: [Uninstall 17.3.6917.0607_1] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\muttley\AppData\Local\Microsoft\OneDrive\17.3.6917.0607_1" O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: Download all with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dlall.htm O8 - Extra context menu item: Download selected with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dlselected.htm O8 - Extra context menu item: Download with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dllink.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm O8 - Extra context menu item: LastPass - file://C:\Users\muttley\AppData\LocalLow\LastPass\context.html?cmd=lastpass O8 - Extra context menu item: Preenchimento de formulários LastPass - file://C:\Users\muttley\AppData\LocalLow\LastPass\context.html?cmd=fillforms O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.amazon.com O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: www.google.com.br O15 - Trusted Zone: www.itau.b.br O15 - Trusted Zone: *.itau.b.br O15 - Trusted Zone: bankline.itau.com.br O15 - Trusted Zone: banklineplus.itau.com.br O15 - Trusted Zone: clickbanking.itau.com.br O15 - Trusted Zone: guardiao.itau.com.br O15 - Trusted Zone: www.itau.com.br O15 - Trusted Zone: http://www.itau.com.br O15 - Trusted Zone: *.itau.com.br O15 - Trusted Zone: www.itaupersonnalite.com.br O15 - Trusted Zone: http://www.itaupersonnalite.com.br O17 - HKLM\System\CCS\Services\Tcpip\..\{138f45ae-6c19-4d78-9f63-7173a5cf7128}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = synchro.com.br O17 - HKLM\System\CS1\Services\Tcpip\..\{138f45ae-6c19-4d78-9f63-7173a5cf7128}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = synchro.com.br O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - (no file) O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - (no file) O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - (no file) O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - (no file) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe O23 - Service: ClientAnalyticsService - Intel Security - C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: WPS Office Update Service (Kingsoft_WPS_UpdateService) - Zhuhai Kingsoft Office Software Co.,Ltd - C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe O23 - Service: McAfee Boot Delay Start Service (mcbootdelaystartsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\2.5.312.0\\McCSPServiceHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: McAfee Module Core Service (ModuleCoreService) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: SAPSetup Automatic Workstation Update Service (NWSAPAutoWorkstationUpdateSvc) - SAP AG - C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe O23 - Service: Intel Security PEF Service (PEFService) - Intel Security, Inc. - C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe O23 - Service: Quick Access Local Service (QALSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Quick Access\QALSvc.exe O23 - Service: Quick Access Service (QASvc) - Acer Incorporated - C:\Program Files\Acer\Acer Quick Access\QASvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Dell SonicWALL Global VPN Client Service (SWGVCSvc) - Dell SonicWALL, Inc. - C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe O23 - Service: The vSnapshot Service (ThevSnapshotService) - Unknown owner - C:\Program Files (x86)\vSnapshot\1.2.0.0\vSnapshotServ.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: User Experience Improvement Program (UEIPSvc) - acer - C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 21092 bytes
  3. Análise de log

    Obrigado pela resposta O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = synchro.com.br O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = synchro.com.br Sobre acima, será que é porque instalei um VPN que esporadiamente tenho que acessar minha máquina que está no meu trablho, mas esta máquina onde estou é HOme , é da minha casa, e não pertence a empresa
  4. Boa Noite Por mais que tente tirar alguns programas do início do Windows, toda vez que restarto o notebook eles iniciam junto, ja tentei usando CTRL+SHIFT+ESC E e na aba iniializar eles não aparecem , são os programas utorrent , skype e Spotfy e este último achei que havia desinstalado, ja que somente uso no celular não consegui achar onde os danados estão, por isto postei aqui por achar de se tratar de algum trojan, segue o log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:39:44, on 13/05/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.14393.0953) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\gbpsv.exe C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe C:\Program Files (x86)\Internet Download Manager\IDMan.exe C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe C:\Program Files\AVAST Software\SecureLine\SecureLine.exe C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe C:\Program Files (x86)\PhotoSync\PhotoSync.exe C:\Users\muttley\AppData\Roaming\uTorrent\updates\3.5.0_43580.exe C:\Users\muttley\AppData\Roaming\uTorrent\updates\updates\3.5.0_43580\utorrentie.exe C:\Users\muttley\AppData\Roaming\uTorrent\updates\updates\3.5.0_43580\utorrentie.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\muttley\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\Program Files (x86)\Java\jre1.8.0_131\bin\javaw.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer15.msn.com/?PC=ACTE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll O2 - BHO: McAfee WebAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll O4 - HKLM\..\Run: [abDocsDllLoader] C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [OneDrive] "C:\Users\muttley\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [AcerPortal] "C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe" startup O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\muttley\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C2A58C7EA14048D79EF16F8E3BBBDB4C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: Download all with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dlall.htm O8 - Extra context menu item: Download selected with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dlselected.htm O8 - Extra context menu item: Download with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dllink.htm O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm O8 - Extra context menu item: LastPass - file://C:\Users\muttley\AppData\LocalLow\LastPass\context.html?cmd=lastpass O8 - Extra context menu item: Preenchimento de formulários LastPass - file://C:\Users\muttley\AppData\LocalLow\LastPass\context.html?cmd=fillforms O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll O9 - Extra button: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O9 - Extra 'Tools' menuitem: McAfee WebAdvisor - {48A61126-9A19-4C50-A214-FF08CB94995C} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: *.amazon.com O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: www.google.com.br O15 - Trusted Zone: www.itau.b.br O15 - Trusted Zone: *.itau.b.br O15 - Trusted Zone: bankline.itau.com.br O15 - Trusted Zone: banklineplus.itau.com.br O15 - Trusted Zone: clickbanking.itau.com.br O15 - Trusted Zone: guardiao.itau.com.br O15 - Trusted Zone: www.itau.com.br O15 - Trusted Zone: http://www.itau.com.br O15 - Trusted Zone: *.itau.com.br O15 - Trusted Zone: www.itaupersonnalite.com.br O15 - Trusted Zone: http://www.itaupersonnalite.com.br O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = synchro.com.br O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = synchro.com.br O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL (file missing) O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL (file missing) O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL (file missing) O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL (file missing) O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe O23 - Service: ClientAnalyticsService - Intel Security - C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\gbpsv.exe O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: WPS Office Update Service (Kingsoft_WPS_UpdateService) - Zhuhai Kingsoft Office Software Co.,Ltd - C:\Program Files (x86)\Kingsoft\WPS Office\9.1.0.5113\wtoolex\wpsupdatesvr.exe O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\VSCore_15_6\McApExe.exe O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe O23 - Service: McAfee Boot Delay Start Service (mcbootdelaystartsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\2.3.322.0\\McCSPServiceHost.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Service Controller (mfemms) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing) O23 - Service: McAfee Module Core Service (ModuleCoreService) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe O23 - Service: SAPSetup Automatic Workstation Update Service (NWSAPAutoWorkstationUpdateSvc) - SAP AG - C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe O23 - Service: Intel Security PEF Service (PEFService) - Intel Security, Inc. - C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe O23 - Service: Quick Access Local Service (QALSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Quick Access\QALSvc.exe O23 - Service: Quick Access Service (QASvc) - Acer Incorporated - C:\Program Files\Acer\Acer Quick Access\QASvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Dell SonicWALL Global VPN Client Service (SWGVCSvc) - Dell SonicWALL, Inc. - C:\Program Files\Dell SonicWALL\Global VPN Client\SWGVCSvc.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: User Experience Improvement Program (UEIPSvc) - acer - C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 21112 bytes
  5. Sem permissão para gravar em uma pasta

    Obrigado mais uma vez Ciro, Desta vez executei o primeiro comando , e fiz novamente o teste e Funcionou corretamente , sem erros !!!
  6. Sem permissão para gravar em uma pasta

    Não inclusive um programa criado por mim mesmo, VB6, funciona corretamente em outro micro , mas neste muitas vezes me ´dá o erro que não tenho permisssão de criar arquivo no diretório ou acesso negado, mas neste caso o diretório é diferente
  7. Sem permissão para gravar em uma pasta

    Obrigado Ciro São dois um chamado Mega quin que faz programas de loteria e um outro chamado Lotecando Em tempo algumas vezes o mega quin exibe o erros abaixo : https://s23.postimg.org/60nj9d11n/erromegaquin02.jpg https://s1.postimg.org/o7y85rc67/erromegaquin03.jpg
  8. Sem permissão para gravar em uma pasta

    Boa Noite , e obrigado Ciro Instalei e executei os comandos usando o cmd via adminstrador, a primeira execução apresentou erro e segunda não apresentou erro, fiz o teste com o programa em questão e ainda assim apresenta o mesmo erro. Somente um detalhe fiz a chamado diretamente no diretorio de instalação do programa, pois em outro diretorio ele não "enxergava" o programa , veja abaixo os detalhes da execução, e mais uma vez obrigado C:\Windows\system32>cd C:\Program Files (x86)\Windows Resource Kits\Tools C:\Program Files (x86)\Windows Resource Kits\Tools>subinacl /subdirectories %SystemDrive% /grant=administrators=f LookupAccountName : C:\Program Files (x86)\Windows Resource Kits\Tools:administrators 1337 A estrutura da identificação de segurança é inválida. Current object C:\Program Files (x86)\Windows Resource Kits\Tools will not be processed Elapsed Time: 00 00:00:00 Done: 0, Modified 0, Failed 0, Syntax errors 1 Last Syntax Error:WARNING : /grant=administrators=f : Error when checking arguments - C:\Program Files (x86)\Windows Resource Kits\Tools C:\Program Files (x86)\Windows Resource Kits\Tools>subinacl /subdirectories %SystemDrive% /grant=system=f C:\Program Files (x86)\Windows Resource Kits\Tools : delete Perm. ACE 3 autoridade nt\system C:\Program Files (x86)\Windows Resource Kits\Tools : delete Perm. ACE 2 autoridade nt\system C:\Program Files (x86)\Windows Resource Kits\Tools : new ace for autoridade nt\system C:\Program Files (x86)\Windows Resource Kits\Tools : new ace for autoridade nt\system C:\Program Files (x86)\Windows Resource Kits\Tools : 4 change(s) Elapsed Time: 00 00:00:00 Done: 1, Modified 1, Failed 0, Syntax errors 0 Last Done : C:\Program Files (x86)\Windows Resource Kits\Tools
  9. Sem permissão para gravar em uma pasta

    Boa tarde Primeiramente , obrigado pela resposta, Desculpe mas não entendi o que quis dizer com isto, desculpe mas sou leigo neste negócio de perfil,meu usuário aparece ali no grupo de usuários, que é o muttley
  10. Sem permissão para gravar em uma pasta

    Pessoal Tenho uma pasta que eu mesmo criei, mas quando vou gravar com alguns programas, não todos, exibe a mensagem Unable to write to <diretorio que criei> E isto não acontece somente nesta pasta , acontece em outros de forma esporádica Já tentei olha a Segurança da Pasta , mas não entendo nada
  11. Análise de log

    Boa Noite, segue o Log C:\Program Files\KMSpico\AutoPico.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application cleaned by deleting C:\Program Files\KMSpico\KMSELDI.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application cleaned by deleting C:\Users\sandra\Desktop\Dados anteriores do Firefox\ln4sxy8c.default\extensions\ffxtlbr@mysearchdial.com\content\mtstart.js Win32/Toolbar.Montiera.AK potentially unwanted application cleaned by deleting C:\Users\sandra\Downloads\Velhos\MG5_ATUALIZA\DECOSAT.zip a variant of Win32/Packed.PESpin.A suspicious application deleted
  12. Análise de log

    Desculpe, segue Farbar Service Scanner Version: 27-01-2016 Ran by sandra (administrator) on 05-02-2017 at 14:00:48 Running from "C:\Users\sandra\Desktop" Microsoft Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ wuauserv Service is not running. Checking service configuration: The start type of wuauserv service is set to Disabled. The default start type is Auto. The ImagePath of wuauserv service is OK. The ServiceDll of wuauserv service is OK. Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  13. Análise de log

    farbar náo apareceu ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\dnsapi.dll => File is digitally signed C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
  14. Análise de log

    Boa tarde Por enquanto muito obrigado, segue os logs MBR MBRScan v1.1.1 OS : Windows 7 Service Pack 1 (64 bit) PROCESSOR : Intel64 Family 6 Model 23 Stepping 10, GenuineIntel BOOT : Normal Boot DATE : 2017/02/05 (ISO 8601) at 13:59:13 ________________________________________________________________________________ DISK : Device\Harddisk0\DR0 __ST9500325AS (0002SDM1) BUS_TYPE : (0x0B) S-ATA USE_PIO : NO MAX_TRANSFER : 128 Kb ALIGNMENT_MASK : word aligned ________________________________________________________________________________ Device\Harddisk0\DR0 465.8 Go [Fixed] ==> 7 MBR Code MBR_MD5 : 6B9DCDCE202711D01A2ECE21C95CF1A5 MBR_SHA1 : 833E9C33BF2837E6E0023EACA354D4F74AEB4208 Device\Harddisk0\Partition1 451.1 Go 0x07 NTFS / HPFS __ BOOTABLE __ ________________________________________________________________________________ ############################### Additional scan ################################ DRIVER : C:\Windows\system32\hal.dll => Invisible on the disk ADDRESS : 0x03C10000 SIZE : 292.0 Ko DRIVER : C:\Windows\system32\kdcom.dll => Invisible on the disk ADDRESS : 0x00BAF000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk ADDRESS : 0x00CBD000 SIZE : 316.0 Ko DRIVER : C:\Windows\system32\CLFS.SYS => Invisible on the disk ADDRESS : 0x00D20000 SIZE : 376.0 Ko DRIVER : C:\Windows\system32\CI.dll => Invisible on the disk ADDRESS : 0x00EDF000 SIZE : 768.0 Ko DRIVER : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk ADDRESS : 0x00E00000 SIZE : 776.0 Ko DRIVER : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk ADDRESS : 0x00EC2000 SIZE : 64.0 Ko DRIVER : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk ADDRESS : 0x00F9F000 SIZE : 348.0 Ko DRIVER : C:\Windows\system32\drivers\WMILIB.SYS => Invisible on the disk ADDRESS : 0x00FF6000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk ADDRESS : 0x00ED2000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\drivers\pci.sys => Invisible on the disk ADDRESS : 0x00D7E000 SIZE : 204.0 Ko DRIVER : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk ADDRESS : 0x00DB1000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\DRIVERS\iusb3hcs.sys => Invisible on the disk ADDRESS : 0x00DBE000 SIZE : 40.0 Ko DRIVER : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk ADDRESS : 0x00DC8000 SIZE : 84.0 Ko DRIVER : C:\Windows\system32\DRIVERS\compbatt.sys => Invisible on the disk ADDRESS : 0x00DDD000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\DRIVERS\BATTC.SYS => Invisible on the disk ADDRESS : 0x00DE6000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk ADDRESS : 0x00C00000 SIZE : 84.0 Ko DRIVER : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk ADDRESS : 0x00C15000 SIZE : 368.0 Ko DRIVER : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk ADDRESS : 0x00C71000 SIZE : 104.0 Ko DRIVER : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk ADDRESS : 0x00C8B000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk ADDRESS : 0x010C5000 SIZE : 168.0 Ko DRIVER : C:\Windows\system32\drivers\msahci.sys => Invisible on the disk ADDRESS : 0x010EF000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk ADDRESS : 0x010FA000 SIZE : 64.0 Ko DRIVER : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk ADDRESS : 0x0110A000 SIZE : 44.0 Ko DRIVER : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk ADDRESS : 0x01115000 SIZE : 304.0 Ko DRIVER : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk ADDRESS : 0x01161000 SIZE : 80.0 Ko DRIVER : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk ADDRESS : 0x01230000 SIZE : 1.66 Mo DRIVER : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk ADDRESS : 0x01175000 SIZE : 376.0 Ko DRIVER : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk ADDRESS : 0x013DA000 SIZE : 108.0 Ko DRIVER : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk ADDRESS : 0x01000000 SIZE : 456.0 Ko DRIVER : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk ADDRESS : 0x01200000 SIZE : 68.0 Ko DRIVER : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk ADDRESS : 0x01211000 SIZE : 40.0 Ko DRIVER : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk ADDRESS : 0x0142D000 SIZE : 968.0 Ko DRIVER : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk ADDRESS : 0x0151F000 SIZE : 384.0 Ko DRIVER : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk ADDRESS : 0x0157F000 SIZE : 172.0 Ko DRIVER : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk ADDRESS : 0x01600000 SIZE : 1.99 Mo DRIVER : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk ADDRESS : 0x015AA000 SIZE : 292.0 Ko DRIVER : C:\Windows\System32\Drivers\aswRvrt.sys => Invisible on the disk ADDRESS : 0x01400000 SIZE : 76.0 Ko DRIVER : C:\Windows\System32\Drivers\aswVmm.sys => Invisible on the disk ADDRESS : 0x01072000 SIZE : 284.0 Ko DRIVER : C:\Windows\system32\drivers\vmstorfl.sys => Invisible on the disk ADDRESS : 0x01413000 SIZE : 64.0 Ko DRIVER : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk ADDRESS : 0x0187F000 SIZE : 304.0 Ko DRIVER : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk ADDRESS : 0x018CB000 SIZE : 32.0 Ko DRIVER : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk ADDRESS : 0x018D3000 SIZE : 232.0 Ko DRIVER : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk ADDRESS : 0x0190D000 SIZE : 72.0 Ko DRIVER : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk ADDRESS : 0x0191F000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk ADDRESS : 0x01928000 SIZE : 232.0 Ko DRIVER : C:\Windows\system32\drivers\disk.sys => Invisible on the disk ADDRESS : 0x01962000 SIZE : 88.0 Ko DRIVER : C:\Windows\system32\drivers\CLASSPNP.SYS => Invisible on the disk ADDRESS : 0x01978000 SIZE : 192.0 Ko DRIVER : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk ADDRESS : 0x01800000 SIZE : 168.0 Ko DRIVER : C:\Windows\system32\drivers\aswSP.sys => Invisible on the disk ADDRESS : 0x03AC7000 SIZE : 512.0 Ko DRIVER : C:\Windows\system32\drivers\aswSnx.sys => Invisible on the disk ADDRESS : 0x03CAA000 SIZE : 940.0 Ko DRIVER : C:\Windows\System32\drivers\Bfilter.sys => Invisible on the disk ADDRESS : 0x03D95000 SIZE : 64.0 Ko DRIVER : C:\Windows\System32\drivers\Bfmon.sys => Invisible on the disk ADDRESS : 0x03DA5000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk ADDRESS : 0x03DB0000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk ADDRESS : 0x03DB9000 SIZE : 28.0 Ko DRIVER : C:\Windows\System32\drivers\Bprotect.sys => Invisible on the disk ADDRESS : 0x03DC0000 SIZE : 120.0 Ko DRIVER : C:\Windows\System32\drivers\BprotectEx.sys => Invisible on the disk ADDRESS : 0x03DDE000 SIZE : 104.0 Ko DRIVER : C:\Windows\system32\drivers\aswKbd.sys => Invisible on the disk ADDRESS : 0x03C00000 SIZE : 40.0 Ko DRIVER : C:\Windows\System32\drivers\vga.sys => Invisible on the disk ADDRESS : 0x03C0A000 SIZE : 56.0 Ko DRIVER : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk ADDRESS : 0x03C18000 SIZE : 148.0 Ko DRIVER : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk ADDRESS : 0x03C3D000 SIZE : 64.0 Ko DRIVER : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk ADDRESS : 0x03C4D000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk ADDRESS : 0x03C56000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk ADDRESS : 0x03C5F000 SIZE : 36.0 Ko DRIVER : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk ADDRESS : 0x03C68000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk ADDRESS : 0x03C73000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk ADDRESS : 0x03C84000 SIZE : 136.0 Ko DRIVER : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk ADDRESS : 0x03B47000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\drivers\afd.sys => Invisible on the disk ADDRESS : 0x03B54000 SIZE : 548.0 Ko DRIVER : C:\Windows\system32\drivers\aswRdr2.sys => Invisible on the disk ADDRESS : 0x03BDD000 SIZE : 104.0 Ko DRIVER : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk ADDRESS : 0x03A00000 SIZE : 276.0 Ko DRIVER : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk ADDRESS : 0x03A45000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk ADDRESS : 0x03A4E000 SIZE : 152.0 Ko DRIVER : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk ADDRESS : 0x03A74000 SIZE : 88.0 Ko DRIVER : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk ADDRESS : 0x03A8A000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk ADDRESS : 0x03A99000 SIZE : 108.0 Ko DRIVER : C:\Windows\system32\DRIVERS\termdd.sys => Invisible on the disk ADDRESS : 0x0182A000 SIZE : 80.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk ADDRESS : 0x02C2B000 SIZE : 332.0 Ko DRIVER : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk ADDRESS : 0x02C7E000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mssmbios.sys => Invisible on the disk ADDRESS : 0x02C8A000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\drivers\discache.sys => Invisible on the disk ADDRESS : 0x02C95000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\drivers\csc.sys => Invisible on the disk ADDRESS : 0x02CA4000 SIZE : 532.0 Ko DRIVER : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk ADDRESS : 0x02D29000 SIZE : 120.0 Ko DRIVER : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk ADDRESS : 0x02D47000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk ADDRESS : 0x02D58000 SIZE : 152.0 Ko DRIVER : C:\Windows\system32\DRIVERS\intelppm.sys => Invisible on the disk ADDRESS : 0x02D7E000 SIZE : 88.0 Ko DRIVER : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk ADDRESS : 0x048EF000 SIZE : 7.01 Mo DRIVER : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk ADDRESS : 0x042B4000 SIZE : 976.0 Ko DRIVER : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk ADDRESS : 0x043A8000 SIZE : 280.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbuhci.sys => Invisible on the disk ADDRESS : 0x043EE000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk ADDRESS : 0x04200000 SIZE : 344.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk ADDRESS : 0x04256000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\HDAudBus.sys => Invisible on the disk ADDRESS : 0x04267000 SIZE : 144.0 Ko DRIVER : C:\Windows\system32\DRIVERS\NETwsw00.sys => Invisible on the disk ADDRESS : 0x05623000 SIZE : 11.32 Mo DRIVER : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk ADDRESS : 0x06175000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\DRIVERS\L1C62x64.sys => Invisible on the disk ADDRESS : 0x06182000 SIZE : 136.0 Ko DRIVER : C:\Windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk ADDRESS : 0x061A4000 SIZE : 120.0 Ko DRIVER : C:\Windows\system32\DRIVERS\kbfiltr.sys => Invisible on the disk ADDRESS : 0x061C2000 SIZE : 32.0 Ko DRIVER : C:\Windows\system32\DRIVERS\kbdclass.sys => Invisible on the disk ADDRESS : 0x061CA000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ETD.sys => Invisible on the disk ADDRESS : 0x04800000 SIZE : 380.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk ADDRESS : 0x061D9000 SIZE : 60.0 Ko DRIVER : C:\Windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk ADDRESS : 0x061E8000 SIZE : 20.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ATK64AMD.sys => Invisible on the disk ADDRESS : 0x061ED000 SIZE : 32.0 Ko DRIVER : C:\Windows\system32\DRIVERS\CompositeBus.sys => Invisible on the disk ADDRESS : 0x05600000 SIZE : 64.0 Ko DRIVER : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk ADDRESS : 0x0428B000 SIZE : 88.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk ADDRESS : 0x0485F000 SIZE : 144.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk ADDRESS : 0x05610000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk ADDRESS : 0x04883000 SIZE : 188.0 Ko DRIVER : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk ADDRESS : 0x048B2000 SIZE : 108.0 Ko DRIVER : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk ADDRESS : 0x048CD000 SIZE : 132.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk ADDRESS : 0x02D94000 SIZE : 104.0 Ko DRIVER : C:\Windows\system32\DRIVERS\swenum.sys => Invisible on the disk ADDRESS : 0x0561C000 SIZE : 8.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the disk ADDRESS : 0x02DAE000 SIZE : 268.0 Ko DRIVER : C:\Windows\system32\DRIVERS\umbus.sys => Invisible on the disk ADDRESS : 0x042A1000 SIZE : 72.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk ADDRESS : 0x044BB000 SIZE : 360.0 Ko DRIVER : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk ADDRESS : 0x04515000 SIZE : 84.0 Ko DRIVER : C:\Windows\system32\drivers\HdAudio.sys => Invisible on the disk ADDRESS : 0x0452A000 SIZE : 368.0 Ko DRIVER : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk ADDRESS : 0x04586000 SIZE : 244.0 Ko DRIVER : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk ADDRESS : 0x045C3000 SIZE : 136.0 Ko DRIVER : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk ADDRESS : 0x045E5000 SIZE : 24.0 Ko DRIVER : C:\Windows\system32\drivers\IntcHdmi.sys => Invisible on the disk ADDRESS : 0x04400000 SIZE : 156.0 Ko DRIVER : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk ADDRESS : 0x04427000 SIZE : 56.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk ADDRESS : 0x04435000 SIZE : 48.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_msahci.sys => Invisible on the disk ADDRESS : 0x04441000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk ADDRESS : 0x0444C000 SIZE : 76.0 Ko DRIVER : C:\Windows\System32\win32k.sys => Invisible on the disk ADDRESS : 0x00030000 SIZE : 3.09 Mo DRIVER : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk ADDRESS : 0x0445F000 SIZE : 48.0 Ko DRIVER : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk ADDRESS : 0x0446B000 SIZE : 116.0 Ko DRIVER : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk ADDRESS : 0x04488000 SIZE : 8.0 Ko DRIVER : C:\Windows\system32\DRIVERS\snp2uvc.sys => Invisible on the disk ADDRESS : 0x0202C000 SIZE : 1.72 Mo DRIVER : C:\Windows\system32\DRIVERS\STREAM.SYS => Invisible on the disk ADDRESS : 0x021E4000 SIZE : 68.0 Ko DRIVER : C:\Windows\system32\DRIVERS\sncduvc.SYS => Invisible on the disk ADDRESS : 0x021F5000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk ADDRESS : 0x02000000 SIZE : 56.0 Ko DRIVER : C:\Windows\System32\TSDDD.dll => Invisible on the disk ADDRESS : 0x00540000 SIZE : 40.0 Ko DRIVER : C:\Windows\System32\cdd.dll => Invisible on the disk ADDRESS : 0x007C0000 SIZE : 156.0 Ko DRIVER : C:\Windows\system32\DRIVERS\hidusb.sys => Invisible on the disk ADDRESS : 0x0200E000 SIZE : 56.0 Ko DRIVER : C:\Windows\system32\DRIVERS\HIDCLASS.SYS => Invisible on the disk ADDRESS : 0x0448A000 SIZE : 100.0 Ko DRIVER : C:\Windows\system32\DRIVERS\HIDPARSE.SYS => Invisible on the disk ADDRESS : 0x0201C000 SIZE : 36.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mouhid.sys => Invisible on the disk ADDRESS : 0x044A3000 SIZE : 52.0 Ko DRIVER : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk ADDRESS : 0x02C00000 SIZE : 140.0 Ko DRIVER : C:\Windows\system32\drivers\aswMonFlt.sys => Invisible on the disk ADDRESS : 0x0183E000 SIZE : 152.0 Ko DRIVER : C:\Windows\system32\drivers\aswStm.sys => Invisible on the disk ADDRESS : 0x019A8000 SIZE : 168.0 Ko DRIVER : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk ADDRESS : 0x045EB000 SIZE : 84.0 Ko DRIVER : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk ADDRESS : 0x02669000 SIZE : 332.0 Ko DRIVER : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk ADDRESS : 0x026BC000 SIZE : 76.0 Ko DRIVER : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk ADDRESS : 0x026CF000 SIZE : 96.0 Ko DRIVER : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk ADDRESS : 0x026E7000 SIZE : 804.0 Ko DRIVER : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk ADDRESS : 0x027B0000 SIZE : 120.0 Ko DRIVER : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk ADDRESS : 0x027CE000 SIZE : 96.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk ADDRESS : 0x02600000 SIZE : 180.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk ADDRESS : 0x034DB000 SIZE : 312.0 Ko DRIVER : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk ADDRESS : 0x03529000 SIZE : 144.0 Ko DRIVER : C:\Windows\system32\DRIVERS\idmwfp.sys => Invisible on the disk ADDRESS : 0x0354D000 SIZE : 180.0 Ko DRIVER : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk ADDRESS : 0x03400000 SIZE : 664.0 Ko DRIVER : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk ADDRESS : 0x034A6000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk ADDRESS : 0x0357A000 SIZE : 196.0 Ko DRIVER : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk ADDRESS : 0x035AB000 SIZE : 72.0 Ko DRIVER : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk ADDRESS : 0x08C51000 SIZE : 420.0 Ko DRIVER : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk ADDRESS : 0x08CBA000 SIZE : 608.0 Ko DRIVER : C:\Windows\system32\DRIVERS\asyncmac.sys => Invisible on the disk ADDRESS : 0x08D52000 SIZE : 44.0 Ko DRIVER : C:\Windows\System32\smss.exe => Invisible on the disk ADDRESS : 0x47FE0000 SIZE : 128.0 Ko BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020) SystemStartOptions : NOEXECUTE=OPTIN ENABLE_INTEGRITY_CHECKS ________________________________________________________________________________ _______MBR \Device\Harddisk0\DR0 0x00000000 33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00 3À.м.|.À.ؾ.|¿. 0x00000010 06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00 .¹..üó¤Ph..Ëû¹.. 0x00000020 BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10 ½¾..~..|......Å. 0x00000030 E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00 âñÍ..V.UÆF..ÆF.. 0x00000040 B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09 ´A»ªUÍ.]r..ûUªu. 0x00000050 F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74 ÷Á..t.þF.f`.~..t 0x00000060 26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00 &fh....f.v.h..h. 0x00000070 7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13 |h..h..´B.V..ôÍ. 0x00000080 9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00 ..Ä..ë.¸..».|.V. 0x00000090 8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE .v..N..n.Í.fas.þ 0x000000A0 4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84 N.u..~......².ë. 0x000000B0 55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55 U2ä.V.Í.]ë..>þ}U 0x000000C0 AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64 ªun.v.è..u.ú°Ñæd 0x000000D0 E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75 è..°ßæ`è|.°.ædèu 0x000000E0 00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54 .û¸.»Í.f#Àu;f.ûT 0x000000F0 43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00 CPAu2.ù..r,fh.». 0x00000100 00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66 .fh....fh....fSf 0x00000110 53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66 SfUfh....fh.|..f 0x00000120 61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD ah...Í.Z2öê.|..Í 0x00000130 18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4 ..·.ë..¶.ë..µ.2ä 0x00000140 05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD ....ð¬<.t.»..´.Í 0x00000150 10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8 .ëòôëý+Éädë.$.àø 0x00000160 24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69 $.ÃInvalid parti 0x00000170 74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72 tion table.Error 0x00000180 20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69 loading operati 0x00000190 6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E ng system.Missin 0x000001A0 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst 0x000001B0 65 6D 00 00 00 63 7B 9A 6E 49 B3 D9 00 00 80 FE em...c{.nI³Ù...þ 0x000001C0 FF FF 07 FE FF FF 00 B0 D4 01 00 A8 63 38 00 00 ...þ...°Ô..¨c8.. 0x000001D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
  15. Análise de log

    Boa Noite Estou ajudando um amigo que é tao leigo quanto eu, so estou fazendo porque ele sabe bem menos que eu , mas o notebook dele acho que devido a má navegaçao e clicar em tudo está cheio de coisas estranhas, para eu executar o clean precisei colocar em modo de segurança , pois ele náo permitia nem instalar e o wifi não funcionava, e após passar o clean o wifi voltou a funciona no modo normal, mas acho que deve ter mais coisas aqui, pois nos browsers que ele usa estava com badiu e cia segue o log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:02:31, on 03/02/2017 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16521) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE C:\Users\sandra\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\Users\sandra\AppData\Roaming\Spotify\Spotify.exe C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Users\sandra\AppData\Roaming\Spotify\SpotifyCrashService.exe C:\Users\sandra\Downloads\HijackThis.exe C:\Users\sandra\AppData\Roaming\Spotify\Spotify.exe C:\Users\sandra\AppData\Roaming\Spotify\Spotify.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll (file missing) O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll O4 - HKLM\..\Run: [UnlockerAssistant] "C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\sandra\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Spotify] "C:\Users\sandra\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{019BA07A-4A7E-4720-89A8-3A2973A6E18B}: NameServer = 189.8.80.50,189.8.80.43 O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe O23 - Service: Baidu Hips Service (BHipsSvc) - Unknown owner - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Service KMSELDI - @ByELDI - C:\Program Files\KMSpico\Service_KMS.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9552 bytes fico antecipadamente agradecido
×