Conteúdo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Fundo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Desenho: Liso Onda Linha Retalho Madeira Rocha Couro Colméia Vertical Triângulo
Bem-vindo ao Fórum do BABOO!

Desde 2000 o Fórum do BABOO tem ajudado milhões de internautas de Windows a resolverem seus problemas e dúvidas, além de ajudar na remoção de vírus e malwares de seus computadores. Somos o único fórum brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows, então se você tem uma dúvida ou problema que nenhum outro fórum resolve, poste-a aqui pois o MVP Babooadora desafios!
  

O Fórum do BABOO também conta com a participação exclusiva do administrador da área de Segurança MVP Mr.Million que tem reconhecimento internacional da Microsoft pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Se o seu computador está infectado por algum vírus, ele te ajudará a removê-lo!
  

Nosso time de especialistas também inclui Patropi  Osvaldomp  Caze  Ciro-Mota  XERLOUCO ROUMS  Tatha que responderão suas dúvidas sobre diversos assuntos.
 

Participe da nossa comunidade! 

 

Entre para seguir isso  
Seguidores 0
narayann

Analise de log. erro (0xc000007b)

20 posts neste tópico

Penso que o meu computador esta infectado com algum tipo de malware.

Tenho vindo a encontrar este erro quando tento abrir alguns programas:

A aplicação falhou a inicialização correcta (0xc000007b). Clique em OK para terminar a aplicação.

Penso que este erro da-se mais em programas que usam Microsoft Framework .NET

também tenho vindo a ter erros constantes na instalacao/desinstalacao do Framework e outras ferramentas Windows.

Assim como o PC tem tido um desempenho bastante lento, e fora do normal.

Agradeco a ajuda

Log do Hijack:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 09:33:14, on 23-02-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\AEADISRV.EXE

C:\WINDOWS\ATKKBService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programas\Bonjour\mDNSResponder.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Viewpoint\Common\ViewpointService.exe

C:\WINDOWS\Explorer.EXE

C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

C:\Programas\PowerISO\PWRISOVM.EXE

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Analog Devices\Core\smax4pnp.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Windows Live\Messenger\MsnMsgr.Exe

C:\Programas\Windows Live\Messenger\usnsvc.exe

C:\Programas\Windows Media Player\wmplayer.exe

C:\Programas\Java\jre1.6.0_05\bin\jucheck.exe

C:\WINDOWS\system32\notepad.exe

C:\Programas\SecondLifeReleaseCandidate\SecondLifeReleaseCandidate.exe

C:\Programas\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {93344865-74BD-4873-BE65-56539D41A65C} - (no file)

O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Programas\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKLM\..\RunOnce: [wextract_cleanup0] rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\ADMINI~1\DEFINI~1\Temp\IXP004.TMP\"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [wuyojunove] Rundll32.exe "C:\WINDOWS\system32\mibagoyo.dll",s (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} - http://earn2life.com/plugin/Earn2Life.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B66BA35-9160-44B0-85E3-D8563EF3A6DC}: NameServer = 194.65.47.43,194.65.47.44

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA6278B5-8E09-48B5-B0C9-904A1803E533}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\system32\dofozeha.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programas\Adobe\Adobe Version Cue\service\VersionCue.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\WINDOWS\system32\AEADISRV.EXE

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programas\McAfee\SiteAdvisor\McSACore.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programas\Viewpoint\Common\ViewpointService.exe

--

End of file - 9631 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus e AntiSpyware para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download Banker FIX

Dê um duplo-clique em bankerfix.exe . Dê Enter.

O Internet Explorer será finalizado.aguarde a Ferramenta acabar. Isso pode demorar um pouco.

Quando terminar, aparecerá uma mensagem na tela e então dê Enter.

Reinicie...

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + o Relatorio.txt que encontrará em C:\LinhaDefensiva + um novo Log do HijackThis .

Depois pode apagar esta Pasta LinhaDefensiva. Habilite novamente o seu Antivírus..


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá, antes de mais nada obrigado por tentar ajudar-me.

Segui as suas instruções, tirando que não consegui remover um Trojan.BHO que o MBAM me detectou, tentei reiniciar varias vezes como indicado, mas nunca foi removido.

Aqui posto os logs como pedidos:

MBAM LOG:

Malwarebytes' Anti-Malware 1.34

Versão do banco de dados: 1798

Windows 5.1.2600 Service Pack 3

24-02-2009 10:54:02

mbam-log-2009-02-24 (10-54-02).txt

Tipo de Verificação: Rápida

Objetos verificados: 66186

Tempo decorrido: 4 minute(s), 44 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registo infectadas: 1

Valores do Registo infectados: 0

Ítens do Registo infectados: 0

Pastas infectadas: 0

Ficheiros infectados: 0

Processos da Memória infectados:

(Nenhum item malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum item malicioso foi detectado)

Chaves do Registo infectadas:

HKEY_CLASSES_ROOT\CLSID\{ec43e3fd-5c60-46a6-97d7-e0b85dbdd6c4} (Trojan.BHO) -> Delete on reboot.

Valores do Registo infectados:

(Nenhum item malicioso foi detectado)

Ítens do Registo infectados:

(Nenhum item malicioso foi detectado)

Pastas infectadas:

(Nenhum item malicioso foi detectado)

Ficheiros infectados:

(Nenhum item malicioso foi detectado)

- - - - - - -

HiJackThis LOG:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:52:13, on 24-02-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\AEADISRV.EXE

C:\WINDOWS\ATKKBService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programas\Bonjour\mDNSResponder.exe

C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

C:\Programas\PowerISO\PWRISOVM.EXE

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Analog Devices\Core\smax4pnp.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Viewpoint\Common\ViewpointService.exe

C:\Programas\Malwarebytes' Anti-Malware\mbam.exe

C:\Programas\Windows Live\Messenger\usnsvc.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O3 - Toolbar: (no name) - {93344865-74BD-4873-BE65-56539D41A65C} - (no file)

O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Programas\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\Run: [wuyojunove] Rundll32.exe "C:\WINDOWS\system32\mibagoyo.dll",s (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Serviço de rede')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll

O16 - DPF: {93344865-74BD-4873-BE65-56539D41A65C} - http://earn2life.com/plugin/Earn2Life.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B66BA35-9160-44B0-85E3-D8563EF3A6DC}: NameServer = 194.65.47.43,194.65.47.44

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA6278B5-8E09-48B5-B0C9-904A1803E533}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - AppInit_DLLs: wbsys.dll C:\WINDOWS\system32\dofozeha.dll

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programas\Adobe\Adobe Version Cue\service\VersionCue.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\WINDOWS\system32\AEADISRV.EXE

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programas\McAfee\SiteAdvisor\McSACore.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programas\Viewpoint\Common\ViewpointService.exe

--

End of file - 9223 bytes

- - - - - - -

BankerFIX relatorio.txt:

BankerFix 3.0 VALKYRIE - Removedor de Bankers

Linha Defensiva | http://www.linhadefensiva.org

http://www.linhadefensiva.org/bankerfix/

-------------------------------------------------------

Data: 2009-02-24 - 10:40

-------------------------------------------------------

Lista de Definição: 2009-01-21-2 | CORE: 2009-01-21-1

=======================================================

----- Fim -------------------------

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, continuando.....

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Faça o download do ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

Dê um duplo-clique no combofix.exe, tecle 1 e em seguida Enter para prosseguir o Fix. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.Microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado pela resposta rapida e ajuda continua (Y)

Segui novamente os passos indicados, aqui estao os logs pedidos.

ComboFix LOG:

ComboFix 09-02-21.01 - Administrador 2009-02-24 14:02:24.1 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.2070.18.2047.1581 [GMT 0:00]

Executando de: c:\documents and settings\Administrador\Ambiente de trabalho\ComboFix.exe

* Criado um novo ponto de restauro

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\404Fix.exe

c:\windows\system32\Agent.OMZ.Fix.exe

c:\windows\system32\IEDFix.C.exe

c:\windows\system32\IEDFix.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\VACFix.exe

c:\windows\system32\VCCLSID.exe

c:\windows\system32\WS2Fix.exe

c:\windows\explorer.exe . . . está infetado!!

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-24 to 2009-02-24 ))))))))))))))))))))))))))))

.

2009-02-23 09:31 . 2009-02-23 09:31 <DIR> d-------- c:\programas\Trend Micro

2009-02-23 09:30 . 2009-02-23 09:31 <DIR> d-------- C:\CCleaner

2009-02-23 09:26 . 2009-02-23 09:26 <DIR> d-------- c:\programas\CCleaner

2009-02-22 17:23 . 2009-02-22 17:23 <DIR> d-------- c:\programas\Microsoft.NET

2009-02-22 17:15 . 2009-02-22 17:15 <DIR> d-------- C:\8ec090f8f29fcc45890e684b3c64bb

2009-02-22 17:15 . 2009-02-22 17:15 <DIR> d-------- C:\52287885bfe694d80d7cbb

2009-02-22 11:39 . 2009-02-22 11:39 <DIR> d-------- c:\windows\system32\URTTemp

2009-02-22 11:29 . 2009-02-22 11:46 <DIR> d-------- c:\windows\SxsCaPendDel

2009-02-22 10:58 . 2009-02-24 10:02 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-02-22 10:58 . 2009-02-22 10:58 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-02-22 10:58 . 2009-02-22 10:58 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-02-22 10:58 . 2009-02-22 10:58 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-02-21 18:48 . 2009-02-21 18:48 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore

2009-02-20 18:45 . 2009-02-21 18:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor

2009-02-20 18:43 . 2009-02-21 19:13 <DIR> d-------- c:\programas\McAfee

2009-02-20 18:38 . 2009-02-21 19:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee

2009-02-20 17:15 . 2008-04-14 21:39 870,784 --------- c:\windows\system32\ati3d1ag.dll

2009-02-20 17:15 . 2008-04-14 21:39 377,984 --------- c:\windows\system32\ati2dvaa.dll

2009-02-20 17:15 . 2008-04-14 21:39 32,768 --------- c:\windows\system32\ativtmxx.dll

2009-02-20 17:15 . 2008-04-14 21:40 23,040 --------- c:\windows\system32\ativmvxx.ax

2009-02-20 17:15 . 2008-04-14 21:40 9,728 --------- c:\windows\system32\ativdaxx.ax

2009-02-20 16:31 . 2006-12-29 00:31 19,569 --a------ c:\windows\000001_.tmp

2009-02-20 16:25 . 2009-02-20 16:54 <DIR> d-------- C:\b4af109b097d9f47026ba7ffff

2009-02-20 15:56 . 2009-02-20 15:56 <DIR> d-------- c:\documents and settings\LocalService\Ambiente de trabalho

2009-02-20 14:50 . 2009-02-20 14:50 <DIR> d-------- c:\windows\system32\CatRoot_bak

2009-02-20 13:44 . 2009-02-20 21:21 593,920 --a------ c:\windows\system32\ati2sgag.exe

2009-02-20 13:28 . 2009-02-20 13:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\SonicFocus

2009-02-20 12:43 . 2009-02-20 12:52 <DIR> d-------- c:\programas\Driver Checker

2009-02-20 12:28 . 2009-02-20 13:30 <DIR> d-------- c:\programas\ATI

2009-02-20 12:24 . 2008-12-04 09:31 53,248 --a------ c:\windows\system32\CSVer.dll

2009-02-20 12:23 . 2009-02-20 12:23 <DIR> d-------- c:\programas\Realtek

2009-02-20 12:23 . 2009-01-16 22:45 73,728 --a------ c:\windows\system32\RtNicProp32.dll

2009-02-20 12:07 . 2009-02-20 13:29 <DIR> d-------- c:\programas\Driver-Soft

2009-02-20 12:07 . 2007-09-02 20:56 1,686,016 --a------ c:\windows\system32\clinetsuitex6.ocx

2009-02-20 12:07 . 2004-03-09 16:45 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX

2009-02-20 12:07 . 2004-06-14 14:56 427,864 --a------ c:\windows\system32\XceedZip.dll

2009-02-20 11:58 . 2009-02-20 11:58 <DIR> d-------- c:\programas\iXi Tools

2009-02-20 11:56 . 2009-02-20 11:56 <DIR> d-------- c:\documents and settings\Administrador\Application Data\Thinstall

2009-02-20 11:47 . 2009-02-20 11:47 <DIR> d-------- c:\programas\XPC Tools

2009-02-20 10:56 . 2009-02-20 10:56 <DIR> d-------- c:\programas\Analog Devices

2009-02-20 10:54 . 2009-02-20 10:54 <DIR> d-------- C:\Intel

2009-02-20 10:54 . 2009-02-20 10:54 <DIR> d-------- C:\Drivers

2009-02-20 10:44 . 2009-02-20 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner

2009-02-16 20:17 . 2009-02-16 20:17 <DIR> d-------- c:\windows\system32\VirtualExpander

2009-02-15 10:46 . 2009-02-22 10:44 <DIR> d-------- c:\documents and settings\Administrador\Application Data\SecondLife

2009-02-15 10:44 . 2009-02-15 10:44 <DIR> d-------- c:\programas\SecondLifeReleaseCandidate

2009-02-12 20:08 . 2009-02-15 09:56 <DIR> d-------- c:\documents and settings\Administrador\Application Data\OnRez

2009-02-09 22:52 . 2009-02-09 22:52 <DIR> d-------- c:\documents and settings\Administrador\Application Data\id Software

2009-02-09 22:50 . 2009-02-09 22:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\id Software

2009-02-09 22:50 . 2009-02-20 21:25 2,266,642 --a------ c:\windows\system32\pbsvc.exe

2009-02-09 22:50 . 2009-02-11 20:02 188,896 --a------ c:\windows\system32\PnkBstrB.exe

2009-02-09 22:50 . 2009-02-11 20:02 138,784 --a------ c:\windows\system32\drivers\PnkBstrK.sys

2009-02-09 22:50 . 2009-02-11 20:02 70,968 --a------ c:\windows\system32\PnkBstrA.exe

2009-02-09 22:50 . 2009-02-09 22:50 22,328 --a------ c:\documents and settings\Administrador\Application Data\PnkBstrK.sys

2009-01-24 14:15 . 2009-01-24 14:15 <DIR> d-------- c:\programas\Adobe Media Player

2009-01-24 14:12 . 2009-01-24 14:12 <DIR> d-------- c:\programas\Ficheiros comuns\Adobe AIR

2009-01-24 12:02 . 2009-01-24 12:13 <DIR> d-------- c:\documents and settings\Administrador\Application Data\Download Manager

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-24 10:20 --------- d-----w c:\programas\Malwarebytes' Anti-Malware

2009-02-22 20:19 --------- d-----w c:\documents and settings\Administrador\Application Data\Azureus

2009-02-22 10:58 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-02-21 15:00 --------- d-----w c:\programas\Lavasoft

2009-02-21 15:00 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

2009-02-20 21:02 70,656 ----a-w c:\windows\notepad.exe

2009-02-20 21:02 327,168 ----a-w c:\windows\IsUn0816.exe

2009-02-20 21:02 323,072 ----a-w c:\windows\IsUninst.exe

2009-02-20 21:02 310,784 ----a-w c:\windows\IsUn0416.exe

2009-02-20 21:02 299,008 ----a-w c:\windows\uninst.exe

2009-02-20 21:02 288,256 ----a-w c:\windows\winhlp32.exe

2009-02-20 21:02 25,600 ----a-w c:\windows\twunk_32.exe

2009-02-20 21:02 15,872 ----a-w c:\windows\TASKMAN.EXE

2009-02-20 21:02 122,880 ----a-w c:\windows\UnGins.exe

2009-02-20 21:01 35,328 ----a-w c:\windows\emAMCAP.exe

2009-02-20 21:01 20,480 ----a-w c:\windows\HyperDrive.exe

2009-02-20 21:01 188,416 ----a-w c:\windows\emSTI.exe

2009-02-20 21:01 10,752 ----a-w c:\windows\hh.exe

2009-02-20 20:29 --------- d-----w c:\programas\PBP Unpacker

2009-02-20 19:59 --------- d-----w c:\programas\GSalive CS 1.6 NS

2009-02-20 19:03 126,976 ----a-w C:\W3XMapHack120E2.exe

2009-02-20 19:00 1,035,776 ----a-w c:\windows\explorer.exe

2009-02-20 17:54 --------- d-----w c:\programas\MagicISO

2009-02-20 13:34 --------- d-----w c:\programas\ATI Technologies

2009-02-20 13:30 --------- d-----w c:\programas\Ficheiros comuns\Wise Installation Wizard

2009-02-20 12:29 --------- d--h--w c:\programas\InstallShield Installation Information

2009-02-20 10:58 --------- d-----w c:\documents and settings\Administrador\Application Data\Uniblue

2009-02-17 16:48 70,512 ----a-w c:\documents and settings\Administrador\Application Data\GDIPFONTCACHEV1.DAT

2009-02-17 14:20 --------- d-----w c:\documents and settings\Administrador\Application Data\Skype

2009-02-17 14:17 --------- d-----w c:\documents and settings\Administrador\Application Data\skypePM

2009-02-13 12:35 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet

2009-02-12 22:30 --------- d-----w c:\programas\Valve

2009-02-11 17:28 --------- d-----w c:\programas\Messenger Plus! Live

2009-02-11 10:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 10:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-29 23:49 196,608 ----a-w c:\windows\system32\drivers\aStandard.bin

2009-01-29 13:03 --------- d-----w c:\programas\Vuze

2009-01-24 16:43 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-01-24 14:48 --------- d-----w c:\programas\Macromedia

2009-01-24 14:17 --------- d-----w c:\programas\Ficheiros comuns\Adobe

2009-01-24 13:50 --------- d-----w c:\programas\Ficheiros comuns\Macromedia

2009-01-21 15:49 118,656 ----a-w c:\windows\system32\drivers\Rtnicxp.sys

2009-01-21 11:12 --------- d-----w c:\programas\CoreCodec

2009-01-19 12:25 --------- d-----w c:\programas\Soulseek

2009-01-18 21:38 --------- d-----w c:\documents and settings\All Users\Application Data\NexonUS

2009-01-18 21:15 --------- d-----w c:\programas\Pando Networks

2009-01-18 21:15 --------- d-----w c:\documents and settings\All Users\Application Data\PMB Files

2009-01-17 17:38 --------- d-----w c:\documents and settings\Administrador\Application Data\GameScanner

2009-01-17 15:28 --------- d-----w c:\programas\Hewlett-Packard

2009-01-17 15:23 --------- d-----w c:\programas\Pcsx2_0.9.4

2009-01-17 13:27 --------- d-----w c:\programas\K-Lite Codec Pack

2009-01-17 13:26 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2009-01-17 13:26 --------- d-----w c:\documents and settings\Administrador\Application Data\Apple Computer

2009-01-17 13:24 --------- d-----w c:\programas\Haali

2009-01-14 07:14 3,455,488 ----a-w c:\windows\system32\drivers\ati2mtag.sys

2009-01-14 03:43 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll

2009-01-12 19:45 --------- d-----w c:\programas\XVideoConverter

2009-01-12 19:24 --------- d-----w c:\programas\Azureus

2009-01-12 18:48 --------- d-----w c:\programas\Bluefox Studio

2009-01-12 17:33 --------- d-----w c:\programas\SUPERAntiSpyware

2009-01-12 17:33 --------- d-----w c:\documents and settings\Administrador\Application Data\SUPERAntiSpyware.com

2009-01-12 17:31 --------- d-----w c:\documents and settings\Administrador\Application Data\uTorrent

2009-01-10 20:20 4,608 ----a-w c:\windows\cocowawa.dll

2009-01-10 19:01 --------- d-----w c:\programas\WinXMedia

2009-01-10 15:02 --------- d-----w c:\programas\Ficheiros comuns\xing shared

2009-01-10 15:02 --------- d-----w c:\programas\Ficheiros comuns\Real

2009-01-05 17:24 --------- d-----w c:\programas\Torrent Harvester

2009-01-05 13:45 --------- d-----w c:\programas\Epic MegaGames

2009-01-05 13:07 --------- d-----w c:\programas\eMule

2009-01-03 00:04 --------- d-----w c:\documents and settings\All Users\Application Data\GameScanner

2009-01-03 00:01 --------- d-----w c:\programas\GameSpy Arcade

2009-01-01 12:36 --------- d-----w c:\programas\DarkCheats

2008-12-28 18:21 --------- d-----w c:\programas\Fortego Security

2008-12-27 14:56 --------- d-----w c:\programas\AlienGUIse

2007-11-15 20:17 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat

2008-10-25 09:16 32,768 --sha-w c:\windows\system32\config\systemprofile\Definições locais\Histórico\History.IE5\MSHist012008102520081026\index.dat

.

------- Sigcheck -------

2009-02-20 19:00 1035776 9a0cfda7a8061eae1b49f1c591cd588c c:\windows\explorer.exe

2009-02-20 21:03 1035264 e4786809a1e3cbec2ce929d6b1283f1b c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

2009-02-20 21:05 1052165 ff72246732eae3f3076bf7df675c7995 c:\windows\$NtServicePackUninstall$\explorer.exe

2009-02-20 21:07 1034240 8ce395dd09c0fbe82c8ff529528242b0 c:\windows\$NtUninstallKB938828$\explorer.exe

2009-02-20 21:14 1035776 9a0cfda7a8061eae1b49f1c591cd588c c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-03 23:56 32768 db37a839f4a2be4f93cf7e614bab63d2 c:\windows\$NtServicePackUninstall$\ctfmon.exe

2009-02-20 21:14 15360 93f93102a8c5d0da6750b25a0c339b66 c:\windows\ServicePackFiles\i386\ctfmon.exe

2009-02-20 19:00 15360 93f93102a8c5d0da6750b25a0c339b66 c:\windows\system32\ctfmon.exe

2004-08-03 23:57 42496 bbdb97f728c2eab8b139e78bb8c79579 c:\windows\$NtServicePackUninstall$\userinit.exe

2009-02-20 21:19 26624 7ce5eb4e0a3c37c4c660b626df3db9be c:\windows\ServicePackFiles\i386\userinit.exe

2009-02-20 21:27 26624 7ce5eb4e0a3c37c4c660b626df3db9be c:\windows\system32\userinit.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-02-20 15360]

"MsnMsgr"="c:\programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\programas\CyberLink\PowerDVD\PDVDServ.exe" [2009-02-20 32768]

"AdobeVersionCue"="c:\programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 1753088]

"PWRISOVM.EXE"="c:\programas\PowerISO\PWRISOVM.EXE" [2009-02-20 200704]

"SunJavaUpdateSched"="c:\programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"TkBellExe"="c:\programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2009-01-17 185872]

"AdobeCS4ServiceManager"="c:\programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"ATICustomerCare"="c:\programas\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-02-20 307200]

"SoundMAXPnP"="c:\programas\Analog Devices\Core\smax4pnp.exe" [2009-02-20 1040384]

"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2009-02-20 171520]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2009-02-20 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-02-20 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\

Adobe Reader Speed Launch.lnk - c:\programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Microsoft Office.lnk - c:\programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 22:34 24576 c:\programas\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-22 10:58 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= i420vfw.dll

"msacm.l3fhg"= mp3fhg.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"msacm.ac3filter"= ac3filter.acm

"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\AVG8_TRAY]

--a------ 2009-02-22 10:58 1601304 c:\progra~1\AVG\AVG8\avgtray.exe

[HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\services]

"avg8wd"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\Microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programas\\Messenger\\msmsgs.exe"=

"c:\\Programas\\mIRC\\mirc.exe"=

"c:\\Programas\\NetMeeting\\conf.exe"=

"c:\\Hybrid\\Hybrid.exe"=

"c:\\Programas\\Autodesk\\Backburner\\monitor.exe"=

"c:\\Programas\\Autodesk\\Backburner\\manager.exe"=

"c:\\Programas\\Autodesk\\Backburner\\server.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Os meus documentos\\Azureus Downloads\\Star Wars Jedi Knight - Jedi Academy\\GameData\\GameData\\jamp.exe"=

"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programas\\Soulseek\\slsk.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Programas\\Ficheiros comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Programas\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

"c:\\Programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programas\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6112:TCP"= 6112:TCP:Blizzard Downloader

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"13050:UDP"= 13050:UDP:SecondLife

"58036:TCP"= 58036:TCP:Pando Media Booster

"58036:UDP"= 58036:UDP:Pando Media Booster

"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-22 325128]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-22 107272]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\programas\Viewpoint\Common\ViewpointService.exe [2008-03-29 24576]

S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys --> c:\windows\system32\Drivers\e4ldr.sys [?]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\programas\McAfee\SiteAdvisor\McSACore.exe" --> c:\programas\McAfee\SiteAdvisor\McSACore.exe [?]

S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2002-06-11 34048]

S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys --> c:\windows\system32\DRIVERS\e4usbaw.sys [?]

S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-22 298264]

S4 Dpt42swmcnzat;Dpt42swmcnzat; [x]

[HKEY_CURRENT_USER\software\Microsoft\windows\currentversion\explorer\mountpoints2\{fc990470-1880-11dd-89af-00173f99dbc7}]

\Shell\Auto\command - McRegWizz.exe e

\Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL McRegWizz.exe e

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-02-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

.

- - - - ORFÃOS REMOVIDOS - - - -

Toolbar-{93344865-74BD-4873-BE65-56539D41A65C} - (no file)

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.deviantart.com/

mStart Page = hxxp://br.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

IE: {{07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - {93344865-74BD-4873-BE65-56539D41A65C} -

TCP: {5B66BA35-9160-44B0-85E3-D8563EF3A6DC} = 194.65.47.43,194.65.47.44

TCP: {BA6278B5-8E09-48B5-B0C9-904A1803E533} = 192.168.0.1

DPF: {93344865-74BD-4873-BE65-56539D41A65C} - hxxp://earn2life.com/plugin/Earn2Life.cab

FF - ProfilePath - c:\documents and settings\Administrador\Application Data\Mozilla\Firefox\Profiles\qffrjskl.nightelfmohawk\

FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.bleachexile.com

FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=

FF - component: c:\programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll

FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: c:\programas\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\programas\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\programas\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----

c:\programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-24 14:05:47

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwOpenFile

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]

"ImagePath"="\Sys"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

[HKEY_USERS\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43613DEA-565E-A006-2C4B-FC450A21DB9C}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iaebnkomfijooflbpk"=hex:6a,61,6e,62,63,61,68,62,68,6b,69,6d,66,67,61,70,63,68,

63,63,00,00

"haknhmigdicaonnh"=hex:6a,61,6e,62,63,61,68,62,68,6b,69,6d,66,67,61,70,63,68,

63,63,00,ff

"iaaacenelhmpapmpjl"=hex:63,61,62,63,6f,61,00,7c

[HKEY_USERS\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F7F8EFB-70A2-EDC4-812A-8D0FFECE72AA}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"ialpdhnmpoiemphijc"=hex:6a,61,68,65,6c,6d,70,63,69,66,64,65,6c,67,62,67,69,68,

70,6c,00,00

"hafoffinekdamfej"=hex:69,61,6b,65,66,6e,63,6e,6b,63,70,68,67,62,70,6d,65,70,

00,00

[HKEY_USERS\Administrator\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:b2,d1,fc,91,95,2f,7e,04,60,b8,4b,41,9d,42,17,d3,80,92,4f,14,62,79,d3,

28,5b,e1,f2,44,72,cf,86,65,8a,60,36,6a,bd,65,78,be,60,72,27,3c,f1,b4,45,09,\

"??"=hex:25,52,30,17,cb,a9,95,ed,7b,3b,30,64,7b,4d,07,ff

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F7F8EFB-70A2-EDC4-812A-8D0FFECE72AA}\InProcServer32*]

"jajpohhbpmdnpbbpkbad"=hex:6a,61,68,65,6c,6d,70,63,69,66,64,65,6c,67,62,67,69,

68,70,6c,00,00

"iajpienhbgmfjcdgnc"=hex:69,61,6b,65,66,6e,63,6e,6b,63,70,68,67,62,70,6d,65,70,

00,00

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(788)

c:\windows\system32\Ati2evxx.dll

c:\programas\AlienGUIse\fastload.dll

c:\programas\Bonjour\mdnsNSP.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\programas\AVG\AVG8\avgrsx.exe

c:\windows\system32\AEADISRV.EXE

c:\windows\ATKKBService.exe

c:\programas\Bonjour\mDNSResponder.exe

c:\programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

c:\windows\system32\PnkBstrA.exe

c:\windows\system32\wscntfy.exe

c:\windows\system32\notepad.exe

.

**************************************************************************

.

Tempo para conclusão: 2009-02-24 14:11:14 - Máquina reiniciou

ComboFix-quarantined-files.txt 2009-02-24 14:10:12

Pré-execução: 38.908.866.560 bytes livres

Pós execução: 40,386,924,544 bytes livres

WindowsXP-KB310994-SP2-Pro-BootDisk-PTB.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

371 --- E O F --- 2009-02-22 17:28:23

-------------------

HiJackThis LOG:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:12:17, on 24-02-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Programas\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\AEADISRV.EXE

C:\WINDOWS\ATKKBService.exe

C:\Programas\Bonjour\mDNSResponder.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Viewpoint\Common\ViewpointService.exe

C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

C:\Programas\PowerISO\PWRISOVM.EXE

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Programas\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B66BA35-9160-44B0-85E3-D8563EF3A6DC}: NameServer = 194.65.47.43,194.65.47.44

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA6278B5-8E09-48B5-B0C9-904A1803E533}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programas\Adobe\Adobe Version Cue\service\VersionCue.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\WINDOWS\system32\AEADISRV.EXE

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programas\McAfee\SiteAdvisor\McSACore.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programas\Viewpoint\Common\ViewpointService.exe

--

End of file - 8550 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 16:46:33, on 24-02-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\AEADISRV.EXE

C:\WINDOWS\ATKKBService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programas\Bonjour\mDNSResponder.exe

C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

C:\Programas\PowerISO\PWRISOVM.EXE

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Analog Devices\Core\smax4pnp.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Viewpoint\Common\ViewpointService.exe

C:\Programas\Windows Live\Messenger\usnsvc.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Programas\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B66BA35-9160-44B0-85E3-D8563EF3A6DC}: NameServer = 194.65.47.43,194.65.47.44

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA6278B5-8E09-48B5-B0C9-904A1803E533}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programas\Adobe\Adobe Version Cue\service\VersionCue.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\WINDOWS\system32\AEADISRV.EXE

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programas\McAfee\SiteAdvisor\McSACore.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programas\Viewpoint\Common\ViewpointService.exe

--

End of file - 8807 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Se tiver um Pendrive ou um drive de MP3 ou MP4, conecte no PC (se tiver mais de um, tem de conectar todos). Não os tire até completar todas as instruções.

Delete a pasta qoobox que está localizada em C:\, delete também o Log ComboFix.txt também localizado em C:\.

Sugiro que imprima ou salve os procedimentos abaixo, e não use a Internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa cinza) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na Área de Trabalho ( Desktop), com o nome de CFScript.txt.

File::

c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL McRegWizz.exe

Registry::

[-HKEY_CURRENT_USER\software\Microsoft\windows\currentversion\explorer\mountpoints2\{fc990470-1880-11dd-89af-00173f99dbc7}]

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo.

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt.

Faça um novo Log com o HijackThis em Modo Normal e poste + o ComboFix.txt.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Aqui estao:

ComboFIX:

ComboFix 09-02-21.01 - Administrador 2009-02-24 17:55:34.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.2070.18.2047.1586 [GMT 0:00]

Executando de: c:\documents and settings\Administrador\Ambiente de trabalho\ComboFix.exe

Comandos utilizados :: c:\documents and settings\Administrador\Ambiente de trabalho\CFScript.txt

AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

* Criado um novo ponto de restauro

FILE ::

c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL McRegWizz.exe

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\explorer.exe . . . está infetado!!

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-01-24 to 2009-02-24 ))))))))))))))))))))))))))))

.

2009-02-23 09:31 . 2009-02-23 09:31 <DIR> d-------- c:\programas\Trend Micro

2009-02-23 09:30 . 2009-02-23 09:31 <DIR> d-------- C:\CCleaner

2009-02-23 09:26 . 2009-02-23 09:26 <DIR> d-------- c:\programas\CCleaner

2009-02-22 17:23 . 2009-02-22 17:23 <DIR> d-------- c:\programas\Microsoft.NET

2009-02-22 17:15 . 2009-02-22 17:15 <DIR> d-------- C:\8ec090f8f29fcc45890e684b3c64bb

2009-02-22 17:15 . 2009-02-22 17:15 <DIR> d-------- C:\52287885bfe694d80d7cbb

2009-02-22 11:39 . 2009-02-22 11:39 <DIR> d-------- c:\windows\system32\URTTemp

2009-02-22 11:29 . 2009-02-22 11:46 <DIR> d-------- c:\windows\SxsCaPendDel

2009-02-22 10:58 . 2009-02-24 10:02 <DIR> d-------- c:\windows\system32\drivers\Avg

2009-02-22 10:58 . 2009-02-22 10:58 325,128 --a------ c:\windows\system32\drivers\avgldx86.sys

2009-02-22 10:58 . 2009-02-22 10:58 107,272 --a------ c:\windows\system32\drivers\avgtdix.sys

2009-02-22 10:58 . 2009-02-22 10:58 10,520 --a------ c:\windows\system32\avgrsstx.dll

2009-02-21 18:48 . 2009-02-21 18:48 <DIR> d-------- c:\documents and settings\LocalService\Application Data\SACore

2009-02-20 18:45 . 2009-02-21 18:47 <DIR> d-------- c:\documents and settings\All Users\Application Data\SiteAdvisor

2009-02-20 18:43 . 2009-02-21 19:13 <DIR> d-------- c:\programas\McAfee

2009-02-20 18:38 . 2009-02-21 19:13 <DIR> d-------- c:\documents and settings\All Users\Application Data\McAfee

2009-02-20 17:15 . 2008-04-14 21:39 870,784 --------- c:\windows\system32\ati3d1ag.dll

2009-02-20 17:15 . 2008-04-14 21:39 377,984 --------- c:\windows\system32\ati2dvaa.dll

2009-02-20 17:15 . 2008-04-14 21:39 32,768 --------- c:\windows\system32\ativtmxx.dll

2009-02-20 17:15 . 2008-04-14 21:40 23,040 --------- c:\windows\system32\ativmvxx.ax

2009-02-20 17:15 . 2008-04-14 21:40 9,728 --------- c:\windows\system32\ativdaxx.ax

2009-02-20 16:31 . 2006-12-29 00:31 19,569 --a------ c:\windows\000001_.tmp

2009-02-20 16:25 . 2009-02-20 16:54 <DIR> d-------- C:\b4af109b097d9f47026ba7ffff

2009-02-20 15:56 . 2009-02-20 15:56 <DIR> d-------- c:\documents and settings\LocalService\Ambiente de trabalho

2009-02-20 14:50 . 2009-02-20 14:50 <DIR> d-------- c:\windows\system32\CatRoot_bak

2009-02-20 13:44 . 2009-02-20 21:21 593,920 --a------ c:\windows\system32\ati2sgag.exe

2009-02-20 13:28 . 2009-02-20 13:28 <DIR> d-------- c:\documents and settings\All Users\Application Data\SonicFocus

2009-02-20 12:43 . 2009-02-20 12:52 <DIR> d-------- c:\programas\Driver Checker

2009-02-20 12:28 . 2009-02-20 13:30 <DIR> d-------- c:\programas\ATI

2009-02-20 12:24 . 2008-12-04 09:31 53,248 --a------ c:\windows\system32\CSVer.dll

2009-02-20 12:23 . 2009-02-20 12:23 <DIR> d-------- c:\programas\Realtek

2009-02-20 12:23 . 2009-01-16 22:45 73,728 --a------ c:\windows\system32\RtNicProp32.dll

2009-02-20 12:07 . 2009-02-20 13:29 <DIR> d-------- c:\programas\Driver-Soft

2009-02-20 12:07 . 2007-09-02 20:56 1,686,016 --a------ c:\windows\system32\clinetsuitex6.ocx

2009-02-20 12:07 . 2004-03-09 16:45 662,288 --a------ c:\windows\system32\MSCOMCT2.OCX

2009-02-20 12:07 . 2004-06-14 14:56 427,864 --a------ c:\windows\system32\XceedZip.dll

2009-02-20 11:58 . 2009-02-20 11:58 <DIR> d-------- c:\programas\iXi Tools

2009-02-20 11:56 . 2009-02-20 11:56 <DIR> d-------- c:\documents and settings\Administrador\Application Data\Thinstall

2009-02-20 11:47 . 2009-02-20 11:47 <DIR> d-------- c:\programas\XPC Tools

2009-02-20 10:56 . 2009-02-20 10:56 <DIR> d-------- c:\programas\Analog Devices

2009-02-20 10:54 . 2009-02-20 10:54 <DIR> d-------- C:\Intel

2009-02-20 10:54 . 2009-02-20 10:54 <DIR> d-------- C:\Drivers

2009-02-20 10:44 . 2009-02-20 10:58 <DIR> d-------- c:\documents and settings\All Users\Application Data\DriverScanner

2009-02-16 20:17 . 2009-02-16 20:17 <DIR> d-------- c:\windows\system32\VirtualExpander

2009-02-15 10:46 . 2009-02-22 10:44 <DIR> d-------- c:\documents and settings\Administrador\Application Data\SecondLife

2009-02-15 10:44 . 2009-02-15 10:44 <DIR> d-------- c:\programas\SecondLifeReleaseCandidate

2009-02-12 20:08 . 2009-02-15 09:56 <DIR> d-------- c:\documents and settings\Administrador\Application Data\OnRez

2009-02-09 22:52 . 2009-02-09 22:52 <DIR> d-------- c:\documents and settings\Administrador\Application Data\id Software

2009-02-09 22:50 . 2009-02-09 22:50 <DIR> d-------- c:\documents and settings\All Users\Application Data\id Software

2009-02-09 22:50 . 2009-02-20 21:25 2,266,642 --a------ c:\windows\system32\pbsvc.exe

2009-02-09 22:50 . 2009-02-11 20:02 188,896 --a------ c:\windows\system32\PnkBstrB.exe

2009-02-09 22:50 . 2009-02-11 20:02 138,784 --a------ c:\windows\system32\drivers\PnkBstrK.sys

2009-02-09 22:50 . 2009-02-11 20:02 70,968 --a------ c:\windows\system32\PnkBstrA.exe

2009-02-09 22:50 . 2009-02-09 22:50 22,328 --a------ c:\documents and settings\Administrador\Application Data\PnkBstrK.sys

2009-01-24 14:15 . 2009-01-24 14:15 <DIR> d-------- c:\programas\Adobe Media Player

2009-01-24 14:12 . 2009-01-24 14:12 <DIR> d-------- c:\programas\Ficheiros comuns\Adobe AIR

2009-01-24 12:02 . 2009-01-24 12:13 <DIR> d-------- c:\documents and settings\Administrador\Application Data\Download Manager

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-02-24 17:46 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

2009-02-24 10:20 --------- d-----w c:\programas\Malwarebytes' Anti-Malware

2009-02-22 20:19 --------- d-----w c:\documents and settings\Administrador\Application Data\Azureus

2009-02-21 15:00 --------- d-----w c:\programas\Lavasoft

2009-02-21 15:00 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft

2009-02-20 21:28 32,256 ----a-w c:\windows\system32\wupdmgr.exe

2009-02-20 21:28 32,256 ----a-w c:\windows\system32\wpabaln.exe

2009-02-20 21:28 30,720 ----a-w c:\windows\system32\xcopy.exe

2009-02-20 21:28 28,168 ----a-w c:\windows\system32\wpnpinst.exe

2009-02-20 21:28 17,408 ----a-w c:\windows\system32\wpdshextautoplay.exe

2009-02-20 21:28 163,336 ----a-w c:\windows\system32\WudfHost.exe

2009-02-20 21:28 155,648 ----a-w c:\windows\system32\wscript.exe

2009-02-20 21:26 99,328 ----a-w c:\windows\system32\scardsvr.exe

2009-02-20 21:25 9,728 ----a-w c:\windows\system32\proxycfg.exe

2009-02-20 21:24 87,552 ----a-w c:\windows\system32\netsh.exe

2009-02-20 21:23 9,728 ----a-w c:\windows\system32\label.exe

2009-02-20 21:22 9,728 ----a-w c:\windows\system32\finger.exe

2009-02-20 21:21 98,304 ----a-w c:\windows\system32\ahui.exe

2009-02-20 21:12 769,024 ----a-w c:\windows\pchealth\helpctr\binaries\helpctr.exe

2009-02-20 21:12 744,448 ----a-w c:\windows\pchealth\helpctr\binaries\helpsvc.exe

2009-02-20 21:12 171,520 ----a-w c:\windows\pchealth\helpctr\binaries\msconfig.exe

2009-02-20 21:02 70,656 ----a-w c:\windows\notepad.exe

2009-02-20 21:02 327,168 ----a-w c:\windows\IsUn0816.exe

2009-02-20 21:02 323,072 ----a-w c:\windows\IsUninst.exe

2009-02-20 21:02 310,784 ----a-w c:\windows\IsUn0416.exe

2009-02-20 21:02 299,008 ----a-w c:\windows\uninst.exe

2009-02-20 21:02 288,256 ----a-w c:\windows\winhlp32.exe

2009-02-20 21:02 25,600 ----a-w c:\windows\twunk_32.exe

2009-02-20 21:02 15,872 ----a-w c:\windows\TASKMAN.EXE

2009-02-20 21:02 122,880 ----a-w c:\windows\UnGins.exe

2009-02-20 21:01 35,328 ----a-w c:\windows\emAMCAP.exe

2009-02-20 21:01 20,480 ----a-w c:\windows\HyperDrive.exe

2009-02-20 21:01 188,416 ----a-w c:\windows\emSTI.exe

2009-02-20 21:01 10,752 ----a-w c:\windows\hh.exe

2009-02-20 20:29 --------- d-----w c:\programas\PBP Unpacker

2009-02-20 19:59 --------- d-----w c:\programas\GSalive CS 1.6 NS

2009-02-20 19:03 90,112 ----a-w c:\windows\system32\AEADISRV.EXE

2009-02-20 19:03 126,976 ----a-w C:\W3XMapHack120E2.exe

2009-02-20 19:00 598,016 ----a-w c:\windows\system32\ati2evxx.exe

2009-02-20 19:00 15,360 ----a-w c:\windows\system32\ctfmon.exe

2009-02-20 19:00 1,035,776 ----a-w c:\windows\explorer.exe

2009-02-20 17:54 --------- d-----w c:\programas\MagicISO

2009-02-20 13:34 --------- d-----w c:\programas\ATI Technologies

2009-02-20 13:30 --------- d-----w c:\programas\Ficheiros comuns\Wise Installation Wizard

2009-02-20 12:29 --------- d--h--w c:\programas\InstallShield Installation Information

2009-02-20 10:58 --------- d-----w c:\documents and settings\Administrador\Application Data\Uniblue

2009-02-17 16:48 70,512 ----a-w c:\documents and settings\Administrador\Application Data\GDIPFONTCACHEV1.DAT

2009-02-17 14:20 --------- d-----w c:\documents and settings\Administrador\Application Data\Skype

2009-02-17 14:17 --------- d-----w c:\documents and settings\Administrador\Application Data\skypePM

2009-02-13 12:35 --------- d-----w c:\documents and settings\All Users\Application Data\FLEXnet

2009-02-12 22:30 --------- d-----w c:\programas\Valve

2009-02-11 17:28 --------- d-----w c:\programas\Messenger Plus! Live

2009-02-11 10:19 38,496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys

2009-02-11 10:19 15,504 ----a-w c:\windows\system32\drivers\mbam.sys

2009-01-29 23:49 196,608 ----a-w c:\windows\system32\drivers\aStandard.bin

2009-01-29 13:03 --------- d-----w c:\programas\Vuze

2009-01-24 16:43 --------- d---a-w c:\documents and settings\All Users\Application Data\TEMP

2009-01-24 14:48 --------- d-----w c:\programas\Macromedia

2009-01-24 14:17 --------- d-----w c:\programas\Ficheiros comuns\Adobe

2009-01-24 13:50 --------- d-----w c:\programas\Ficheiros comuns\Macromedia

2009-01-21 15:49 118,656 ----a-w c:\windows\system32\drivers\Rtnicxp.sys

2009-01-21 11:12 --------- d-----w c:\programas\CoreCodec

2009-01-19 12:25 --------- d-----w c:\programas\Soulseek

2009-01-18 21:38 --------- d-----w c:\documents and settings\All Users\Application Data\NexonUS

2009-01-18 21:15 --------- d-----w c:\programas\Pando Networks

2009-01-18 21:15 --------- d-----w c:\documents and settings\All Users\Application Data\PMB Files

2009-01-17 17:38 --------- d-----w c:\documents and settings\Administrador\Application Data\GameScanner

2009-01-17 15:28 --------- d-----w c:\programas\Hewlett-Packard

2009-01-17 15:23 --------- d-----w c:\programas\Pcsx2_0.9.4

2009-01-17 13:27 --------- d-----w c:\programas\K-Lite Codec Pack

2009-01-17 13:26 --------- d-----w c:\documents and settings\All Users\Application Data\Apple Computer

2009-01-17 13:26 --------- d-----w c:\documents and settings\Administrador\Application Data\Apple Computer

2009-01-17 13:24 --------- d-----w c:\programas\Haali

2009-01-14 07:14 3,455,488 ----a-w c:\windows\system32\drivers\ati2mtag.sys

2009-01-14 05:46 11,591,680 ----a-w c:\windows\system32\atioglxx.dll

2009-01-14 04:53 286,720 ----a-w c:\windows\system32\atiok3x2.dll

2009-01-14 04:49 425,984 ----a-w c:\windows\system32\ATIDEMGX.dll

2009-01-14 04:47 323,584 ----a-w c:\windows\system32\ati2dvag.dll

2009-01-14 04:36 196,608 ----a-w c:\windows\system32\atipdlxx.dll

2009-01-14 04:36 151,552 ----a-w c:\windows\system32\Oemdspif.dll

2009-01-14 04:35 43,520 ----a-w c:\windows\system32\ati2edxx.dll

2009-01-14 04:35 155,648 ----a-w c:\windows\system32\ati2evxx.dll

2009-01-14 04:32 53,248 ----a-w c:\windows\system32\ATIDDC.DLL

2009-01-14 04:22 4,009,152 ----a-w c:\windows\system32\ati3duag.dll

2009-01-14 04:05 2,500,224 ----a-w c:\windows\system32\ativvaxx.dll

2009-01-14 03:50 48,640 ----a-w c:\windows\system32\amdpcom32.dll

2009-01-14 03:45 401,408 ----a-w c:\windows\system32\atikvmag.dll

2009-01-14 03:44 17,408 ----a-w c:\windows\system32\atitvo32.dll

2009-01-14 03:44 110,592 ----a-w c:\windows\system32\atiadlxx.dll

2009-01-14 03:43 53,248 ----a-w c:\windows\system32\drivers\ati2erec.dll

2009-01-14 03:37 577,536 ----a-w c:\windows\system32\ati2cqag.dll

2009-01-14 03:37 307,200 ----a-w c:\windows\system32\atiiiexx.dll

2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalrt.dll

2009-01-14 02:36 45,056 ----a-w c:\windows\system32\amdcalcl.dll

2009-01-14 02:34 3,227,648 ----a-w c:\windows\system32\Amdcaldd.dll

2009-01-12 19:45 --------- d-----w c:\programas\XVideoConverter

2009-01-12 19:24 --------- d-----w c:\programas\Azureus

2009-01-12 18:48 --------- d-----w c:\programas\Bluefox Studio

2009-01-12 17:33 --------- d-----w c:\programas\SUPERAntiSpyware

2009-01-12 17:33 --------- d-----w c:\documents and settings\Administrador\Application Data\SUPERAntiSpyware.com

2008-10-25 09:16 32,768 --sha-w c:\windows\system32\config\systemprofile\Definições locais\Histórico\History.IE5\MSHist012008102520081026\index.dat

.

------- Sigcheck -------

2009-02-20 19:00 1035776 9a0cfda7a8061eae1b49f1c591cd588c c:\windows\explorer.exe

2009-02-20 21:03 1035264 e4786809a1e3cbec2ce929d6b1283f1b c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe

2009-02-20 21:05 1052165 ff72246732eae3f3076bf7df675c7995 c:\windows\$NtServicePackUninstall$\explorer.exe

2009-02-20 21:07 1034240 8ce395dd09c0fbe82c8ff529528242b0 c:\windows\$NtUninstallKB938828$\explorer.exe

2009-02-20 21:14 1035776 9a0cfda7a8061eae1b49f1c591cd588c c:\windows\ServicePackFiles\i386\explorer.exe

2004-08-03 23:56 32768 db37a839f4a2be4f93cf7e614bab63d2 c:\windows\$NtServicePackUninstall$\ctfmon.exe

2009-02-20 21:14 15360 93f93102a8c5d0da6750b25a0c339b66 c:\windows\ServicePackFiles\i386\ctfmon.exe

2009-02-20 19:00 15360 93f93102a8c5d0da6750b25a0c339b66 c:\windows\system32\ctfmon.exe

2004-08-03 23:57 42496 bbdb97f728c2eab8b139e78bb8c79579 c:\windows\$NtServicePackUninstall$\userinit.exe

2009-02-20 21:19 26624 7ce5eb4e0a3c37c4c660b626df3db9be c:\windows\ServicePackFiles\i386\userinit.exe

2009-02-20 21:27 26624 7ce5eb4e0a3c37c4c660b626df3db9be c:\windows\system32\userinit.exe

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2009-02-20 15360]

"MsnMsgr"="c:\programas\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RemoteControl"="c:\programas\CyberLink\PowerDVD\PDVDServ.exe" [2009-02-20 32768]

"AdobeVersionCue"="c:\programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe" [2003-10-13 1753088]

"PWRISOVM.EXE"="c:\programas\PowerISO\PWRISOVM.EXE" [2009-02-20 200704]

"SunJavaUpdateSched"="c:\programas\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]

"TkBellExe"="c:\programas\Ficheiros comuns\Real\Update_OB\realsched.exe" [2009-01-17 185872]

"AdobeCS4ServiceManager"="c:\programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]

"ATICustomerCare"="c:\programas\ATI\ATICustomerCare\ATICustomerCare.exe" [2009-02-20 307200]

"SoundMAXPnP"="c:\programas\Analog Devices\Core\smax4pnp.exe" [2009-02-20 1040384]

"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-22 1601304]

"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2009-02-20 c:\windows\system32\HdAShCut.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2009-02-20 15360]

c:\documents and settings\All Users\Menu Iniciar\Programas\Arranque\

Adobe Reader Speed Launch.lnk - c:\programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]

Microsoft Office.lnk - c:\programas\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\winlogon\notify\WB]

2001-12-20 22:34 24576 c:\programas\AlienGUIse\fastload.dll

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

2009-02-22 10:58 10520 c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\windows]

"AppInit_DLLs"=wbsys.dll

[HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\drivers32]

"VIDC.I420"= i420vfw.dll

"msacm.l3fhg"= mp3fhg.acm

"VIDC.X264"= x264vfw.dll

"VIDC.HFYU"= huffyuv.dll

"vidc.i263"= i263_32.drv

"msacm.ac3filter"= ac3filter.acm

"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\software\Microsoft\security center]

"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Programas\\Messenger\\msmsgs.exe"=

"c:\\Programas\\mIRC\\mirc.exe"=

"c:\\Programas\\NetMeeting\\conf.exe"=

"c:\\Hybrid\\Hybrid.exe"=

"c:\\Programas\\Autodesk\\Backburner\\monitor.exe"=

"c:\\Programas\\Autodesk\\Backburner\\manager.exe"=

"c:\\Programas\\Autodesk\\Backburner\\server.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"d:\\Os meus documentos\\Azureus Downloads\\Star Wars Jedi Knight - Jedi Academy\\GameData\\GameData\\jamp.exe"=

"c:\\Programas\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Programas\\Windows Live\\Messenger\\livecall.exe"=

"c:\\Programas\\Soulseek\\slsk.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Programas\\Bonjour\\mDNSResponder.exe"=

"c:\\Programas\\Pando Networks\\Media Booster\\PMB.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"c:\\Programas\\Ficheiros comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

"c:\\WINDOWS\\system32\\PnkBstrA.exe"=

"c:\\WINDOWS\\system32\\PnkBstrB.exe"=

"c:\\Programas\\Skype\\Phone\\Skype.exe"=

"c:\\WINDOWS\\system32\\wbem\\wmiprvse.exe"=

"c:\\Programas\\AVG\\AVG8\\avgupd.exe"=

"c:\\Programas\\AVG\\AVG8\\avgnsx.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"6112:TCP"= 6112:TCP:Blizzard Downloader

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"13050:UDP"= 13050:UDP:SecondLife

"58036:TCP"= 58036:TCP:Pando Media Booster

"58036:UDP"= 58036:UDP:Pando Media Booster

"5353:TCP"= 5353:TCP:Adobe CSI CS4

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-02-22 325128]

R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-02-22 107272]

R2 avg8wd;AVG Free8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-22 298264]

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\programas\Viewpoint\Common\ViewpointService.exe [2008-03-29 24576]

S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\Drivers\e4ldr.sys --> c:\windows\system32\Drivers\e4ldr.sys [?]

S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\programas\McAfee\SiteAdvisor\McSACore.exe" --> c:\programas\McAfee\SiteAdvisor\McSACore.exe [?]

S2 OMSCAN;OMSCAN;\Sysi --> \Sysi [?]

S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Adapter;c:\windows\system32\drivers\atl01_xp.sys [2002-06-11 34048]

S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\DRIVERS\e4usbaw.sys --> c:\windows\system32\DRIVERS\e4usbaw.sys [?]

S4 Dpt42swmcnzat;Dpt42swmcnzat; [x]

.

Conteúdo da pasta 'Tarefas Agendadas'

2009-02-20 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\programas\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe []

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.deviantart.com/

mStart Page = hxxp://br.yahoo.com

uInternet Settings,ProxyOverride = *.local

uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~1\Office10\EXCEL.EXE/3000

IE: Sothink SWF Catcher - c:\programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

IE: {{07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - {93344865-74BD-4873-BE65-56539D41A65C} -

TCP: {5B66BA35-9160-44B0-85E3-D8563EF3A6DC} = 194.65.47.43,194.65.47.44

TCP: {BA6278B5-8E09-48B5-B0C9-904A1803E533} = 192.168.0.1

FF - ProfilePath - c:\documents and settings\Administrador\Application Data\Mozilla\Firefox\Profiles\qffrjskl.nightelfmohawk\

FF - prefs.js: browser.search.defaulturl - hxxp://search.aol.com/aolcom/search?invocationType=tbff50ie7&query=

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - www.bleachexile.com

FF - prefs.js: keyword.URL - hxxp://search.aol.com/aolcom/search?invocationType=TB50TRFF;homepage=no;search=yesab&query=

FF - component: c:\programas\AVG\AVG8\Firefox\components\avgssff.dll

FF - plugin: c:\documents and settings\All Users\Application Data\id Software\QuakeLive\npquakezero.dll

FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nppl3260.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprjplug.dll

FF - plugin: c:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll

FF - plugin: c:\programas\Mozilla Firefox\plugins\npPandoWebInst.dll

FF - plugin: c:\programas\Mozilla Firefox\plugins\npViewpoint.dll

FF - plugin: c:\programas\Viewpoint\Viewpoint Media Player\npViewpoint.dll

---- FIREFOX POLICIES ----

c:\programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-02-24 17:59:11

Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:

ZwOpenFile

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OMSCAN]

"ImagePath"="\Sys"

.

--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\CLSID]

@Denied: (Full) (LocalSystem)

[HKEY_USERS\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{43613DEA-565E-A006-2C4B-FC450A21DB9C}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"iaebnkomfijooflbpk"=hex:6a,61,6e,62,63,61,68,62,68,6b,69,6d,66,67,61,70,63,68,

63,63,00,00

"haknhmigdicaonnh"=hex:6a,61,6e,62,63,61,68,62,68,6b,69,6d,66,67,61,70,63,68,

63,63,00,ff

"iaaacenelhmpapmpjl"=hex:63,61,62,63,6f,61,00,7c

[HKEY_USERS\Administrator\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F7F8EFB-70A2-EDC4-812A-8D0FFECE72AA}*]

@Allowed: (Read) (RestrictedCode)

@Allowed: (Read) (RestrictedCode)

"ialpdhnmpoiemphijc"=hex:6a,61,68,65,6c,6d,70,63,69,66,64,65,6c,67,62,67,69,68,

70,6c,00,00

"hafoffinekdamfej"=hex:69,61,6b,65,66,6e,63,6e,6b,63,70,68,67,62,70,6d,65,70,

00,00

[HKEY_USERS\Administrator\SOFTWARE\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]

"??"=hex:b2,d1,fc,91,95,2f,7e,04,60,b8,4b,41,9d,42,17,d3,80,92,4f,14,62,79,d3,

28,5b,e1,f2,44,72,cf,86,65,8a,60,36,6a,bd,65,78,be,60,72,27,3c,f1,b4,45,09,\

"??"=hex:25,52,30,17,cb,a9,95,ed,7b,3b,30,64,7b,4d,07,ff

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{8F7F8EFB-70A2-EDC4-812A-8D0FFECE72AA}\InProcServer32*]

"jajpohhbpmdnpbbpkbad"=hex:6a,61,68,65,6c,6d,70,63,69,66,64,65,6c,67,62,67,69,

68,70,6c,00,00

"iajpienhbgmfjcdgnc"=hex:69,61,6b,65,66,6e,63,6e,6b,63,70,68,67,62,70,6d,65,70,

00,00

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'winlogon.exe'(740)

c:\windows\system32\Ati2evxx.dll

c:\programas\AlienGUIse\fastload.dll

.

Tempo para conclusão: 2009-02-24 18:01:28

ComboFix-quarantined-files.txt 2009-02-24 18:00:11

Pré-execução: 40.378.363.904 bytes livres

Pós execução: 40,367,415,296 bytes livres

358 --- E O F --- 2009-02-22 17:28:23

- - - -

HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 18:02:22, on 24-02-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\system32\AEADISRV.EXE

C:\WINDOWS\ATKKBService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programas\Bonjour\mDNSResponder.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\svchost.exe

C:\Programas\Viewpoint\Common\ViewpointService.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\WINDOWS\system32\wscntfy.exe

C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Analog Devices\Core\smax4pnp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\explorer.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Programas\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B66BA35-9160-44B0-85E3-D8563EF3A6DC}: NameServer = 194.65.47.43,194.65.47.44

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA6278B5-8E09-48B5-B0C9-904A1803E533}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programas\Adobe\Adobe Version Cue\service\VersionCue.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\WINDOWS\system32\AEADISRV.EXE

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programas\McAfee\SiteAdvisor\McSACore.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programas\Viewpoint\Common\ViewpointService.exe

--

End of file - 8636 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça download do Kaspersky Removal Tool.

Salve no seu Desktop

Instale o programa normalmente seguindo todos os seus passos.

Na tela principal do programa clique na opção "Meu computador" e depois clique no botão "Scan".

Seja paciente, o scan pode demorar

Se ele encontrar alguma infecção clique em "disinfect".

Após completar tudo clique na aba Events, desmarque a caixa de seleção "Show all events" e depois em "Save to file".

Dê um nome para o Arquivo e salve numa Pasta de sua preferência

Poste o conteúdo desse Arquivo em sua próxima resposta, juntamente com um novo Log do HijackThis.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do HiJackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 15:12:00, on 25-02-2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16791)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\AEADISRV.EXE

C:\WINDOWS\ATKKBService.exe

C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

C:\Programas\Bonjour\mDNSResponder.exe

C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

C:\Programas\PowerISO\PWRISOVM.EXE

C:\Programas\Java\jre1.6.0_05\bin\jusched.exe

C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe

C:\Programas\Ficheiros comuns\Microsoft Shared\VS7Debug\mdm.exe

C:\Programas\Analog Devices\Core\smax4pnp.exe

C:\PROGRA~1\AVG\AVG8\avgtray.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\PnkBstrA.exe

C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

C:\PROGRA~1\AVG\AVG8\avgrsx.exe

C:\WINDOWS\system32\svchost.exe

C:\PROGRA~1\AVG\AVG8\avgnsx.exe

C:\Programas\Viewpoint\Common\ViewpointService.exe

C:\Programas\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.deviantart.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.yahoo.com

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?fr=mcafee&p=%s

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hiperligações

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programas\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programas\AVG\AVG8\avgssie.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programas\Ficheiros comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O4 - HKLM\..\Run: [RemoteControl] C:\Programas\CyberLink\PowerDVD\PDVDServ.exe

O4 - HKLM\..\Run: [AdobeVersionCue] C:\Programas\Adobe\Adobe Version Cue\ControlPanel\VersionCueTray.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Programas\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Programas\Java\jre1.6.0_05\bin\jusched.exe"

O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe

O4 - HKLM\..\Run: [TkBellExe] "C:\Programas\Ficheiros comuns\Real\Update_OB\realsched.exe" -osboot

O4 - HKLM\..\Run: [AdobeCS4ServiceManager] "C:\Programas\Ficheiros comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [ATICustomerCare] "C:\Programas\ATI\ATICustomerCare\ATICustomerCare.exe"

O4 - HKLM\..\Run: [soundMAXPnP] C:\Programas\Analog Devices\Core\smax4pnp.exe

O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Programas\Windows Live\Messenger\MsnMsgr.Exe" /background

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Programas\Adobe\Acrobat 7.0\Reader\reader_sl.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Programas\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Sothink SWF Catcher - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Earn2Life Bar - {07328B93-AFD8-4c6a-99E9-D0B3B5D6DAD9} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programas\Java\jre1.6.0_05\bin\ssv.dll

O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Programas\Ficheiros comuns\SourceTec\SWF Catcher\InternetExplorer.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programas\Messenger\msmsgs.exe

O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Programas\Yahoo!\Common\Yinsthelper.dll

O17 - HKLM\System\CCS\Services\Tcpip\..\{5B66BA35-9160-44B0-85E3-D8563EF3A6DC}: NameServer = 194.65.47.43,194.65.47.44

O17 - HKLM\System\CCS\Services\Tcpip\..\{BA6278B5-8E09-48B5-B0C9-904A1803E533}: NameServer = 192.168.0.1

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programas\AVG\AVG8\avgpp.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHEI~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

O23 - Service: Adobe LM Service - Adobe Systems - C:\Programas\Ficheiros comuns\Adobe Systems Shared\Service\Adobelmsvc.exe

O23 - Service: AdobeVersionCue - Adobe Sytems - C:\Programas\Adobe\Adobe Version Cue\service\VersionCue.exe

O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\WINDOWS\system32\AEADISRV.EXE

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe

O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe

O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programas\Bonjour\mDNSResponder.exe

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Programas\Ficheiros comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programas\Ficheiros comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Windows CardSpace (idsvc) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (file missing)

O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Programas\Ficheiros comuns\Macromedia Shared\Service\Macromedia Licensing.exe

O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Programas\McAfee\SiteAdvisor\McSACore.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Programas\Viewpoint\Common\ViewpointService.exe

--

End of file - 8726 bytes

Log do Kaspersky Removal Tool:

Deixei o scan a correr de noite antes de ir dormir, de manha quando acordei vi que a janela do Kaspersky ja nao estava aberta, mas quando fui vi que tinha detectado cerca de 200 infeçoes, por isso corri um novo scan para obter o log, e desta vez so detectou 13, o log do Kaspersky era muito grande para postar no forum, por isso alojei numa pagina web, pode encontra-lo aqui: http://hackz.com.sapo.pt/index.htm

Editado por narayann

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite as proteções residentes de AntiVírus e AntiSpywares!

Faça o download do EliStarA.

Baixe-a para o Disco Local-C e crie uma pasta para a ferramenta,estabelecendo um caminho para o Desktop! ( Atalho. )

Faça o download do ELINOTIF.DLL.Salve-o no interior da pasta criada para o EliStarA!.

Faça o download do EliTriIP.

Baixe-a para o Desktop!

Ps: Ambas,as Ferramentas,estarão na página descargas ( Descargas > Utilidades SATINFO ).

Selecione as Ferramentas ( Uma por vez! ) e clique no pé da página,no botão Descargar xxx.Onde xxx é a denominação da Ferramenta escolhida!

Faça o download do Clean.

Salve-o no Disco Local-C e descompacte-o aí mesmo,enviando o executável ( Atalho ) para o Desktop!

O executável é um ícone denominado: clean.

Reinicie o PC em entre em Modo Seguro (pressione F8 intermitentemente durante a Inicialização e escolha Modo Seguro na tela de seleção);

Execute,primeiro,a Ferramenta: EliStartA.

Vá ao seu ícone e execute-a!

Aceite as condições propostas e aguarde o término do scan.Aguarde!Pois vai demorar um pouco para concluír a varredura do PC.

Terminando,execute a Ferramenta EliTriIP.

O scan desta Ferramenta é mais rápido!

Terminando,execute o Programa de limpeza profunda Clean com um duplo clique no seu executável.

Abrir-se-á um prompt com três opções: Escolha o dois ( 2 )!

Aperte Enter! >> Aperte Enter,novamente! >> Aguarde!

Aperte Enter,novamente!

Surgirá um Relatório ( rapport_clean ),que voçê deverá salvar e postar para análise.

Poste o relatório infoSAT.txt que está na raíz C:\ ( Disco Local-C ) + rapport_clean.

Selecione e copie!

Poste,também,um novo Log do HijackThis,feito em Modo Normal,na sua resposta.

A Ferramenta EliStarA,deletará a sua página inicial!

Posteriormente,voçê à configurará novamente.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Quer postar a sua dúvida? Cadastre-se pois é rápido e fácil!


Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.


Entrar Agora
Esse tópico é útil para você?
Então compartilhe e ajude outros internautas!
Entre para seguir isso  
Seguidores 0

  • Vídeos do BABOO no YouTube

  • Posts

    • Gostaria de saber se é possível remover a barra de progresso de cópia de arquivos no Windows 7. Ou seja, aquela barrinha verde que que fica na janela minimizada e que mostra o andamento da operação. Obs: É apenas a barra minimizada anexei a imagem com o progresso da cópia de arquivo apenas como exemplo.
    • Parece que resolveu meu problema. Qualquer coisa volto a postar aqui. Muito Obrigado Mr.Million pelo suporte.
    • Baixe o Malwarebytes Anti-Malware (MBAM) e salve ou imprima estas instruções: 1. Execute o MBAM e prossiga com a instalação até chegar na tela abaixo. Você deve desmarcar a opção Ativar trial gratuito do Malwarebytes Anti-Malware Pro  2. O programa de instalação será finalizado e o MBAM será executado e automaticamente atualizará o seu banco de dados. Enquanto ele faz isso, clique no menu Configurações > Detecção e proteção (à esquerda) e clique na opção Procurar rootkits. Verifique também se as duas opções mostradas abaixo estão ambas configuradas como Tratar detecções como malware: 3. Clique no menu Painel para voltar à tela principal e clique no botão Verificar. O MBAM iniciará a verificação de malwares no seu computador. Essa tarefa pode demorar bastante se houverem muitos arquivos. Aguarde a finalização de todos os processos. Se no final o MBAM detectou algum malware, inicialmente clique na opção Salvar resultados > escolha a opção Arquivo de texto (*.txt) > Salve o arquivo: Agora clique no botão Remover selecionados para as ameaças serem removidas.  Se o MBAM encontrar arquivos que não podem ser removidos, ele solicitará a reinicialização do computador (talvez mais de uma vez). Se isso acontecer, reinicie o computador imediatamente. 4. Agora abra o arquivo que você salvou no item anterior.  Selecione todo o conteúdo desse log (tecle CTRL+A), copie-o (CTRL+C) e cole-o (CTRL+V) na sua próxima resposta juntamente com um novo Log do HiJackThis .
    • Solicitação de Análise de Logs Já fiz todos os procedimentos solicitados no Tópico Oficial... - Barra de pesquisa direciona para sites estranhos
      - Quando entro no google e vou digitar a busca aparece uma barra secundária no topo da página
      - Utilizo o Windows 10 e vários programas nativos pararam de funcionar (aparece uma exclamação do lado). Já fiz a restauração do sistema e não adiantou.
      - Durante a navegação quando eu clico pra acessar algum link abre páginas completamente avulsas e propagandas ou redireciona a página que eu estava para outra.  Segue meu Log para exame:   Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 16:48:51, on 27/05/2017
      Platform: Unknown Windows (WinNT 6.02.1008)
      MSIE: Internet Explorer v11.0 (11.00.14393.0953)
      Boot mode: Normal Running processes:
      C:\PROGRA~2\GbPlugin\GbpSv.exe
      C:\Users\Vinicius\AppData\Roaming\BMelYB\IQcCQu.exe
      C:\Program Files (x86)\Bluestacks\HD-Agent.exe
      C:\Users\Vinicius\AppData\Local\background_fault\aswRD.exe
      C:\Program Files\AVAST Software\Avast\avastui.exe
      C:\Windows\SysWOW64\ctfmon.exe
      C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
      C:\Program Files (x86)\Dell Backup and Recovery\COMPONENTS\DBRUPDATE\DBRUPD.EXE
      C:\Program Files (x86)\Dell Backup and Recovery\TOASTER.EXE
      C:\Windows\SysWOW64\ctfmon.exe
      C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
      C:\Users\Vinicius\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ourluckysites.com/?type=hp&ts=1492580316&z=74d8c66f66c14d5a68aa1c7g8z4t0o7wfbdedofw3t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32SJ5CG314462314462
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.ourluckysites.com/search/?type=ds&ts=1492580316&z=74d8c66f66c14d5a68aa1c7g8z4t0o7wfbdedofw3t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32SJ5CG314462314462&q={searchTerms}
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://br.yahoo.com/?fr=hp-avast&type=avastbcl
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ourluckysites.com/search/?type=ds&ts=1492580316&z=74d8c66f66c14d5a68aa1c7g8z4t0o7wfbdedofw3t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32SJ5CG314462314462&q={searchTerms}
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ourluckysites.com/?type=hp&ts=1492580316&z=74d8c66f66c14d5a68aa1c7g8z4t0o7wfbdedofw3t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32SJ5CG314462314462
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.ourluckysites.com/?type=hp&ts=1492580316&z=74d8c66f66c14d5a68aa1c7g8z4t0o7wfbdedofw3t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32SJ5CG314462314462
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.ourluckysites.com/search/?type=ds&ts=1492580316&z=74d8c66f66c14d5a68aa1c7g8z4t0o7wfbdedofw3t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32SJ5CG314462314462&q={searchTerms}
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.ourluckysites.com/search/?type=ds&ts=1492580316&z=74d8c66f66c14d5a68aa1c7g8z4t0o7wfbdedofw3t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32SJ5CG314462314462&q={searchTerms}
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ourluckysites.com/?type=hp&ts=1492580316&z=74d8c66f66c14d5a68aa1c7g8z4t0o7wfbdedofw3t&from=che0812&uid=ST1000LM024XHN-M101MBB_S32SJ5CG314462314462
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://none-stops.net/wpad.dat?adc2c82afbff8c524260a8ecc076198620105617
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
      F2 - REG:system.ini: UserInit=
      O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll
      O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
      O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll
      O3 - Toolbar: Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
      O4 - HKLM\..\Run: [DropboxOEM] "C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe" auto
      O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
      O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
      O4 - HKLM\..\Run: [Adobe] C:\Users\Vinicius\AppData\Roaming\Adobe\color.vbe
      O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
      O4 - HKCU\..\Run: [OneDrive] "C:\Users\Vinicius\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
      O4 - HKCU\..\Run: [uTorrent] "C:\Users\Vinicius\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
      O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
      O4 - HKCU\..\Run: [D85D2348B46572DE] C:\Users\Vinicius\AppData\Roaming\BMelYB\IQcCQu.exe
      O4 - HKCU\..\Run: [DAEMON Tools Lite Automount] "C:\Program Files\DAEMON Tools Lite\DTAgent.exe" -autorun
      O4 - HKCU\..\Run: [BlueStacks Agent] C:\Program Files (x86)\Bluestacks\HD-Agent.exe
      O4 - HKCU\..\Run: [background_fault] "C:\Users\Vinicius\AppData\Local\background_fault\aswRD.exe" "C:\Users\Vinicius\AppData\Local\background_fault\bf.dll",background_fault_collector
      O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Vinicius\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Vinicius\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64"
      O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
      O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
      O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
      O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
      O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
      O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: http://www.bb.com.br
      O15 - Trusted Zone: http://www.caixa.gov.br
      O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
      O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
      O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: BlueStacks Android Service  (BstHdAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\Bluestacks\HD-Service.exe
      O23 - Service: BlueStacks Log Rotator Service (BstHdLogRotatorSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\Bluestacks\HD-LogRotatorService.exe
      O23 - Service: BlueStacks Plus Android Service  (BstHdPlusAndroidSvc) - BlueStack Systems, Inc. - C:\Program Files (x86)\Bluestacks\HD-Plus-Service.exe
      O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
      O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
      O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
      O23 - Service: Dell Product Registration Manager (DellProdRegManager) - Aviata, Inc. - C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe
      O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
      O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: Update Service(FirefoxU) (FirefoxU) - Unknown owner - C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
      O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
      O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
      O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
      O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
      O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      O23 - Service: Proteção de Tela de League (LolScreenSaverService) - Unknown owner - C:\Riot Games\LolScreenSaver\service\service.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - CyberLink - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
      O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
      O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --
      End of file - 14962 bytes
       

    • Zoek.exe v5.0.0.1 Updated 27-09-2015
      Tool run by Lucas on Sat 05/27/2017 at 16:00:55.78.
      Microsoft Windows 10 Pro 10.0.14393  x64
      Running in: Normal Mode No Internet Access Detected
      Launched: C:\Users\Lucas\Downloads\zoek.exe    [Scan all users] [Script inserted]  ==== System Restore Info ====================== 5/27/2017 4:02:21 PM Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. 

      # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 

      # This file contains the mappings of IP addresses to host names. Each 
      # entry should be kept on an individual line. The IP address should 
      # be placed in the first column followed by the corresponding host name. 
      # The IP address and the host name should be separated by at least one 
      # space. 

      # Additionally, comments (such as these) may be inserted on individual 
      # lines or following the machine name denoted by a '#' symbol. 

      # For example: 

      #      102.54.94.97     rhino.acme.com          # source server 
      #       38.25.63.10     x.acme.com              # x client host 
       
      127.0.0.1       localhost  ==== Empty Folders Check ====================== C:\PROGRA~2\Gigantic_en deleted successfully
      C:\PROGRA~2\Ubisoft deleted successfully
      C:\PROGRA~3\Adobe deleted successfully
      C:\PROGRA~3\Comms deleted successfully
      C:\PROGRA~3\SoftwareDistribution deleted successfully
      C:\Users\postgres\AppData\LocalLow deleted successfully
      C:\Users\Lucas\AppData\Local\ActiveSync deleted successfully
      C:\Users\Lucas\AppData\Local\Adobe deleted successfully
      C:\Users\Lucas\AppData\Local\NetworkTiles deleted successfully
      C:\Users\Lucas\AppData\Local\PeerDistRepub deleted successfully
      C:\Users\Lucas\AppData\Local\Ubisoft Game Launcher deleted successfully
      C:\Windows\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
      C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
      C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3263317907-2408547081-2500880260-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{A61A35E3-CADA-4E12-9203-4DCACC73BA19} deleted successfully ==== Deleting CLSID Registry Values ======================
      ==== Deleting Services ======================
      ==== FireFox Fix ====================== Deleted from C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\0ka5dy0j.default\prefs.js:
      user_pref("browser.startup.homepage", "about:home");
      user_pref("browser.search.defaultenginename", "YHS");
      user_pref("browser.search.selectedEngine", "YHS");
      user_pref("keyword.URL", true); Added to C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\0ka5dy0j.default\prefs.js:
      user_pref("browser.startup.homepage", "about:home");
      user_pref("browser.newtab.url", "about:newtab"); ProfilePath: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\0ka5dy0j.default user.js not found
      ---- Lines Search  removed from prefs.js ----
      user_pref("browser.newtabpage.pinned", "[null,{\"url\":\"https://torrentz2.eu/\",\"title\":\"Torrent Search torrentz2\",\"frecency\":17810,\"lastVisit
      ---- FireFox user.js and prefs.js backups ----  prefs_20170527_0422_.backup ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Gigantic_en not found
      C:\PROGRA~2\Ubisoft not found
      C:\Users\Lucas\AppData\Roaming\discord deleted
      C:\Users\Lucas\AppData\Roaming\Unity deleted
      C:\Users\Lucas\.android deleted
      C:\PROGRA~2\PokerOffice deleted
      C:\install.exe deleted
      C:\PROGRA~3\{0887FF4E-C52E-4C7E-9312-9A6BD34AC8DF} deleted
      C:\PROGRA~3\Package Cache deleted
      C:\Users\Lucas\AppData\Local\BTServer.log deleted
      C:\Users\Lucas\AppData\Local\Unity deleted
      C:\Windows\SysNative\config\systemprofile\AppData\Local\RtkBleServ.log deleted
      C:\Users\Lucas\AppData\LocalLow\Unity deleted
      C:\Windows\SysNative\GroupPolicy\Machine deleted
      C:\Windows\SysNative\GroupPolicy\User deleted
      C:\Windows\SysNative\GroupPolicy\GPT.INI deleted
      C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
      C:\Windows\Syswow64\SET26C.tmp deleted
      C:\Windows\Syswow64\SET2B4F.tmp deleted
      C:\Windows\Syswow64\SET2D4B.tmp deleted
      C:\Windows\Syswow64\SET3438.tmp deleted
      C:\Windows\Syswow64\SET42BC.tmp deleted
      C:\Windows\Syswow64\SET4457.tmp deleted
      C:\Windows\Syswow64\SET6E50.tmp deleted
      C:\Windows\Syswow64\SET7863.tmp deleted
      C:\Windows\Syswow64\SET8347.tmp deleted
      C:\Windows\Syswow64\SET9893.tmp deleted
      C:\Windows\Syswow64\SET9B9E.tmp deleted
      C:\Windows\Syswow64\SET9CDD.tmp deleted
      C:\Windows\Syswow64\SETA210.tmp deleted
      C:\Windows\Syswow64\SETBA76.tmp deleted
      C:\Windows\Syswow64\SETBB17.tmp deleted
      C:\Windows\Syswow64\SETCE3.tmp deleted
      C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\0ka5dy0j.default\extensions\firefox@mega.co.nz.xpi deleted
      "C:\Users\Lucas\AppData\Roaming\Albion" deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\0ka5dy0j.default
      user_pref("browser.startup.homepage", "about:home");
      user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\0ka5dy0j.default
      - Google Translator for Firefox - %ProfilePath%\extensions\translator@zoli.bod.xpi
      - Always on Top - %ProfilePath%\extensions\{E6C93316-271E-4b3d-8D7E-FE11B4350AEB}.xpi AppDir: C:\Program Files (x86)\Mozilla Firefox
      - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\0ka5dy0j.default
      80320392DCC61B22F0BB23DD5AD7D341    - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_25_0_0_171.dll -    Shockwave Flash
      D24D187FF3004EB238C2B4F84A86DCDE    - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\NPSPWRAP.DLL -    Microsoft Office 2016
      127E13DF136D1CD24B93044D0E45DF1F    - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll -    Microsoft Office 2016
      ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
      ccjleegmemocfpghkhpjmiccjcacackp - No path found[]
      ibbfklbaljofpaanmpaeadejijfdddco - No path found[] Chrome Cleaner Pro - Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ccjleegmemocfpghkhpjmiccjcacackp
      Grammarly for Chrome - Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen
      Chrome Media Router - Lucas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
      C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
      {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
      {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
      {2f23ab71-4ac6-41f2-a955-ea576e553146} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"
      {485CEA5E-5EB6-4D38-916B-C385F7F7D2E5} Google  Url="http://www.google.com/search?q={searchTerms}" ==== Reset Google Chrome ====================== C:\Users\Lucas\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully
      C:\Users\Lucas\AppData\Local\Chromium\User Data\Default\Secure Preferences was reset successfully
      C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
      C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
      C:\Users\Lucas\AppData\Local\Popcorn-Time\User Data\Default\Preferences was reset successfully
      C:\Users\Lucas\AppData\Local\Popcorn-Time\User Data\Default\Secure Preferences was reset successfully
      C:\Users\Lucas\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully
      C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
      C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
      C:\Users\Lucas\AppData\Local\Popcorn-Time\User Data\Default\Web Data was reset successfully
      C:\Users\Lucas\AppData\Local\Popcorn-Time\User Data\Default\Web Data-journal was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\Lucas\Desktop\888poker.lnk - C:\Program Files (x86)\PacificPoker\bin\888poker.exe 
      C:\Users\Lucas\Desktop\AmpliTube 4.exe - Atalho.lnk - C:\Program Files (x86)\IK Multimedia\AmpliTube 4\AmpliTube 4.exe 
      C:\Users\Lucas\Desktop\Calculator.lnk -  
      C:\Users\Lucas\Desktop\Discord.lnk - C:\Users\Lucas\AppData\Local\Discord\Update.exe --processStart Discord.exe
      C:\Users\Lucas\Desktop\Documentos - Atalho.lnk - C:\Users\Lucas\Documents 
      C:\Users\Lucas\Desktop\Downloads - Atalho.lnk - C:\Users\Lucas\Downloads 
      C:\Users\Lucas\Desktop\Easy Macro Recorder.lnk - C:\Program Files (x86)\Easy Macro Recorder\Macro Recorder.exe 
      C:\Users\Lucas\Desktop\Freez Screen Video Capture.lnk - C:\Program Files (x86)\Smallvideosoft\Freez Screen Video Capture\videocapture.exe 
      C:\Users\Lucas\Desktop\Grammarly.lnk - C:\Users\Lucas\AppData\Local\GrammarlyForWindows\Update.exe --processStart GrammarlyForWindows.exe
      C:\Users\Lucas\Desktop\partypoker.lnk - C:\Programs\PartyGaming\PartyGaming.exe -P=PartyPoker
      C:\Users\Lucas\Desktop\PokerTracker 3.lnk - C:\Program Files (x86)\PokerTracker 3\PokerTracker.exe 
      C:\Users\Lucas\Desktop\Programas e Recursos - Atalho.lnk -  
      C:\Users\Lucas\Desktop\TechPowerUp GPU-Z.lnk - C:\Program Files (x86)\GPU-Z\GPU-Z.exe 
      C:\Users\Lucas\Desktop\Window On Top.lnk - C:\Program Files (x86)\Skybn\Window On Top\winTop.exe 
      C:\Users\Lucas\Desktop\Word 2016.lnk -  
      C:\Users\Lucas\Desktop\µTorrent.lnk -  
      C:\Users\Lucas\Desktop\jogos\8-Bit Armies.lnk - C:\Program Files (x86)\8-Bit Armies\ClientLauncherG.exe 
      C:\Users\Lucas\Desktop\jogos\AlbionOnline.lnk - C:\Program Files (x86)\AlbionOnline\launcher\AlbionLauncher.exe 
      C:\Users\Lucas\Desktop\jogos\Arc.lnk - C:\Program Files (x86)\Arc\ArcLauncher.exe 
      C:\Users\Lucas\Desktop\jogos\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe 
      C:\Users\Lucas\Desktop\jogos\Bethesda.net Launcher.lnk - C:\Program Files (x86)\Bethesda.net Launcher\BethesdaNetUpdater.exe 
      C:\Users\Lucas\Desktop\jogos\Cossacks 3.lnk - C:\Program Files (x86)\Cossacks 3\cossacks.exe 
      C:\Users\Lucas\Desktop\jogos\MirrorsEdgeCatalyst.exe - Atalho.lnk - C:\Program Files (x86)\Mirrors Edge Catalyst\Setup\MirrorsEdgeCatalyst.exe 
      C:\Users\Lucas\Desktop\jogos\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe 
      C:\Users\Lucas\Desktop\jogos\Shadow Tactics - Blades of the Shogun.lnk - C:\GOG Games\Shadow Tactics - Blades of the Shogun\Shadow Tactics.exe 
      C:\Users\Lucas\Desktop\jogos\Sid Meiers Civilization VI.lnk - C:\Program Files (x86)\Sid Meiers Civilization VI\Base\Binaries\Win64Steam\CivilizationVI.exe 
      C:\Users\Lucas\Desktop\jogos\StarCraft 2 - The Trilogy.lnk - C:\Games\StarCraft 2 - The Trilogy\StarCraft II Offline.exe 
      C:\Users\Lucas\Desktop\jogos\StarCraft II.lnk - C:\Program Files (x86)\StarCraft II\StarCraft II.exe 
      C:\Users\Lucas\Desktop\jogos\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe 
      C:\Users\Lucas\Desktop\jogos\Tyranny.lnk - C:\GOG Games\Tyranny\Tyranny.exe 
      C:\Users\Lucas\Desktop\jogos\World of Warplanes.lnk - C:\Games\World_of_Warplanes\WoWPLauncher.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\AmpliTube 3.lnk - C:\Program Files (x86)\IK Multimedia\AmpliTube 3\AmpliTube 3.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\Arduino.lnk - C:\Program Files (x86)\Arduino\arduino.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\Car Mechanic Simulator 2015.lnk - C:\Program Files (x86)\Car Mechanic Simulator 2015\cms2015.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\CPUID CPU-Z.lnk - C:\Program Files (x86)\CPUID\CPU-Z\cpuz.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\Custom Shop.lnk - C:\Program Files (x86)\IK Multimedia\Custom Shop\Custom Shop.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\EVE Online.lnk - C:\Program Files (x86)\CCP\EVE\eve.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\FIFA 16.lnk - C:\Program Files (x86)\Origin Games\FIFA 16\fifa16.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\Grey Goo.lnk - C:\Program Files (x86)\Grey Goo\ClientLauncherG.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\Guitar Pro 5.lnk - C:\Program Files (x86)\Guitar Pro 5\GP5.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\Kerbal Space Program.lnk - C:\Games\Kerbal Space Program\Launcher.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\Linkrealms.lnk - C:\Program Files (x86)\Linkrealms\update.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\MiniLyrics.lnk - C:\Program Files (x86)\MiniLyrics\MiniLyrics.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\Movavi Video Editor 4.lnk - C:\Windows\Installer\{95B7C0F4-7434-4DFB-B900-201BFC00C00B}\NewShortcut41_254AB2CD520A4C819BDF86ADC896D541.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\Oracle VM VirtualBox.lnk - C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\RealPlayer Cloud.lnk - C:\Program Files (x86)\Real\RealPlayer\realplay.exe /launch:desktop
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\Rocket League.lnk - C:\Program Files (x86)\rocketleague\Binaries\Win32\RocketLeague.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\Spaera.lnk - C:\Program Files (x86)\Blazing Orb\Spaera\SpaeraRunner.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\Super HUD.lnk - C:\Program Files (x86)\Poker Pro Labs\Super HUD\SuperHUD.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\The Witcher 3 Wild Hunt.lnk - C:\Program Files (x86)\The Witcher 3 Wild Hunt\bin\x64\witcher3.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\VMware Workstation.lnk - C:\Program Files (x86)\VMware\VMware Workstation\vmware.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\ZHPCleaner.lnk - C:\Users\Lucas\AppData\Roaming\ZHP\ZHPCleaner.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\jogos\Archeage.lnk - C:\Program Files (x86)\Glyph\GlyphClient.exe  -game 120
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\jogos\FIFA 15.lnk - C:\Program Files (x86)\Origin Games\FIFA 15\fifa15.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\jogos\Glyph.lnk - C:\Program Files (x86)\Glyph\GlyphClient.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\jogos\Heroes of the Storm.lnk - C:\Program Files (x86)\Heroes of the Storm\Heroes of the Storm.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\jogos\Middle Earth - Shadow of Mordor.lnk - C:\Program Files (x86)\R.G. Mechanics\Middle Earth - Shadow of Mordor\x64\ShadowOfMordor.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\jogos\Origin.lnk - C:\Program Files (x86)\Origin\Origin.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\jogos\Rocksmith 2014 (Without Real Tone Cable).lnk - C:\Program Files (x86)\Ubisoft\Rocksmith 2014\rocksmith2014-nocable-loader.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\jogos\Rocksmith 2014.lnk - C:\Program Files (x86)\Ubisoft\Rocksmith 2014\Rocksmith2014.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\jogos\Scrolls.lnk - C:\Program Files (x86)\Scrolls\ScrollsLauncher.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\jogos\Sid Meiers Civilization Beyond Earth.lnk - C:\Program Files (x86)\Sid Meiers Civilization Beyond Earth\CivilizationBe_DX11.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\jogos\Sniper Elite 3.lnk - C:\Program Files (x86)\Sniper Elite 3\Launcher\Sniper3Launcher.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\jogos\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\jogos\Stronghold 3 x64.lnk - C:\Program Files (x86)\Firefly Studios\Stronghold 3\bin\win32_release\Stronghold3.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\jogos\Stronghold Crusader 2.lnk - C:\Program Files (x86)\Stronghold Crusader 2\bin\win32_release\Crusader2.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\jogos\The Wolf Among Us.lnk - C:\Program Files (x86)\R.G. Mechanics\The Wolf Among Us\TheWolfAmongUs.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\jogos\Total War - Rome II.lnk - C:\Program Files (x86)\R.G. Mechanics\Total War - Rome II\Rome2.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\jogos\XSplit Gamecaster.lnk - C:\Program Files (x86)\SplitmediaLabs\XSplit Gamecaster\XSplit.Gamecaster.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\pendrive 1 semestre 2015\tcc\Material Bancada\Foguete\SolidWorks Bancada\2013\0002_Bancada_0000 - Shortcut.lnk - C:\Users\Lucas\Dropbox\0002_Bancada_0000 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\poker\888poker.lnk - C:\Program Files (x86)\PacificPoker\bin\888poker.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\poker\NetBet Poker.lnk - C:\Program Files (x86)\NetBet Poker\casino.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\poker\nj.partypoker.lnk - C:\Programs\partyNJ\partyNJ.exe -P=partypokerNJ
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\poker\Titan Poker.lnk - C:\Program Files (x86)\Titan Poker\casino.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\poker\Winner Poker.lnk - C:\Program Files (x86)\Winner Poker\casino.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\poker\programas\ICM Trainer.lnk - C:\Windows\Installer\{47EA4DDF-FD99-46B3-846C-9F3F315268AD}\_ECF5B0A15121D905E30873.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\poker\programas\PokerStrategy.com Equilab.lnk - C:\Program Files (x86)\PokerStrategy.com\PokerStrategy.com Equilab\Equilab.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\puc\Circuit Wizard 2 Student Edition.lnk - C:\Program Files (x86)\New Wave Concepts\Circuit Wizard 2 SE\CktWiz.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\puc\OPPE 3.2  .lnk - C:\Program Files (x86)\HI_tecnologia\Spdsw_Pack\3.2\INST_1\OPPE\Oppe.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\puc\OPPE 3.3  .lnk - C:\Program Files (x86)\HI_tecnologia\Spdsw_Pack\3.3\INST_1\OPPE\Oppe.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\puc\PSIM 10 Demo.lnk - C:\Program Files (x86)\Powersim\PSIM10.0.2_Demo\PSIM.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\puc\SPDSW 3.2  .lnk - C:\Program Files (x86)\HI_tecnologia\Spdsw_Pack\3.2\INST_1\SPDSW\spdsw.exe 
      C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\puc\SPDSW 3.3  .lnk - C:\Program Files (x86)\HI_tecnologia\Spdsw_Pack\3.3\INST_1\SPDSW\spdsw.exe 
      C:\Users\Lucas\Desktop\poker\888poker.lnk - C:\Program Files (x86)\PacificPoker\bin\888poker.exe 
      C:\Users\Lucas\Desktop\poker\partypoker.lnk - C:\Programs\PartyGaming\PartyGaming.exe -P=PartyPoker
      C:\Users\Lucas\Desktop\poker\Winner Poker.lnk - C:\Users\Lucas\AppData\Local\Winner Poker\casino.exe  ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\BS.Player FREE.lnk - C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe 
      C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
      C:\Users\Public\Desktop\Comprar suprimentos - HP Deskjet 2540 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2540 series\Bin\hpqDTSS.exe 
      C:\Users\Public\Desktop\CPUID CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe 
      C:\Users\Public\Desktop\DAEMON Tools Pro.lnk - C:\Program Files\DAEMON Tools Pro\DTPro.exe 
      C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
      C:\Users\Public\Desktop\HP Deskjet 2540 series.lnk - C:\Program Files (x86)\HP\HP Deskjet 2540 series\Bin\HP Deskjet 2540 series.exe -Start UDCDevicePage
      C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk - C:\Windows\system32\GfxUIEx.exe 
      C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
      C:\Users\Public\Desktop\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe 
      C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
      C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk - C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe 
      C:\Users\Public\Desktop\Razer Cortex.lnk - C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe 
      C:\Users\Public\Desktop\SharpKeys.lnk - C:\Windows\Installer\{636E94DA-99C0-448F-A931-3DAD83B4975F}\_F33C5543CA54DFFA237A37.exe 
      C:\Users\Public\Desktop\Smart View.lnk - C:\Windows\Installer\{99D9BA8C-AA54-48FC-B782-F7C506CF1ECC}\SmartView2.exe 
      C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk - C:\Program Files\TeamSpeak 3 Client\ts3client_win64.exe 
      C:\Users\Public\Desktop\Unity 5.4.1f1 (64-bit).lnk - C:\Program Files\Unity\Editor\Unity.exe 
      C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files (x86)\VideoLAN\VLC\vlc.exe 
      C:\Users\Public\Desktop\XM MT4.lnk - C:\Program Files (x86)\XM MT4\terminal.exe  ==== shortcuts in Users Start Menu ====================== C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\888poker.lnk - C:\Program Files (x86)\PacificPoker\bin\888poker.exe 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Winner Poker.lnk - C:\Users\Lucas\AppData\Local\Winner Poker\casino.exe 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\Lucas\AppData\Local\Microsoft\OneDrive\OneDrive.exe 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recursos Opcionais.lnk - C:\Windows\System32\fodhelper.exe 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Update and Privacy Settings.lnk - C:\Windows\System32\UNP\UNPUXHost.exe 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albion Online\AlbionOnline.lnk - C:\Program Files (x86)\AlbionOnline\launcher\AlbionLauncher.exe 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Albion Online\Uninstall.lnk - C:\Program Files (x86)\AlbionOnline\uninstall.exe 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KeyTweak\KeyTweak Manual.lnk - C:\Users\Lucas\AppData\Local\VirtualStore\Program Files (x86)\KeyTweak\KeyTweak Manual.pdf 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KeyTweak\Uninstall.lnk - C:\Program Files (x86)\KeyTweak\uninstall.exe 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 3\PokerTracker 3.lnk - C:\Program Files (x86)\PokerTracker 3\PokerTracker.exe 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 3\Uninstall PokerTracker 3.lnk - C:\Program Files (x86)\PokerTracker 3\uninstall.exe 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 4\PokerTracker 4 (Logging Enabled).lnk - C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe -l
      C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 4\PokerTracker 4.lnk - C:\Program Files (x86)\PokerTracker 4\PokerTracker4.exe 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerTracker 4\Uninstall PokerTracker 4.lnk - C:\Program Files (x86)\PokerTracker 4\uninstall.exe 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe  ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\partypoker.lnk - C:\Programs\PartyGaming\PartyGaming.exe -P=PartyPoker
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Settings\AMD Settings.lnk - C:\Program Files (x86)\AMD\CNext\CNext\RadeonSettings.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher\Bethesda.net Launcher.lnk - C:\Program Files (x86)\Bethesda.net Launcher\BethesdaNetUpdater.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bethesda.net Launcher\Uninstall Bethesda.net Launcher.lnk - C:\Program Files (x86)\Bethesda.net Launcher\unins000.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro\DAEMON Tools Pro.lnk - C:\Program Files\DAEMON Tools Pro\DTPro.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Pro\Image Editor.lnk - C:\Program Files\DAEMON Tools Pro\DTImgEditor.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Macro Recorder\Easy Macro Recorder on the Web.lnk - C:\Program Files (x86)\Easy Macro Recorder\homepage.url 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Macro Recorder\Easy Macro Recorder.lnk - C:\Program Files (x86)\Easy Macro Recorder\Macro Recorder.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Macro Recorder\Help.lnk - C:\Program Files (x86)\Easy Macro Recorder\help.chm 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Easy Macro Recorder\Uninstall Easy Macro Recorder.lnk - C:\Program Files (x86)\Easy Macro Recorder\unins000.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\partypoker.lnk - C:\Programs\PartyGaming\PartyGaming.exe -P=PartyPoker
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe -tab about
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\AutoPico.lnk - C:\Program Files\KMSpico\AutoPico.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\KMSpico.lnk - C:\Program Files\KMSpico\KMSELDI.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk - C:\Program Files\KMSpico\scripts\Log.cmd 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk - C:\Program Files\KMSpico\UninsHs.exe /u0=KMSpico
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk - C:\Program Files (x86)\Malwarebytes\Anti-Malware\unins000.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\License (English).lnk - C:\Program Files (x86)\Oracle\VirtualBox\License_en_US.rtf 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\Oracle VM VirtualBox.lnk - C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\User manual (CHM, English).lnk - C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.chm 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\User manual (PDF, English).lnk - C:\Program Files (x86)\Oracle\VirtualBox\doc\UserManual.pdf 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker\partypoker.lnk - C:\Programs\PartyGaming\PartyGaming.exe -P=PartyPoker
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker\Uninstall partypoker.lnk - C:\programs\partygaming\PartyPoker\Uninstall\Setup.exe App_Type=U
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.3\Command Prompt.lnk - C:\Windows\SysWOW64\cmd.exe /k set PGCLIENTENCODING=WIN1252 && set PGPORT=5432
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.3\pgAdmin III.lnk - C:\Program Files (x86)\PostgreSQL\8.3\bin\pgAdmin3.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.3\psql to 'postgres'.lnk - C:\Program Files (x86)\PostgreSQL\8.3\bin\psql.bat  -h localhost -p 5432 postgres "postgres" WIN1252
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.3\Reload configuration.lnk - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe  reload -D "C:\Program Files (x86)\PostgreSQL\8.3\data\"
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.3\Start service.lnk - C:\Windows\SysWOW64\net.exe  start pgsql-8.3
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.3\Stop service.lnk - C:\Windows\SysWOW64\net.exe  stop pgsql-8.3
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.3\Configuration files\Edit pg_hba.conf.lnk - C:\Windows\SysWOW64\notepad.exe C:\Program Files (x86)\PostgreSQL\8.3\data\pg_hba.conf
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.3\Configuration files\Edit pg_ident.conf.lnk - C:\Windows\SysWOW64\notepad.exe C:\Program Files (x86)\PostgreSQL\8.3\data\pg_ident.conf
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.3\Configuration files\Edit postgresql.conf.lnk - C:\Windows\SysWOW64\notepad.exe C:\Program Files (x86)\PostgreSQL\8.3\data\postgresql.conf
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.3\Documentation\Installation Notes.lnk - C:\Program Files (x86)\PostgreSQL\8.3\Installation Notes.rtf 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.3\Documentation\pgAdmin Help.lnk - C:\Windows\hh.exe mk:@MSITStore:C:\Program Files (x86)\PostgreSQL\8.3\pgAdmin III\docs\en_US\pgadmin3.chm::/index.html
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.3\Documentation\PostgreSQL Help.lnk - C:\Windows\hh.exe mk:@MSITStore:C:\Program Files (x86)\PostgreSQL\8.3\doc\postgresql.chm::/index.html
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.3\Documentation\PostgreSQL release notes.lnk - C:\Windows\hh.exe mk:@MSITStore:C:\Program Files (x86)\PostgreSQL\8.3\doc\postgresql.chm::/release.html
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RandyRants.com\SharpKeys\SharpKeys FAQ.lnk - C:\Windows\Installer\{636E94DA-99C0-448F-A931-3DAD83B4975F}\_B1CA15029C1C01AF26BE17.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RandyRants.com\SharpKeys\SharpKeys.lnk - C:\Windows\Installer\{636E94DA-99C0-448F-A931-3DAD83B4975F}\_766E8E735A97E6B647001F.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio\Open Serviio Console.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio\Open Serviio MediaBrowser.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio\Readme.lnk - C:\Program Files\Serviio\README.txt 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio\Release Notes.lnk - C:\Program Files\Serviio\RELEASE_NOTES.txt 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio\Serviio Console.lnk - C:\Program Files\Serviio\console\ServiioConsole.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio\Start Serviio service.lnk - C:\Program Files\Serviio\bin\ServiioService.exe -start
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio\Stop Serviio service.lnk - C:\Program Files\Serviio\bin\ServiioService.exe -stop
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio\Uninstall Serviio.lnk - C:\Program Files (x86)\Serviio\uninstall.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSFilter\Configuration (x64).lnk - C:\Windows\System32\rundll32.exe VSFilter.dll,DirectVobSub
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSFilter\Uninstall (x64).lnk - C:\Program Files (x86)\VSFilter\unins000.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XM MT4\MetaEditor.lnk - C:\Program Files (x86)\XM MT4\metaeditor.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XM MT4\Uninstall.lnk - C:\Program Files (x86)\XM MT4\uninstall.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XM MT4\XM MT4.lnk - C:\Program Files (x86)\XM MT4\terminal.exe  ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
      C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
      C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\888poker.lnk - C:\Program Files (x86)\PacificPoker\bin\888poker.exe 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk - C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\partypoker.lnk - C:\Programs\PartyGaming\PartyGaming.exe -P=PartyPoker
      C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
      C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  
      C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\76f9e4d33b60b312\Popcorn-Time.lnk - C:\Users\Lucas\AppData\Local\Popcorn-Time\Popcorn-Time.exe --user-data-dir="C:\Users\Lucas\AppData\Local\Popcorn-Time\User Data" --profile-directory=Default --app-id=hecfofbbdfadifpemejbbdcjmfmboohj
      C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\computer.lnk -  
      C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Control Panel.lnk -  
      C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
      C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
      C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\Windows\system32\notepad.exe 
      C:\Users\postgres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\postgres\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -   ==== shortcuts After Repair ====================== C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\76f9e4d33b60b312\Popcorn-Time.lnk - C:\Users\Lucas\AppData\Local\Popcorn-Time\Popcorn-Time.exe  ==== Reset IE Proxy ====================== Value(s) before fix:
      "ProxyEnable"=dword:00000000 Value(s) after fix:
      "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
      HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\UnityWebPlayer deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\Lucas\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\Lucas\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
      C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\Lucas\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Users\Lucas\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
      C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Cache found ==== Empty Chrome Cache ====================== C:\Users\Lucas\AppData\Local\Chromium\User Data\Default\Cache emptied successfully
      C:\Users\Lucas\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
      C:\Users\Lucas\AppData\Local\Popcorn-Time\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1596 folders=1948 5230133766 bytes) ==== Empty Temp Folders ====================== C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied
      C:\Users\Lucas\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on Sat 05/27/2017 at 16:38:38.69 ======================
          Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 4:43:50 PM, on 5/27/2017
      Platform: Unknown Windows (WinNT 6.02.1008)
      MSIE: Internet Explorer v11.0 (11.00.14393.0953)
      Boot mode: Normal Running processes:
      C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      C:\Users\Lucas\AppData\Local\Microsoft\OneDrive\OneDrive.exe
      C:\Program Files (x86)\Hotkey\Hotkey.exe
      C:\Users\Lucas\AppData\Local\Apps\2.0\JROKO8AW.M9G\WQT58663.9XT\poke...app_6e7fc6368d8f8800_0002.0001_7854192edeabd0f7\PSC.SideKick.exe
      C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Program Files (x86)\Razer\Razer Cortex\RazerCortex.exe
      C:\Users\Lucas\AppData\Local\Discord\app-0.0.297\Discord.exe
      C:\Users\Lucas\AppData\Local\Discord\app-0.0.297\Discord.exe
      C:\Users\Lucas\AppData\Local\Discord\app-0.0.297\Discord.exe
      C:\Program Files (x86)\Razer\Razer Cortex\Cef\CefSharp.BrowserSubprocess.exe
      C:\Users\Lucas\Downloads\HijackThis (1).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
      F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
      O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
      O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
      O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
      O4 - HKLM\..\Run: [RazerCortex] C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe -autorun
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [OneDrive] "C:\Users\Lucas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
      O4 - HKCU\..\Run: [Chromium] "c:\users\lucas\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [Discord] C:\Users\Lucas\AppData\Local\Discord\app-0.0.297\Discord.exe
      O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
      O4 - HKCU\..\Run: [PokerStrategy.com SideKick] "C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com\PokerStrategy.com SideKick.appref-ms"
      O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Lucas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lucas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
      O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
      O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
      O4 - HKUS\S-1-5-21-3263317907-2408547081-2500880260-1004\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'postgres')
      O4 - Global Startup: Hotkey.lnk = C:\Program Files (x86)\Hotkey\Hotkey.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
      O8 - Extra context menu item: Enviar imagem para Dispositivo Bluetooth - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie_ctx.htm
      O8 - Extra context menu item: Enviar página para Dispositivo Bluetooth - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie.htm
      O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
      O8 - Extra context menu item: Send image to Bluetooth Device - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie_ctx.htm
      O8 - Extra context menu item: Send page to Bluetooth Device - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie.htm
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
      O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
      O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
      O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
      O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
      O9 - Extra button: @C:\Program Files (x86)\REALTEK\Realtek Bluetooth\LANG\BtServer_LANG.dll,-134 - {D870B030-8D66-423b-9B97-894D4A0DEC23} - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie.htm (HKCU)
      O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\REALTEK\Realtek Bluetooth\LANG\BtServer_LANG.dll,-134 - {D870B030-8D66-423b-9B97-894D4A0DEC23} - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie.htm (HKCU)
      O10 - Unknown file in Winsock LSP: c:\Windows\syswow64\wlidnsp.dll
      O10 - Unknown file in Winsock LSP: c:\Windows\syswow64\wlidnsp.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
      O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
      O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
      O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
      O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
      O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      O23 - Service: AvrcpService - Realtek Semiconductor Corporation - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe
      O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
      O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
      O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
      O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
      O23 - Service: Disc Soft Pro Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe
      O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
      O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
      O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
      O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
      O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
      O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
      O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
      O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: RtkBleServ - Realtek Semiconductor Corporation - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe
      O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
      O23 - Service: Serviio - Unknown owner - C:\Program Files\Serviio\bin\ServiioService.exe
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
      O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --
      End of file - 15169 bytes
       
    • Ótimo, muito bom!! Continuando.. 1. Desabilite o seu Antivírus e AntiSpyware para não haver conflitos e Mantenha-os desativados até terminar as instruções. 2. Faça download do Zoek e execute-o. 3. Copie as linhas abaixo (selecione-as e tecle CTRL+C) e cole (CTRL+V) no espaço do Zoek: createsrpoint;
      autoclean;
      resetieproxy;
      resethosts;
      iedefaults;
      chrdefaults;
      emptyCHRcache;
      ffdefaults;
      firefoxlook;
      emptyalltemp;
      shortcutfix; 4. Feche todos os navegadores e clique em Run Script: Durante o Scan a mensagem abaixo será apresentada. Seja paciente e aguarde o término da execução do script pois a análise pode demorar alguns minutos.. 5. Caso seja solicitada a reinicialização do computador, faça isso clicando em OK 6.  O Zoek abrirá uma janela com o resultado da análise. Poste o conteúdo dessa janela e também um novo Log do HijackThis.
    • # AdwCleaner v6.047 - Logfile created 27/05/2017 at 15:08:49
      # Updated on 19/05/2017 by Malwarebytes
      # Database : 2017-05-26.6 [Server]
      # Operating System : Windows 10 Pro  (X64)
      # Username : Lucas - LUCAS
      # Running from : C:\Users\Lucas\Downloads\AdwCleaner.exe
      # Mode: Clean
      # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Lucas\AppData\Local\YSearchUtil
      [-] Folder deleted: C:\Users\Lucas\AppData\LocalLow\.acestream
      [-] Folder deleted: C:\Users\Lucas\AppData\Roaming\.acestream
      [-] Folder deleted: C:\Users\Lucas\AppData\Roaming\acestream
      [-] Folder deleted: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
      [-] Folder deleted: C:\_acestream_cache_
      [-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
      ***** [ Files ] ***** [-] File deleted: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\0ka5dy0j.default\extensions\jid1-16aeif9OQIRKxA@jetpack.xpi
      ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** [-] Shortcut disinfected: C:\Users\Public\Desktop\Google Chrome.lnk
      [-] Shortcut disinfected: C:\Users\Public\Desktop\Mozilla Firefox.lnk
      [-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      [-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      [-] Shortcut disinfected: C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\Kerbal Space Program.lnk
      [-] Shortcut disinfected: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
      [-] Shortcut disinfected: C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
      ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKU\S-1-5-21-3263317907-2408547081-2500880260-1001\Software\Classes\acestream
      [#] Key deleted on reboot: HKCU\Software\Classes\acestream
      [#] Key deleted on reboot: [x64] HKCU\Software\Classes\acestream
      [-] Key deleted: HKU\S-1-5-21-3263317907-2408547081-2500880260-1001\Software\Conduit
      [#] Key deleted on reboot: HKCU\Software\Conduit
      [-] Key deleted: HKLM\SOFTWARE\Conduit
      [#] Key deleted on reboot: [x64] HKCU\Software\Conduit
      ***** [ Web browsers ] ***** [-] [C:\Users\Lucas\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Deleted: yhs
      [-] [C:\Users\Lucas\AppData\Local\Chromium\User Data\Default] [startup_urls] Deleted: hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_34_wbf_nrssi_16_32&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dbr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuyC0CyBtC0Dzyzy0AtDyCyEzytDtD0CzytN0D0Tzu0StCyBtDtCtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StC0E0Dzz0D0DtAzytGtCzz0AyEtGtByE0BzztGtA0BtD0CtGzz0F0CyByD0F0AtC0E0E0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzz0E0EtBtC0A0BtGtBtDyCtAtGyE0Dzy0DtG0A0Azy0AtGyE0AtD0DtBtB0B0B0F0E0E0F2QtN0A0LzuyE%26cr%3D1665732108%26a%3Dhdr_s_16_34_wbf_nrssi_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
      [-] [C:\Users\Lucas\AppData\Local\Chromium\User Data\Default] [homepage] Deleted: hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_34_wbf_nrssi_16_32&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dbr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuyC0CyBtC0Dzyzy0AtDyCyEzytDtD0CzytN0D0Tzu0StCyBtDtCtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StC0E0Dzz0D0DtAzytGtCzz0AyEtGtByE0BzztGtA0BtD0CtGzz0F0CyByD0F0AtC0E0E0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzz0E0EtBtC0A0BtGtBtDyCtAtGyE0Dzy0DtG0A0Azy0AtGyE0AtD0DtBtB0B0B0F0E0E0F2QtN0A0LzuyE%26cr%3D1665732108%26a%3Dhdr_s_16_34_wbf_nrssi_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
      ************************* :: "Tracing" keys deleted
      :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [3928 Bytes] - [27/05/2017 15:08:49]
      C:\AdwCleaner\AdwCleaner[S0].txt - [4072 Bytes] - [27/05/2017 15:05:34] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4074 Bytes] ##########
        # AdwCleaner v6.047 - Logfile created 27/05/2017 at 15:08:49
      # Updated on 19/05/2017 by Malwarebytes
      # Database : 2017-05-26.6 [Server]
      # Operating System : Windows 10 Pro  (X64)
      # Username : Lucas - LUCAS
      # Running from : C:\Users\Lucas\Downloads\AdwCleaner.exe
      # Mode: Clean
      # Support : https://www.malwarebytes.com/support ***** [ Services ] ***** ***** [ Folders ] ***** [-] Folder deleted: C:\Users\Lucas\AppData\Local\YSearchUtil
      [-] Folder deleted: C:\Users\Lucas\AppData\LocalLow\.acestream
      [-] Folder deleted: C:\Users\Lucas\AppData\Roaming\.acestream
      [-] Folder deleted: C:\Users\Lucas\AppData\Roaming\acestream
      [-] Folder deleted: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\ByteFence
      [-] Folder deleted: C:\_acestream_cache_
      [-] Folder deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\YSearchUtil
      ***** [ Files ] ***** [-] File deleted: C:\Users\Lucas\AppData\Roaming\Mozilla\Firefox\Profiles\0ka5dy0j.default\extensions\jid1-16aeif9OQIRKxA@jetpack.xpi
      ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** [-] Shortcut disinfected: C:\Users\Public\Desktop\Google Chrome.lnk
      [-] Shortcut disinfected: C:\Users\Public\Desktop\Mozilla Firefox.lnk
      [-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
      [-] Shortcut disinfected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
      [-] Shortcut disinfected: C:\Users\Lucas\Desktop\lucas backup\dota\2 semestre 2015\Kerbal Space Program.lnk
      [-] Shortcut disinfected: C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk
      [-] Shortcut disinfected: C:\Users\Lucas\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk
      ***** [ Scheduled Tasks ] ***** ***** [ Registry ] ***** [-] Key deleted: HKU\S-1-5-21-3263317907-2408547081-2500880260-1001\Software\Classes\acestream
      [#] Key deleted on reboot: HKCU\Software\Classes\acestream
      [#] Key deleted on reboot: [x64] HKCU\Software\Classes\acestream
      [-] Key deleted: HKU\S-1-5-21-3263317907-2408547081-2500880260-1001\Software\Conduit
      [#] Key deleted on reboot: HKCU\Software\Conduit
      [-] Key deleted: HKLM\SOFTWARE\Conduit
      [#] Key deleted on reboot: [x64] HKCU\Software\Conduit
      ***** [ Web browsers ] ***** [-] [C:\Users\Lucas\AppData\Local\Chromium\User Data\Default\Web data] [Search Provider] Deleted: yhs
      [-] [C:\Users\Lucas\AppData\Local\Chromium\User Data\Default] [startup_urls] Deleted: hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_34_wbf_nrssi_16_32&param1=1&param2=f%3D7%26b%3Dchmm%26cc%3Dbr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuyC0CyBtC0Dzyzy0AtDyCyEzytDtD0CzytN0D0Tzu0StCyBtDtCtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StC0E0Dzz0D0DtAzytGtCzz0AyEtGtByE0BzztGtA0BtD0CtGzz0F0CyByD0F0AtC0E0E0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzz0E0EtBtC0A0BtGtBtDyCtAtGyE0Dzy0DtG0A0Azy0AtGyE0AtD0DtBtB0B0B0F0E0E0F2QtN0A0LzuyE%26cr%3D1665732108%26a%3Dhdr_s_16_34_wbf_nrssi_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
      [-] [C:\Users\Lucas\AppData\Local\Chromium\User Data\Default] [homepage] Deleted: hxxps://br.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=hdr_s_16_34_wbf_nrssi_16_32&param1=1&param2=f%3D1%26b%3Dchmm%26cc%3Dbr%26pa%3DHodor%26cd%3D2XzuyEtN2Y1L1QzuyC0CyBtC0Dzyzy0AtDyCyEzytDtD0CzytN0D0Tzu0StCyBtDtCtN1L2XzutAtFtByEtFyCtFtDtN1L1Czu1M1Q1CtByDtFtCtFtCtN1L1G1B1V1N2Y1L1Qzu2StC0E0Dzz0D0DtAzytGtCzz0AyEtGtByE0BzztGtA0BtD0CtGzz0F0CyByD0F0AtC0E0E0EyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2StAzz0E0EtBtC0A0BtGtBtDyCtAtGyE0Dzy0DtG0A0Azy0AtGyE0AtD0DtBtB0B0B0F0E0E0F2QtN0A0LzuyE%26cr%3D1665732108%26a%3Dhdr_s_16_34_wbf_nrssi_16_32%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
      ************************* :: "Tracing" keys deleted
      :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [3928 Bytes] - [27/05/2017 15:08:49]
      C:\AdwCleaner\AdwCleaner[S0].txt - [4072 Bytes] - [27/05/2017 15:05:34] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4074 Bytes] ##########   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Junkware Removal Tool (JRT) by Malwarebytes
      Version: 8.1.3 (04.10.2017)
      Operating System: Windows 10 Pro x64 
      Ran by Lucas (Administrator) on Sat 05/27/2017 at 15:13:09.12
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      File System: 0 
      Registry: 0  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      Scan was completed on Sat 05/27/2017 at 15:18:53.51
      End of JRT log
      ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~     Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 3:23:19 PM, on 5/27/2017
      Platform: Unknown Windows (WinNT 6.02.1008)
      MSIE: Internet Explorer v11.0 (11.00.14393.0953)
      Boot mode: Normal Running processes:
      C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      C:\Users\Lucas\Downloads\HijackThis (1).exe
      C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
      F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
      O1 - Hosts: ::1 tutorial2
      O1 - Hosts: ::1 test2
      O1 - Hosts: ::1 Projetos
      O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
      O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [THX Audio Control Panel] "C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" /r
      O4 - HKLM\..\Run: [UpdReg] C:\Windows\UpdReg.EXE
      O4 - HKLM\..\Run: [RazerCortex] C:\Program Files (x86)\Razer\Razer Cortex\CortexLauncher.exe -autorun
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [OneDrive] "C:\Users\Lucas\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
      O4 - HKCU\..\Run: [Chromium] "c:\users\lucas\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session
      O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
      O4 - HKCU\..\Run: [Discord] C:\Users\Lucas\AppData\Local\Discord\app-0.0.297\Discord.exe
      O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files\DAEMON Tools Pro\DTAgent.exe" -autorun
      O4 - HKCU\..\Run: [PokerStrategy.com SideKick] "C:\Users\Lucas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PokerStrategy.com\PokerStrategy.com SideKick.appref-ms"
      O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Lucas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Lucas\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64"
      O4 - Global Startup: Hotkey.lnk = C:\Program Files (x86)\Hotkey\Hotkey.exe
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
      O8 - Extra context menu item: Enviar imagem para Dispositivo Bluetooth - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie_ctx.htm
      O8 - Extra context menu item: Enviar página para Dispositivo Bluetooth - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie.htm
      O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
      O8 - Extra context menu item: Send image to Bluetooth Device - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie_ctx.htm
      O8 - Extra context menu item: Send page to Bluetooth Device - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie.htm
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
      O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
      O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
      O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
      O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
      O9 - Extra button: @C:\Program Files (x86)\REALTEK\Realtek Bluetooth\LANG\BtServer_LANG.dll,-134 - {D870B030-8D66-423b-9B97-894D4A0DEC23} - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie.htm (HKCU)
      O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\REALTEK\Realtek Bluetooth\LANG\BtServer_LANG.dll,-134 - {D870B030-8D66-423b-9B97-894D4A0DEC23} - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\btsendto_ie.htm (HKCU)
      O10 - Unknown file in Winsock LSP: c:\Windows\syswow64\wlidnsp.dll
      O10 - Unknown file in Winsock LSP: c:\Windows\syswow64\wlidnsp.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
      O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
      O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
      O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
      O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
      O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      O23 - Service: AvrcpService - Realtek Semiconductor Corporation - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe
      O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe
      O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe
      O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
      O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
      O23 - Service: Disc Soft Pro Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Pro\DiscSoftBusServicePro.exe
      O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
      O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
      O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
      O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe
      O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe
      O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files (x86)\PostgreSQL\8.3\bin\pg_ctl.exe
      O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
      O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
      O23 - Service: Razer Game Scanner (Razer Game Scanner Service) - Unknown owner - C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: RtkBleServ - Realtek Semiconductor Corporation - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\RtkBleServ.exe
      O23 - Service: RzKLService - Razer Inc. - C:\Program Files (x86)\Razer\Razer Cortex\RzKLService.exe
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
      O23 - Service: Serviio - Unknown owner - C:\Program Files\Serviio\bin\ServiioService.exe
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
      O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --
      End of file - 14181 bytes
         
    • digite winver no executar e poste sua versão do windows 10... Sua conta tem poderes de administrador? Se possivel poste imagem com o problema por favor...
    • 1. Desabilite o seu Antivírus e AntiSpyware para não haver conflitos e Mantenha-os desativados até terminar as instruções. 2. Faça download do AdwCleaner e salve-o na sua Área de Trabalho (desktop) 3. Execute o adwcleaner.exe Usuários do Windows 7, 8.1 ou 10: clique com o botão direito do mouse no ícone do adwcleaner.exe e selecione   4. Clique no botão Verificar e depois em Limpar 5. Salve o Log criado 6. Faça download do JRT (Junkware Removal Tool) e salve-o na sua Área de Trabalho 7. Dê um duplo-clique no arquivo JRT para executá-lo Usuários do Windows 7, 8.1 ou 10: clique com o botão direito do mouse no ícone do JRT.exe e selecione   8. O JRT começará o exame do seu Sistema. Tenha paciência pois pode demorar alguns minutos dependendo da quantidades de itens examinados 9. No final um novo arquivo JRT.txt aparecerá na sua Área de Trabalho e uma janela se abrirá com o conteúdo deste arquivo (log do JRT) 10. Selecione todo o conteúdo desse log (tecle CTRL+A), copie-o (CTRL+C) e cole-o (CTRL+V) na sua próxima resposta juntamente com o Log do AdwCleaner (item 5 acima) e o novo log do HijackThis
O site BABOO está no ar para informar e ajudar o internauta de Windows. Este site foi publicado em 1999 por Aurélio "Baboo", engenheiro e um dos maiores especialistas brasileiros em Windows, que trabalha profissionalmente com esse sistema operacional desde 1987. Desde 2004 ele é premiado anualmente pela Microsoft como MVP (Most Valuable Professional) pela sua contribuição e ajuda à comunidade de usuários de Windows.

Em 2001 foi criado o
Fórum do BABOO para ajudar o internauta brasileiro a solucionar problemas e dúvidas sobre Windows, Segurança, Office, Hardware e outros temas. Desde 2010 a Microsoft também tem premiado o Mr.Million, administrador da área de Segurança do Fórum do BABOO, pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Atualmente ele é o único MVP brasileiro de Segurança em desktop.

O BABOO é o único site brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows e que participa diariamente e ativamente nos comentários e discussões do site e fórum BABOO.