Conteúdo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Fundo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Desenho: Liso Onda Linha Retalho Madeira Rocha Couro Colméia Vertical Triângulo
Bem-vindo ao Fórum do BABOO!

Desde 2000 o Fórum do BABOO tem ajudado milhões de internautas de Windows a resolverem seus problemas e dúvidas, além de ajudar na remoção de vírus e malwares de seus computadores. Somos o único fórum brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows, então se você tem uma dúvida ou problema que nenhum outro fórum resolve, poste-a aqui pois o MVP Babooadora desafios!
  

O Fórum do BABOO também conta com a participação exclusiva do administrador da área de Segurança MVP Mr.Million que tem reconhecimento internacional da Microsoft pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Se o seu computador está infectado por algum vírus, ele te ajudará a removê-lo!
  

Nosso time de especialistas também inclui Patropi  Osvaldomp  Caze  Ciro-Mota  XERLOUCO ROUMS  Tatha que responderão suas dúvidas sobre diversos assuntos.
 

Participe da nossa comunidade! 

 

Entre para seguir isso  
Seguidores 0
mathyuri

analise de log Hijackthis por favor!

11 posts neste tópico

Já fiz todos os procedimentos solicitados no Tópico Oficial...

O problema é o seguinte, essa semana entrei no site do banco do brasil e entrei na minha conta, e apareceu uma pagina que acredito eu ( e tb a mulher do atendimento deles) que é uma pagina falsa por ter pedido todas as senhas da conta e não tb é possível de sair da pagina. Estranhamente tb ocorreu isso nos outros pcs da minha rede, mas isso não ocorre no Internet Explorer, apenas no Chrome e FireFox... Ai eu passei o Malwarebytes, que encontrou algumas coisas, que já apaguei, e o HijackThis também. Vou passar o log do hijack dos 2 pcs da minha rede... se for possível vcs me ajudarem a detectar algo e ver se tem alguma coisa errada, eu ficaria MUITO agradecido, pois isso está tirando minha paz!!

se necessario dps passo os logs do malwarebyte

Log do HijackThis (PC1)

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 21:55:52, on 17/12/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe

C:\Users\matheus\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe

C:\Users\matheus\Downloads\HijackThis.exe

C:\windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmood...B&cr=1002814476

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmood...B&cr=1002814476

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

R3 - URLSearchHook: PC Tools Browser Guard - {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

F2 - REG:system.ini: UserInit=userinit.exe,

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Browser Guard BHO - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: PC Tools Browser Guard - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM

O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

O4 - HKLM\..\Run: [DelayTSS] "C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - Startup: Dropbox.lnk = matheus\AppData\Roaming\Dropbox\bin\Dropbox.exe

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Browser Defender Update Service - Unknown owner - C:\Program Files (x86)\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe

O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\windows\system32\srvany.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Unknown owner - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Samsung UPD Service2 - Unknown owner - C:\windows\System32\SUPDSvc2.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsAuxs.exe

O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files (x86)\PC Tools\PC Tools Security\pctsSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 15181 bytes

================================================================================================================

Aguardo resposta, Muito obrigado....

Compartilhar este post


Link para o post
Compartilhar em outros sites

Conforme disposto no "Tópico de procedimento padrão obrigatório do Fórum, para exames de Logs"

Logs do HijackThis ** leia antes de postar **

Observações Gerais:

"Tópicos com Logs de Computadores em Rede de Empresas ou de terceiros (clientes), não serão analisados, pois o trabalho aqui desenvolvido é voluntário e gratuito, visando ajudar usuários finais (PCs pessoais)".

Atenciosamente

EQUIPE DE MODERAÇÃO – FÓRUM DO BABOO



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, então vamos analisar o PC 1, quando acabarmos, verificaremos o outro. Um Tópico para cada PC.

Se você usa Modem/Roteador.

1 - Desconecte o cabo RJ11 (telefone) do modem para que não haja conexão.

2 - Resete o roteador.

3 - Realize as suas configurações normalmente.

4 - Modifique sua senha de criptografia wireless para o padrão WPA2-PSK - Encryption = AES.

5 - Troque a senha de administrador padrão de acesso ao modem (geralmente usuário admin e senha admin).

Abra o IE/ Ferramentas/ Opções da Internet/ Conexões/ Configurações da LAN/desmarque usar Servidor Proxy

Desmarque "Usar Script de Configuração automática"

Marque "Detectar automaticamente as Configurações"

 

Abra o Firefox/ Ferramentas/Opções/Avançado/Rede/Configurar Conexão, clique em Sem Proxy.

Abra o Painel de Controle > Conexões de Rede, clique com o botão direito do mouse sobre a sua conexão com a internet > Propriedades > Protocolo TCP/IP > Propriedades e marque "Obter os endereços dos servidores DNS automaticamente e Ok em todas as janelas.

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE:Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Demorei para postar pois estava sem tempo no meio da semana...

Segue os logs:

COMBOFIX

ComboFix 12-12-22.01 - matheus 22/12/2012 16:21:34.1.8 - x64

Microsoft Windows 7 Home Premium 6.1.7601.1.1252.55.1033.18.8100.6204 [GMT -2:00]

Executando de: c:\users\matheus\Desktop\ComboFix.exe

AV: avast! antivírus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

SP: avast! antivírus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - drivers: deleted 161 bytes in 1 streams.

.

((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

C:\Install.exe

c:\programdata\Roaming

.

.

(((((((((((((((( Arquivos/Ficheiros criados de 2012-11-22 to 2012-12-22 ))))))))))))))))))))))))))))

.

.

2012-12-22 18:31 . 2012-12-22 18:31 -------- d-----w- c:\users\Default\AppData\Local\temp

2012-12-22 17:52 . 2012-12-22 17:52 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69379158-BCA1-4C5D-8F33-FF90F40F62E5}\offreg.dll

2012-12-21 19:43 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69379158-BCA1-4C5D-8F33-FF90F40F62E5}\mpengine.dll

2012-12-17 21:47 . 2012-12-17 21:48 -------- d-----w- c:\program files\CCleaner

2012-12-17 20:57 . 2012-12-17 20:57 -------- d-----w- c:\users\matheus\AppData\Roaming\Malwarebytes

2012-12-17 20:57 . 2012-12-17 20:57 -------- d-----w- c:\programdata\Malwarebytes

2012-12-17 20:57 . 2012-12-17 20:57 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware

2012-12-17 20:57 . 2012-09-29 21:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-17 20:37 . 2012-12-17 20:37 -------- d-----w- c:\program files (x86)\PC Tools

2012-12-17 20:30 . 2012-12-18 19:06 -------- d-----w- c:\program files (x86)\Common Files\PC Tools

2012-12-17 20:30 . 2012-11-01 17:35 253256 ----a-w- c:\windows\system32\drivers\PCTSD64.sys

2012-12-17 20:29 . 2012-12-18 19:06 -------- d-----w- c:\programdata\PC Tools

2012-12-17 20:29 . 2012-12-17 20:29 -------- d-----w- c:\users\matheus\AppData\Roaming\TestApp

2012-12-15 04:48 . 2012-12-15 04:48 -------- d-----w- c:\users\matheus\AppData\Roaming\TuneUp Software

2012-12-15 04:48 . 2012-12-15 04:48 -------- d-----w- c:\programdata\TuneUp Software

2012-12-15 04:48 . 2012-12-15 04:48 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}

2012-12-15 04:48 . 2012-12-15 04:48 -------- d--h--w- c:\programdata\Common Files

2012-12-15 04:34 . 2012-12-15 04:34 -------- d-----w- c:\users\matheus\AppData\Roaming\Legendas-2.23

2012-12-13 13:33 . 2012-11-14 05:52 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-12-13 13:33 . 2012-11-14 07:11 182816 ----a-w- c:\program files\Internet Explorer\sqmapi.dll

2012-12-13 13:33 . 2012-11-14 05:53 96768 ----a-w- c:\windows\system32\mshtmled.dll

2012-12-13 13:33 . 2012-11-14 01:44 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb

2012-12-13 13:33 . 2012-11-14 06:00 304640 ----a-w- c:\program files\Internet Explorer\IEShims.dll

2012-12-13 13:33 . 2012-11-14 02:56 149552 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll

2012-12-13 13:33 . 2012-11-14 01:48 420864 ----a-w- c:\windows\SysWow64\vbscript.dll

2012-12-13 03:09 . 2012-12-13 03:09 -------- d-----w- c:\users\matheus\AppData\Local\Arktos

2012-12-13 03:09 . 2012-12-13 03:09 -------- d-----w- c:\users\matheus\AppData\Local\CrashRpt

2012-12-12 23:38 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-12 23:38 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll

2012-12-12 23:36 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll

2012-12-12 23:36 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll

2012-12-09 00:57 . 2012-12-09 00:57 -------- d-----w- c:\program files (x86)\Common Files\Macrovision Shared

2012-12-09 00:57 . 2012-12-15 18:25 -------- d-----w- c:\programdata\Rosetta Stone

2012-12-09 00:57 . 2012-12-09 00:57 -------- d-----w- c:\program files (x86)\Rosetta Stone

2012-12-06 14:29 . 2009-08-30 02:07 482408 ----a-w- c:\windows\ssndii.exe

2012-12-06 14:28 . 2009-12-09 17:59 21776 ----a-w- c:\windows\SysWow64\msxml2a.dll

2012-12-06 14:28 . 2009-12-09 17:59 81920 ----a-w- c:\windows\SysWow64\ssdevm.dll

2012-12-06 14:28 . 2009-12-09 17:59 49152 ----a-w- c:\windows\SysWow64\ssusbpn.dll

2012-12-06 14:28 . 2009-12-09 17:59 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll

2012-12-06 14:28 . 2009-12-09 17:59 74240 ----a-w- c:\windows\system32\ssdevm64.dll

2012-12-06 14:28 . 2009-12-09 17:59 47104 ----a-w- c:\windows\system32\ssusbp64.dll

2012-12-06 14:28 . 2007-08-13 22:48 11576 ------w- c:\windows\system32\drivers\SSPORT.SYS

2012-12-06 14:28 . 2012-12-13 01:09 -------- d-----w- C:\Temp

2012-12-06 14:20 . 2012-12-06 14:20 -------- d-----w- c:\programdata\Samsung

2012-12-06 14:20 . 2011-11-22 07:31 37376 ----a-w- c:\windows\system32\Spool\prtprocs\x64\spd__pc.dll

2012-12-06 14:20 . 2012-05-25 08:26 1558432 ------w- c:\windows\TotalUninstaller.exe

2012-12-06 14:20 . 2009-03-12 01:54 1724416 ------w- c:\windows\gdiplus.dll

2012-12-06 14:19 . 2012-04-05 23:49 382976 ----a-w- c:\windows\system32\UPDIO2.dll

2012-12-06 14:19 . 2012-04-05 23:49 157184 ----a-w- c:\windows\system32\SUPDSvcA2.dll

2012-12-06 14:19 . 2011-04-11 05:26 34304 ----a-w- c:\windows\system32\spd__l.dll

2012-12-06 14:19 . 2012-04-05 23:49 253440 ----a-w- c:\windows\system32\SUPDRun.exe

2012-12-06 14:19 . 2012-04-05 23:48 158208 ----a-w- c:\windows\system32\SUPDSvc2.exe

2012-12-06 14:19 . 2010-10-20 08:46 89600 ----a-w- c:\windows\system32\spd__ci.dll

2012-12-06 14:19 . 2010-05-11 05:28 151552 ----a-w- c:\windows\system32\spd__ci.exe

2012-12-06 14:05 . 2007-08-14 05:42 33792 ----a-w- c:\windows\system32\Spool\prtprocs\x64\cl31cpc.dll

2012-12-04 14:15 . 2012-12-04 14:15 -------- d-----w- c:\program files (x86)\Common Files\Skype

.

.

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-13 18:43 . 2012-06-27 10:28 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-13 18:43 . 2011-11-22 04:31 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-13 13:35 . 2012-05-13 22:22 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-11-19 16:19 . 2012-05-15 19:28 8192 ----a-w- c:\windows\SysWow64\srvany.exe

2012-10-16 08:38 . 2012-11-28 13:32 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 13:32 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 13:32 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-10-09 18:17 . 2012-11-14 11:29 226816 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-10-09 18:17 . 2012-11-14 11:29 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-10-09 17:40 . 2012-11-14 11:29 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll

2012-10-09 17:40 . 2012-11-14 11:29 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll

2012-10-09 15:29 . 2012-09-04 03:11 46440 ----a-w- c:\windows\SysWow64\drivers\gbpkm.sys

2012-10-04 16:40 . 2012-12-12 23:37 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-10-03 17:56 . 2012-11-14 11:29 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-03 17:44 . 2012-11-14 11:29 303104 ----a-w- c:\windows\system32\nlasvc.dll

2012-10-03 17:44 . 2012-11-14 11:29 70656 ----a-w- c:\windows\system32\nlaapi.dll

2012-10-03 17:44 . 2012-11-14 11:29 246272 ----a-w- c:\windows\system32\netcorehc.dll

2012-10-03 17:44 . 2012-11-14 11:29 18944 ----a-w- c:\windows\system32\netevent.dll

2012-10-03 17:44 . 2012-11-14 11:29 216576 ----a-w- c:\windows\system32\ncsi.dll

2012-10-03 17:42 . 2012-11-14 11:29 569344 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-10-03 16:42 . 2012-11-14 11:29 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll

2012-10-03 16:42 . 2012-11-14 11:29 18944 ----a-w- c:\windows\SysWow64\netevent.dll

2012-10-03 16:42 . 2012-11-14 11:29 156672 ----a-w- c:\windows\SysWow64\ncsi.dll

2012-10-03 16:07 . 2012-11-14 11:29 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-10-03 04:54 . 2012-10-03 04:54 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll

2012-10-03 04:54 . 2012-06-05 15:11 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll

2012-10-03 04:54 . 2011-11-22 04:31 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll

2012-09-25 22:47 . 2012-11-14 11:29 78336 ----a-w- c:\windows\SysWow64\synceng.dll

2012-09-25 22:46 . 2012-11-14 11:29 95744 ----a-w- c:\windows\system32\synceng.dll

.

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\matheus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\matheus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 94208 ----a-w- c:\users\matheus\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]

"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2011-03-10 423936]

"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]

"DelayTSS"="c:\program files\Toshiba\DelayTSS\DelayTSS.exe" [2011-11-21 2153328]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-07-03 4273976]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginAbn]

2012-08-02 12:48 644592 ------w- c:\program files (x86)\GbPlugin\gbiehabn.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2012-11-22 18:05 1585768 ----a-w- c:\program files (x86)\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"mixer3"=wdmaud.drv

.

R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 KMService;KMService;c:\windows\system32\srvany.exe [x]

R3 BITCOMET_HELPER_SERVICE;BitComet Disk Boost Service;c:\program files (x86)\BitComet\tools\BitCometService.exe [2010-12-28 1296728]

R3 intaud_WaveExtensible;Intel WiDi Audio Device;c:\windows\system32\drivers\intelaud.sys [2011-08-05 34200]

R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2011-06-01 340240]

R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-01-09 12800]

R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-01-09 171008]

S1 aswKbd;aswKbd; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-07-03 71064]

S2 DMAgent;Intel® PROSet/Wireless WiMAX Red Bend Device Management Service;c:\program files\Intel\WiMAX\Bin\DMAgent.exe [2011-06-14 498688]

S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe [2012-10-09 280168]

S3 bpenum;Intel® Centrino® WiMAX Enumerator;c:\windows\system32\DRIVERS\bpenum.sys [2011-05-19 84480]

S3 bpmp;Intel® Centrino® WiMAX 6050 Series;c:\windows\system32\DRIVERS\bpmp.sys [2011-05-19 182272]

S3 bpusb;Intel® Centrino® WiMAX 6050 Series Function Driver;c:\windows\system32\Drivers\bpusb.sys [2011-05-19 83968]

S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2012-02-26 20592]

S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-16 317440]

S3 iwdbus;IWD Bus Enumerator;c:\windows\system32\DRIVERS\iwdbus.sys [2011-08-05 25496]

S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-05-26 174680]

S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]

S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]

S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]

S4 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD64.sys [x]

S4 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys [x]

S4 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS64.sys [x]

S4 pctEFA;PC Tools Extended File Attributes;c:\windows\system32\drivers\pctEFA64.sys [x]

S4 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [x]

S4 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD64.sys [2012-11-01 253256]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2012-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-27 18:43]

.

2012-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3955560768-3788119238-376849103-1000Core.job

- c:\users\matheus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-13 07:58]

.

2012-12-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3955560768-3788119238-376849103-1000UA.job

- c:\users\matheus\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-13 07:58]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-07-03 16:21 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\matheus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\matheus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\matheus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-06-30 04:19 97792 ----a-w- c:\users\matheus\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ThpSrv"="c:\windows\system32\thpsrv" [X]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-07-02 167704]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-07-02 392472]

"Persistence"="c:\windows\system32\igfxpers.exe" [2011-07-02 416024]

"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]

"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]

"IntelPAN"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2011-06-01 1935120]

"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2011-06-10 710560]

"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyEyD0A0EyE0E0CtD0F0DtN0D0Tzu0StByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1002814476

mStart Page = hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyEyD0A0EyE0E0CtD0F0DtN0D0Tzu0StByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1002814476

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

IE: &D&ownload &with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddLink.htm

IE: &D&ownload all with BitComet - c:\program files (x86)\BitComet\BitComet.exe/AddAllLink.htm

IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~4\Office14\EXCEL.EXE/3000

IE: Google Sidewiki... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

TCP: DhcpNameServer = 192.168.1.25

TCP: Interfaces\{485D6C10-FE7D-4177-845B-CC99713688EF}: NameServer = 200.175.182.139,200.175.5.139

FF - ProfilePath - c:\users\matheus\AppData\Roaming\Mozilla\Firefox\Profiles\qfki9799.default\

FF - prefs.js: network.proxy.type - 0

.

- - - - ORFÃOS REMOVIDOS - - - -

.

Toolbar-Locked - (no file)

Wow6432Node-HKCU-Run-AdobeBridge - (no file)

Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe

Toolbar-Locked - (no file)

HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE

HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe

HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe

HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe

HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe

HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2012-12-22 16:34:12

ComboFix-quarantined-files.txt 2012-12-22 18:34

.

Pré-execução: 543.372.869.632 bytes free

Pós execução: 543.013.548.032 bytes free

.

- - End Of File - - 1FDD071FF004B9A791F48C25C89F1AEA

--------------------------------------------------------------------------------------------

HijackThis

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:36:31, on 22/12/2012

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Users\matheus\Downloads\HijackThis.exe

C:\windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyEyD0A0EyE0E0CtD0F0DtN0D0Tzu0StByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1002814476

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyEyD0A0EyE0E0CtD0F0DtN0D0Tzu0StByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1002814476

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL

O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP

O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM

O4 - HKLM\..\Run: [DelayTSS] "C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O17 - HKLM\System\CCS\Services\Tcpip\..\{485D6C10-FE7D-4177-845B-CC99713688EF}: NameServer = 200.175.182.139,200.175.5.139

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: Gbp Service (GbpSv) - - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: KMService - Unknown owner - C:\windows\system32\srvany.exe

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: Samsung UPD Service2 - Unknown owner - C:\windows\System32\SUPDSvc2.exe (file missing)

O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe

O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe

O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)

O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)

O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe

O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe

O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe

O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 13513 bytes

Aguardo resposta, Muito obrigado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:

Clique com o botão direito do mousesobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

parece que foi apagado os posts anteriores...

 

vou colocar outra vez os logs que você pediu, e eu fiz o procedimento com a ferramenta do Kaspersky mas deu que não tinha nada, e o log deu MUITO grande, cerca de 250 mb no bloco de notas pra você ter uma noçao... tenho q por aqui??

 

segue os logs:

 

Log AdwCleaner:

 

# AdwCleaner v2.101 - Logfile created 12/23/2012 at 02:10:54
# Updated 16/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : matheus - MATHEUS-PC
# Boot Mode : Normal
# Running from : C:\Users\matheus\Downloads\adwcleaner.exe
# Option [Delete]


***** [services] *****


***** [Files / Folders] *****

File Deleted : C:\Users\matheus\AppData\Local\funmoods-speeddial.crx
Folder Deleted : C:\ProgramData\Tarma Installer

***** [Registry] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Software

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyEyD0A0EyE0E0CtD0F0DtN0D0Tzu0StByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1002814476 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyEyD0A0EyE0E0CtD0F0DtN0D0Tzu0StByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1002814476 --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0D0CtD0E0AtCyEyD0A0EyE0E0CtD0F0DtN0D0Tzu0StByEtBtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1002814476 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0.1 (pt-BR)

Profile name : default
File : C:\Users\matheus\AppData\Roaming\Mozilla\Firefox\Profiles\qfki9799.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[s1].txt - [3374 octets] - [23/12/2012 02:10:54]

########## EOF - C:\AdwCleaner[s1].txt - [3434 octets] ##########
 

-----------------------------------------------------------------------------------------------------------------

 

Log do JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.2.4 (12.21.2012:3)
OS: Windows 7 Home Premium x64
Ran by matheus on 23/12/2012 at  2:22:15,45
Blog: http://thisisudax.blogspot.com
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files

Successfully deleted: [File] C:\eula.1028.txt
Successfully deleted: [File] C:\eula.1031.txt
Successfully deleted: [File] C:\eula.1033.txt
Successfully deleted: [File] C:\eula.1036.txt
Successfully deleted: [File] C:\eula.1040.txt
Successfully deleted: [File] C:\eula.1041.txt
Successfully deleted: [File] C:\eula.1042.txt
Successfully deleted: [File] C:\eula.2052.txt
Successfully deleted: [File] C:\install.res.1028.dll
Successfully deleted: [File] C:\install.res.1031.dll
Successfully deleted: [File] C:\install.res.1033.dll
Successfully deleted: [File] C:\install.res.1036.dll
Successfully deleted: [File] C:\install.res.1040.dll
Successfully deleted: [File] C:\install.res.1041.dll
Successfully deleted: [File] C:\install.res.1042.dll
Successfully deleted: [File] C:\install.res.2052.dll
Successfully deleted: [File] C:\install.res.3082.dll



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 23/12/2012 at  2:31:21,98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

---------------------------------------------------------------------------------------------------------------

 

Log do Hijack

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 02:32:14, on 23/12/2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\TOSHIBA\widimon\widimon.exe
C:\windows\SysWOW64\notepad.exe
c:\Users\matheus\Downloads\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files (x86)\Scpad\scpsssh2.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [sVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
O4 - HKLM\..\Run: [DelayTSS] "C:\Program Files\Toshiba\DelayTSS\DelayTSS.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files (x86)\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://C:\Program Files (x86)\BitComet\tools\BitCometBHO_1.5.4.11.dll/206 (file missing)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{485D6C10-FE7D-4177-845B-CC99713688EF}: NameServer = 200.175.182.139,200.175.5.139
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files (x86)\Scpad\scpLIB.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: BitComet Disk Boost Service (BITCOMET_HELPER_SERVICE) - www.BitComet.com - C:\Program Files (x86)\BitComet\tools\BitCometService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® PROSet/Wireless WiMAX Red Bend Device Management Service (DMAgent) - Red Bend Ltd. - C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) -   - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\windows\system32\srvany.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Samsung UPD Service2 - Unknown owner - C:\windows\System32\SUPDSvc2.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: scpVista - Banco Bradesco S.A. - C:\Program Files (x86)\Scpad\scpVista.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: Intel® PROSet/Wireless WiMAX Service (WiMAXAppSrv) - Intel® Corporation - C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13290 bytes
 

 

...

 

 

Aguardo resposta;

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o PC está limpo (Y)
Finalizando.......
Clique em Iniciar > Executar > digite (ou copie e cole): ComboFix /Uninstall > dê Ok.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR > Propiedades > Proteção do Sistema > Configurar > Excluir.
Ainda em Proteção do Sistema > Criar.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Quer postar a sua dúvida? Cadastre-se pois é rápido e fácil!


Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.


Entrar Agora
Esse tópico é útil para você?
Então compartilhe e ajude outros internautas!
Entre para seguir isso  
Seguidores 0

  • NOVIDADES DO SITE BABOO

  • Posts

    • Olá, Não apareceu a opção para ativar/desativar a versão trial. Abraços Mbam.txt hijackthis II.log  
    • 1. Desabilite o seu Antivírus e AntiSpyware para não haver conflitos e Mantenha-os desativados até terminar as instruções. 2. Faça download do AdwCleaner e salve-o na sua Área de Trabalho (desktop) 3. Execute o adwcleaner.exe Usuários do Windows Vista, 7, 8 ou 8.1: clique com o botão direito do mouse no ícone do adwcleaner.exe e selecione   4. Clique no botão Verificar e depois em Limpar 5. Salve o Log criado 6. Faça download do JRT (Junkware Removal Tool) e salve-o na sua Área de Trabalho 7. Dê um duplo-clique no arquivo JRT para executá-lo Usuários do Windows 7, 8, 8.1, ou 10: clique com o botão direito do mouse no ícone do JRT.exe e selecione   8. O JRT começará o exame do seu Sistema. Tenha paciência pois pode demorar alguns minutos dependendo da quantidades de itens examinados 9. No final um novo arquivo JRT.txt aparecerá na sua Área de Trabalho e uma janela se abrirá com o conteúdo deste arquivo (log do JRT) 10. Selecione todo o conteúdo desse log (tecle CTRL+A), copie-o (CTRL+C) e cole-o (CTRL+V) na sua próxima resposta juntamente com o Log do AdwCleaner (item 5 acima) e o novo log do HijackThis
    • Olá, Geneci. Experimente: =(B2*(1+D2))*D2+B2  ou  =(B2+B2*D2)*D2+B2
    • Tentei, mas o programa não abriu e apareceu uma caixa de diálogo que diz "unable to start / unable to connect the service". V. imagem anexa à mensagem.
    • Baixe o Malwarebytes Anti-Malware (MBAM) e salve ou imprima estas instruções: 1. Execute o MBAM e prossiga com a instalação até chegar na tela abaixo. Você deve desmarcar a opção Ativar trial gratuito do Malwarebytes Anti-Malware Pro  2. O programa de instalação será finalizado e o MBAM será executado e automaticamente atualizará o seu banco de dados. Enquanto ele faz isso, clique no menu Configurações > Detecção e proteção (à esquerda) e clique na opção Procurar rootkits. Verifique também se as duas opções mostradas abaixo estão ambas configuradas como Tratar detecções como malware: 3. Clique no menu Painel para voltar à tela principal e clique no botão Verificar. O MBAM iniciará a verificação de malwares no seu computador. Essa tarefa pode demorar bastante se houverem muitos arquivos. Aguarde a finalização de todos os processos. Se no final o MBAM detectou algum malware, inicialmente clique na opção Salvar resultados > escolha a opção Arquivo de texto (*.txt) > Salve o arquivo: Agora clique no botão Remover selecionados para as ameaças serem removidas.  Se o MBAM encontrar arquivos que não podem ser removidos, ele solicitará a reinicialização do computador (talvez mais de uma vez). Se isso acontecer, reinicie o computador imediatamente. 4. Agora abra o arquivo que você salvou no item anterior.  Selecione todo o conteúdo desse log (tecle CTRL+A), copie-o (CTRL+C) e cole-o (CTRL+V) na sua próxima resposta juntamente com um novo Log do HiJackThis .
    • tenho uma placa-mãe de servidor com 2 entradas de rede. uso Windows 7 ultimate 64bits. Meu problema é esse: Uso 2 redes, e preciso configurar um programa  para uma determinada rede(ex: usar Utorrent na rede a e o IDM na rede B), como posso fazer isso?
    • Ok, seguem os logs: ############################## | UsbFix V 9.028 | [Limpar] Usuário: PC (Administrador) # PC-HP-72379
      Atualizado em 23/02/2017 por SOSVirus
      Começou em 15:26:06 | 23/02/2017 Site : https://www.usb-antivírus.com/pt/
      Manual : https://www.usb-antivírus.com/pt/2014/03/tutorial-do-usbfix-scan/
      Asistencia : https://www.sosvirus.org/
      Detecção en vivo : http://www.sosmalware.com/br/usbfix/
      Contato : https://www.usb-antivírus.com/pt/contato/ ################## | System information | MB: Hewlett-Packard (1633)
      CPU: AMD A4-3310MX APU with Radeon(tm) HD Graphics
      RAM -> [Total : 3552 Mo | Free : 746 Mo]
      BIOS: Hewlett-Packard
      Boot: Normal boot OS: Microsoft™ Windows 7 Professional (6.1.7601 64-Bit) Service Pack 1
      WB: Internet Explorer : 11.00.9600.16428
      WB: Google Chrome : 56.0.2924.87
      WB: Mozilla Firefox : 51.0.1 ################## | Security Information | AV: avast! Internet Security [(!) Não ativo |(!) Não atualizado]
      AV: Microsoft Security Essentials [Ativo |Atualizado]
      AS: Microsoft Security Essentials [Ativo |Atualizado]
      AS: avast! Internet Security [(!) Não ativo |(!) Não atualizado]
      AS: Windows Defender [(!) Não ativo |Atualizado]
      FW: avast! Internet Security [(!) Não ativo]
      FW: Windows Firewall [Ativo]
      SC: Security Center [Ativo]
      WU: Windows Update [Ativo] ################## | Disk Information | C:\ (%SystemDrive%) -> Disco fixo # 447 Gb (341 Gb livre - 76%) [] # NTFS
      D:\ -> Disco removível # 7 Gb (4 Gb livre - 59%) [MAURA AULAS] # FAT32
      E:\ -> Disco fixo # 13 Gb (2 Gb livre - 15%) [HP_RECOVERY] # NTFS
      F:\ -> Disco fixo # 5 Gb (2 Gb livre - 42%) [HP_TOOLS] # FAT32
      H:\ -> Disco removível # 7 Gb (7 Gb livre - 100%) [] # FAT32 ################## | Procura genérica | Supprimido! D:\Aryanna 1.4.m4a.lnk
      Supprimido! D:\Aryanna 2.1.m4a.lnk
      Supprimido! D:\Aryanna 2.2.m4a.lnk
      Supprimido! D:\Aryanna 2.3.m4a.lnk
      Supprimido! D:\Aryanna 2.4.m4a.lnk
      Supprimido! D:\Aryanna 3.1.m4a.lnk
      Supprimido! D:\Aryanna 3.2a.m4a.lnk
      Supprimido! D:\Aryanna 3.2b.m4a.lnk
      Supprimido! D:\Aryanna 3.2c.m4a.lnk
      Supprimido! D:\Aryanna 3.3a.m4a.lnk
      Supprimido! D:\Aryanna 3.3b.m4a.lnk
      Supprimido! D:\Aryanna 3.4.m4a.lnk
      Supprimido! D:\Aryanna 4.1.m4a.lnk
      Supprimido! D:\Aryanna 4.2.m4a.lnk
      Supprimido! D:\Aryanna 4.3.m4a.lnk
      Supprimido! D:\Aryanna 4.4.m4a.lnk
      Supprimido! D:\Aryanna 5.1a.m4a.lnk
      Supprimido! D:\Aryanna 5.1b.m4a.lnk
      Supprimido! D:\Aryanna 5.2a.m4a.lnk
      Supprimido! D:\Aryanna 5.2b.m4a.lnk
      Supprimido! D:\Aryanna 5.3a.m4a.lnk
      Supprimido! D:\Aryanna 5.3b.m4a.lnk
      Supprimido! D:\Aryanna 5.3c.m4a.lnk
      Supprimido! D:\Aryanna 5.4.m4a.lnk
      Supprimido! D:\Civil 2.3.m4a.lnk
      Supprimido! D:\Civil 2.4a.m4a.lnk
      Supprimido! D:\Civil 2.4b.m4a.lnk
      Supprimido! D:\Civil 3.1.m4a.lnk
      Supprimido! D:\Civil 3.1a.m4a.lnk
      Supprimido! D:\Civil 3.1b.m4a.lnk
      Supprimido! D:\Civil 3.2.m4a.lnk
      Supprimido! D:\Civil 3.4.m4a.lnk
      Supprimido! D:\Civil 4.2.m4a.lnk
      Supprimido! D:\Civil 4.3.m4a.lnk
      Supprimido! D:\Civil 4.4.m4a.lnk
      Supprimido! D:\Cjvil 4.1.m4a.lnk
      Supprimido! D:\Cpi , CD, SF- aula 3.1.m4a.lnk
      Supprimido! D:\Edem 2.1a.m4a.lnk
      Supprimido! D:\Edem 2.1b.m4a.lnk
      Supprimido! D:\Edem 2.2.m4a.lnk
      Supprimido! D:\Edem 2.3.m4a.lnk
      Supprimido! D:\Edem 2.4.m4a.lnk
      Supprimido! D:\Edem 3.1.m4a.lnk
      Supprimido! D:\Edem 3.2.m4a.lnk
      Supprimido! D:\Edem 3.3.m4a.lnk
      Supprimido! D:\Edem 3.4a.m4a.lnk
      Supprimido! D:\Edem 3.4b.m4a.lnk
      Supprimido! D:\Elizabete 1.1a.m4a.lnk
      Supprimido! D:\Elizabete 1.1b.m4a.lnk
      Supprimido! D:\Elizabete 1.2.m4a.lnk
      Supprimido! D:\Elizabete 1.3.m4a.lnk
      Supprimido! D:\Elizabete 1.4.m4a.lnk
      Supprimido! D:\Elizabete 2.1.m4a.lnk
      Supprimido! D:\Elizabete 2.2.m4a.lnk
      Supprimido! D:\Elizabete 2.3.m4a.lnk
      Supprimido! D:\Elizabete 2.4.m4a.lnk
      Supprimido! D:\Eu te desejo.m4a.lnk
      Supprimido! D:\Flavia 3.3 adi interventiva.m4a.lnk
      Supprimido! D:\Flavia 3.4b.m4a.lnk
      Supprimido! D:\Flavis 3.4a.m4a.lnk
      Supprimido! D:\Gustavo 3.1.m4a.lnk
      Supprimido! D:\Gustavo 3.2.m4a.lnk
      Supprimido! D:\Gustavo 3.3.m4a.lnk
      Supprimido! D:\Gustavo 3.4.m4a.lnk
      Supprimido! D:\Gustavo 4.1.m4a.lnk
      Supprimido! D:\Gustavo 4.2.m4a.lnk
      Supprimido! D:\Gustavo 4.3.m4a.lnk
      Supprimido! D:\Gustavo 4.4.m4a.lnk
      Supprimido! D:\Joao Paulo 1.1.m4a.lnk
      Supprimido! D:\Joao Paulo 1.2.m4a.lnk
      Supprimido! D:\Joao Paulo 1.3.m4a.lnk
      Supprimido! D:\Joao Paulo 1.4.m4a.lnk
      Supprimido! D:\Joao Paulo 2.1.m4a.lnk
      Supprimido! D:\Joao Paulo 2.2a.m4a.lnk
      Supprimido! D:\Joao Paulo 2.2b.m4a.lnk
      Supprimido! D:\Joao Paulo 2.2c.m4a.lnk
      Supprimido! D:\Joao Paulo 2.3.m4a.lnk
      Supprimido! D:\Joao Paulo 2.4.m4a.lnk
      Supprimido! D:\PENAL 2.1.m4a.lnk
      Supprimido! D:\Penal 2.2a.m4a.lnk
      Supprimido! D:\Penal 2.2b.m4a.lnk
      Supprimido! D:\Penal 2.3.m4a.lnk
      Supprimido! D:\Penal 2.4.m4a.lnk
      Supprimido! D:\Perempção no p.trab..m4a.lnk
      Supprimido! D:\Pres. Rep e questões a2-v3.m4a.lnk
      Supprimido! D:\Prevenção criminal, extraterritorialidade - a1v2.m4a.lnk
      Supprimido! D:\Processo legislativo -a 2 v2.m4a.lnk
      Supprimido! D:\Questão  penal 7-11 aula 1.4.m4a.lnk
      Supprimido! D:\Questão 04 penal.m4a.lnk
      Supprimido! D:\Questao 05 penal.m4a.lnk
      Supprimido! D:\Questáo 06 penal.m4a.lnk
      Supprimido! D:\Questoes f. Essenc. Just. A2-v2.m4a.lnk
      Supprimido! D:\Rádio 001.m4a.lnk
      Supprimido! D:\Res. e dec. Leg., d.sociais- aula 3.2.m4a.lnk
      Supprimido! D:\TCU - flavia.m4a.lnk
      Supprimido! D:\Tonassi 2.2.m4a.lnk
      Supprimido! D:\Tonassi 2.1.m4a.lnk
      Supprimido! D:\Tonassi 2.3.m4a.lnk
      Supprimido! D:\Tonassi 2.4.m4a.lnk
      Supprimido! D:\Tonassi 3.1.m4a.lnk
      Supprimido! D:\Tonassi 3.2.m4a.lnk
      Supprimido! D:\Gustavo 2.4b.m4a.lnk
      Supprimido! D:\Gustavo - 2.1.m4a.lnk
      Supprimido! D:\Gustavo 2.2a.m4a.lnk
      Supprimido! D:\Gustavo 2.2b.m4a.lnk
      Supprimido! D:\Gustavo 2.2c.m4a.lnk
      Supprimido! D:\Gustavo 2.3.m4a.lnk
      Supprimido! D:\Gustavo 2.4a.m4a.lnk
      Supprimido! D:\50 dicas - TRT-PA.pdf.lnk
      Supprimido! D:\Conceito do ciclo PDCA.docx.lnk
      Supprimido! D:\OJH 2182  SAVEIRO.docx.lnk
      Supprimido! D:\delta pará.pdf.lnk
      Supprimido! D:\oitiva AGNALDO.docx.lnk
      Supprimido! D:\depoimento RANAILTON.docx.lnk
      Supprimido! D:\QUE não é verdade que tenha matado a vítima MARIA MADALENA COSTA.docx.lnk
      Supprimido! D:\LUANA DA CONCEIÇÃO.docx.lnk
      Supprimido! D:\DEPOIMENTO JOEL MORAES DE ALMEIDA.pdf.lnk
      Supprimido! D:\System Volume Information.lnk
      Supprimido! D:\LOST.DIR.lnk
      Supprimido! D:\Nova pasta.lnk
      Supprimido! D:\video whatzap.lnk
      Supprimido! D:\Tonassi 3.3.m4a.lnk
      Supprimido! D:\Tonassi 3.4b.m4a.lnk
      Supprimido! D:\Tonassi 4.1.m4a.lnk
      Supprimido! D:\Tonassi 4.2.m4a.lnk
      Supprimido! D:\Tonassi 4.3.m4a.lnk
      Supprimido! D:\Tonassi 4.4.m4a.lnk
      Supprimido! D:\Tonassi 5.1.m4a.lnk
      Supprimido! D:\Tonassi 5.2a.m4a.lnk
      Supprimido! D:\Tonassi 5.2b.m4a.lnk
      Supprimido! D:\Tonassi 5.3a.m4a.lnk
      Supprimido! D:\Tonassi 5.3b.m4a.lnk
      Supprimido! D:\Tonassi 5.4.m4a.lnk
      Supprimido! D:\ação civil publica (c.constit)a2-v3.m4a.lnk
      Supprimido! D:\AFO 1.1.m4a.lnk
      Supprimido! D:\AFO 1.2.m4a.lnk
      Supprimido! D:\AFO 1.3a.m4a.lnk
      Supprimido! D:\AFO 1.3b.m4a.lnk
      Supprimido! D:\AFO 1.4.m4a.lnk
      Supprimido! D:\AFO 2.1.m4a.lnk
      Supprimido! D:\AFO 2.2.m4a.lnk
      Supprimido! D:\AFO 2.3a.m4a.lnk
      Supprimido! D:\AFO 2.3b.m4a.lnk
      Supprimido! D:\AFO 2.4a.m4a.lnk
      Supprimido! D:\AFO 2.4b.m4a.lnk
      Supprimido! D:\Aryanna 1.1.m4a.lnk
      Supprimido! D:\Aryanna 1.2.m4a.lnk
      Supprimido! D:\Aryanna 1.3.m4a.lnk
      Supprimido! C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Start.lnk
      Não supprimido ! ... Tentative au redémarrage... D:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
      Supprimido! D:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665
      Supprimido! D:\1.bat
      Supprimido! H:\1.bat
      Restorado! [D] D:\Drive
      Restorado! D:\.Trashes\641\fsmikgut.js -> D:\641\fsmikgut.js
      Restorado! D:\.Trashes\System Volume Information\IndexerVolumeGuid -> D:\System Volume Information\IndexerVolumeGuid
      Restorado! D:\.Trashes\video whatzap\VID-20160529-WA0003.mp4 -> D:\video whatzap\VID-20160529-WA0003.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160531-WA0007.mp4 -> D:\video whatzap\VID-20160531-WA0007.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160531-WA0008.mp4 -> D:\video whatzap\VID-20160531-WA0008.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160531-WA0010.mp4 -> D:\video whatzap\VID-20160531-WA0010.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160601-WA0041.mp4 -> D:\video whatzap\VID-20160601-WA0041.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160603-WA0023.mp4 -> D:\video whatzap\VID-20160603-WA0023.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160609-WA0047.mp4 -> D:\video whatzap\VID-20160609-WA0047.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160612-WA0034.mp4 -> D:\video whatzap\VID-20160612-WA0034.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160613-WA0008.mp4 -> D:\video whatzap\VID-20160613-WA0008.mp4
      Restorado! D:\.Trashes\video whatzap\Bagaça-bruno batista.mp4 -> D:\video whatzap\Bagaça-bruno batista.mp4
      Restorado! D:\.Trashes\video whatzap\Helena no espelho.mp4 -> D:\video whatzap\Helena no espelho.mp4
      Restorado! D:\.Trashes\video whatzap\Junior brandao.mp4 -> D:\video whatzap\Junior brandao.mp4
      Restorado! D:\.Trashes\video whatzap\Marina carol.mp4 -> D:\video whatzap\Marina carol.mp4
      Restorado! D:\.Trashes\video whatzap\Nicer helena 2.mp4 -> D:\video whatzap\Nicer helena 2.mp4
      Restorado! D:\.Trashes\video whatzap\Niver helena.mp4 -> D:\video whatzap\Niver helena.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160314-WA0013.mp4 -> D:\video whatzap\VID-20160314-WA0013.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160329-WA0031.mp4 -> D:\video whatzap\VID-20160329-WA0031.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160504-WA0016.mp4 -> D:\video whatzap\VID-20160504-WA0016.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160505-WA0041.mp4 -> D:\video whatzap\VID-20160505-WA0041.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160514-WA0041.mp4 -> D:\video whatzap\VID-20160514-WA0041.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160523-WA0036.mp4 -> D:\video whatzap\VID-20160523-WA0036.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160526-WA0027.mp4 -> D:\video whatzap\VID-20160526-WA0027.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160526-WA0028.mp4 -> D:\video whatzap\VID-20160526-WA0028.mp4
      Restorado! D:\.Trashes\video whatzap\VID-20160527-WA0048.mp4 -> D:\video whatzap\VID-20160527-WA0048.mp4
      Restorado! D:\.Trashes\Tonassi 3.3.m4a -> D:\Tonassi 3.3.m4a
      Restorado! D:\.Trashes\Tonassi 3.4b.m4a -> D:\Tonassi 3.4b.m4a
      Restorado! D:\.Trashes\Tonassi 4.1.m4a -> D:\Tonassi 4.1.m4a
      Restorado! D:\.Trashes\Tonassi 4.2.m4a -> D:\Tonassi 4.2.m4a
      Restorado! D:\.Trashes\Tonassi 4.3.m4a -> D:\Tonassi 4.3.m4a
      Restorado! D:\.Trashes\Tonassi 4.4.m4a -> D:\Tonassi 4.4.m4a
      Restorado! D:\.Trashes\Tonassi 5.1.m4a -> D:\Tonassi 5.1.m4a
      Restorado! D:\.Trashes\Tonassi 5.2a.m4a -> D:\Tonassi 5.2a.m4a
      Restorado! D:\.Trashes\Tonassi 5.2b.m4a -> D:\Tonassi 5.2b.m4a
      Restorado! D:\.Trashes\Tonassi 5.3a.m4a -> D:\Tonassi 5.3a.m4a
      Restorado! D:\.Trashes\Tonassi 5.3b.m4a -> D:\Tonassi 5.3b.m4a
      Restorado! D:\.Trashes\Tonassi 5.4.m4a -> D:\Tonassi 5.4.m4a
      Restorado! D:\.Trashes\ação civil publica (c.constit)a2-v3.m4a -> D:\ação civil publica (c.constit)a2-v3.m4a
      Restorado! D:\.Trashes\AFO 1.1.m4a -> D:\AFO 1.1.m4a
      Restorado! D:\.Trashes\AFO 1.2.m4a -> D:\AFO 1.2.m4a
      Restorado! D:\.Trashes\AFO 1.3a.m4a -> D:\AFO 1.3a.m4a
      Restorado! D:\.Trashes\AFO 1.3b.m4a -> D:\AFO 1.3b.m4a
      Restorado! D:\.Trashes\AFO 1.4.m4a -> D:\AFO 1.4.m4a
      Restorado! D:\.Trashes\AFO 2.1.m4a -> D:\AFO 2.1.m4a
      Restorado! D:\.Trashes\AFO 2.2.m4a -> D:\AFO 2.2.m4a
      Restorado! D:\.Trashes\AFO 2.3a.m4a -> D:\AFO 2.3a.m4a
      Restorado! D:\.Trashes\AFO 2.3b.m4a -> D:\AFO 2.3b.m4a
      Restorado! D:\.Trashes\AFO 2.4a.m4a -> D:\AFO 2.4a.m4a
      Restorado! D:\.Trashes\AFO 2.4b.m4a -> D:\AFO 2.4b.m4a
      Restorado! D:\.Trashes\Aryanna 1.1.m4a -> D:\Aryanna 1.1.m4a
      Restorado! D:\.Trashes\Aryanna 1.2.m4a -> D:\Aryanna 1.2.m4a
      Restorado! D:\.Trashes\Aryanna 1.3.m4a -> D:\Aryanna 1.3.m4a
      Restorado! D:\.Trashes\Aryanna 1.4.m4a -> D:\Aryanna 1.4.m4a
      Restorado! D:\.Trashes\Aryanna 2.1.m4a -> D:\Aryanna 2.1.m4a
      Restorado! D:\.Trashes\Aryanna 2.2.m4a -> D:\Aryanna 2.2.m4a
      Restorado! D:\.Trashes\Aryanna 2.3.m4a -> D:\Aryanna 2.3.m4a
      Restorado! D:\.Trashes\Aryanna 2.4.m4a -> D:\Aryanna 2.4.m4a
      Restorado! D:\.Trashes\Aryanna 3.1.m4a -> D:\Aryanna 3.1.m4a
      Restorado! D:\.Trashes\Aryanna 3.2a.m4a -> D:\Aryanna 3.2a.m4a
      Restorado! D:\.Trashes\Aryanna 3.2b.m4a -> D:\Aryanna 3.2b.m4a
      Restorado! D:\.Trashes\Aryanna 3.2c.m4a -> D:\Aryanna 3.2c.m4a
      Restorado! D:\.Trashes\Aryanna 3.3a.m4a -> D:\Aryanna 3.3a.m4a
      Restorado! D:\.Trashes\Aryanna 3.3b.m4a -> D:\Aryanna 3.3b.m4a
      Restorado! D:\.Trashes\Aryanna 3.4.m4a -> D:\Aryanna 3.4.m4a
      Restorado! D:\.Trashes\Aryanna 4.1.m4a -> D:\Aryanna 4.1.m4a
      Restorado! D:\.Trashes\Aryanna 4.2.m4a -> D:\Aryanna 4.2.m4a
      Restorado! D:\.Trashes\Aryanna 4.3.m4a -> D:\Aryanna 4.3.m4a
      Restorado! D:\.Trashes\Aryanna 4.4.m4a -> D:\Aryanna 4.4.m4a
      Restorado! D:\.Trashes\Aryanna 5.1a.m4a -> D:\Aryanna 5.1a.m4a
      Restorado! D:\.Trashes\Aryanna 5.1b.m4a -> D:\Aryanna 5.1b.m4a
      Restorado! D:\.Trashes\Aryanna 5.2a.m4a -> D:\Aryanna 5.2a.m4a
      Restorado! D:\.Trashes\Aryanna 5.2b.m4a -> D:\Aryanna 5.2b.m4a
      Restorado! D:\.Trashes\Aryanna 5.3a.m4a -> D:\Aryanna 5.3a.m4a
      Restorado! D:\.Trashes\Aryanna 5.3b.m4a -> D:\Aryanna 5.3b.m4a
      Restorado! D:\.Trashes\Aryanna 5.3c.m4a -> D:\Aryanna 5.3c.m4a
      Restorado! D:\.Trashes\Aryanna 5.4.m4a -> D:\Aryanna 5.4.m4a
      Restorado! D:\.Trashes\Civil 2.3.m4a -> D:\Civil 2.3.m4a
      Restorado! D:\.Trashes\Civil 2.4a.m4a -> D:\Civil 2.4a.m4a
      Restorado! D:\.Trashes\Civil 2.4b.m4a -> D:\Civil 2.4b.m4a
      Restorado! D:\.Trashes\Civil 3.1.m4a -> D:\Civil 3.1.m4a
      Restorado! D:\.Trashes\Civil 3.1a.m4a -> D:\Civil 3.1a.m4a
      Restorado! D:\.Trashes\Civil 3.1b.m4a -> D:\Civil 3.1b.m4a
      Restorado! D:\.Trashes\Civil 3.2.m4a -> D:\Civil 3.2.m4a
      Restorado! D:\.Trashes\Civil 3.4.m4a -> D:\Civil 3.4.m4a
      Restorado! D:\.Trashes\Civil 4.2.m4a -> D:\Civil 4.2.m4a
      Restorado! D:\.Trashes\Civil 4.3.m4a -> D:\Civil 4.3.m4a
      Restorado! D:\.Trashes\Civil 4.4.m4a -> D:\Civil 4.4.m4a
      Restorado! D:\.Trashes\Cjvil 4.1.m4a -> D:\Cjvil 4.1.m4a
      Restorado! D:\.Trashes\Cpi , CD, SF- aula 3.1.m4a -> D:\Cpi , CD, SF- aula 3.1.m4a
      Restorado! D:\.Trashes\Edem 2.1a.m4a -> D:\Edem 2.1a.m4a
      Restorado! D:\.Trashes\Edem 2.1b.m4a -> D:\Edem 2.1b.m4a
      Restorado! D:\.Trashes\Edem 2.2.m4a -> D:\Edem 2.2.m4a
      Restorado! D:\.Trashes\Edem 2.3.m4a -> D:\Edem 2.3.m4a
      Restorado! D:\.Trashes\Edem 2.4.m4a -> D:\Edem 2.4.m4a
      Restorado! D:\.Trashes\Edem 3.1.m4a -> D:\Edem 3.1.m4a
      Restorado! D:\.Trashes\Edem 3.2.m4a -> D:\Edem 3.2.m4a
      Restorado! D:\.Trashes\Edem 3.3.m4a -> D:\Edem 3.3.m4a
      Restorado! D:\.Trashes\Edem 3.4a.m4a -> D:\Edem 3.4a.m4a
      Restorado! D:\.Trashes\Edem 3.4b.m4a -> D:\Edem 3.4b.m4a
      Restorado! D:\.Trashes\Elizabete 1.1a.m4a -> D:\Elizabete 1.1a.m4a
      Restorado! D:\.Trashes\Elizabete 1.1b.m4a -> D:\Elizabete 1.1b.m4a
      Restorado! D:\.Trashes\Elizabete 1.2.m4a -> D:\Elizabete 1.2.m4a
      Restorado! D:\.Trashes\Elizabete 1.3.m4a -> D:\Elizabete 1.3.m4a
      Restorado! D:\.Trashes\Elizabete 1.4.m4a -> D:\Elizabete 1.4.m4a
      Restorado! D:\.Trashes\Elizabete 2.1.m4a -> D:\Elizabete 2.1.m4a
      Restorado! D:\.Trashes\Elizabete 2.2.m4a -> D:\Elizabete 2.2.m4a
      Restorado! D:\.Trashes\Elizabete 2.3.m4a -> D:\Elizabete 2.3.m4a
      Restorado! D:\.Trashes\Elizabete 2.4.m4a -> D:\Elizabete 2.4.m4a
      Restorado! D:\.Trashes\Eu te desejo.m4a -> D:\Eu te desejo.m4a
      Restorado! D:\.Trashes\Flavia 3.3 adi interventiva.m4a -> D:\Flavia 3.3 adi interventiva.m4a
      Restorado! D:\.Trashes\Flavia 3.4b.m4a -> D:\Flavia 3.4b.m4a
      Restorado! D:\.Trashes\Flavis 3.4a.m4a -> D:\Flavis 3.4a.m4a
      Restorado! D:\.Trashes\Gustavo 3.1.m4a -> D:\Gustavo 3.1.m4a
      Restorado! D:\.Trashes\Gustavo 3.2.m4a -> D:\Gustavo 3.2.m4a
      Restorado! D:\.Trashes\Gustavo 3.3.m4a -> D:\Gustavo 3.3.m4a
      Restorado! D:\.Trashes\Gustavo 3.4.m4a -> D:\Gustavo 3.4.m4a
      Restorado! D:\.Trashes\Gustavo 4.1.m4a -> D:\Gustavo 4.1.m4a
      Restorado! D:\.Trashes\Gustavo 4.2.m4a -> D:\Gustavo 4.2.m4a
      Restorado! D:\.Trashes\Gustavo 4.3.m4a -> D:\Gustavo 4.3.m4a
      Restorado! D:\.Trashes\Gustavo 4.4.m4a -> D:\Gustavo 4.4.m4a
      Restorado! D:\.Trashes\Joao Paulo 1.1.m4a -> D:\Joao Paulo 1.1.m4a
      Restorado! D:\.Trashes\Joao Paulo 1.2.m4a -> D:\Joao Paulo 1.2.m4a
      Restorado! D:\.Trashes\Joao Paulo 1.3.m4a -> D:\Joao Paulo 1.3.m4a
      Restorado! D:\.Trashes\Joao Paulo 1.4.m4a -> D:\Joao Paulo 1.4.m4a
      Restorado! D:\.Trashes\Joao Paulo 2.1.m4a -> D:\Joao Paulo 2.1.m4a
      Restorado! D:\.Trashes\Joao Paulo 2.2a.m4a -> D:\Joao Paulo 2.2a.m4a
      Restorado! D:\.Trashes\Joao Paulo 2.2b.m4a -> D:\Joao Paulo 2.2b.m4a
      Restorado! D:\.Trashes\Joao Paulo 2.2c.m4a -> D:\Joao Paulo 2.2c.m4a
      Restorado! D:\.Trashes\Joao Paulo 2.3.m4a -> D:\Joao Paulo 2.3.m4a
      Restorado! D:\.Trashes\Joao Paulo 2.4.m4a -> D:\Joao Paulo 2.4.m4a
      Restorado! D:\.Trashes\PENAL 2.1.m4a -> D:\PENAL 2.1.m4a
      Restorado! D:\.Trashes\Penal 2.2a.m4a -> D:\Penal 2.2a.m4a
      Restorado! D:\.Trashes\Penal 2.2b.m4a -> D:\Penal 2.2b.m4a
      Restorado! D:\.Trashes\Penal 2.3.m4a -> D:\Penal 2.3.m4a
      Restorado! D:\.Trashes\Penal 2.4.m4a -> D:\Penal 2.4.m4a
      Restorado! D:\.Trashes\Perempção no p.trab..m4a -> D:\Perempção no p.trab..m4a
      Restorado! D:\.Trashes\Pres. Rep e questões a2-v3.m4a -> D:\Pres. Rep e questões a2-v3.m4a
      Restorado! D:\.Trashes\Prevenção criminal, extraterritorialidade - a1v2.m4a -> D:\Prevenção criminal, extraterritorialidade - a1v2.m4a
      Restorado! D:\.Trashes\Processo legislativo -a 2 v2.m4a -> D:\Processo legislativo -a 2 v2.m4a
      Restorado! D:\.Trashes\Questão  penal 7-11 aula 1.4.m4a -> D:\Questão  penal 7-11 aula 1.4.m4a
      Restorado! D:\.Trashes\Questão 04 penal.m4a -> D:\Questão 04 penal.m4a
      Restorado! D:\.Trashes\Questao 05 penal.m4a -> D:\Questao 05 penal.m4a
      Restorado! D:\.Trashes\Questáo 06 penal.m4a -> D:\Questáo 06 penal.m4a
      Restorado! D:\.Trashes\Questoes f. Essenc. Just. A2-v2.m4a -> D:\Questoes f. Essenc. Just. A2-v2.m4a
      Restorado! D:\.Trashes\Rádio 001.m4a -> D:\Rádio 001.m4a
      Restorado! D:\.Trashes\Res. e dec. Leg., d.sociais- aula 3.2.m4a -> D:\Res. e dec. Leg., d.sociais- aula 3.2.m4a
      Restorado! D:\.Trashes\TCU - flavia.m4a -> D:\TCU - flavia.m4a
      Restorado! D:\.Trashes\Tonassi 2.2.m4a -> D:\Tonassi 2.2.m4a
      Restorado! D:\.Trashes\Tonassi 2.1.m4a -> D:\Tonassi 2.1.m4a
      Restorado! D:\.Trashes\Tonassi 2.3.m4a -> D:\Tonassi 2.3.m4a
      Restorado! D:\.Trashes\Tonassi 2.4.m4a -> D:\Tonassi 2.4.m4a
      Restorado! D:\.Trashes\Tonassi 3.1.m4a -> D:\Tonassi 3.1.m4a
      Restorado! D:\.Trashes\Tonassi 3.2.m4a -> D:\Tonassi 3.2.m4a
      Restorado! D:\.Trashes\Gustavo 2.4b.m4a -> D:\Gustavo 2.4b.m4a
      Restorado! D:\.Trashes\Gustavo - 2.1.m4a -> D:\Gustavo - 2.1.m4a
      Restorado! D:\.Trashes\Gustavo 2.2a.m4a -> D:\Gustavo 2.2a.m4a
      Restorado! D:\.Trashes\Gustavo 2.2b.m4a -> D:\Gustavo 2.2b.m4a
      Restorado! D:\.Trashes\Gustavo 2.2c.m4a -> D:\Gustavo 2.2c.m4a
      Restorado! D:\.Trashes\Gustavo 2.3.m4a -> D:\Gustavo 2.3.m4a
      Restorado! D:\.Trashes\Gustavo 2.4a.m4a -> D:\Gustavo 2.4a.m4a
      Restorado! D:\.Trashes\50 dicas - TRT-PA.pdf -> D:\50 dicas - TRT-PA.pdf
      Restorado! D:\.Trashes\Conceito do ciclo PDCA.docx -> D:\Conceito do ciclo PDCA.docx
      Restorado! D:\.Trashes\OJH 2182  SAVEIRO.docx -> D:\OJH 2182  SAVEIRO.docx
      Restorado! D:\.Trashes\delta pará.pdf -> D:\delta pará.pdf
      Restorado! D:\.Trashes\QUE não é verdade que tenha matado a vítima MARIA MADALENA COSTA.docx -> D:\QUE não é verdade que tenha matado a vítima MARIA MADALENA COSTA.docx
      Restorado! D:\.Trashes\depoimento RANAILTON.docx -> D:\depoimento RANAILTON.docx
      Restorado! D:\.Trashes\LUANA DA CONCEIÇÃO.docx -> D:\LUANA DA CONCEIÇÃO.docx
      Restorado! D:\.Trashes\758\ybtyledi.js -> D:\758\ybtyledi.js
      Restorado! D:\.Trashes\oitiva AGNALDO.docx -> D:\oitiva AGNALDO.docx
      Restorado! D:\.Trashes\DEPOIMENTO JOEL MORAES DE ALMEIDA.pdf -> D:\DEPOIMENTO JOEL MORAES DE ALMEIDA.pdf
      Restorado! D:\.Trashes\411\aqfrxjgg.js -> D:\411\aqfrxjgg.js
      Restorado! [D] H:\Drive
      Restorado! H:\.Trashes\641\fsmikgut.js -> H:\641\fsmikgut.js ################## | Startup | F2 - HKLM\..\Winlogon : [Shell] explorer.exe
      F2 - [x64] HKLM\..\Winlogon : [Shell] explorer.exe
      F2 - HKLM\..\Winlogon : [Userinit] userinit.exe
      F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,C:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe,
      04 - HKCU\..\Run : [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe"
      04 - HKCU\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      04 - HKLM\..\Run : [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
      04 - HKLM\..\Run : [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
      04 - HKLM\..\Run : [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
      04 - HKLM\..\Run : [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
      04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      04 - HKLM\..\Run : [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
      04 - HKLM\..\Run : [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
      04 - HKLM\..\Run : [IFXSPMGT] "c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
      04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      04 - HKLM\..\Run : [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
      04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      04 - HKLM\..\Run : [Xerox PanelMgr] C:\Windows\Xerox\PanelMgr\SSMMgr.exe /autorun
      04 - HKLM\..\Run : [Stanley-L_XRX_S2P] C:\Program Files (x86)\Xerox\Xerox WorkCentre 3210\PSU\Scan2pc.exe
      04 - HKLM\..\Run : [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      04 - [x64] HKLM\..\Run : [HPPowerAssistant] C:\Program Files\Hewlett-Packard\HP Power Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden
      04 - [x64] HKLM\..\Run : [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
      04 - [x64] HKLM\..\Run : [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.exe
      04 - [x64] HKLM\..\Run : [MfeEpePcMonitor] "C:\Program Files\Hewlett-Packard\Drive Encryption\EpePcMonitor.exe"
      04 - [x64] HKLM\..\Run : [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
      04 - [x64] HKLM\..\Run : [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
      04 - [x64] HKLM\..\Run : [Diebold - Warsaw] C:\Program Files\Diebold\Warsaw\core.exe
      04 - [x64] HKLM\..\Run : [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      04 - [x64] HKLM\..\Run : [Malwarebytes TrayApp] "C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe"
      04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
      04 - HKU\S-1-5-21-318916215-1358726986-2337555437-1001\..\Run : [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe"
      04 - HKU\S-1-5-21-318916215-1358726986-2337555437-1001\..\Run : [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      04 - HKU\S-1-5-19\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
      04 - HKU\S-1-5-20\..\RunOnce : [mctadmin] C:\Windows\System32\mctadmin.exe
      04GS - Bluetooth.lnk : C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe
      04GS - OCS Inventory NG Systray.lnk : C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe ################## | C:\ %SystemDrive% - Disco fixo (NTFS) | [09/06/2013 - 00:23:51 | A | 11 Ko] - C:\AdwCleaner[S1].txt
      [23/02/2017 - 14:45:15 | ASH | 3637420 Ko] - C:\hiberfil.sys
      [23/02/2017 - 14:45:18 | ASH | 3637420 Ko] - C:\pagefile.sys
      [28/10/2012 - 20:30:33 | D] - C:\SYSTEM.SAV
      [01/04/2015 - 15:59:00 | A | 1 Ko] - C:\.rnd
      [07/02/2017 - 09:22:44 | D] - C:\Config.Msi
      [19/12/2015 - 11:49:05 | SHD] - C:\$Recycle.Bin
      [14/07/2009 - 00:20:08 | D] - C:\PerfLogs
      [14/07/2009 - 02:08:56 | SHD] - C:\Documents and Settings
      [21/11/2010 - 00:23:51 | RASH | 375 Ko] - C:\bootmgr
      [11/02/2011 - 02:13:50 | SHD] - C:\boot
      [13/07/2012 - 02:15:30 | D] - C:\EFI
      [13/07/2012 - 04:41:35 | D] - C:\hp
      [03/10/2012 - 15:38:58 | SHD] - C:\Recovery
      [03/10/2012 - 17:43:27 | D] - C:\programa
      [29/10/2012 - 03:53:41 | RHD] - C:\MSOCache
      [16/03/2014 - 21:13:46 | D] - C:\Game of Thrones
      [11/06/2014 - 22:22:40 | D] - C:\swsetup
      [18/02/2016 - 11:01:37 | D] - C:\Video
      [04/03/2016 - 15:00:32 | D] - C:\Arquivos de Programas RFB
      [19/12/2016 - 09:45:17 | D] - C:\Program Files (x86)
      [22/02/2017 - 21:57:22 | D] - C:\Windows
      [22/02/2017 - 23:39:52 | RD] - C:\Program Files
      [22/02/2017 - 23:39:52 | HD] - C:\ProgramData
      [23/02/2017 - 14:40:35 | RD] - C:\Users
      [23/02/2017 - 15:30:16 | D] - C:\UsbFix ################## | D:\ - Disco removível (FAT32) | [23/02/2017 - 15:30:42 | D] - D:\641
      [23/02/2017 - 15:30:44 | D] - D:\video whatzap
      [12/02/2016 - 05:56:42 | N | 26190 Ko] - D:\Tonassi 3.3.m4a
      [12/02/2016 - 06:27:26 | N | 25984 Ko] - D:\Tonassi 3.4b.m4a
      [19/02/2016 - 06:48:50 | N | 27230 Ko] - D:\Tonassi 4.1.m4a
      [19/02/2016 - 22:23:30 | N | 43001 Ko] - D:\Tonassi 4.2.m4a
      [20/02/2016 - 11:34:22 | N | 27158 Ko] - D:\Tonassi 4.3.m4a
      [22/02/2017 - 04:31:30 | RSHD] - D:\RECYCLER
      [23/02/2017 - 15:25:00 | D] - D:\Drive
      [20/02/2016 - 12:09:18 | N | 26929 Ko] - D:\Tonassi 4.4.m4a
      [21/02/2016 - 18:14:16 | N | 26454 Ko] - D:\Tonassi 5.1.m4a
      [21/02/2016 - 19:25:16 | N | 14317 Ko] - D:\Tonassi 5.2a.m4a
      [21/02/2016 - 19:39:48 | N | 12757 Ko] - D:\Tonassi 5.2b.m4a
      [21/02/2016 - 20:49:18 | N | 10401 Ko] - D:\Tonassi 5.3a.m4a
      [21/02/2016 - 21:42:28 | N | 17202 Ko] - D:\Tonassi 5.3b.m4a
      [22/02/2016 - 00:06:04 | N | 25943 Ko] - D:\Tonassi 5.4.m4a
      [14/01/2016 - 22:45:14 | N | 2331 Ko] - D:\ação civil publica (c.constit)a2-v3.m4a
      [04/03/2016 - 09:34:40 | N | 25931 Ko] - D:\AFO 1.1.m4a
      [04/03/2016 - 11:06:58 | N | 27127 Ko] - D:\AFO 1.2.m4a
      [04/03/2016 - 11:35:46 | N | 23408 Ko] - D:\AFO 1.3a.m4a
      [04/03/2016 - 11:44:32 | N | 4061 Ko] - D:\AFO 1.3b.m4a
      [04/03/2016 - 12:18:28 | N | 27416 Ko] - D:\AFO 1.4.m4a
      [04/03/2016 - 23:54:10 | N | 26679 Ko] - D:\AFO 2.1.m4a
      [05/03/2016 - 00:30:36 | N | 27550 Ko] - D:\AFO 2.2.m4a
      [05/03/2016 - 06:08:00 | N | 22214 Ko] - D:\AFO 2.3a.m4a
      [05/03/2016 - 06:16:14 | N | 3388 Ko] - D:\AFO 2.3b.m4a
      [05/03/2016 - 06:27:06 | N | 8390 Ko] - D:\AFO 2.4a.m4a
      [05/03/2016 - 07:22:40 | N | 17287 Ko] - D:\AFO 2.4b.m4a
      [23/01/2016 - 09:01:32 | N | 25968 Ko] - D:\Aryanna 1.1.m4a
      [23/01/2016 - 11:28:14 | N | 28822 Ko] - D:\Aryanna 1.2.m4a
      [23/01/2016 - 13:59:22 | N | 27455 Ko] - D:\Aryanna 1.3.m4a
      [23/01/2016 - 17:32:50 | N | 27684 Ko] - D:\Aryanna 1.4.m4a
      [31/01/2016 - 16:59:18 | N | 26313 Ko] - D:\Aryanna 2.1.m4a
      [31/01/2016 - 21:56:38 | N | 27513 Ko] - D:\Aryanna 2.2.m4a
      [31/01/2016 - 22:36:16 | N | 28571 Ko] - D:\Aryanna 2.3.m4a
      [01/02/2016 - 05:19:14 | N | 26643 Ko] - D:\Aryanna 2.4.m4a
      [02/02/2016 - 07:38:54 | N | 29353 Ko] - D:\Aryanna 3.1.m4a
      [02/02/2016 - 12:57:42 | N | 1926 Ko] - D:\Aryanna 3.2a.m4a
      [02/02/2016 - 13:27:36 | N | 22537 Ko] - D:\Aryanna 3.2b.m4a
      [02/02/2016 - 13:39:52 | N | 4181 Ko] - D:\Aryanna 3.2c.m4a
      [02/02/2016 - 13:48:52 | N | 969 Ko] - D:\Aryanna 3.3a.m4a
      [02/02/2016 - 14:36:12 | N | 26963 Ko] - D:\Aryanna 3.3b.m4a
      [02/02/2016 - 15:49:48 | N | 27224 Ko] - D:\Aryanna 3.4.m4a
      [14/02/2016 - 18:43:48 | N | 27075 Ko] - D:\Aryanna 4.1.m4a
      [14/02/2016 - 19:16:12 | N | 25290 Ko] - D:\Aryanna 4.2.m4a
      [14/02/2016 - 22:31:26 | N | 27594 Ko] - D:\Aryanna 4.3.m4a
      [15/02/2016 - 05:24:28 | N | 27345 Ko] - D:\Aryanna 4.4.m4a
      [16/02/2016 - 19:28:36 | N | 5619 Ko] - D:\Aryanna 5.1a.m4a
      [16/02/2016 - 19:55:42 | N | 21249 Ko] - D:\Aryanna 5.1b.m4a
      [16/02/2016 - 22:10:34 | N | 11182 Ko] - D:\Aryanna 5.2a.m4a
      [16/02/2016 - 22:32:32 | N | 18257 Ko] - D:\Aryanna 5.2b.m4a
      [17/02/2016 - 05:23:34 | N | 17991 Ko] - D:\Aryanna 5.3a.m4a
      [17/02/2016 - 05:30:00 | N | 5011 Ko] - D:\Aryanna 5.3b.m4a
      [17/02/2016 - 05:34:22 | N | 3930 Ko] - D:\Aryanna 5.3c.m4a
      [17/02/2016 - 06:08:00 | N | 28848 Ko] - D:\Aryanna 5.4.m4a
      [01/02/2016 - 09:17:12 | N | 27847 Ko] - D:\Civil 2.3.m4a
      [01/02/2016 - 16:15:36 | N | 17992 Ko] - D:\Civil 2.4a.m4a
      [01/02/2016 - 16:36:16 | N | 8939 Ko] - D:\Civil 2.4b.m4a
      [01/02/2016 - 17:27:22 | N | 26092 Ko] - D:\Civil 3.1.m4a
      [24/02/2016 - 07:44:10 | N | 19603 Ko] - D:\Civil 3.1a.m4a
      [24/02/2016 - 07:47:30 | N | 2572 Ko] - D:\Civil 3.1b.m4a
      [01/02/2016 - 18:13:52 | N | 26926 Ko] - D:\Civil 3.2.m4a
      [25/02/2016 - 07:50:52 | N | 27140 Ko] - D:\Civil 3.4.m4a
      [25/02/2016 - 23:31:48 | N | 27314 Ko] - D:\Civil 4.2.m4a
      [26/02/2016 - 13:23:52 | N | 28178 Ko] - D:\Civil 4.3.m4a
      [02/03/2016 - 15:41:16 | N | 28993 Ko] - D:\Civil 4.4.m4a
      [25/02/2016 - 13:55:34 | N | 29450 Ko] - D:\Cjvil 4.1.m4a
      [21/01/2016 - 22:42:24 | N | 26309 Ko] - D:\Cpi , CD, SF- aula 3.1.m4a
      [14/02/2016 - 09:58:14 | N | 18671 Ko] - D:\Edem 2.1a.m4a
      [14/02/2016 - 10:20:58 | N | 10480 Ko] - D:\Edem 2.1b.m4a
      [18/02/2016 - 05:30:02 | N | 19892 Ko] - D:\Edem 2.2.m4a
      [18/02/2016 - 06:35:40 | N | 27698 Ko] - D:\Edem 2.3.m4a
      [20/02/2016 - 14:10:00 | N | 28653 Ko] - D:\Edem 2.4.m4a
      [02/03/2016 - 16:19:14 | N | 18643 Ko] - D:\Edem 3.1.m4a
      [02/03/2016 - 16:58:00 | N | 28795 Ko] - D:\Edem 3.2.m4a
      [02/03/2016 - 17:58:30 | N | 27390 Ko] - D:\Edem 3.3.m4a
      [02/03/2016 - 18:07:20 | N | 4826 Ko] - D:\Edem 3.4a.m4a
      [02/03/2016 - 18:37:52 | N | 27395 Ko] - D:\Edem 3.4b.m4a
      [03/03/2016 - 23:13:58 | N | 6041 Ko] - D:\Elizabete 1.1a.m4a
      [03/03/2016 - 23:41:40 | N | 22689 Ko] - D:\Elizabete 1.1b.m4a
      [04/03/2016 - 00:43:20 | N | 28991 Ko] - D:\Elizabete 1.2.m4a
      [04/03/2016 - 08:27:58 | N | 28512 Ko] - D:\Elizabete 1.3.m4a
      [04/03/2016 - 08:59:36 | N | 27232 Ko] - D:\Elizabete 1.4.m4a
      [04/03/2016 - 14:41:24 | N | 29607 Ko] - D:\Elizabete 2.1.m4a
      [04/03/2016 - 17:02:26 | N | 28507 Ko] - D:\Elizabete 2.2.m4a
      [04/03/2016 - 17:36:18 | N | 28297 Ko] - D:\Elizabete 2.3.m4a
      [04/03/2016 - 18:28:56 | N | 26786 Ko] - D:\Elizabete 2.4.m4a
      [30/12/2015 - 09:13:22 | N | 1672 Ko] - D:\Eu te desejo.m4a
      [25/01/2016 - 21:49:18 | N | 28398 Ko] - D:\Flavia 3.3 adi interventiva.m4a
      [30/01/2016 - 11:13:04 | N | 1838 Ko] - D:\Flavia 3.4b.m4a
      [30/01/2016 - 11:10:46 | N | 25035 Ko] - D:\Flavis 3.4a.m4a
      [26/01/2016 - 19:25:16 | N | 27039 Ko] - D:\Gustavo 3.1.m4a
      [26/01/2016 - 22:29:46 | N | 27038 Ko] - D:\Gustavo 3.2.m4a
      [02/02/2016 - 16:58:58 | N | 28622 Ko] - D:\Gustavo 3.3.m4a
      [02/02/2016 - 17:36:48 | N | 24139 Ko] - D:\Gustavo 3.4.m4a
      [12/02/2016 - 19:49:18 | N | 35575 Ko] - D:\Gustavo 4.1.m4a
      [12/02/2016 - 20:21:26 | N | 27634 Ko] - D:\Gustavo 4.2.m4a
      [12/02/2016 - 21:54:48 | N | 29403 Ko] - D:\Gustavo 4.3.m4a
      [12/02/2016 - 22:26:38 | N | 27646 Ko] - D:\Gustavo 4.4.m4a
      [03/03/2016 - 09:21:06 | N | 23138 Ko] - D:\Joao Paulo 1.1.m4a
      [03/03/2016 - 10:48:30 | N | 28735 Ko] - D:\Joao Paulo 1.2.m4a
      [03/03/2016 - 11:20:48 | N | 27496 Ko] - D:\Joao Paulo 1.3.m4a
      [03/03/2016 - 14:36:32 | N | 26841 Ko] - D:\Joao Paulo 1.4.m4a
      [03/03/2016 - 15:19:36 | N | 27318 Ko] - D:\Joao Paulo 2.1.m4a
      [03/03/2016 - 17:15:02 | N | 13731 Ko] - D:\Joao Paulo 2.2a.m4a
      [03/03/2016 - 17:31:12 | N | 3424 Ko] - D:\Joao Paulo 2.2b.m4a
      [03/03/2016 - 17:45:14 | N | 10310 Ko] - D:\Joao Paulo 2.2c.m4a
      [03/03/2016 - 20:26:06 | N | 28091 Ko] - D:\Joao Paulo 2.3.m4a
      [03/03/2016 - 19:52:38 | N | 27779 Ko] - D:\Joao Paulo 2.4.m4a
      [30/01/2016 - 12:44:20 | N | 27378 Ko] - D:\PENAL 2.1.m4a
      [13/02/2016 - 05:30:02 | N | 20538 Ko] - D:\Penal 2.2a.m4a
      [13/02/2016 - 05:39:00 | N | 8135 Ko] - D:\Penal 2.2b.m4a
      [13/02/2016 - 06:15:18 | N | 26744 Ko] - D:\Penal 2.3.m4a
      [13/02/2016 - 08:06:08 | N | 30868 Ko] - D:\Penal 2.4.m4a
      [31/01/2016 - 23:28:20 | N | 1342 Ko] - D:\Perempção no p.trab..m4a
      [14/01/2016 - 23:15:38 | N | 24589 Ko] - D:\Pres. Rep e questões a2-v3.m4a
      [22/01/2016 - 20:07:02 | N | 30596 Ko] - D:\Prevenção criminal, extraterritorialidade - a1v2.m4a
      [14/01/2016 - 22:17:12 | N | 12822 Ko] - D:\Processo legislativo -a 2 v2.m4a
      [22/01/2016 - 23:36:10 | N | 30560 Ko] - D:\Questão  penal 7-11 aula 1.4.m4a
      [19/01/2016 - 16:44:58 | N | 8156 Ko] - D:\Questão 04 penal.m4a
      [19/01/2016 - 17:03:24 | N | 13737 Ko] - D:\Questao 05 penal.m4a
      [19/01/2016 - 17:15:44 | N | 8637 Ko] - D:\Questáo 06 penal.m4a
      [14/01/2016 - 22:39:00 | N | 14422 Ko] - D:\Questoes f. Essenc. Just. A2-v2.m4a
      [20/07/2015 - 19:39:20 | N | 36 Ko] - D:\Rádio 001.m4a
      [21/01/2016 - 23:19:50 | N | 27324 Ko] - D:\Res. e dec. Leg., d.sociais- aula 3.2.m4a
      [17/01/2016 - 16:32:52 | N | 26455 Ko] - D:\TCU - flavia.m4a
      [30/01/2016 - 06:44:30 | N | 17608 Ko] - D:\Tonassi 2.2.m4a
      [29/01/2016 - 21:54:16 | N | 26163 Ko] - D:\Tonassi 2.1.m4a
      [30/01/2016 - 08:28:30 | N | 26042 Ko] - D:\Tonassi 2.3.m4a
      [30/01/2016 - 09:44:46 | N | 25370 Ko] - D:\Tonassi 2.4.m4a
      [11/02/2016 - 19:55:30 | N | 27204 Ko] - D:\Tonassi 3.1.m4a
      [12/02/2016 - 05:21:58 | N | 27036 Ko] - D:\Tonassi 3.2.m4a
      [24/01/2016 - 11:11:18 | N | 8014 Ko] - D:\Gustavo 2.4b.m4a
      [23/02/2017 - 15:31:00 | D] - D:\758
      [23/02/2017 - 15:31:02 | D] - D:\411
      [23/02/2017 - 15:26:58 | A | 0 Ko] - D:\Drive.bat
      [23/01/2016 - 23:40:46 | N | 27312 Ko] - D:\Gustavo - 2.1.m4a
      [24/01/2016 - 09:21:38 | N | 16959 Ko] - D:\Gustavo 2.2a.m4a
      [24/01/2016 - 09:30:06 | N | 5860 Ko] - D:\Gustavo 2.2b.m4a
      [24/01/2016 - 09:32:08 | N | 1790 Ko] - D:\Gustavo 2.2c.m4a
      [24/01/2016 - 10:20:00 | N | 27359 Ko] - D:\Gustavo 2.3.m4a
      [24/01/2016 - 11:00:44 | N | 14114 Ko] - D:\Gustavo 2.4a.m4a
      [11/03/2016 - 06:05:30 | N | 642 Ko] - D:\50 dicas - TRT-PA.pdf
      [12/04/2016 - 15:19:04 | N | 14 Ko] - D:\Conceito do ciclo PDCA.docx
      [06/05/2016 - 11:58:28 | N | 30 Ko] - D:\OJH 2182  SAVEIRO.docx
      [15/12/2016 - 14:45:00 | N | 3917 Ko] - D:\delta pará.pdf
      [16/02/2017 - 10:43:06 | N | 14 Ko] - D:\depoimento RANAILTON.docx
      [15/12/2016 - 14:44:50 | HD] - D:\.Trashes
      [15/02/2017 - 17:57:52 | N | 17 Ko] - D:\QUE não é verdade que tenha matado a vítima MARIA MADALENA COSTA.docx
      [16/02/2017 - 16:33:48 | N | 13 Ko] - D:\LUANA DA CONCEIÇÃO.docx
      [20/02/2017 - 16:51:50 | N | 12 Ko] - D:\oitiva AGNALDO.docx
      [21/02/2017 - 12:18:14 | N | 111 Ko] - D:\DEPOIMENTO JOEL MORAES DE ALMEIDA.pdf
      [05/07/2016 - 12:13:44 | N | 86 Ko] - D:\641\fsmikgut.js
      [29/05/2016 - 09:14:08 | N | 20550 Ko] - D:\video whatzap\VID-20160529-WA0003.mp4
      [31/05/2016 - 17:26:20 | N | 1903 Ko] - D:\video whatzap\VID-20160531-WA0007.mp4
      [31/05/2016 - 17:27:10 | N | 1874 Ko] - D:\video whatzap\VID-20160531-WA0008.mp4
      [31/05/2016 - 19:59:54 | N | 8417 Ko] - D:\video whatzap\VID-20160531-WA0010.mp4
      [01/06/2016 - 22:48:54 | N | 5162 Ko] - D:\video whatzap\VID-20160601-WA0041.mp4
      [03/06/2016 - 17:38:52 | N | 15596 Ko] - D:\video whatzap\VID-20160603-WA0023.mp4
      [09/06/2016 - 22:25:40 | N | 4260 Ko] - D:\video whatzap\VID-20160609-WA0047.mp4
      [12/06/2016 - 23:06:14 | N | 14460 Ko] - D:\video whatzap\VID-20160612-WA0034.mp4
      [13/06/2016 - 08:03:34 | N | 15585 Ko] - D:\video whatzap\VID-20160613-WA0008.mp4
      [14/04/2016 - 07:32:14 | N | 15172 Ko] - D:\video whatzap\Bagaça-bruno batista.mp4
      [14/04/2016 - 09:30:24 | N | 2046 Ko] - D:\video whatzap\Helena no espelho.mp4
      [15/04/2016 - 20:51:50 | N | 3538 Ko] - D:\video whatzap\Junior brandao.mp4
      [01/04/2016 - 20:36:02 | N | 4141 Ko] - D:\video whatzap\Marina carol.mp4
      [23/05/2016 - 16:02:22 | N | 8801 Ko] - D:\video whatzap\Nicer helena 2.mp4
      [23/05/2016 - 16:03:14 | N | 8801 Ko] - D:\video whatzap\Niver helena.mp4
      [14/03/2016 - 11:33:18 | N | 4986 Ko] - D:\video whatzap\VID-20160314-WA0013.mp4
      [29/03/2016 - 21:54:08 | N | 1155 Ko] - D:\video whatzap\VID-20160329-WA0031.mp4
      [04/05/2016 - 22:59:46 | N | 4848 Ko] - D:\video whatzap\VID-20160504-WA0016.mp4
      [05/05/2016 - 21:27:04 | N | 16177 Ko] - D:\video whatzap\VID-20160505-WA0041.mp4
      [14/05/2016 - 15:59:30 | N | 7750 Ko] - D:\video whatzap\VID-20160514-WA0041.mp4
      [23/05/2016 - 16:39:48 | N | 6454 Ko] - D:\video whatzap\VID-20160523-WA0036.mp4
      [26/05/2016 - 14:02:06 | N | 15593 Ko] - D:\video whatzap\VID-20160526-WA0027.mp4
      [26/05/2016 - 14:03:58 | N | 15998 Ko] - D:\video whatzap\VID-20160526-WA0028.mp4
      [27/05/2016 - 17:54:54 | N | 1885 Ko] - D:\video whatzap\VID-20160527-WA0048.mp4
      [23/02/2017 - 15:25:02 | HD] - D:\Drive\758
      [23/02/2017 - 09:58:32 | A | 79 Ko] - D:\Drive\758\ybtyledi.js
      [05/07/2016 - 12:13:44 | N | 86 Ko] - D:\758\ybtyledi.js
      [05/07/2016 - 12:13:44 | N | 86 Ko] - D:\411\aqfrxjgg.js
      [15/12/2016 - 14:44:52 | HD] - D:\.Trashes\641
      [18/03/2016 - 08:17:18 | HD] - D:\.Trashes\LOST.DIR
      [13/06/2016 - 17:09:18 | HD] - D:\.Trashes\Nova pasta
      [13/06/2016 - 17:09:28 | HD] - D:\.Trashes\video whatzap
      [20/02/2017 - 16:14:30 | HD] - D:\.Trashes\758
      [22/02/2017 - 04:31:54 | HD] - D:\.Trashes\411 ################## | E:\ - Disco fixo (NTFS) | [23/02/2017 - 15:01:36 | A | 0 Ko] - E:\HPSF_Rep.txt
      [13/07/2012 - 06:23:42 | D] - E:\system.sav
      [22/10/2015 - 19:27:25 | A | 1 Ko] - E:\Bibliotecas - Atalho.lnk
      [19/10/2012 - 22:30:40 | A | 0 Ko] - E:\HP_WSD.dat
      [03/10/2012 - 15:50:48 | SHD] - E:\$RECYCLE.BIN
      [21/11/2010 - 00:23:51 | ASH | 375 Ko] - E:\bootmgr
      [13/07/2012 - 06:23:42 | A | 0 Ko] - E:\HP_WINRE
      [03/10/2012 - 15:38:58 | ASHD] - E:\Recovery
      [03/10/2012 - 15:38:59 | ASHD] - E:\boot ################## | F:\ - Disco fixo (FAT32) | [23/02/2017 - 15:01:38 | A | 0 Ko] - F:\HPSF_Rep.txt
      [19/10/2012 - 22:30:42 | A | 0 Ko] - F:\HP_WSD.dat
      [13/07/2012 - 01:36:42 | SHD] - F:\$RECYCLE.BIN
      [13/07/2012 - 01:21:46 | A | 0 Ko] - F:\HP_Tools
      [13/07/2012 - 01:48:02 | D] - F:\Hewlett-Packard ################## | H:\ - Disco removível (FAT32) | [20/02/2017 - 16:11:10 | HD] - H:\.Trashes
      [23/02/2017 - 15:25:24 | D] - H:\Drive
      [23/02/2017 - 15:26:58 | A | 0 Ko] - H:\Drive.bat
      [23/02/2017 - 15:31:04 | D] - H:\641
      [20/02/2017 - 16:11:10 | HD] - H:\.Trashes\641
      [23/02/2017 - 15:25:24 | HD] - H:\Drive\758
      [23/02/2017 - 09:58:32 | A | 79 Ko] - H:\Drive\758\ybtyledi.js
      [05/07/2016 - 12:13:44 | N | 86 Ko] - H:\641\fsmikgut.js Análise realizada em 303.6 segundos ################## | E.O.F | https://www.sosvirus.net/ | https://www.usb-antivírus.com/pt/ |     Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 15:48:27, on 23/02/2017
      Platform: Windows 7 SP1 (WinNT 6.00.3505)
      MSIE: Internet Explorer v11.0 (11.00.9600.17840)
      Boot mode: Normal Running processes:
      C:\PROGRA~2\GbPlugin\GbpSv.exe
      C:\Program Files\AVAST Software\Avast\AvastUI.exe
      C:\Windows\SysWOW64\NOTEPAD.EXE
      C:\Users\PC\Desktop\HijackThis.exe
      C:\Windows\SysWOW64\DllHost.exe
      C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
      C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCOM/6
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://login.latinamweb.com/
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://login.latinamweb.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.20.1.4:3128
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      R3 - URLSearchHook: (no name) - {e0301295-ab3e-4af3-979f-3d453c5f9f48} - (no file)
      F2 - REG:system.ini: UserInit=userinit.exe
      O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
      O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll
      O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
      O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
      O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
      O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll
      O2 - BHO: G-Buster Browser Defense ISG - {C41A1C0E-EA6C-11D4-B1B8-444553540015} - C:\Program Files (x86)\GbPlugin\gbiehisg.dll
      O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll
      O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
      O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
      O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
      O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
      O4 - HKLM\..\Run: [Desktop Disc Tool] "C:\Program Files (x86)\Roxio\Roxio Burn\RoxioBurnLauncher.exe"
      O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
      O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
      O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      O4 - HKLM\..\Run: [HPConnectionManager] c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe
      O4 - HKLM\..\Run: [HPQuickWebProxy] "c:\Program Files (x86)\Hewlett-Packard\HP QuickWeb\hpqwutils.exe"
      O4 - HKLM\..\Run: [IFXSPMGT] "c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
      O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
      O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
      O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
      O4 - HKLM\..\Run: [Xerox PanelMgr] C:\Windows\Xerox\PanelMgr\SSMMgr.exe /autorun
      O4 - HKLM\..\Run: [Stanley-L_XRX_S2P] C:\Program Files (x86)\Xerox\Xerox WorkCentre 3210\PSU\Scan2pc.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe"
      O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
      O4 - Global Startup: Bluetooth.lnk = ?
      O4 - Global Startup: OCS Inventory NG Systray.lnk = C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe
      O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
      O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
      O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
      O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
      O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
      O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
      O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
      O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: www.bancobrasil.com.br
      O15 - Trusted Zone: www14.bancobrasil.com.br
      O15 - Trusted Zone: www2.bancobrasil.com.br
      O15 - Trusted Zone: www.bb.com.br
      O15 - Trusted Zone: http://www.bb.com.br
      O15 - Trusted Zone: http://www.caixa.gov.br
      O15 - Trusted Zone: http://www.infoseg.gov.br
      O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
      O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
      O20 - Winlogon Notify:  GbPluginIsg - C:\Program Files (x86)\GbPlugin\gbiehIsg.dll
      O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
      O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
      O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
      O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
      O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
      O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
      O23 - Service: @C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Company - c:\Windows\SysWOW64\flcdlock.exe
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: HP Power Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
      O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
      O23 - Service: HP Connection Manager 4 Service (hpCMSrv) - Hewlett-Packard Development Company L.P. - c:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe
      O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP DayStarter\32-bit\HPDayStarterService.exe
      O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
      O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
      O23 - Service: hpHotkeyMonitor - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Hotkey Support\HpHotkeyMonitor.exe
      O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
      O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
      O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
      O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
      O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
      O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
      O23 - Service: McAfee Endpoint Encryption Agent - Unknown owner - C:\Program Files\Hewlett-Packard\Drive Encryption\EEAgent\MfeEpeHost.exe
      O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: OCS Inventory Service - OCS Inventory NG - C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe
      O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
      O23 - Service: Portrait Displays SDK Service (PdiService) - Portrait Displays, Inc. - C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
      O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - c:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
      O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: RoxMediaDB12OEM - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: Remote Procedure Call (RPC) Net (Rpcnet) - Absolute Software Corp. - C:\Windows\SysWOW64\rpcnet.exe
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: SCPwrSet Service (SCPwrSetSvr) - Unknown owner - C:\Windows\system32\SCPwrSetSvr.exe (file missing)
      O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
      O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
      O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\Windows\SysWow64\ArcVCapRender\uArcCapture.exe
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: uvnc_service - UltraVNC - C:\Program Files (x86)\UltraVNC\WinVNC.exe
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
      O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Broadcom Corporation - C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --
      End of file - 17756 bytes    
O site BABOO está no ar para informar e ajudar o internauta de Windows. Este site foi publicado em 1999 por Aurélio "Baboo", engenheiro e um dos maiores especialistas brasileiros em Windows, que trabalha profissionalmente com esse sistema operacional desde 1987. Desde 2004 ele é premiado anualmente pela Microsoft como MVP (Most Valuable Professional) pela sua contribuição e ajuda à comunidade de usuários de Windows.

Em 2001 foi criado o
Fórum do BABOO para ajudar o internauta brasileiro a solucionar problemas e dúvidas sobre Windows, Segurança, Office, Hardware e outros temas. Desde 2010 a Microsoft também tem premiado o Mr.Million, administrador da área de Segurança do Fórum do BABOO, pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Atualmente ele é o único MVP brasileiro de Segurança em desktop.

O BABOO é o único site brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows e que participa diariamente e ativamente nos comentários e discussões do site e fórum BABOO.