Conteúdo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Fundo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Desenho: Liso Onda Linha Retalho Madeira Rocha Couro Colméia Vertical Triângulo
Bem-vindo ao Fórum do BABOO!

Desde 2000 o Fórum do BABOO tem ajudado milhões de internautas de Windows a resolverem seus problemas e dúvidas, além de ajudar na remoção de vírus e malwares de seus computadores. Somos o único fórum brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows, então se você tem uma dúvida ou problema que nenhum outro fórum resolve, poste-a aqui pois o MVP Babooadora desafios!
  

O Fórum do BABOO também conta com a participação exclusiva do administrador da área de Segurança MVP Mr.Million que tem reconhecimento internacional da Microsoft pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Se o seu computador está infectado por algum vírus, ele te ajudará a removê-lo!
  

Nosso time de especialistas também inclui Patropi  Osvaldomp  Caze  Ciro-Mota  XERLOUCO ROUMS  Tatha que responderão suas dúvidas sobre diversos assuntos.
 

Participe da nossa comunidade! 

 

Entre para seguir isso  
Seguidores 0
Nakurai

Solicitação de análise de LOG

6 posts neste tópico

Meu Internet Explorer está com um comportamento estranho, não executando muitas funções. Gostaria de solicitar uma analise de LOG, visto que usava apenas o Windows Security Essencials, que eh a mesma coisa que nada.

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:13:12, on 07/01/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\CHamon\Downloads\HijackThis.exe
 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide
O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN27VBR0SJ05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - (no file)
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Electronic Arts\Dragon Age\\bin_ship\DAUpdaterSvc.Service.exe
O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 antivírus\x86\ekrn.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - c:\altera\11.1\quartus\bin64\jtagserver.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
 
--
End of file - 10238 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes Anti-Malware 1.70.0.1100

www.malwarebytes.org

 

Database version: v2013.01.07.11

 

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

CHamon :: LOKI-PC [administrator]

 

07/01/2013 22:29:17

mbam-log-2013-01-07 (22-29-17).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 258433

Time elapsed: 2 minute(s), 37 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

 

 

 

 

 

 

 


Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:32:32, on 07/01/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe

C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Program Files (x86)\uTorrent\uTorrent.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files (x86)\Steam\Steam.exe

C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\CHamon\Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN27VBR0SJ05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED

O4 - HKUS\S-1-5-21-3022297471-2835417200-829461041-1014\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-3022297471-2835417200-829461041-1014\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - (no file)

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Electronic Arts\Dragon Age\\bin_ship\DAUpdaterSvc.Service.exe

O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 antivírus\x86\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - c:\altera\11.1\quartus\bin64\jtagserver.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

 

--

End of file - 10887 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.micro...kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-01-06.01 - CHamon 07/01/2013  22:49:10.3.4 - x64

Microsoft Windows 7 Professional   6.1.7601.1.1252.55.1033.18.8175.6677 [GMT -2:00]

Executando de: c:\users\CHamon\Desktop\ComboFix.exe

AV: ESET NOD32 Antivírus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}

SP: ESET NOD32 Antivírus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}

SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}

SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\programdata\ntuser.dat

.

.

((((((((((((((((   Arquivos/Ficheiros criados de 2012-12-08 to 2013-01-08  ))))))))))))))))))))))))))))

.

.

2013-01-08 00:56 . 2013-01-08 00:56 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp

2013-01-08 00:56 . 2013-01-08 00:56 -------- d-----w- c:\users\Default\AppData\Local\temp

2013-01-05 13:17 . 2013-01-05 13:17 -------- d-----w- c:\program files\ESET

2013-01-05 13:08 . 2013-01-05 13:08 12608 ----a-w- C:\FixitRegBackup.reg

2013-01-05 02:28 . 2013-01-05 02:28 -------- d-----w- c:\program files\CCleaner

2013-01-05 02:24 . 2013-01-05 02:24 -------- d-----w- c:\users\CHamon\AppData\Local\Programs

2013-01-05 02:07 . 2012-11-08 17:24 9125352 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E9B12712-0D79-43C2-A9F0-C6930F40B6BB}\mpengine.dll

2012-12-24 16:01 . 2012-12-24 16:01 -------- d-----w- c:\users\UpdatusUser.LOKI-PC

2012-12-24 15:58 . 2012-07-03 15:25 31080 ----a-w- c:\windows\system32\nvhdap64.dll

2012-12-24 15:58 . 2012-07-03 15:25 189288 ----a-w- c:\windows\system32\drivers\nvhda64v.sys

2012-12-24 15:58 . 2012-07-03 07:37 1472360 ----a-w- c:\windows\system32\nvhdagenco6420103.dll

2012-12-24 15:58 . 2012-12-24 15:58 -------- d-----w- c:\program files (x86)\AGEIA Technologies

2012-12-24 11:03 . 2012-12-01 05:49 3663213 ----a-w- c:\windows\system32\nvcoproc.bin

2012-12-24 11:03 . 2012-12-01 05:49 63336 ----a-w- c:\windows\system32\nvshext.dll

2012-12-24 11:03 . 2012-12-01 05:49 118120 ----a-w- c:\windows\system32\nvmctray.dll

2012-12-24 11:03 . 2012-12-01 05:49 890216 ----a-w- c:\windows\system32\nvvsvc.exe

2012-12-24 11:03 . 2012-12-01 05:48 6223208 ----a-w- c:\windows\system32\nvcpl.dll

2012-12-24 11:03 . 2012-12-01 05:48 3311464 ----a-w- c:\windows\system32\nvsvc64.dll

2012-12-24 11:03 . 2012-12-03 15:47 60776 ----a-w- c:\windows\system32\OpenCL.dll

2012-12-24 11:03 . 2012-12-03 15:47 52584 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-12-24 11:03 . 2012-12-24 11:03 -------- d-----w- c:\programdata\NVIDIA Corporation

2012-12-24 10:50 . 2012-12-24 10:50 -------- d-----w- C:\NVIDIA

2012-12-24 05:50 . 2012-12-24 10:49 -------- d-----w- c:\programdata\Solidshield

2012-12-22 03:15 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-22 03:15 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-22 03:15 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-22 03:15 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-14 13:12 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll

2012-12-10 20:07 . 2012-12-10 20:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll

2012-12-10 20:07 . 2012-12-10 20:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll

2012-12-10 20:07 . 2012-12-10 20:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll

2012-12-10 20:07 . 2012-12-10 20:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll

2012-12-10 20:07 . 2012-12-10 20:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll

2012-12-10 20:07 . 2012-12-10 20:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll

2012-12-10 20:07 . 2012-12-10 20:07 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll

2012-12-10 20:07 . 2012-12-10 20:07 -------- d-----w- c:\program files (x86)\QuickTime

2012-12-10 20:07 . 2012-12-10 20:07 -------- d-----w- c:\programdata\Apple Computer

2012-12-10 20:06 . 2012-12-10 20:06 -------- d-----w- c:\program files (x86)\Common Files\Apple

2012-12-10 20:06 . 2012-12-10 20:06 -------- d-----w- c:\users\CHamon\AppData\Local\Apple

2012-12-10 20:06 . 2012-12-10 20:06 -------- d-----w- c:\programdata\Apple

2012-12-10 20:06 . 2012-12-10 20:06 -------- d-----w- c:\program files (x86)\Apple Software Update

.

.

.

(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-01-08 00:46 . 2012-03-07 12:54 25640 ----a-w- c:\windows\gdrv.sys

2013-01-05 23:41 . 2012-03-08 02:19 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr

2013-01-05 23:41 . 2012-03-08 02:16 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe

2013-01-03 03:09 . 2012-03-08 02:16 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0

2012-12-31 04:31 . 2012-03-08 02:16 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe

2012-12-14 18:49 . 2012-10-07 04:28 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

2012-12-14 15:02 . 2012-03-08 03:18 67413224 ----a-w- c:\windows\system32\MRT.exe

2012-12-13 21:31 . 2012-04-15 09:09 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

2012-12-13 21:31 . 2012-03-15 10:41 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2012-12-01 00:43 . 2012-12-01 00:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe

2012-11-30 18:36 . 2012-05-31 02:18 419840 ----a-w- c:\windows\system32\wrap_oal.dll

2012-11-30 18:36 . 2012-05-31 02:18 413696 ----a-w- c:\windows\SysWow64\wrap_oal.dll

2012-11-30 18:36 . 2012-05-31 02:18 133632 ----a-w- c:\windows\system32\OpenAL32.dll

2012-11-30 18:36 . 2012-05-31 02:18 110592 ----a-w- c:\windows\SysWow64\OpenAL32.dll

2012-11-16 15:56 . 2012-11-16 15:56 209808 ----a-w- c:\windows\system32\drivers\eamonm.sys

2012-10-26 21:01 . 2012-12-08 10:36 237400 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys

2012-10-26 21:00 . 2012-10-26 21:00 131416 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys

2012-10-26 20:59 . 2012-12-08 10:36 119640 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

2012-10-26 20:59 . 2012-10-26 20:59 203608 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll

2012-10-26 20:59 . 2012-10-26 20:59 146264 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys

2012-10-26 20:59 . 2012-10-26 20:59 105816 ----a-w- c:\windows\system32\drivers\VBoxUSB.sys

2012-10-16 08:38 . 2012-11-28 08:52 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2012-10-16 08:38 . 2012-11-28 08:52 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2012-10-16 07:39 . 2012-11-28 08:52 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

.

.

((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HP Officejet Pro 8600 (NET)"="c:\program files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" [2011-09-09 2676584]

"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-12-08 969104]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]

.

c:\users\CHamon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk - c:\windows\system32\RunDll32.exe [2009-7-13 45568]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

"aux6"=wdmaud.drv

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ   autocheck autochk *\0SmartDefragBootTime.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

@="Service"

.

R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 DES2 Service;DES2 Service for Energy Saving.;c:\program files (x86)\GIGABYTE\EnergySaver2\des2svr.exe [2011-08-22 57344]

R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-12-13 3290896]

R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]

R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]

R3 DAUpdaterSvc;Dragon Age: Origins - Content Updater;c:\program files (x86)\Electronic Arts\Dragon Age\\bin_ship\DAUpdaterSvc.Service.exe [2011-02-24 25832]

R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-31 102240]

R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]

R3 EagleX64;EagleX64; [x]

R3 etdrv;etdrv;c:\windows\etdrv.sys [2012-03-07 25640]

R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-05-06 13352]

R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-03-12 30528]

R3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]

R3 IOMap;IOMap;c:\windows\system32\drivers\IOMap64.sys [2010-02-22 23680]

R3 mv2;mv2;c:\windows\system32\DRIVERS\mv2.sys [2012-08-27 12904]

R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]

R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-31 203104]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]

R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2012-10-26 105816]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-07 1255736]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720]

S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]

S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-11-16 209808]

S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]

S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2011-09-14 32360]

S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-10-26 237400]

S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-10-26 119640]

S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 antivírus\x86\ekrn.exe [2012-11-16 913184]

S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]

S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592]

S2 Smart TimeLock;Smart TimeLock Service;c:\program files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe [2009-10-13 114688]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-12-01 382824]

S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-10-23 2848168]

S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848]

S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2011-04-20 1930240]

S3 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\system32\Drivers\EtronHub3.sys [2011-07-29 56960]

S3 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\system32\Drivers\EtronXHCI.sys [2011-07-29 79104]

S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136]

S3 LVUVC64;Logitech HD Webcam C270(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-01 535656]

S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-10-26 131416]

S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-10-26 146264]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-01-08 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 21:31]

.

2012-12-29 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022297471-2835417200-829461041-1000Core.job

- c:\users\CHamon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 03:41]

.

2013-01-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3022297471-2835417200-829461041-1000UA.job

- c:\users\CHamon\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-07 03:41]

.

2013-01-08 c:\windows\Tasks\RtlLanOptimizerVistaStart.job

- c:\program files (x86)\Realtek\LanOptimizer\LanOptimizer.exe [2012-03-08 08:05]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{45d30484-7ded-43d9-957a-d2fd1f046511}]

2010-11-21 03:23 444752 ----a-w- c:\windows\System32\mscoree.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

"{1d09c093-f71e-43c3-b948-19316cbd695e}"= "mscoree.dll" [2010-11-21 444752]

.

[HKEY_CLASSES_ROOT\CLSID\{1d09c093-f71e-43c3-b948-19316cbd695e}]

[HKEY_CLASSES_ROOT\tGBandObj.tGBandObjClass]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-21 12632168]

"RtHDVBg_Dolby"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-13 2264168]

"egui"="c:\program files\ESET\ESET NOD32 antivírus\egui.exe" [2012-11-16 4090824]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\nvinitx.dll

.

------- Scan Suplementar -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mDefault_Page_URL = about:blank

mStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000

IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\CHamon\AppData\Roaming\Mozilla\Firefox\Profiles\gmn6hjrb.default\

FF - prefs.js: browser.search.selectedEngine - AVG Secure Search

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: content.notify.ontimer - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.switch.threshold - 750000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

- - - - ORFÃOS REMOVIDOS - - - -

.

SafeBoot-MsMpSvc

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]

@Denied: (2) (LocalSystem)

"{C55BBCD6-41AD-48AD-9953-3609C48EACC7}"=hex:51,66,7a,6c,4c,1d,38,12,b8,bf,48,

   c1,9f,0f,c3,0d,e6,45,75,49,c1,d0,e8,d3

"{000123B4-9B42-4900-B3F7-F4B073EFC214}"=hex:51,66,7a,6c,4c,1d,38,12,da,20,12,

   04,70,d5,6e,0c,cc,e1,b7,f0,76,b1,86,00

"{0E5680D1-BF44-4929-94AF-FD30D784AD1D}"=hex:51,66,7a,6c,4c,1d,38,12,bf,83,45,

   0a,76,f1,47,0c,eb,b9,be,70,d2,da,e9,09

"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,

   1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7

"{3049C3E9-B461-4BC5-8870-4C09146192CA}"=hex:51,66,7a,6c,4c,1d,38,12,87,c0,5a,

   34,53,fa,ab,0e,f7,66,0f,49,11,3f,d6,de

"{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}"=hex:51,66,7a,6c,4c,1d,38,12,da,39,34,

   5d,e1,a9,97,05,de,be,2c,e9,c9,ff,c2,38

"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,

   94,30,02,d1,0f,f1,da,12,24,73,56,27,d2

"{E33CF602-D945-461A-83F0-819F76A199F8}"=hex:51,66,7a,6c,4c,1d,38,12,6c,f5,2f,

   e7,77,97,74,03,fc,e6,c2,df,73,ff,dd,ec

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]

@Denied: (2) (LocalSystem)

"Timestamp"=hex:0c,2e,a1,da,24,1e,cd,01

.

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

@Denied: (2) (LocalSystem)

"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,f8,90,c4,4e,27,4f,48,a3,07,d2,\

"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,66,f8,90,c4,4e,27,4f,48,a3,07,d2,\

.

[HKEY_USERS\S-1-5-21-3022297471-2835417200-829461041-1000\Software\SecuROM\License information*]

"datasecu"=hex:dd,03,7a,06,c2,bd,40,e6,2a,6d,64,de,38,a4,50,6f,f1,27,3e,25,dd,

   e7,44,5b,b8,46,7a,2b,07,00,1c,6f,c8,ce,6d,f6,35,d7,e4,5b,d6,4d,f2,bf,10,48,\

"rkeysecu"=hex:2f,0f,d5,3e,02,2b,06,63,b1,0b,dd,b6,71,e2,54,98

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Key"="ActionsPane3"

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-01-07  22:57:28

ComboFix-quarantined-files.txt  2013-01-08 00:57

ComboFix2.txt  2013-01-05 02:19

.

Pré-execução: 167.552.745.472 bytes free

Pós execução: 167.096.348.672 bytes free

.

- - End Of File - - B9F3BE88C9A9FFFF05A39E7AB04514D0

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 


Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 22:59:56, on 07/01/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Program Files (x86)\Realtek\LanOptimizer\LanOptimizer.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe

C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe

C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe

C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe

C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\CHamon\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\CHamon\Downloads\HijackThis.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O4 - HKLM\..\Run: [LWS] C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe -hide

O4 - HKCU\..\Run: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN27VBR0SJ05KD:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1

O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe"  /MINIMIZED

O4 - HKUS\S-1-5-21-3022297471-2835417200-829461041-1014\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-3022297471-2835417200-829461041-1014\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000

O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)

O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - (no file)

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: Dragon Age: Origins - Content Updater (DAUpdaterSvc) - BioWare - C:\Program Files (x86)\Electronic Arts\Dragon Age\\bin_ship\DAUpdaterSvc.Service.exe

O23 - Service: DES2 Service for Energy Saving. (DES2 Service) - Unknown owner - C:\Program Files (x86)\GIGABYTE\EnergySaver2\des2svr.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 antivírus\x86\ekrn.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe

O23 - Service: Altera JTAG Server (JTAGServer) - Unknown owner - c:\altera\11.1\quartus\bin64\jtagserver.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: Smart TimeLock Service (Smart TimeLock) - Gigabyte Technology CO., LTD. - C:\Program Files (x86)\GIGABYTE\Smart6\Timelock\TimeMgmtDaemon.exe

O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: UMVPFSrv - Logitech Inc. - C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

 

--

End of file - 10529 bytes


 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Quer postar a sua dúvida? Cadastre-se pois é rápido e fácil!


Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.


Entrar Agora
Esse tópico é útil para você?
Então compartilhe e ajude outros internautas!
Entre para seguir isso  
Seguidores 0

  • NOVIDADES DO SITE BABOO

  • Posts

    • Opa Proberio, cursos tem muitos por ai, mais bons mesmo, como você já deve saber são poucos. Estou fazendo um curso que estou achando muito bom. A didática do professor é muito boa. Ensina muitas coisas do básico ao avançado. Dê uma conferida em http://www.notebooksemsegredo.com.br/ e veja o que acha. Eu to achando esse curso ótimo. Ensina coisas como Regravação de BIOS e BGA, entre outros assuntos que não é comum de encontrar por ai. Até mais,
    • MBRScan v1.1.1 OS             : Windows 8  (64 bit) PROCESSOR      : Intel64 Family 6 Model 58 Stepping 9, GenuineIntel BOOT           : Normal Boot DATE           : 2017/02/27 (ISO 8601) at 09:38:58 ________________________________________________________________________________ Device\Harddisk0\DR0    931.5 Go  [Fixed] ==> Unknown MBR Code ==> PARTITION TABLE FAKED !! MBR_MD5   : CC5302A24F97C64E4622A8B0E560C656 MBR_SHA1  : 47626CEB20ABB6FCD62897A2EA76BD5A2F785B6E Device\Harddisk0\Partition1    2.00 To      0xEE EFI GPT[1]  ________________________________________________________________________________ ############################### Additional scan ################################ DRIVER  : C:\Windows\system32\ntoskrnl.exe => Invisible on the disk ADDRESS : 0xE9A78000 SIZE    : 8.13 Mo DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk ADDRESS : 0xE9A03000 SIZE    : 468.0 Ko DRIVER  : C:\Windows\system32\kd.dll => Invisible on the disk ADDRESS : 0xE89ED000 SIZE    : 44.0 Ko DRIVER  : C:\Windows\system32\mcupdate_GenuineIntel.dll => Invisible on the disk ADDRESS : 0xDCCD0000 SIZE    : 568.0 Ko DRIVER  : C:\Windows\System32\drivers\werkernel.sys => Invisible on the disk ADDRESS : 0xDCD60000 SIZE    : 64.0 Ko DRIVER  : C:\Windows\System32\drivers\CLFS.SYS => Invisible on the disk ADDRESS : 0xDCD70000 SIZE    : 396.0 Ko DRIVER  : C:\Windows\System32\drivers\tm.sys => Invisible on the disk ADDRESS : 0xDC600000 SIZE    : 148.0 Ko DRIVER  : C:\Windows\System32\drivers\FLTMGR.SYS => Invisible on the disk ADDRESS : 0xDC660000 SIZE    : 392.0 Ko DRIVER  : C:\Windows\System32\drivers\msrpc.sys => Invisible on the disk ADDRESS : 0xDC6D0000 SIZE    : 372.0 Ko DRIVER  : C:\Windows\System32\drivers\ksecdd.sys => Invisible on the disk ADDRESS : 0xDC730000 SIZE    : 160.0 Ko DRIVER  : C:\Windows\System32\drivers\clipsp.sys => Invisible on the disk ADDRESS : 0xDC760000 SIZE    : 704.0 Ko DRIVER  : C:\Windows\System32\drivers\cmimcext.sys => Invisible on the disk ADDRESS : 0xDC810000 SIZE    : 52.0 Ko DRIVER  : C:\Windows\System32\drivers\ntosext.sys => Invisible on the disk ADDRESS : 0xDC820000 SIZE    : 48.0 Ko DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk ADDRESS : 0xDC830000 SIZE    : 640.0 Ko DRIVER  : C:\Windows\System32\drivers\cng.sys => Invisible on the disk ADDRESS : 0xDC8D0000 SIZE    : 632.0 Ko DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk ADDRESS : 0xDC970000 SIZE    : 848.0 Ko DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk ADDRESS : 0xDCA50000 SIZE    : 76.0 Ko DRIVER  : C:\Windows\System32\Drivers\acpiex.sys => Invisible on the disk ADDRESS : 0xDCA70000 SIZE    : 140.0 Ko DRIVER  : C:\Windows\System32\Drivers\WppRecorder.sys => Invisible on the disk ADDRESS : 0xDCAA0000 SIZE    : 56.0 Ko DRIVER  : C:\Windows\System32\drivers\ACPI.sys => Invisible on the disk ADDRESS : 0xDCAB0000 SIZE    : 716.0 Ko DRIVER  : C:\Windows\System32\drivers\WMILIB.SYS => Invisible on the disk ADDRESS : 0xDCB70000 SIZE    : 48.0 Ko DRIVER  : C:\Windows\System32\drivers\intelpep.sys => Invisible on the disk ADDRESS : 0xDCB80000 SIZE    : 68.0 Ko DRIVER  : C:\Windows\system32\drivers\WindowsTrustedRT.sys => Invisible on the disk ADDRESS : 0xDCBA0000 SIZE    : 124.0 Ko DRIVER  : C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys => Invisible on the disk ADDRESS : 0xDCBC0000 SIZE    : 44.0 Ko DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk ADDRESS : 0xDCBD0000 SIZE    : 72.0 Ko DRIVER  : C:\Windows\System32\drivers\msisadrv.sys => Invisible on the disk ADDRESS : 0xDCBF0000 SIZE    : 44.0 Ko DRIVER  : C:\Windows\System32\drivers\pci.sys => Invisible on the disk ADDRESS : 0xDCC00000 SIZE    : 348.0 Ko DRIVER  : C:\Windows\System32\drivers\vdrvroot.sys => Invisible on the disk ADDRESS : 0xDCC60000 SIZE    : 72.0 Ko DRIVER  : C:\Windows\system32\drivers\pdc.sys => Invisible on the disk ADDRESS : 0xDCC80000 SIZE    : 132.0 Ko DRIVER  : C:\Windows\system32\drivers\CEA.sys => Invisible on the disk ADDRESS : 0xDCCB0000 SIZE    : 100.0 Ko DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk ADDRESS : 0xDDDA0000 SIZE    : 144.0 Ko DRIVER  : C:\Windows\System32\drivers\spaceport.sys => Invisible on the disk ADDRESS : 0xDCE00000 SIZE    : 564.0 Ko DRIVER  : C:\Windows\System32\drivers\volmgr.sys => Invisible on the disk ADDRESS : 0xDCE90000 SIZE    : 96.0 Ko DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk ADDRESS : 0xDCEB0000 SIZE    : 376.0 Ko DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk ADDRESS : 0xDCF10000 SIZE    : 120.0 Ko DRIVER  : C:\Windows\System32\drivers\storahci.sys => Invisible on the disk ADDRESS : 0xDCF30000 SIZE    : 144.0 Ko DRIVER  : C:\Windows\System32\drivers\storport.sys => Invisible on the disk ADDRESS : 0xDCF60000 SIZE    : 520.0 Ko DRIVER  : C:\Windows\System32\drivers\EhStorClass.sys => Invisible on the disk ADDRESS : 0xDCFF0000 SIZE    : 112.0 Ko DRIVER  : C:\Windows\System32\drivers\fileinfo.sys => Invisible on the disk ADDRESS : 0xDD010000 SIZE    : 100.0 Ko DRIVER  : C:\Windows\System32\Drivers\Wof.sys => Invisible on the disk ADDRESS : 0xDD030000 SIZE    : 224.0 Ko DRIVER  : C:\Windows\System32\Drivers\NTFS.sys => Invisible on the disk ADDRESS : 0xDD070000 SIZE    : 2.20 Mo DRIVER  : C:\Windows\system32\drivers\gbpddreg64.sys => Invisible on the disk ADDRESS : 0xDD2B0000 SIZE    : 44.0 Ko DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk ADDRESS : 0xDD2C0000 SIZE    : 52.0 Ko DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk ADDRESS : 0xDD2D0000 SIZE    : 1.16 Mo DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk ADDRESS : 0xDD400000 SIZE    : 484.0 Ko DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk ADDRESS : 0xDD480000 SIZE    : 192.0 Ko DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk ADDRESS : 0xDD4B0000 SIZE    : 2.47 Mo DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk ADDRESS : 0xDD730000 SIZE    : 420.0 Ko DRIVER  : C:\Windows\System32\drivers\wfplwfs.sys => Invisible on the disk ADDRESS : 0xDD7A0000 SIZE    : 168.0 Ko DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk ADDRESS : 0xDD7D0000 SIZE    : 652.0 Ko DRIVER  : C:\Windows\System32\drivers\volume.sys => Invisible on the disk ADDRESS : 0xDD880000 SIZE    : 44.0 Ko DRIVER  : C:\Windows\System32\drivers\volsnap.sys => Invisible on the disk ADDRESS : 0xDD890000 SIZE    : 400.0 Ko DRIVER  : C:\Windows\System32\Drivers\SmartDefragDriver.sys => Invisible on the disk ADDRESS : 0xDD900000 SIZE    : 32.0 Ko DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk ADDRESS : 0xDD910000 SIZE    : 288.0 Ko DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk ADDRESS : 0xDD960000 SIZE    : 148.0 Ko DRIVER  : C:\Windows\system32\drivers\iorate.sys => Invisible on the disk ADDRESS : 0xDD990000 SIZE    : 64.0 Ko DRIVER  : C:\Windows\System32\drivers\disk.sys => Invisible on the disk ADDRESS : 0xDD9B0000 SIZE    : 120.0 Ko DRIVER  : C:\Windows\System32\drivers\CLASSPNP.SYS => Invisible on the disk ADDRESS : 0xDD9D0000 SIZE    : 392.0 Ko DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk ADDRESS : 0xDDA60000 SIZE    : 100.0 Ko DRIVER  : C:\Windows\System32\drivers\cdrom.sys => Invisible on the disk ADDRESS : 0xDDB40000 SIZE    : 196.0 Ko DRIVER  : C:\Windows\system32\drivers\filecrypt.sys => Invisible on the disk ADDRESS : 0xDDB80000 SIZE    : 116.0 Ko DRIVER  : C:\Windows\system32\drivers\tbs.sys => Invisible on the disk ADDRESS : 0xDDBA0000 SIZE    : 56.0 Ko DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk ADDRESS : 0xDDBB0000 SIZE    : 40.0 Ko DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk ADDRESS : 0xDDBC0000 SIZE    : 40.0 Ko DRIVER  : C:\Windows\System32\drivers\BasicDisplay.sys => Invisible on the disk ADDRESS : 0xDDBD0000 SIZE    : 80.0 Ko DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk ADDRESS : 0xDDBF0000 SIZE    : 80.0 Ko DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk ADDRESS : 0xDEC10000 SIZE    : 2.12 Mo DRIVER  : C:\Windows\System32\drivers\BasicRender.sys => Invisible on the disk ADDRESS : 0xDEE30000 SIZE    : 72.0 Ko DRIVER  : C:\Windows\system32\drivers\wsddfac.sys => Invisible on the disk ADDRESS : 0xDEE50000 SIZE    : 48.0 Ko DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk ADDRESS : 0xDEE60000 SIZE    : 100.0 Ko DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk ADDRESS : 0xDEE80000 SIZE    : 64.0 Ko DRIVER  : C:\Windows\system32\drivers\gbpddfac64.sys => Invisible on the disk ADDRESS : 0xDEE90000 SIZE    : 48.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk ADDRESS : 0xDEEA0000 SIZE    : 140.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk ADDRESS : 0xDEED0000 SIZE    : 64.0 Ko DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk ADDRESS : 0xDEEE0000 SIZE    : 300.0 Ko DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk ADDRESS : 0xDEF30000 SIZE    : 596.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\wsddntf.sys => Invisible on the disk ADDRESS : 0xDEFD0000 SIZE    : 48.0 Ko DRIVER  : C:\Windows\System32\drivers\vwififlt.sys => Invisible on the disk ADDRESS : 0xDEFE0000 SIZE    : 100.0 Ko DRIVER  : C:\Windows\System32\drivers\pacer.sys => Invisible on the disk ADDRESS : 0xDE400000 SIZE    : 172.0 Ko DRIVER  : C:\Windows\system32\drivers\netbios.sys => Invisible on the disk ADDRESS : 0xDE430000 SIZE    : 72.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk ADDRESS : 0xDE450000 SIZE    : 468.0 Ko DRIVER  : C:\Windows\system32\drivers\wsddpp.sys => Invisible on the disk ADDRESS : 0xDE520000 SIZE    : 36.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\VBoxUSBMon.sys => Invisible on the disk ADDRESS : 0xDE530000 SIZE    : 152.0 Ko DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk ADDRESS : 0xDE560000 SIZE    : 68.0 Ko DRIVER  : C:\Windows\System32\drivers\npsvctrig.sys => Invisible on the disk ADDRESS : 0xDE580000 SIZE    : 52.0 Ko DRIVER  : C:\Windows\System32\drivers\mssmbios.sys => Invisible on the disk ADDRESS : 0xDE590000 SIZE    : 64.0 Ko DRIVER  : C:\Windows\System32\drivers\gpuenergydrv.sys => Invisible on the disk ADDRESS : 0xDE5B0000 SIZE    : 40.0 Ko DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk ADDRESS : 0xDE5C0000 SIZE    : 168.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\ahcache.sys => Invisible on the disk ADDRESS : 0xDE610000 SIZE    : 252.0 Ko DRIVER  : C:\Windows\System32\drivers\kdnic.sys => Invisible on the disk ADDRESS : 0xDE670000 SIZE    : 56.0 Ko DRIVER  : C:\Windows\System32\drivers\umbus.sys => Invisible on the disk ADDRESS : 0xDE680000 SIZE    : 84.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\igdkmd64.sys => Invisible on the disk ADDRESS : 0xDE6A0000 SIZE    : 3.72 Mo DRIVER  : C:\Windows\System32\drivers\HECIx64.sys => Invisible on the disk ADDRESS : 0xDEA60000 SIZE    : 76.0 Ko DRIVER  : C:\Windows\System32\drivers\usbehci.sys => Invisible on the disk ADDRESS : 0xDEA80000 SIZE    : 112.0 Ko DRIVER  : C:\Windows\System32\drivers\USBPORT.SYS => Invisible on the disk ADDRESS : 0xDEAA0000 SIZE    : 472.0 Ko DRIVER  : C:\Windows\System32\drivers\HDAudBus.sys => Invisible on the disk ADDRESS : 0xDEB20000 SIZE    : 108.0 Ko DRIVER  : C:\Windows\System32\drivers\portcls.sys => Invisible on the disk ADDRESS : 0xDEB40000 SIZE    : 388.0 Ko DRIVER  : C:\Windows\System32\drivers\drmk.sys => Invisible on the disk ADDRESS : 0xDEBB0000 SIZE    : 132.0 Ko DRIVER  : C:\Windows\System32\drivers\ks.sys => Invisible on the disk ADDRESS : 0xDDC10000 SIZE    : 416.0 Ko DRIVER  : C:\Windows\System32\drivers\intelppm.sys => Invisible on the disk ADDRESS : 0xDEBE0000 SIZE    : 172.0 Ko DRIVER  : C:\Windows\System32\drivers\wmiacpi.sys => Invisible on the disk ADDRESS : 0xDE5F0000 SIZE    : 48.0 Ko DRIVER  : C:\Windows\System32\drivers\NdisVirtualBus.sys => Invisible on the disk ADDRESS : 0xDE600000 SIZE    : 52.0 Ko DRIVER  : C:\Windows\System32\drivers\swenum.sys => Invisible on the disk ADDRESS : 0xDDD70000 SIZE    : 48.0 Ko DRIVER  : C:\Windows\System32\drivers\iwdbus.sys => Invisible on the disk ADDRESS : 0xDDD80000 SIZE    : 48.0 Ko DRIVER  : C:\Windows\System32\drivers\rdpbus.sys => Invisible on the disk ADDRESS : 0xDDD90000 SIZE    : 56.0 Ko DRIVER  : C:\Windows\System32\drivers\usbhub.sys => Invisible on the disk ADDRESS : 0xDE160000 SIZE    : 512.0 Ko DRIVER  : C:\Windows\System32\drivers\USBD.SYS => Invisible on the disk ADDRESS : 0xDE1E0000 SIZE    : 56.0 Ko DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk ADDRESS : 0xE0A40000 SIZE    : 56.0 Ko DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk ADDRESS : 0xE0A50000 SIZE    : 364.0 Ko DRIVER  : C:\Windows\System32\drivers\hidusb.sys => Invisible on the disk ADDRESS : 0xE0AB0000 SIZE    : 68.0 Ko DRIVER  : C:\Windows\System32\drivers\HIDCLASS.SYS => Invisible on the disk ADDRESS : 0xE0AD0000 SIZE    : 188.0 Ko DRIVER  : C:\Windows\System32\drivers\HIDPARSE.SYS => Invisible on the disk ADDRESS : 0xE0B00000 SIZE    : 72.0 Ko DRIVER  : C:\Windows\System32\drivers\mouhid.sys => Invisible on the disk ADDRESS : 0xE0B20000 SIZE    : 60.0 Ko DRIVER  : C:\Windows\System32\drivers\mouclass.sys => Invisible on the disk ADDRESS : 0xE0B30000 SIZE    : 72.0 Ko DRIVER  : C:\Windows\System32\drivers\usbccgp.sys => Invisible on the disk ADDRESS : 0xE0B50000 SIZE    : 192.0 Ko DRIVER  : C:\Windows\System32\drivers\kbdhid.sys => Invisible on the disk ADDRESS : 0xE0BB0000 SIZE    : 64.0 Ko DRIVER  : C:\Windows\System32\drivers\kbdclass.sys => Invisible on the disk ADDRESS : 0xE0BC0000 SIZE    : 76.0 Ko DRIVER  : C:\Windows\system32\Drivers\RtsUer.sys => Invisible on the disk ADDRESS : 0xDF600000 SIZE    : 420.0 Ko DRIVER  : C:\Windows\System32\Drivers\dump_diskdump.sys => Invisible on the disk ADDRESS : 0xDF680000 SIZE    : 60.0 Ko DRIVER  : C:\Windows\System32\Drivers\dump_storahci.sys => Invisible on the disk ADDRESS : 0xDF6C0000 SIZE    : 144.0 Ko DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk ADDRESS : 0xDF710000 SIZE    : 116.0 Ko DRIVER  : C:\Windows\System32\win32kbase.sys => Invisible on the disk ADDRESS : 0xAC400000 SIZE    : 1.50 Mo DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk ADDRESS : 0xDFC40000 SIZE    : 412.0 Ko DRIVER  : C:\Windows\System32\drivers\monitor.sys => Invisible on the disk ADDRESS : 0xDFCB0000 SIZE    : 64.0 Ko DRIVER  : C:\Windows\System32\drivers\dxgmms2.sys => Invisible on the disk ADDRESS : 0xDFCC0000 SIZE    : 668.0 Ko DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk ADDRESS : 0xAC590000 SIZE    : 40.0 Ko DRIVER  : C:\Windows\system32\drivers\wcifs.sys => Invisible on the disk ADDRESS : 0xDFD70000 SIZE    : 128.0 Ko DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk ADDRESS : 0xDFD90000 SIZE    : 152.0 Ko DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk ADDRESS : 0xDFDC0000 SIZE    : 1.07 Mo DRIVER  : C:\Windows\system32\drivers\storqosflt.sys => Invisible on the disk ADDRESS : 0xDFEE0000 SIZE    : 100.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\gzflt.sys => Invisible on the disk ADDRESS : 0xDFF00000 SIZE    : 208.0 Ko DRIVER  : C:\Windows\system32\drivers\wcnfs.sys => Invisible on the disk ADDRESS : 0xDFF40000 SIZE    : 88.0 Ko DRIVER  : C:\Windows\System32\drivers\registry.sys => Invisible on the disk ADDRESS : 0xDFF60000 SIZE    : 96.0 Ko DRIVER  : C:\Windows\system32\drivers\lltdio.sys => Invisible on the disk ADDRESS : 0xDFF90000 SIZE    : 88.0 Ko DRIVER  : C:\Windows\system32\drivers\mslldp.sys => Invisible on the disk ADDRESS : 0xDFFB0000 SIZE    : 96.0 Ko DRIVER  : C:\Windows\system32\drivers\rspndr.sys => Invisible on the disk ADDRESS : 0xDFFD0000 SIZE    : 104.0 Ko DRIVER  : C:\Windows\System32\DRIVERS\wanarp.sys => Invisible on the disk ADDRESS : 0xDFFF0000 SIZE    : 108.0 Ko DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk ADDRESS : 0xE0010000 SIZE    : 120.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk ADDRESS : 0xE0030000 SIZE    : 136.0 Ko DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk ADDRESS : 0xE0060000 SIZE    : 100.0 Ko DRIVER  : C:\Windows\System32\drivers\condrv.sys => Invisible on the disk ADDRESS : 0xE0080000 SIZE    : 72.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk ADDRESS : 0xE00A0000 SIZE    : 468.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk ADDRESS : 0xE0120000 SIZE    : 236.0 Ko DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk ADDRESS : 0xE0160000 SIZE    : 272.0 Ko DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk ADDRESS : 0xE01B0000 SIZE    : 720.0 Ko DRIVER  : C:\Windows\system32\drivers\mmcss.sys => Invisible on the disk ADDRESS : 0xE0270000 SIZE    : 80.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk ADDRESS : 0xE0290000 SIZE    : 308.0 Ko DRIVER  : C:\Windows\system32\drivers\npf.sys => Invisible on the disk ADDRESS : 0xE02E0000 SIZE    : 48.0 Ko DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk ADDRESS : 0xE02F0000 SIZE    : 776.0 Ko DRIVER  : C:\Windows\system32\drivers\Ndu.sys => Invisible on the disk ADDRESS : 0xE03C0000 SIZE    : 152.0 Ko DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk ADDRESS : 0xE03F0000 SIZE    : 560.0 Ko DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk ADDRESS : 0xE0480000 SIZE    : 80.0 Ko DRIVER  : C:\Windows\system32\Drivers\SSPORT.sys => Invisible on the disk ADDRESS : 0xE04A0000 SIZE    : 32.0 Ko DRIVER  : C:\Windows\system32\drivers\wsddprm.sys => Invisible on the disk ADDRESS : 0xDF770000 SIZE    : 36.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\TRUFOS.sys => Invisible on the disk ADDRESS : 0xDF7F0000 SIZE    : 480.0 Ko DRIVER  : C:\Windows\System32\drivers\rdpvideominiport.sys => Invisible on the disk ADDRESS : 0xDF8F0000 SIZE    : 52.0 Ko DRIVER  : C:\Windows\system32\drivers\qwavedrv.sys => Invisible on the disk ADDRESS : 0xDF9B0000 SIZE    : 72.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\usbscan.sys => Invisible on the disk ADDRESS : 0xDFBE0000 SIZE    : 76.0 Ko DRIVER  : C:\Windows\System32\drivers\usbprint.sys => Invisible on the disk ADDRESS : 0xDFC00000 SIZE    : 60.0 Ko DRIVER  : C:\Windows\system32\DRIVERS\cdfs.sys => Invisible on the disk ADDRESS : 0xDF8D0000 SIZE    : 120.0 Ko DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk ADDRESS : 0xAC910000 SIZE    : 256.0 Ko DRIVER  : C:\Windows\System32\drivers\rt640x64.sys => Invisible on the disk ADDRESS : 0xDDC80000 SIZE    : 928.0 Ko DRIVER  : C:\Windows\System32\drivers\tunnel.sys => Invisible on the disk ADDRESS : 0xDFB10000 SIZE    : 188.0 Ko DRIVER  : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the disk ADDRESS : 0xE04C0000 SIZE    : 5.50 Mo BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020) SystemStartOptions :  NOEXECUTE=OPTIN  NOVGA ________________________________________________________________________________ _______MBR   \Device\Harddisk0\DR0   0x00000000   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000010   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000020   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000050   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000060   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000070   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000080   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000090   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x000000A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x000000B0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x000000C0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x000000D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x000000E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x000000F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000100   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000110   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000120   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000130   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000140   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000150   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000160   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000170   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x000001B0   00 00 00 00 00 00 00 00 2E 1C CD 45 00 00 00 00   ..........ÍE.... 0x000001C0   02 00 EE FF FF FF 01 00 00 00 FF FF FF FF 00 00   ..î............. 0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................ 0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª Farbar Service Scanner Version: 27-01-2016
      Ran by Recepção (administrator) on 27-02-2017 at 09:44:32
      Running from "C:\Users\Recepção\Desktop"
      Microsoft Windows 10 Home Single Language  (X64)
      Boot Mode: Normal
      **************************************************************** Internet Services:
      ============ Connection Status:
      ==============
      Localhost is accessible.
      LAN connected.
      Google IP is accessible.
      Google.com is accessible.
      Yahoo.com is accessible.
      Windows Firewall:
      ============= Firewall Disabled Policy: 
      ==================
      System Restore:
      ============ System Restore Policy: 
      ========================
      Security Center:
      ============
      Windows Update:
      ============ Windows Autoupdate Disabled Policy: 
      ============================
      Windows Defender:
      ==============
      WinDefend Service is not running. Checking service configuration:
      The start type of WinDefend service is set to Demand. The default start type is Auto.
      The ImagePath of WinDefend service is OK.
      Windows Defender Disabled Policy: 
      ==========================
      [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
      "DisableAntiSpyware"=DWORD:1
      Other Services:
      ==============
      File Check:
      ========
      C:\Windows\System32\nsisvc.dll => File is digitally signed
      C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
      C:\Windows\System32\drivers\afd.sys => File is digitally signed
      C:\Windows\System32\drivers\tdx.sys => File is digitally signed
      C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
      C:\Windows\System32\dnsrslvr.dll => File is digitally signed
      C:\Windows\System32\dnsapi.dll => File is digitally signed
      C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
      C:\Windows\System32\mpssvc.dll => File is digitally signed
      C:\Windows\System32\bfe.dll => File is digitally signed
      C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
      C:\Windows\System32\SDRSVC.dll => File is digitally signed
      C:\Windows\System32\vssvc.exe => File is digitally signed
      C:\Windows\System32\wscsvc.dll => File is digitally signed
      C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
      C:\Windows\System32\wuaueng.dll => File is digitally signed
      C:\Windows\System32\qmgr.dll => File is digitally signed
      C:\Windows\System32\es.dll => File is digitally signed
      C:\Windows\System32\cryptsvc.dll => File is digitally signed
      C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
      C:\Windows\System32\svchost.exe => File is digitally signed
      C:\Windows\System32\rpcss.dll => File is digitally signed
      **** End of log ****
    • Amigo, baixe MbrScan.exe by Eric_71 > salve no desktop. Dê um duplo-clique para executar a ferramenta. Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log. Selecione, copie e cole o seu conteúdo na próxima resposta. Baixe Farbar Service Scanner e salve no desktop. Execute a ferramenta. Além das checkboxes que já estão marcadas por padrão, marque as seguintes:
      Windows Firewall System Restore Security Center/Action Center Windows Update Windows Defender

      Clique em Scan e aguarde o exame acabar, Ao final será gerado um log chamado FSS.txt que é salvo no mesmo diretório que está o FSS, ou seja, no desktop. Selecione, copie e cole o seu conteúdo na próxima resposta.  
    • Está solicitando senha ou a serial do windows ? Pergunto porque ficou meio confuso uma vez que disse que tentou com a do note... Se possivel poste a mensagem exata do erro ou até uma imagem....
    • Por gentileza, solicito ajuda com o PC... desde sexta feira ele apresenta uma lentidão muitoooo ferrada, hoje tentei navegar e nada... tudo ferrado, tudo trava, nada responde.    Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 09:20:13, on 27/02/2017
      Platform: Unknown Windows (WinNT 6.02.1008)
      MSIE: Internet Explorer v11.0 (11.00.14393.0000)
      Boot mode: Normal Running processes:
      C:\PROGRA~2\GbPlugin\GbpSv.exe
      C:\Program Files (x86)\IObit\Smart Defrag\SmartDefrag.exe
      C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
      C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe
      C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
      C:\Program Files (x86)\IObit\Advanced SystemCare\Monitor.exe
      C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe
      C:\Program Files (x86)\IObit\Advanced SystemCare\ASC.exe
      C:\Windows\SysWOW64\cmd.exe
      C:\Windows\SysWOW64\schtasks.exe
      C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
      C:\Windows\SysWOW64\cmd.exe
      C:\Windows\SysWOW64\schtasks.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Users\Recepção\AppData\Roaming\uTorrent\updates\3.4.9_43085.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Users\Recepção\AppData\Roaming\uTorrent\updates\updates\3.4.9_43085\utorrentie.exe
      C:\Users\Recepção\AppData\Roaming\uTorrent\updates\updates\3.4.9_43085\utorrentie.exe
      C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
      C:\Users\Recepção\Downloads\HijackThis.exe
      C:\Program Files (x86)\IObit\Driver Booster\FaultFixes.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
      F2 - REG:system.ini: UserInit=
      O1 - Hosts: 192.99.197.31 wxsda.com
      O2 - BHO: PDF Architect 4 Helper - {38279E1A-7019-40C1-B579-E99DFB3312E8} - C:\Program Files (x86)\PDF Architect 4\creator-ie-helper.dll
      O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
      O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
      O2 - BHO: IObit Surfing Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\ADVANC~1\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
      O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
      O2 - BHO: G-Buster Browser Defense BMB - {C41A1C0E-EA6C-11D4-B1B8-444553540001} - C:\Program Files (x86)\GbPlugin\gbiehbmb.dll
      O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehcef.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
      O2 - BHO: IObit Ads Removal - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files (x86)\IObit\Advanced SystemCare\Surfing Protection\Adblock\Adblock.dll
      O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe"
      O4 - HKLM\..\Run: [Intel AppUp(R) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
      O4 - HKLM\..\Run: [Cobian Backup 10 Interface] "C:\Program Files (x86)\Cobian Backup 10\cbInterface.exe" -service
      O4 - HKLM\..\Run: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
      O4 - HKCU\..\Run: [Advanced SystemCare 10] "C:\Program Files (x86)\IObit\Advanced SystemCare\ASCTray.exe" /Auto
      O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Recepção\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Recepção\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64"
      O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Recepção\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Recepção\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
      O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
      O4 - Global Startup: Samsung Network PC Fax.lnk = C:\Windows\System32\spool\drivers\x64\3\NetFaxTray64.exe
      O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll/105
      O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files\Microsoft Office\Office14\EXCEL.EXE/3000
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: www.bancobrasil.com.br
      O15 - Trusted Zone: www14.bancobrasil.com.br
      O15 - Trusted Zone: www2.bancobrasil.com.br
      O15 - Trusted Zone: aapj.bb.com.br
      O15 - Trusted Zone: seg.bb.com.br
      O15 - Trusted Zone: www.bb.com.br
      O15 - Trusted Zone: http://www.bb.com.br
      O15 - Trusted Zone: bdu.bmb.com.br
      O15 - Trusted Zone: http://www.caixa.gov.br
      O15 - Trusted Zone: cloud.gastecnologia.com.br
      O15 - Trusted Zone: *.mercantil.com.br
      O15 - Trusted Zone: *.mercantildobrasil.com.br
      O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} - 
      O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
      O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O20 - Winlogon Notify:  GbPluginBmb - C:\Program Files (x86)\GbPlugin\gbiehBmb.dll
      O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
      O23 - Service: Advanced SystemCare Service 10 (AdvancedSystemCareService10) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare\ASCService.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
      O23 - Service: Cobian Backup 10 Volume Shadow Copy service (cbVSCService) - CobianSoft, Luis Cobian - C:\Program Files (x86)\Cobian Backup 10\cbVSCService.exe
      O23 - Service: Cobian Backup 10 (CobianBackup10) - Luis Cobian, CobianSoft - C:\Program Files (x86)\Cobian Backup 10\cbService.exe
      O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
      O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: Fleet Admin Pro Management Application (Fleet Admin Pro) - Unknown owner - C:\Program Files (x86)\Samsung Network Printer Utilities\Fleet Admin Pro\UniThruTargetPlatform\unithru.exe
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
      O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
      O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
      O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
      O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
      O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
      O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
      O23 - Service: PDF Architect 4 - pdfforge GmbH - C:\Program Files\PDF Architect 4\ws.exe
      O23 - Service: PDF Architect 4 CrashHandler - pdfforge GmbH - C:\Program Files\PDF Architect 4\crash-handler-ws.exe
      O23 - Service: PDF Architect 4 Creator - pdfforge GmbH - C:\Program Files\PDF Architect 4\creator-ws.exe
      O23 - Service: PDF Architect 4 Manager - © pdfforge GmbH. - C:\ProgramData\pdfforge\PDF Architect 4 Manager\PDF Architect 4\Architect Manager.exe
      O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Samsung Network Fax Server - Samsung Electronics Co., Ltd. - C:\Windows\system32\spool\drivers\x64\3\NetFaxServer64.exe
      O23 - Service: Samsung Printer Dianostics Service - Unknown owner - C:\Windows\system32\\spdsvc.exe
      O23 - Service: Samsung UPD Utility Service (SamsungUPDUtilSvc) - Unknown owner - C:\Windows\SysWOW64\SecUPDUtilSvc.exe
      O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
      O23 - Service: Skdaemon Service (Sks8821) - Unknown owner - C:\Program Files\Lenovo\Lenovo Slim USB Keyboard\Sks8821.exe
      O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: TeamViewer 11 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
      O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --
      End of file - 15026 bytes
       
    • Sem um computador de backup, há escolha para você são pouco. Há uma escolha para você clonar outro sistema Windows para fazer um CD inicializável e restaurar para o seu PC, mas seus dados de unidade C e programas podem ser perdidos.
    • olá galera alguém usa o firewall do Windows só ou recomenda um para mim por favor sem comodo este software é uma das maiores pragas que possa existir na internet 
    • Já ouvi falar muito desse teclado. Tentou trocar ele de USB e fazer o Windows detectar novamente?
    • Oi! Você usa o próprio aplicativo do Windows para a mudança de papel de parede? Eu nunca usei mas é muito estranho mesmo um note potente desses travar. Ele tava com vírus? Será q não sobrou algo?
    • Olá sim o modelo do teclado é um Motospeed CK888, ele não precisa de um driver.  
O site BABOO está no ar para informar e ajudar o internauta de Windows. Este site foi publicado em 1999 por Aurélio "Baboo", engenheiro e um dos maiores especialistas brasileiros em Windows, que trabalha profissionalmente com esse sistema operacional desde 1987. Desde 2004 ele é premiado anualmente pela Microsoft como MVP (Most Valuable Professional) pela sua contribuição e ajuda à comunidade de usuários de Windows.

Em 2001 foi criado o
Fórum do BABOO para ajudar o internauta brasileiro a solucionar problemas e dúvidas sobre Windows, Segurança, Office, Hardware e outros temas. Desde 2010 a Microsoft também tem premiado o Mr.Million, administrador da área de Segurança do Fórum do BABOO, pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Atualmente ele é o único MVP brasileiro de Segurança em desktop.

O BABOO é o único site brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows e que participa diariamente e ativamente nos comentários e discussões do site e fórum BABOO.