Conteúdo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Fundo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Desenho: Liso Onda Linha Retalho Madeira Rocha Couro Colméia Vertical Triângulo
Bem-vindo ao Fórum do BABOO!

Desde 2000 o Fórum do BABOO tem ajudado milhões de internautas de Windows a resolverem seus problemas e dúvidas, além de ajudar na remoção de vírus e malwares de seus computadores. Somos o único fórum brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows, então se você tem uma dúvida ou problema que nenhum outro fórum resolve, poste-a aqui pois o MVP Babooadora desafios!
  

O Fórum do BABOO também conta com a participação exclusiva do administrador da área de Segurança MVP Mr.Million que tem reconhecimento internacional da Microsoft pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Se o seu computador está infectado por algum vírus, ele te ajudará a removê-lo!
  

Nosso time de especialistas também inclui Patropi  Osvaldomp  Caze  Ciro-Mota  XERLOUCO ROUMS  Tatha que responderão suas dúvidas sobre diversos assuntos.
 

Participe da nossa comunidade! 

 

Entre para seguir isso  
Seguidores 0
Sicairis

Como desinstalar o PSafe?

9 posts neste tópico

Para podermos ajudá-lo, siga integralmente o estabelecido neste "Tópico de procedimento padrão obrigatório do Fórum".

Logs do HijackThis ** leia antes de postar **

Após feitos os procedimentos, postar o Log do HijackThis para exame, aqui mesmo neste Tópico, clicando no segundo BOTÃO RESPONDER e aguarde novas instruções.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:27:24, on 12/07/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19272)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\system32\conime.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\WLTRAY.EXE

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Windows\System32\aetcrss1.exe

C:\Program Files\PSafe\PSafeSysTray.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Program Files\PSafe\PSafeWDS.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Sica\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZKG05CH6\HijackThis[1].exe

C:\Users\Sica\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/5

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Windows\Downloaded Program Files\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files\PSafe\PSafeSysTray.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{91177819-3BD4-476D-B1F7-57C5AF0765E9}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: PSafeWD - Psafe - C:\Program Files\PSafe\PSafeWD.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--

End of file - 7831 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra o HijackThis e clique em "Do a system scan only" e marque as Entradas listadas abaixo, em seguida clique em "Fix Checked"

O4 - HKLM\..\Run: [PSafeSysTray] "C:\Program Files\PSafe\PSafeSysTray.exe"

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 12-07-12.02 - Sica 12/07/2012 23:40:00.4.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.55.1046.18.3543.2132 [GMT -3:00]

Executando de: c:\users\Sica\Desktop\ComboFix.exe

AV: avast! antivírus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! antivírus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Sica\HijackThis.exe

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-06-13 to 2012-07-13 ))))))))))))))))))))))))))))

.

.

2012-07-13 02:49 . 2012-07-13 02:50 -------- d-----w- c:\users\Sica\AppData\Local\temp

2012-07-13 02:49 . 2012-07-13 02:49 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-12 02:12 . 2012-07-12 02:12 -------- d-----w- c:\users\Sica\AppData\Roaming\Malwarebytes

2012-07-12 02:12 . 2012-07-12 02:12 -------- d-----w- c:\programdata\Malwarebytes

2012-07-12 02:12 . 2012-07-03 16:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-12 02:12 . 2012-07-12 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-11 23:33 . 2012-07-12 23:38 -------- d-----w- c:\users\Sica\AppData\Roaming\Systweak

2012-07-11 14:41 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-10 18:29 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-10 18:29 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-10 18:29 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-10 18:29 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-10 18:29 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-10 18:29 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-22 18:26 . 2012-06-22 18:26 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\921fb0ba1cd50a403\MeshBetaRemover.exe

2012-06-22 18:26 . 2012-06-22 18:26 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\91871a3a1cd50a402\DSETUP.dll

2012-06-22 18:26 . 2012-06-22 18:26 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\91871a3a1cd50a402\DXSETUP.exe

2012-06-22 18:26 . 2012-06-22 18:26 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\91871a3a1cd50a402\dsetup32.dll

2012-06-22 15:22 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 15:22 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 15:22 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 15:22 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 15:12 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-22 15:12 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 15:12 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 15:02 . 2012-06-02 18:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 15:02 . 2012-06-02 18:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 21:22 . 2012-06-20 21:22 -------- d-----w- C:\$AVG

2012-06-13 22:29 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1PSafeOverlaySync]

@="{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}"

[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}]

2012-03-06 21:09 2317032 ----a-w- c:\program files\PSafe\shell\v2.5.1203.6402\PSafeShellExtensionx86.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2PSafeOverlayOk]

@="{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}"

[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}]

2012-03-06 21:09 2317032 ----a-w- c:\program files\PSafe\shell\v2.5.1203.6402\PSafeShellExtensionx86.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3PSafeOverlayOut]

@="{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}"

[HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}]

2012-03-06 21:09 2317032 ----a-w- c:\program files\PSafe\shell\v2.5.1203.6402\PSafeShellExtensionx86.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-01 217088]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-01 150552]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-01 483428]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\Sica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\windows\Downloaded Program Files\gbiehuni.dll" [2011-04-26 505336]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-07-12 c:\windows\Tasks\User_Feed_Synchronization-{7F49B9B7-2D53-433A-B40E-66C0DB18A2DD}.job

- c:\windows\system32\msfeedssync.exe [2012-06-13 03:24]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{91177819-3BD4-476D-B1F7-57C5AF0765E9}: NameServer = 200.204.0.10 200.204.0.138

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-12 23:50

Windows 6.0.6002 Service Pack 2 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

.

c:\users\Sica\AppData\Local\Temp\catchme.dll 53248 bytes executable

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 1

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,8f,71,91,28,ff,1c,45,94,78,b9,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,8f,71,91,28,ff,1c,45,94,78,b9,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'lsass.exe'(616)

c:\windows\system32\aetsprov.dll

.

Tempo para conclusão: 2012-07-12 23:59:55

ComboFix-quarantined-files.txt 2012-07-13 02:59

ComboFix2.txt 2012-07-12 15:46

.

Pré-execução: 129.828.233.216 bytes disponíveis

Pós execução: 129.785.360.384 bytes disponíveis

.

- - End Of File - - 1A9943BFAB7D8C32F2CF89CD29F38144

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 00:21:43, on 13/07/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19272)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskeng.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Windows\system32\conime.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Windows\system32\SearchFilterHost.exe

C:\Users\Sica\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/5

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Windows\Downloaded Program Files\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{91177819-3BD4-476D-B1F7-57C5AF0765E9}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: PSafeWD - Psafe - C:\Program Files\PSafe\PSafeWD.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--

End of file - 7525 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Sugiro que imprima ou salve os procedimentos abaixo, e não use a Internet até terminado o procedimento.

Selecione e copie o texto dentro do QUOTE (caixa branca) abaixo. Abra o Bloco de notas e cole o que copiou. Salve então, na Área de Trabalho ( Desktop), com o nome de CFScript.txt

File::

c:\program files\PSafe\shell\v2.5.1203.6402\PSafeShellExtensionx86.dll

Registry::

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1PSafeOverlaySync]

[-HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2PSafeOverlayOk]

[-HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-4DDF-4A75-B35E-B1AFBC6E40F7}]

[-HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3PSafeOverlayOut]

[-HKEY_CLASSES_ROOT\CLSID\{A48EC0D3-5DDF-4A75-B35E-B1AFBC6E40F7}]

Folder::

c:\program files\PSafe

Arraste agora o CFScript.txt para o ComboFix conforme a demonstração abaixo:

CFScript.gif

O ComboFix irá rodar e reiniciará o PC automaticamente para completar o processo de remoção.

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt.

Faça um novo Log com o HijackThis em Modo Normal e poste + o ComboFix.txt.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 12-07-13.02 - Sica 13/07/2012 11:21:44.5.2 - x86

Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.55.1046.18.3543.1879 [GMT -3:00]

Executando de: c:\users\Sica\Desktop\ComboFix.exe

Comandos utilizados :: c:\users\Sica\Desktop\CFScript.txt

AV: avast! antivírus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! antivírus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

FILE ::

"c:\program files\PSafe\shell\v2.5.1203.6402\PSafeShellExtensionx86.dll"

.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files\PSafe

c:\program files\PSafe\360FileOem.dll

c:\program files\PSafe\360FileOem.sys

c:\program files\PSafe\360FltOem.dll

c:\program files\PSafe\360FltOem.sys

c:\program files\PSafe\360HipsOem.dll

c:\program files\PSafe\360HookOem.sys

c:\program files\PSafe\360IpcOem.dll

c:\program files\PSafe\360MalwareSection.dll

c:\program files\PSafe\360RegOem.dll

c:\program files\PSafe\360RegOem.sys

c:\program files\PSafe\360SpOem.dll

c:\program files\PSafe\360SpOEM.sys

c:\program files\PSafe\360verify.dll

c:\program files\PSafe\bkpcf.dat

c:\program files\PSafe\bkpst.dat

c:\program files\PSafe\cloudcom2.dll

c:\program files\PSafe\cloudsec2.dll

c:\program files\PSafe\CQhCltHttpW.dll

c:\program files\PSafe\CrashLib.dll

c:\program files\PSafe\cyggcc_s-1.dll

c:\program files\PSafe\cygiconv-2.dll

c:\program files\PSafe\cygwin1.dll

c:\program files\PSafe\dbghelp.dll

c:\program files\PSafe\deepscan.dll

c:\program files\PSafe\dsr.dat

c:\program files\PSafe\gcswf32.dll

c:\program files\PSafe\heavygate.dll

c:\program files\PSafe\icudt.dll

c:\program files\PSafe\inventory.dat

c:\program files\PSafe\libcef.dll

c:\program files\PSafe\libeay32.dll

c:\program files\PSafe\libspyerp.dat

c:\program files\PSafe\libwhite.dat

c:\program files\PSafe\msvcp100.dll

c:\program files\PSafe\msvcr100.dll

c:\program files\PSafe\namespace\v2.5.1203.6402\CrashLib.dll

c:\program files\PSafe\namespace\v2.5.1203.6402\dbghelp.dll

c:\program files\PSafe\namespace\v2.5.1203.6402\PSafeNSEx86.dll

c:\program files\PSafe\netconf.dat

c:\program files\PSafe\postReply.html

c:\program files\PSafe\PSafeCategoryFinder.exe

c:\program files\PSafe\PSafeInstallHIPSFirewalls.exe

c:\program files\PSafe\PSafesvc.exe

c:\program files\PSafe\PSafeSysTray.exe

c:\program files\PSafe\PSafeWD.exe

c:\program files\PSafe\PSafeWDS.exe

c:\program files\PSafe\pshw.dll

c:\program files\PSafe\PSRsync.exe

c:\program files\PSafe\QHEngine.dll

c:\program files\PSafe\scanlog.dat

c:\program files\PSafe\schedule.dat

c:\program files\PSafe\Section\list_v01.db

c:\program files\PSafe\Section\mutex.db

c:\program files\PSafe\shell\v2.5.1203.6402\CrashLib.dll

c:\program files\PSafe\shell\v2.5.1203.6402\dbghelp.dll

c:\program files\PSafe\shell\v2.5.1203.6402\PSafeShellExtensionx86.dll

c:\program files\PSafe\speedmem2.hg

c:\program files\PSafe\ssleay32.dll

c:\program files\PSafe\sysfilerepS.dll

c:\program files\PSafe\unins.ico

c:\program files\PSafe\Uninstall.exe

c:\users\Sica\HijackThis.exe

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_PSafeWD

-------\Service_PSafeWD

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-06-13 to 2012-07-13 ))))))))))))))))))))))))))))

.

.

2012-07-13 14:33 . 2012-07-13 14:45 -------- d-----w- c:\users\Sica\AppData\Local\temp

2012-07-13 14:33 . 2012-07-13 14:33 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-07-13 14:22 . 2012-06-18 06:14 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B63C8800-588A-4771-A10E-39EB475AC7EB}\mpengine.dll

2012-07-13 02:33 . 2012-07-13 02:33 -------- d-----w- c:\users\Sica\backups

2012-07-12 02:12 . 2012-07-12 02:12 -------- d-----w- c:\users\Sica\AppData\Roaming\Malwarebytes

2012-07-12 02:12 . 2012-07-12 02:12 -------- d-----w- c:\programdata\Malwarebytes

2012-07-12 02:12 . 2012-07-03 16:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-07-12 02:12 . 2012-07-12 02:12 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2012-07-11 23:33 . 2012-07-12 23:38 -------- d-----w- c:\users\Sica\AppData\Roaming\Systweak

2012-07-11 14:41 . 2012-06-13 13:40 2047488 ----a-w- c:\windows\system32\win32k.sys

2012-07-10 18:29 . 2012-06-05 16:47 708608 ----a-w- c:\program files\Common Files\System\ado\msado15.dll

2012-07-10 18:29 . 2012-06-05 16:47 1401856 ----a-w- c:\windows\system32\msxml6.dll

2012-07-10 18:29 . 2012-06-05 16:47 1248768 ----a-w- c:\windows\system32\msxml3.dll

2012-07-10 18:29 . 2012-06-04 15:26 440704 ----a-w- c:\windows\system32\drivers\ksecdd.sys

2012-07-10 18:29 . 2012-06-02 00:04 278528 ----a-w- c:\windows\system32\schannel.dll

2012-07-10 18:29 . 2012-06-02 00:03 204288 ----a-w- c:\windows\system32\ncrypt.dll

2012-06-22 18:26 . 2012-06-22 18:26 15712 ----a-w- c:\program files\Common Files\Windows Live\.cache\921fb0ba1cd50a403\MeshBetaRemover.exe

2012-06-22 18:26 . 2012-06-22 18:26 89944 ----a-w- c:\program files\Common Files\Windows Live\.cache\91871a3a1cd50a402\DSETUP.dll

2012-06-22 18:26 . 2012-06-22 18:26 537432 ----a-w- c:\program files\Common Files\Windows Live\.cache\91871a3a1cd50a402\DXSETUP.exe

2012-06-22 18:26 . 2012-06-22 18:26 1801048 ----a-w- c:\program files\Common Files\Windows Live\.cache\91871a3a1cd50a402\dsetup32.dll

2012-06-22 15:22 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe

2012-06-22 15:22 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll

2012-06-22 15:22 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll

2012-06-22 15:22 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll

2012-06-22 15:12 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll

2012-06-22 15:12 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll

2012-06-22 15:12 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll

2012-06-22 15:02 . 2012-06-02 18:19 171904 ----a-w- c:\windows\system32\wuwebv.dll

2012-06-22 15:02 . 2012-06-02 18:12 33792 ----a-w- c:\windows\system32\wuapp.exe

2012-06-20 21:22 . 2012-06-20 21:22 -------- d-----w- C:\$AVG

2012-06-13 22:29 . 2012-05-01 14:03 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-05-31 15:25 . 2010-12-02 16:31 237072 ------w- c:\windows\system32\MpSigStub.exe

.

.

((((((((((((((((((((((((((((( SnapShot@2012-07-13_02.50.07 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-01-21 01:58 . 2012-07-13 14:09 39870 c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

+ 2006-11-02 13:05 . 2012-07-13 14:44 58066 c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin

+ 2009-11-12 00:04 . 2012-07-13 14:44 11050 c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2395481737-679381091-3117147122-1000_UserData.bin

+ 2009-09-24 14:26 . 2012-07-13 14:37 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

- 2009-09-24 14:26 . 2012-07-13 01:14 32768 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

+ 2009-09-24 14:26 . 2012-07-13 14:37 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

- 2009-09-24 14:26 . 2012-07-13 01:14 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

+ 2009-09-24 14:26 . 2012-07-13 14:37 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

- 2009-09-24 14:26 . 2012-07-13 01:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

+ 2012-07-13 14:35 . 2012-07-13 14:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-13 01:10 . 2012-07-13 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat

- 2012-07-13 01:10 . 2012-07-13 01:10 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2012-07-13 14:35 . 2012-07-13 14:35 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat

+ 2009-09-24 17:43 . 2012-07-13 14:34 6396 c:\windows\bthservsdp.dat

- 2009-09-24 17:43 . 2012-07-13 01:09 6396 c:\windows\bthservsdp.dat

+ 2008-01-21 05:26 . 2012-07-13 14:40 643852 c:\windows\System32\prfh0416.dat

- 2008-01-21 05:26 . 2012-07-13 01:18 643852 c:\windows\System32\prfh0416.dat

- 2008-01-21 05:26 . 2012-07-13 01:18 125356 c:\windows\System32\prfc0416.dat

+ 2008-01-21 05:26 . 2012-07-13 14:40 125356 c:\windows\System32\prfc0416.dat

+ 2006-11-02 10:33 . 2012-07-13 14:40 596292 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2012-07-13 01:18 596292 c:\windows\System32\perfh009.dat

- 2006-11-02 10:33 . 2012-07-13 01:18 104366 c:\windows\System32\perfc009.dat

+ 2006-11-02 10:33 . 2012-07-13 14:40 104366 c:\windows\System32\perfc009.dat

+ 2009-11-19 11:24 . 2012-07-13 03:06 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

- 2009-11-19 11:24 . 2012-07-13 00:28 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat

+ 2011-02-10 23:39 . 2012-07-13 14:34 333296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

- 2011-02-10 23:39 . 2012-07-13 01:09 333296 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2011-11-28 18:01 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Apoint"="c:\program files\DellTPad\Apoint.exe" [2009-04-01 217088]

"Persistence"="c:\windows\system32\igfxpers.exe" [2009-04-01 150552]

"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2008-12-22 3810304]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

"PDVDDXSrv"="c:\program files\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-02-05 128232]

"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-01-09 405639]

"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-04-24 250192]

"dellsupportcenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2009-06-03 206064]

"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2010-01-27 63048]

"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2009-04-01 483428]

"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2011-11-28 3744552]

"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]

.

c:\users\Sica\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-6-5 752168]

.

c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [2009-6-30 1316192]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"EnableUIADesktopToggle"= 0 (0x0)

.

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

"{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\windows\Downloaded Program Files\gbiehuni.dll" [2011-04-26 505336]

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

@=""

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]

"DisableMonitoring"=dword:00000001

.

S0 360HookOem;360HookOem;c:\windows\system32\drivers\360HookOem.sys [x]

S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe [x]

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

bthsvcs REG_MULTI_SZ BthServ

LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-07-12 c:\windows\Tasks\User_Feed_Synchronization-{7F49B9B7-2D53-433A-B40E-66C0DB18A2DD}.job

- c:\windows\system32\msfeedssync.exe [2012-06-13 03:24]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: Enviar imagem para Dispositivo &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Enviar página para Dispositivo &Bluetooth ... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

TCP: DhcpNameServer = 192.168.1.1

TCP: Interfaces\{91177819-3BD4-476D-B1F7-57C5AF0765E9}: NameServer = 200.204.0.10 200.204.0.138

DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} - hxxps://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab

.

- - - - ORFÃOS REMOVIDOS - - - -

.

AddRemove-PSafe - c:\program files\PSafe\Uninstall.exe

.

.

.

**************************************************************************

.

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2012-07-13 11:43

Windows 6.0.6002 Service Pack 2 NTFS

.

Procurando processos ocultos ...

.

Procurando entradas auto inicializáveis ocultas ...

.

Procurando ficheiros/arquivos ocultos ...

.

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

.

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,8f,71,91,28,ff,1c,45,94,78,b9,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,63,8f,71,91,28,ff,1c,45,94,78,b9,\

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

.

- - - - - - - > 'Explorer.exe'(5076)

c:\windows\system32\btmmhook.dll

c:\windows\system32\btncopy.dll

.

------------------------ Outros Processos em Execução ------------------------

.

c:\windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

c:\program files\Dell\DellDock\DockLogin.exe

c:\windows\System32\bcmwltry.exe

c:\program files\Alwil Software\Avast5\AvastSvc.exe

c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

c:\program files\LogMeIn\x86\LMIGuardianSvc.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

c:\windows\system32\RUNDLL32.EXE

c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe

c:\program files\Dell Support Center\bin\sprtsvc.exe

c:\windows\system32\igfxsrvc.exe

c:\program files\Windows Media Player\wmpnetwk.exe

c:\program files\WIDCOMM\Bluetooth Software\BtStackServer.exe

c:\program files\DellTPad\ApMsgFwd.exe

c:\program files\DellTPad\HidFind.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\DellTPad\Apntex.exe

.

**************************************************************************

.

Tempo para conclusão: 2012-07-13 11:55:34 - Máquina reiniciou

ComboFix-quarantined-files.txt 2012-07-13 14:55

ComboFix2.txt 2012-07-13 02:59

ComboFix3.txt 2012-07-12 15:46

.

Pré-execução: 129.734.340.608 bytes disponíveis

Pós execução: 129.479.020.544 bytes disponíveis

.

- - End Of File - - 8229A5F419A9FA130F3F65F485585437

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:18:43, on 13/07/2012

Platform: Windows Vista SP2 (WinNT 6.00.1906)

MSIE: Internet Explorer v8.00 (8.00.6001.19272)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskeng.exe

C:\Windows\system32\Dwm.exe

C:\Program Files\Dell\DellDock\DellDock.exe

C:\Program Files\DellTPad\Apoint.exe

C:\Windows\System32\igfxpers.exe

C:\Windows\System32\WLTRAY.EXE

C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files\Dell Support Center\bin\sprtcmd.exe

C:\Program Files\LogMeIn\x86\LogMeInSystray.exe

C:\Program Files\IDT\WDM\sttray.exe

C:\Program Files\Alwil Software\Avast5\AvastUI.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Windows Media Player\wmpnscfg.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe

C:\Program Files\DellTPad\ApMsgFwd.exe

C:\Program Files\DellTPad\HidFind.exe

C:\Windows\system32\wbem\unsecapp.exe

C:\Program Files\DellTPad\Apntex.exe

C:\Windows\Explorer.exe

C:\Windows\system32\notepad.exe

C:\Windows\system32\conime.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\Macromed\Flash\FlashUtil10u_ActiveX.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Users\Sica\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/USCON/5

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: AVG Do Not Track - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - (no file)

O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - (no file)

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll

O2 - BHO: G-Buster Browser Defense Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Windows\Downloaded Program Files\gbiehuni.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe

O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [dellsupportcenter] "C:\Program Files\Dell Support Center\bin\sprtcmd.exe" /P dellsupportcenter

O4 - HKLM\..\Run: [LogMeIn GUI] "C:\Program Files\LogMeIn\x86\LogMeInSystray.exe"

O4 - HKLM\..\Run: [sysTrayApp] %ProgramFiles%\IDT\WDM\sttray.exe

O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O4 - Startup: Dell Dock.lnk = C:\Program Files\Dell\DellDock\DellDock.exe

O4 - Global Startup: Bluetooth.lnk = ?

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{91177819-3BD4-476D-B1F7-57C5AF0765E9}: NameServer = 200.204.0.10 200.204.0.138

O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\aestsrv.exe

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe

O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt.inf_f6ef8056\STacSV.exe

O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe

O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\Windows\System32\WLTRYSVC.EXE

O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)

--

End of file - 7505 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o PC está limpo (Y)

Finalizando.......

Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da Ferramenta.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do sistema limpo.

Abra o Painel de Controle > Sistema > Proteção do sistema e desmarque "Disco local" > Aplicar e Ok. Em seguida marque novamente > Aplicar e Ok;



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Quer postar a sua dúvida? Cadastre-se pois é rápido e fácil!


Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.


Entrar Agora
Esse tópico é útil para você?
Então compartilhe e ajude outros internautas!
Entre para seguir isso  
Seguidores 0

  • Vídeos do BABOO no YouTube

  • Posts

    • Não é este o Log do ZOEK solicitado........
    • Pessoal,   TO com um problemao em um cliente e preciso da ajuda de você´s. implementei o terminal services em um server 2008 e estou utilizado o remoteAPP. criei o acesso remoto para meu app e tal.. agora nao consigo acessar o terminal server via esse link do remoteapp, fala que o certificado nao é valido e a conexão nao fecha. segue o erro em anexo..   fiz quase tudo aqui.. até reinstalei todo o serviço.. criei o certificado e tal..  alguém ai já pegou isso?
    • Bom dia! Eu uso o Vista, porque tenho um scanner que não funciona em Windows mais recente e como uso raramente, não compensa comprar um equipamento mais novo. Tenho o Windows 7 X64 e o Windows 10 X86 instalado também.
    • Olá! Aqui o link que irá ajudá-lo: arquivo corrompido excel Saudações.
    • uma perguntinha pq usar win vista hj em dia? nao compensaria formatar por S.O mais novo win 7 ou 8.1? se quiser dica de S.O levezinho mais que média é win 8.1 embedded industry pro nao sei se conhece ele é versao mais leve dos win novos tem ate video que fizeram dele da uma olhada.  
    • Uma atualização fora de época, algum problema está acontecendo. Eu a recebi somente ontem, vamos ver como fica por aqui.
    • Eu sempre espero o fabricante do meu anti-vírus liberar atualização para compatibilidade antes de atualizar mas não foi o caso do rapaz, o caso dele foi algum problema no framework.
    • Novos Logs Zoek.exe v5.0.0.1 Updated 27-09-2015
      Tool run by Paulo on 20/05/2017 at 14:36:24,56.
      Microsoft Windows 10 Pro 10.0.14393  x64
      Running in: Normal Mode No Internet Access Detected
      Launched: C:\Users\Paulo\Desktop\zoek.exe [Scan all users] [Script inserted]  ===== Runcheck 14:38:38,61 ===== --- Create Environment Variables 14:38:56,74 
      --- Create System Restore Point 14:40:23,44 
      --- Checking Input 14:40:41,75 
      --- Reset Hosts File 14:42:04,76 
      --- AU AppData Check 14:42:09,99 
      --- Remove From Windows Installer 14:42:54,36 
      --- Empty Folders Check 15:04:50,69 
      --- Registry HKLM Software Check 15:04:50,87 
      --- Quick Launch Shortcut Check 15:06:22,50 
      --- IE Startpage Check 15:07:37,87 
      --- Program Files DB Check 15:12:58,12 
      --- C:\Users\Default\AppData DB Check 15:21:47,87 
      --- C:\Users\Default.migrated\AppData DB Check 15:21:47,87 
      --- C:\Users\DefaultAppPool\AppData DB Check 15:21:47,87 
      --- C:\Users\Paulo\AppData DB Check 15:21:47,87 
      --- C:\Windows\SysNative\config\systemprofile\AppData DB Check 15:21:47,87 
      --- C:\Windows\sysWoW64\config\systemprofile\AppData DB Check 15:21:47,87 
      --- C:\Windows\serviceprofiles\networkservice\AppData DB Check 15:21:47,87 
      --- C:\Windows\serviceprofiles\Localservice\AppData DB Check 15:21:47,87 
      --- C:\Users\Paulo DB Check 15:51:25,17 
      --- C:\PROGRA~3 DB Check 15:54:37,82 
      --- C:\Users\Default\AppData\Local DB Check 15:55:36,29 
      --- C:\Users\Default User\AppData\Local DB Check 15:55:36,29 
      --- C:\Users\Default.migrated\AppData\Local DB Check 15:55:36,29 
      --- C:\Users\DefaultAppPool\AppData\Local DB Check 15:55:36,29 
      --- C:\Users\Paulo\AppData\Local DB Check 15:55:36,29 
      --- C:\Users\USURIO~1\AppData\Local DB Check 15:55:36,29 
      --- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 15:55:36,29 
      --- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 15:55:36,29 
      --- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 15:55:36,29 
      --- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 15:55:36,29 
      --- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 16:21:08,86 
      --- C:\Users\Paulo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 16:23:03,59 
      --- Tasks DB Check 16:24:17,05 
      --- C:\Users\Paulo\AppData\LocalLow DB Check 16:25:02,01 
      --- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 16:25:02,01 
      --- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 16:25:02,01 
      --- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 16:25:02,01 
      --- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 16:25:02,01 
      --- Tasks2 DB Check 16:34:52,73 
      --- Documents DB Check 16:40:45,38 
      --- Documents2 DB Check 16:42:57,61 
      --- C:\Users\Public\Desktop DB Check 16:43:13,29 
      --- C:\Users\Paulo\Desktop DB Check 16:44:10,47 
      --- Services DB Check 16:45:45,42 
      --- FF prefs.js DB Check 16:51:46,79 
      --- Del by CLSID 16:51:56,00 
      --- Delete Services 16:55:10,47 
      --- Delete files\folders 16:55:36,40 
      --- Create Backups 16:55:38,50 
      --- Firefox Extensions 16:56:44,48 
      --- Chrome Look 16:57:14,36 
      --- IEdefaults 17:02:13,70 
      --- Reset Chrome 17:02:58,18 
      --- Shortcut Fix 17:03:00,12 
      --- Reset IE Proxy 17:09:17,36 
      --- Del from Uninstall List 17:15:34,53 
        Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 23:47:23, on 22/05/2017
      Platform: Unknown Windows (WinNT 6.02.1008)
      MSIE: Internet Explorer v11.0 (11.00.14393.0953)
      Boot mode: Normal Running processes:
      C:\PROGRA~2\GbPlugin\GbpSv.exe
      C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
      C:\Users\Paulo\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/?gws_rd=ssl
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
      F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
      O2 - BHO: Trend Micro Toolbar BHO - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
      O2 - BHO: Trend Micro Network Filter Plugin - {959A5673-7971-48e6-AF54-58F745AC4ABC} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg32.dll
      O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
      O2 - BHO: Trend Micro IE Protection - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
      O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
      O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
      O3 - Toolbar: Trend Micro Security Toolbar - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
      O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
      O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [SilentCleanService] C:\Program Files (x86)\iMobie\PhoneClean\SilentCleanServer.exe
      O4 - HKCU\..\Run: [OneDrive] "C:\Users\Paulo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
      O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIHAL.EXE /EPT "EPLTarget\P0000000000000001" /M "Epson Stylus TX430"
      O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Paulo\AppData\Roaming\Spotify\SpotifyWebHelper.exe"
      O4 - HKCU\..\Run: [Spotify] "C:\Users\Paulo\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
      O4 - HKCU\..\Run: [EPLTarget\P0000000000000002] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000002" /M "XP-211 214 216 Series"
      O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
      O4 - HKUS\S-1-5-18\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-211 214 216 Series" (User 'SISTEMA')
      O4 - HKUS\.DEFAULT\..\Run: [EPLTarget\P0000000000000000] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATILDE.EXE /EPT "EPLTarget\P0000000000000000" /M "XP-211 214 216 Series" (User 'Default user')
      O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
      O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
      O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
      O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: www.bancobrasil.com.br
      O15 - Trusted Zone: www14.bancobrasil.com.br
      O15 - Trusted Zone: www2.bancobrasil.com.br
      O15 - Trusted Zone: www.bb.com.br
      O15 - Trusted Zone: http://www.bb.com.br
      O15 - Trusted Zone: imagem.caixa.gov.br
      O15 - Trusted Zone: internetbanking.caixa.gov.br
      O15 - Trusted Zone: internetbankingpf.caixa.gov.br
      O15 - Trusted Zone: www.caixa.gov.br
      O15 - Trusted Zone: http://www.caixa.gov.br
      O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\module\20002\9.2.1026\9.2.1026\TmBpIe32.dll
      O18 - Protocol: tmop - {69FD7CE3-4604-4FE6-967C-49B9735CEE70} - C:\Program Files\Trend Micro\AMSP\module\20013\5.0.1403\2.7.1088\TmopIEPlg32.dll
      O18 - Protocol: tmtb - {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll
      O18 - Protocol: tmtbim - {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll
      O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
      O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWoW64\Macromed\Flash\FlashPlayerUpdateService.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
      O23 - Service: Trend Micro Solution Platform (Amsp) - Trend Micro Inc. - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
      O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
      O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
      O23 - Service: CxUtilSvc - Conexant Systems, Inc. - C:\Program Files\Conexant\SA3\CxUtilSvc.exe
      O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
      O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
      O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
      O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: EpsonCustomerResearchParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
      O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
      O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
      O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
      O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Platinum Host Service - Trend Micro Inc. - C:\Program Files\Trend Micro\Titanium\plugin\Pt\PtSvcHost.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
      O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
      O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: Synaptics FP WBF Policy Service (valWBFPolicyService) - Unknown owner - C:\Windows\system32\valWBFPolicyService.exe (file missing)
      O23 - Service: BiometricSensorDataSynchronization (valWbioSyncSvc) - Unknown owner - C:\Windows\system32\valWbioSyncSvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --
      End of file - 14796 bytes
       
    • Ok. Antes de encerrar o tópico, acredito que a fonte do modem está com problemas, e ela pode estar contribuindo para esses erros. Flw.
    • Olá, recentemente instalei o Windows 10, porém instalei a atualização (KB890830) no dia 20/05, porém hoje 22/05 a atualização foi instala de novo (ambas com exito) gostaria de saber o porque isso está acontecendo sendo que ambas deu exito na instalação.  
O site BABOO está no ar para informar e ajudar o internauta de Windows. Este site foi publicado em 1999 por Aurélio "Baboo", engenheiro e um dos maiores especialistas brasileiros em Windows, que trabalha profissionalmente com esse sistema operacional desde 1987. Desde 2004 ele é premiado anualmente pela Microsoft como MVP (Most Valuable Professional) pela sua contribuição e ajuda à comunidade de usuários de Windows.

Em 2001 foi criado o
Fórum do BABOO para ajudar o internauta brasileiro a solucionar problemas e dúvidas sobre Windows, Segurança, Office, Hardware e outros temas. Desde 2010 a Microsoft também tem premiado o Mr.Million, administrador da área de Segurança do Fórum do BABOO, pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Atualmente ele é o único MVP brasileiro de Segurança em desktop.

O BABOO é o único site brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows e que participa diariamente e ativamente nos comentários e discussões do site e fórum BABOO.