Conteúdo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Fundo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Desenho: Liso Onda Linha Retalho Madeira Rocha Couro Colméia Vertical Triângulo
Bem-vindo ao Fórum do BABOO!

Desde 2000 o Fórum do BABOO tem ajudado milhões de internautas de Windows a resolverem seus problemas e dúvidas, além de ajudar na remoção de vírus e malwares de seus computadores. Somos o único fórum brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows, então se você tem uma dúvida ou problema que nenhum outro fórum resolve, poste-a aqui pois o MVP Babooadora desafios!
  

O Fórum do BABOO também conta com a participação exclusiva do administrador da área de Segurança MVP Mr.Million que tem reconhecimento internacional da Microsoft pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Se o seu computador está infectado por algum vírus, ele te ajudará a removê-lo!
  

Nosso time de especialistas também inclui Patropi  Osvaldomp  Caze  Ciro-Mota  XERLOUCO ROUMS  Tatha que responderão suas dúvidas sobre diversos assuntos.
 

Participe da nossa comunidade! 

 

Entre para seguir isso  
Seguidores 0
barbaratavares

svchost, PC lento, travando e uso de CPU a 50% sem nenhum aberto.

7 posts neste tópico

Windows XP, versão 2002, service pack 3.

A minha máquina tá muito lenta, travando o tempo todo.

Informa 51 processos abertos, sendo que, não tem nenhum, e o uso da cpu a 50%, ou mais.

Tem vários svchost abertos, e alguns outros que pesam e não sei o que são.

Como devo proceder para me livrar de processos indesejados?

Rodei o Malwarebytes Anti-Malware para verificar em todo o computador, quando fui ver o log gerado, apareceu somente isto:

mbam-log-2013-01-08 (11-10-38)

ÿþM

Notificação do Spybot:

--- Spybot - Search & Destroy version: 1.6.2 (build: 20090126) ---

2009-01-26 blindman.exe (1.0.0.8)

2009-01-26 SDFiles.exe (1.6.1.7)

2009-01-26 SDMain.exe (1.0.0.6)

2009-01-26 SDShred.exe (1.0.2.5)

2009-01-26 SDUpdate.exe (1.6.0.12)

2009-01-26 SpybotSD.exe (1.6.2.46)

2009-01-26 TeaTimer.exe (1.6.4.26)

2013-01-08 unins000.exe (51.49.0.0)

2009-01-26 Update.exe (1.6.0.7)

2009-01-26 advcheck.dll (1.6.2.15)

2007-04-02 aports.dll (2.1.0.0)

2008-06-14 DelZip179.dll (1.79.11.1)

2009-01-26 SDHelper.dll (1.6.2.14)

2008-06-19 sqlite3.dll

2009-01-26 Tools.dll (2.1.6.10)

2009-01-16 UninsSrv.dll (1.0.0.0)

2012-12-18 Includes\Adware.sbi

2012-12-28 Includes\AdwareC.sbi

2010-08-13 Includes\Cookies.sbi

2012-11-14 Includes\Dialer.sbi

2012-11-14 Includes\DialerC.sbi

2012-11-14 Includes\HeavyDuty.sbi

2012-11-14 Includes\Hijackers.sbi

2012-11-14 Includes\HijackersC.sbi

2012-11-14 Includes\iPhone.sbi

2012-11-14 Includes\Keyloggers.sbi

2012-12-18 Includes\KeyloggersC.sbi

2004-11-29 Includes\LSP.sbi

2012-11-21 Includes\Malware.sbi

2012-12-28 Includes\MalwareC.sbi

2012-11-14 Includes\PUPS.sbi

2012-12-21 Includes\PUPSC.sbi

2010-01-25 Includes\Revision.sbi

2012-11-14 Includes\Security.sbi

2012-11-14 Includes\SecurityC.sbi

2008-06-03 Includes\Spybots.sbi

2008-06-03 Includes\SpybotsC.sbi

2012-11-14 Includes\Spyware.sbi

2012-11-14 Includes\SpywareC.sbi

2012-11-19 Includes\Tracks.uti

2012-12-11 Includes\Trojans.sbi

2013-01-02 Includes\TrojansC-02.sbi

2012-12-28 Includes\TrojansC-03.sbi

2012-12-21 Includes\TrojansC-04.sbi

2012-11-14 Includes\TrojansC-05.sbi

2012-12-03 Includes\TrojansC.sbi

2008-03-04 Plugins\Chai.dll

2008-03-05 Plugins\Fennel.dll

2008-02-26 Plugins\Mate.dll

2007-12-24 Plugins\TCPIPAddress.dll

--- System information ---

Windows XP (Build: 2600) Service Pack 3 (5.1.2600)

/ MSXML4SP2: Security update for MSXML4 SP2 (KB954430)

/ MSXML4SP2: Security update for MSXML4 SP2 (KB973688)

/ Windows Media Format 11 SDK: Hotfix for Windows Media Format 11 SDK (KB929399)

/ Windows Media Player: Atualização de Segurança para o Windows Media Player (KB2378111)

/ Windows Media Player: Atualização de Segurança para o Windows Media Player (KB952069)

/ Windows Media Player: Atualização de Segurança para o Windows Media Player (KB954155)

/ Windows Media Player: Atualização de Segurança para o Windows Media Player (KB973540)

/ Windows Media Player: Atualização de Segurança para o Windows Media Player (KB975558)

/ Windows Media Player: Atualização de Segurança para o Windows Media Player (KB978695)

/ Windows Media Player 11: Hotfix para o Windows Media Player 11 (KB939683)

/ Windows Media Player 11: Atualização de Segurança para o Windows Media Player 11 (KB954154)

/ Windows XP: Atualização de Segurança para Windows XP (KB941569)

/ Windows XP / SP0: Atualização de Segurança para Windows Internet Explorer 8 (KB2510531)

/ Windows XP / SP0: Atualização de Segurança para Windows Internet Explorer 8 (KB2544521)

/ Windows XP / SP0: Atualização para Windows Internet Explorer 8 (KB2598845)

/ Windows XP / SP0: Atualização de Segurança para Windows Internet Explorer 8 (KB2618444)

/ Windows XP / SP0: Atualização de Segurança para Windows Internet Explorer 8 (KB2744842)

/ Windows XP / SP0: Atualização de Segurança para Windows Internet Explorer 8 (KB2761465)

/ Windows XP / SP0: Atualização de Segurança para Windows Internet Explorer 8 (KB982381)

/ Windows XP / SP10: Atualização de Segurança para Microsoft Windows (KB2564958)

/ Windows XP / SP10: Microsoft Compression Client Pack 1.0 for Windows XP

/ Windows XP / SP3: Atualização para Windows XP (KB898461)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2115168)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2229593)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2296011)

/ Windows XP / SP4: Atualização para Windows XP (KB2345886)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2347290)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2360937)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2387149)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2393802)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2419632)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2423089)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2440591)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2443105)

/ Windows XP / SP4: Atualização para Windows XP (KB2467659)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2476490)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2478960)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2478971)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2479943)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2481109)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2483185)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2485663)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2506212)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2507618)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2507938)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2508429)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2509553)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2510581)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2535512)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2536276-v2)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2544521)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2544893-v2)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2566454)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2570947)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2584146)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2585542)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2592799)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2598479)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2603381)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2618451)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2619339)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2620712)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2624667)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2631813)

/ Windows XP / SP4: Hotfix para Windows XP (KB2633952)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2646524)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2653956)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2655992)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2659262)

/ Windows XP / SP4: Atualização para Windows XP (KB2661254-v2)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2661637)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2676562)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2686509)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2691442)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2698365)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2705219)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2707511)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2712808)

/ Windows XP / SP4: Atualização para Windows XP (KB2718704)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2719985)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2723135)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2724197)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2727528)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2731847)

/ Windows XP / SP4: Atualização para Windows XP (KB2736233)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2744842)

/ Windows XP / SP4: Atualização para Windows XP (KB2749655)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2753842)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2753842-v2)

/ Windows XP / SP4: Hotfix para Windows XP (KB2756822)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2758857)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2761226)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2770660)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB2779030)

/ Windows XP / SP4: Hotfix para Windows XP (KB2779562)

/ Windows XP / SP4: Hotfix for Windows XP (KB915800-v4)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB923561)

/ Windows XP / SP4: Hotfix para Windows XP (KB942288-v3)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB946648)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB950762)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB950974)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB951376-v2)

/ Windows XP / SP4: Atualização para Windows XP (KB951978)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB952004)

/ Windows XP / SP4: Hotfix para Windows XP (KB952287)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB952954)

/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)

/ Windows XP / SP4: Atualização para Windows XP (KB955759)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB956572)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB956744)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB956802)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB956844)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB959426)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB960803)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB960859)

/ Windows XP / SP4: Hotfix para Windows XP (KB961118)

/ Windows XP / SP4: Atualização para Windows XP (KB968389)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB969059)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB970430)

/ Windows XP / SP4: Atualização para Windows XP (KB971029)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB971657)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB972270)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB973507)

/ Windows XP / SP4: Atualização para Windows XP (KB973815)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB973869)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB973904)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB974112)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB974318)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB974392)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB974571)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB975025)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB975467)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB975560)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB975713)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB977816)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB977914)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB978338)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB978542)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB978706)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB979309)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB979482)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB979687)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB981322)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB981997)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB982132)

/ Windows XP / SP4: Atualização de Segurança para Windows XP (KB982665)

--- Startup entries list ---

Located: HK_LM:Run, Adobe ARM

command: "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

file: C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

size: 919008

MD5: B63E5C7807334A3A8F731062F15462CC

Located: HK_LM:Run, AVG_UI

command: "C:\Arquivos de programas\AVG\AVG2013\avgui.exe" /TRAYONLY

file: C:\Arquivos de programas\AVG\AVG2013\avgui.exe

size: 3143800

MD5: 1D2B51E5291448DA123644A41250F6D6

Located: HK_LM:Run, HotKeysCmds

command: C:\WINDOWS\system32\hkcmd.exe

file: C:\WINDOWS\system32\hkcmd.exe

size: 159744

MD5: E44733C30F7FE6A1CE7A6B1D2B335CFC

Located: HK_LM:Run, IgfxTray

command: C:\WINDOWS\system32\igfxtray.exe

file: C:\WINDOWS\system32\igfxtray.exe

size: 135168

MD5: F38092DE1D6A8CBB11B6B6D0F07E268E

Located: HK_LM:Run, NeroFilterCheck

command: C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

file: C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

size: 570664

MD5: D36ED326635F4F04A330022343D3B486

Located: HK_LM:Run, NokiaMServer

command: C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup

file: C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: HK_LM:Run, NokiaMusic FastStart

command: "C:\Arquivos de programas\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" /command:faststart

file: C:\Arquivos de programas\Nokia\Nokia Music Player\NokiaMusicPlayer.exe

size: 2193000

MD5: 82E286A4A2062DC0D0A79E9BD215B5DE

Located: HK_LM:Run, Persistence

command: C:\WINDOWS\system32\igfxpers.exe

file: C:\WINDOWS\system32\igfxpers.exe

size: 131072

MD5: 2022C54B3A79A51C9538CE47D1F50BC3

Located: HK_LM:Run, RTHDCPL

command: RTHDCPL.EXE

file: C:\WINDOWS\RTHDCPL.EXE

size: 18702336

MD5: 5E6380F8B88FEC24461B7CDCCE800BBC

Located: HK_LM:Run, SunJavaUpdateSched

command: "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

file: C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

size: 252848

MD5: 12916E0642E92561C98B18A2A2D01B14

Located: HK_CU:Run, CTFMON.EXE

where: .DEFAULT...

command: C:\WINDOWS\system32\CTFMON.EXE

file: C:\WINDOWS\system32\CTFMON.EXE

size: 15360

MD5: 4E486ADFE3A0B9ED0EB0639902E9F64F

Located: HK_CU:Run, CTFMON.EXE

where: PE_C_ROOT...

command: C:\WINDOWS\system32\ctfmon.exe

file: C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 4E486ADFE3A0B9ED0EB0639902E9F64F

Located: HK_CU:Run, CTFMON.EXE

where: S-1-5-19...

command: C:\WINDOWS\system32\CTFMON.EXE

file: C:\WINDOWS\system32\CTFMON.EXE

size: 15360

MD5: 4E486ADFE3A0B9ED0EB0639902E9F64F

Located: HK_CU:Run, CTFMON.EXE

where: S-1-5-20...

command: C:\WINDOWS\system32\CTFMON.EXE

file: C:\WINDOWS\system32\CTFMON.EXE

size: 15360

MD5: 4E486ADFE3A0B9ED0EB0639902E9F64F

Located: HK_CU:Run, CTFMON.EXE

where: S-1-5-21-1482476501-362288127-1935655697-1003...

command: C:\WINDOWS\system32\ctfmon.exe

file: C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 4E486ADFE3A0B9ED0EB0639902E9F64F

Located: HK_CU:Run, CTFMON.EXE

where: S-1-5-21-1482476501-362288127-1935655697-500...

command: C:\WINDOWS\system32\ctfmon.exe

file: C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 4E486ADFE3A0B9ED0EB0639902E9F64F

Located: HK_CU:Run, BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}

where: S-1-5-21-3754180436-2541085680-2792401191-3082...

command: "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

file: C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

size: 152872

MD5: 1B31D1266691EDD4224B0036449F14B4

Located: HK_CU:Run, CTFMON.EXE

where: S-1-5-21-3754180436-2541085680-2792401191-3082...

command: C:\WINDOWS\system32\ctfmon.exe

file: C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 4E486ADFE3A0B9ED0EB0639902E9F64F

Located: HK_CU:Run, MediaFire Tray

where: S-1-5-21-3754180436-2541085680-2792401191-3082...

command: "C:\Documents and Settings\barbara\Dados de aplicativos\MediaFire Express\mf_systray.exe" --boot-start

file: C:\Documents and Settings\barbara\Dados de aplicativos\MediaFire Express\mf_systray.exe

size: 2239048

MD5: E69EBFD07619D1F0CB25856DAD666E85

Located: HK_CU:Run, OfficeSyncProcess

where: S-1-5-21-3754180436-2541085680-2792401191-3082...

command: "C:\Arquivos de programas\Microsoft Office\Office14\MSOSYNC.EXE"

file: C:\Arquivos de programas\Microsoft Office\Office14\MSOSYNC.EXE

size: 718208

MD5: 7AFF1C22E8BC6D8181053FC3590FD0F2

Located: HK_CU:Run, SpybotSD TeaTimer

where: S-1-5-21-3754180436-2541085680-2792401191-3082...

command: C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

file: C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

size: 2144088

MD5: 896A1DB9A972AD2339C2E8569EC926D1

Located: HK_CU:Run, CTFMON.EXE

where: S-1-5-18...

command: C:\WINDOWS\system32\CTFMON.EXE

file: C:\WINDOWS\system32\CTFMON.EXE

size: 15360

MD5: 4E486ADFE3A0B9ED0EB0639902E9F64F

Located: Startup (usuário), Microsoft SharePoint Workspace.lnk

where: C:\Documents and Settings\barbara\Menu Iniciar\Programas\Inicializar...

command: C:\Arquivos de programas\Microsoft Office\Office14\GROOVE.EXE

file: C:\Arquivos de programas\Microsoft Office\Office14\GROOVE.EXE

size: 30969208

MD5: 334A6B52049C0A30A89369785E05027A

Located: WinLogon, crypt32chain

command: crypt32.dll

file: crypt32.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, cryptnet

command: cryptnet.dll

file: cryptnet.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, cscdll

command: cscdll.dll

file: cscdll.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, dimsntfy

command: %SystemRoot%\System32\dimsntfy.dll

file: %SystemRoot%\System32\dimsntfy.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, igfxcui

command: igfxdev.dll

file: igfxdev.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, ScCertProp

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, Schedule

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, sclgntfy

command: sclgntfy.dll

file: sclgntfy.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, SensLogn

command: WlNotify.dll

file: WlNotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, termsrv

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, WgaLogon

command: WgaLogon.dll

file: WgaLogon.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

Located: WinLogon, wlballoon

command: wlnotify.dll

file: wlnotify.dll

size: 0

MD5: D41D8CD98F00B204E9800998ECF8427E

Warning: if the file is actually larger than 0 bytes,

the checksum could not be properly calculated!

--- Browser helper object list ---

{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name: AcroIEHelperStub

CLSID name: Adobe PDF Link Helper

Path: C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\

Long name: AcroIEHelperShim.dll

Short name: ACROIE~2.DLL

Date (created): 27/7/2012 17:51:32

Date (last access): 8/1/2013 14:24:40

Date (last write): 27/7/2012 17:51:32

Filesize: 63944

Attributes: archive

MD5: BA0ED7AA3C36A8DA27DED1D6B3508158

CRC32: BFE061AC

Version: 10.1.4.38

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: Spybot-S&D IE Protection

description: Spybot-S&D IE Browser plugin

classification: Legitimate

known filename: SDhelper.dll

info link: http://spybot.eon.net.au/

info source: Patrick M. Kolla

Path: C:\ARQUIV~1\SPYBOT~1\

Long name: SDHelper.dll

Short name:

Date (created): 8/1/2013 13:31:46

Date (last access): 8/1/2013 14:33:20

Date (last write): 26/1/2009 15:31:02

Filesize: 1879896

Attributes: archive

MD5: 022C2F6DCCDFA0AD73024D254E62AFAC

CRC32: 5BA24007

Version: 1.6.2.14

{72853161-30C5-4D22-B7F9-0BBC1D38A37E} (Groove GFS Browser Helper)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: Groove GFS Browser Helper

Path: C:\ARQUIV~1\MICROS~2\Office14\

Long name: GROOVEEX.DLL

Short name:

Date (created): 25/3/2010 10:25:22

Date (last access): 8/1/2013 14:52:08

Date (last write): 25/3/2010 10:25:22

Filesize: 4222864

Attributes: archive

MD5: 94CA6D847D08514A087E8A4C43D65BF9

CRC32: DC63EDF2

Version: 14.0.4761.1000

{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} (Java Plug-In SSV Helper)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: Java Plug-In SSV Helper

Path: C:\Arquivos de programas\Java\jre7\bin\

Long name: ssv.dll

Short name:

Date (created): 25/9/2012 00:02:30

Date (last access): 8/1/2013 14:57:26

Date (last write): 25/9/2012 00:02:30

Filesize: 449512

Attributes: archive

MD5: A7A6954E500715117B64B414AB81CB44

CRC32: EE09721D

Version: 10.9.2.5

{B4F3A835-0E21-4959-BA22-42B3008E02FF} (URLRedirectionBHO)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name: URLRedirectionBHO

CLSID name: Office Document Cache Handler

Path: C:\ARQUIV~1\MICROS~2\Office14\

Long name: URLREDIR.DLL

Short name:

Date (created): 28/2/2010 02:20:14

Date (last access): 8/1/2013 14:57:26

Date (last write): 28/2/2010 02:20:14

Filesize: 561552

Attributes: archive

MD5: 0A63D9A102C3C0209465EA60199E6882

CRC32: AA1F9E0F

Version: 14.0.4750.1000

{DBC80044-A445-435b-BC74-9C25C1C588A9} (Java Plug-In 2 SSV Helper)

location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\

BHO name:

CLSID name: Java Plug-In 2 SSV Helper

Path: C:\Arquivos de programas\Java\jre7\bin\

Long name: jp2ssv.dll

Short name:

Date (created): 25/9/2012 00:02:30

Date (last access): 8/1/2013 14:24:40

Date (last write): 25/9/2012 00:02:30

Filesize: 155384

Attributes: archive

MD5: EB47E405A9222CA595E5E763B4156529

CRC32: 712D0563

Version: 10.9.2.5

--- ActiveX list ---

--- Process list ---

PID: 0 ( 0) [system]

PID: 736 ( 4) \SystemRoot\System32\smss.exe

size: 50688

PID: 1004 ( 736) \??\C:\WINDOWS\system32\csrss.exe

size: 6144

PID: 1028 ( 736) \??\C:\WINDOWS\system32\winlogon.exe

size: 509952

PID: 1072 (1028) C:\WINDOWS\system32\services.exe

size: 111104

MD5: C52DEB6D8CD4B096BF1A9EC001F36507

PID: 1084 (1028) C:\WINDOWS\system32\lsass.exe

size: 13312

MD5: 9607142710D3B64AB7FCCE4BE4E30D37

PID: 1260 (1072) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: ED2D69CD4B0EBE37EFE11D4DC4ABC68F

PID: 1332 (1072) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: ED2D69CD4B0EBE37EFE11D4DC4ABC68F

PID: 1452 (1072) C:\WINDOWS\System32\svchost.exe

size: 14336

MD5: ED2D69CD4B0EBE37EFE11D4DC4ABC68F

PID: 1492 (1072) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: ED2D69CD4B0EBE37EFE11D4DC4ABC68F

PID: 1536 (1072) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: ED2D69CD4B0EBE37EFE11D4DC4ABC68F

PID: 1644 (1072) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: ED2D69CD4B0EBE37EFE11D4DC4ABC68F

PID: 1724 (1072) C:\WINDOWS\system32\spoolsv.exe

size: 58880

MD5: 60784F891563FB1B767F70117FC2428F

PID: 1884 (1072) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: ED2D69CD4B0EBE37EFE11D4DC4ABC68F

PID: 344 (1072) C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe

size: 196664

MD5: 6B72E1E329C4E98C6B6FDD2D265E3BA3

PID: 376 (1072) C:\WINDOWS\system32\cisvc.exe

size: 5632

MD5: AFE848924FCF62665FC79D2BBB5E0665

PID: 628 (1072) C:\Arquivos de programas\Java\jre7\bin\jqs.exe

size: 161768

MD5: B591E761161D1EF547D76EF236EAA6A5

PID: 1416 (1000) C:\Arquivos de programas\Google\Update\1.3.21.124\GoogleCrashHandler.exe

size: 212432

MD5: AE5A69F44C1F97EDC83237FC0B29B6FB

PID: 1920 (1072) C:\WINDOWS\system32\IoctlSvc.exe

size: 81920

MD5: 875E4E0661F3A5994DF9E5E3A0A4F96B

PID: 2084 (1072) C:\WINDOWS\system32\svchost.exe

size: 14336

MD5: ED2D69CD4B0EBE37EFE11D4DC4ABC68F

PID: 3160 (1072) C:\WINDOWS\System32\alg.exe

size: 44544

MD5: 6D2018AEE93285F2A8BEF55D722187A3

PID: 572 ( 376) C:\WINDOWS\system32\cidaemon.exe

size: 8192

MD5: 5592A7F0E3E0823E41ECAFB8A4659280

PID: 540 (1028) C:\WINDOWS\system32\WgaTray.exe

size: 969608

MD5: 4D5657AB953DD30BE94A10092E2C90E3

PID: 3060 (2252) C:\WINDOWS\Explorer.EXE

size: 1035776

MD5: 064EC7FF5F58B928C3E119402977FA6D

PID: 3592 (1452) C:\WINDOWS\system32\wuauclt.exe

size: 53784

MD5: 2E0B0A051FFAA86E358465BB0880D453

PID: 3696 (3060) C:\WINDOWS\system32\igfxtray.exe

size: 135168

MD5: F38092DE1D6A8CBB11B6B6D0F07E268E

PID: 3884 (3060) C:\WINDOWS\system32\hkcmd.exe

size: 159744

MD5: E44733C30F7FE6A1CE7A6B1D2B335CFC

PID: 3812 (3060) C:\WINDOWS\system32\ctfmon.exe

size: 15360

MD5: 4E486ADFE3A0B9ED0EB0639902E9F64F

PID: 3380 (1260) C:\WINDOWS\system32\igfxsrvc.exe

size: 249856

MD5: 1D4F13DBB57C5152FC9A5DABBCFC78B4

PID: 3880 (3060) C:\WINDOWS\system32\igfxpers.exe

size: 131072

MD5: 2022C54B3A79A51C9538CE47D1F50BC3

PID: 3952 (3060) C:\Arquivos de programas\AVG\AVG2013\avgui.exe

size: 3143800

MD5: 1D2B51E5291448DA123644A41250F6D6

PID: 144 (3060) C:\WINDOWS\RTHDCPL.EXE

size: 18702336

MD5: 5E6380F8B88FEC24461B7CDCCE800BBC

PID: 4036 (3060) C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

size: 252848

MD5: 12916E0642E92561C98B18A2A2D01B14

PID: 3408 (3060) C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer.exe

size: 1540096

MD5: 6DE5BAB37AF6EFA1E3AC4E23737E8305

PID: 1956 (3060) C:\Documents and Settings\barbara\Dados de aplicativos\MediaFire Express\mf_systray.exe

size: 2239048

MD5: E69EBFD07619D1F0CB25856DAD666E85

PID: 1940 (3060) C:\Arquivos de programas\Microsoft Office\Office14\MSOSYNC.EXE

size: 718208

MD5: 7AFF1C22E8BC6D8181053FC3590FD0F2

PID: 2120 (3060) C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

size: 152872

MD5: 1B31D1266691EDD4224B0036449F14B4

PID: 2180 (1072) C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

size: 275752

MD5: 193FA51DDDD0BFFDED1C340F0434999A

PID: 1428 (1260) C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

size: 1201448

MD5: 96E8CF4D3731D90058DE39A3BECAD707

PID: 3716 (1956) C:\Documents and Settings\barbara\Dados de aplicativos\MediaFire Express\mf_daemon.exe

size: 2340936

MD5: D8DDFAFA6A551F640EF5B10ED28AB4FA

PID: 428 (1956) C:\Documents and Settings\barbara\Dados de aplicativos\MediaFire Express\mf_status.exe

size: 2045000

MD5: 9C64B6392AC32D0D72AA699FC54DAD26

PID: 1476 (1956) C:\Documents and Settings\barbara\Dados de aplicativos\MediaFire Express\mf_services.exe

size: 3130952

MD5: 64B4A50CF70D8A704E1418F380CAEC29

PID: 2220 (1072) C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

size: 4640000

MD5: 358A9CCA612C68EB2F07DDAD4CE1D8D7

PID: 920 (2452) C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe

size: 2144088

MD5: 896A1DB9A972AD2339C2E8569EC926D1

PID: 1368 (3060) C:\Arquivos de programas\Mozilla Firefox\firefox.exe

size: 916960

MD5: 5744FFF8E72D105C138DAE9E17BB29FE

PID: 696 (1368) C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

size: 16864

MD5: C142445B59C1DABA31F6397A34C42C74

PID: 2604 (3060) C:\WINDOWS\EditPad.EXE

size: 293672

MD5: B8DF3DF1B719AB4EE8DE5FFB884F8340

PID: 688 (3060) C:\Arquivos de programas\Microsoft Office\Office14\OUTLOOK.EXE

size: 15889248

MD5: CA6DB5CB169E09209D0BA380E398D87B

PID: 2944 (3060) C:\Ultimatum\UltimatumServerCE\CadastroCliente.exe

size: 2497024

MD5: 2019A379D399AB83D5175B5D893A3DB0

PID: 780 (3060) C:\Ultimatum\UltimatumServerCE\UltimatumControlPanel10122012.exe

size: 3804160

MD5: 5D5B90E44AB06D9C8198BBE6FC34ADCD

PID: 3036 ( 920) C:\Arquivos de programas\Spybot - Search & Destroy\SpybotSD.exe

size: 5365592

MD5: 0477C2F9171599CA5BC3307FDFBA8D89

PID: 4 ( 0) System

--- Browser start & search pages list ---

Spybot - Search & Destroy browser pages report, 8/1/2013 15:27:14

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Local Page

C:\WINDOWS\system32\blank.htm

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Search Page

&http://home.microsoft.com/intl/br/access/allinone.asp

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\Start Page

http://search.conduit.com?SearchSource=10&ctid=CT2849856

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Local Page

C:\WINDOWS\system32\blank.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Search Page

http://go.microsoft.com/fwlink/?LinkId=54896

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Start Page

http://go.microsoft.com/fwlink/?LinkId=69157

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Page_URL

http://go.microsoft.com/fwlink/?LinkId=69157

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\Default_Search_URL

http://go.microsoft.com/fwlink/?LinkId=54896

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\SearchAssistant

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm

HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\CustomizeSearch

http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

--- Winsock Layered Service Provider list ---

Protocol 0: nslsp2 over [MSAFD Tcpip [TCP/IP]]

GUID: {C12E985C-5A22-4600-B31F-3A65CC34C06A}

Filename: C:\Arquivos de programas\Arquivos comuns\NSL\nslsp.dll

Protocol 1: nslsp2 over [MSAFD Tcpip [uDP/IP]]

GUID: {E7C92CBE-DD23-438E-A032-010FCDC3B26B}

Filename: C:\Arquivos de programas\Arquivos comuns\NSL\nslsp.dll

Protocol 2: nslsp2 over [MSAFD Tcpip [RAW/IP]]

GUID: {42A2964F-450E-4C5B-A56E-7781B96BD50B}

Filename: C:\Arquivos de programas\Arquivos comuns\NSL\nslsp.dll

Protocol 3: nslsp2 over [RSVP UDP Service Provider]

GUID: {31C04E7F-34C0-4296-955F-C83919E1B2CD}

Filename: C:\Arquivos de programas\Arquivos comuns\NSL\nslsp.dll

Protocol 4: nslsp2 over [RSVP TCP Service Provider]

GUID: {D6E67883-BAE8-45B3-8A4D-0E6E80DDAEA6}

Filename: C:\Arquivos de programas\Arquivos comuns\NSL\nslsp.dll

Protocol 5: nslsp2 over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{9666AC4C-4579-41AB-9AEA-79CE7344DC68}] SEQPACKET 0]

GUID: {6D350F40-7695-4095-AED5-89F3CB251F2C}

Filename: C:\Arquivos de programas\Arquivos comuns\NSL\nslsp.dll

Protocol 6: nslsp2 over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{9666AC4C-4579-41AB-9AEA-79CE7344DC68}] DATAGRAM 0]

GUID: {76281834-B5D5-4FEC-83B4-9F699B2D82DF}

Filename: C:\Arquivos de programas\Arquivos comuns\NSL\nslsp.dll

Protocol 7: nslsp2 over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{7BB77C17-A060-4032-913D-0B3B55BC2D72}] SEQPACKET 1]

GUID: {B6E5A52B-58B7-4495-91E1-D19F0CF4224D}

Filename: C:\Arquivos de programas\Arquivos comuns\NSL\nslsp.dll

Protocol 8: nslsp2 over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{7BB77C17-A060-4032-913D-0B3B55BC2D72}] DATAGRAM 1]

GUID: {CD465899-0F6B-4746-8400-76EF29954FC2}

Filename: C:\Arquivos de programas\Arquivos comuns\NSL\nslsp.dll

Protocol 9: nslsp2 over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{ACA6D455-8D25-43D7-AD3F-839236A1C911}] SEQPACKET 2]

GUID: {FA4C3D74-8262-4171-A596-F8B7A3ACF5F1}

Filename: C:\Arquivos de programas\Arquivos comuns\NSL\nslsp.dll

Protocol 10: nslsp2 over [MSAFD NetBIOS [\Device\NetBT_Tcpip_{ACA6D455-8D25-43D7-AD3F-839236A1C911}] DATAGRAM 2]

GUID: {DA18FC04-07D5-42D4-91EA-2385231EF71D}

Filename: C:\Arquivos de programas\Arquivos comuns\NSL\nslsp.dll

Protocol 11: MSAFD Tcpip [TCP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

Protocol 12: MSAFD Tcpip [uDP/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

Protocol 13: MSAFD Tcpip [RAW/IP]

GUID: {E70F1AA0-AB8B-11CF-8CA3-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP IP protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD Tcpip [*]

Protocol 14: RSVP UDP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

Protocol 15: RSVP TCP Service Provider

GUID: {9D60A9E0-337A-11D0-BD88-0000C082E69A}

Filename: %SystemRoot%\system32\rsvpsp.dll

Description: Microsoft Windows NT/2k/XP RVSP

DB filename: %SystemRoot%\system32\rsvpsp.dll

DB protocol: RSVP * Service Provider

Protocol 16: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9666AC4C-4579-41AB-9AEA-79CE7344DC68}] SEQPACKET 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 17: MSAFD NetBIOS [\Device\NetBT_Tcpip_{9666AC4C-4579-41AB-9AEA-79CE7344DC68}] DATAGRAM 0

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 18: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7BB77C17-A060-4032-913D-0B3B55BC2D72}] SEQPACKET 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 19: MSAFD NetBIOS [\Device\NetBT_Tcpip_{7BB77C17-A060-4032-913D-0B3B55BC2D72}] DATAGRAM 1

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 20: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ACA6D455-8D25-43D7-AD3F-839236A1C911}] SEQPACKET 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 21: MSAFD NetBIOS [\Device\NetBT_Tcpip_{ACA6D455-8D25-43D7-AD3F-839236A1C911}] DATAGRAM 2

GUID: {8D5F1830-C273-11CF-95C8-00805F48A192}

Filename: %SystemRoot%\system32\mswsock.dll

Description: Microsoft Windows NT/2k/XP NetBios protocol

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: MSAFD NetBIOS *

Protocol 22: nslsp2

GUID: {702ACC98-D24F-4BCD-88F6-2AB61AB660A0}

Filename: C:\Arquivos de programas\Arquivos comuns\NSL\nslsp.dll

Namespace Provider 0: Tcpip

GUID: {22059D40-7E9E-11CF-AE5A-00AA00A7112B}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP TCP/IP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: TCP/IP

Namespace Provider 1: NTDS

GUID: {3B2637EE-E580-11CF-A555-00C04FD8D4AC}

Filename: %SystemRoot%\System32\winrnr.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\winrnr.dll

DB protocol: NTDS

Namespace Provider 2: Espaço para nome do reconhecimento de local da rede (NLA)

GUID: {6642243A-3BA8-4AA6-BAA5-2E0BD71FDD83}

Filename: %SystemRoot%\System32\mswsock.dll

Description: Microsoft Windows NT/2k/XP name space provider

DB filename: %SystemRoot%\system32\mswsock.dll

DB protocol: NLA-Namespace

Compartilhar este post


Link para o post
Compartilhar em outros sites

Para podermos ajudá-la, siga integralmente o estabelecido neste "Tópico de procedimento padrão obrigatório do Fórum".

Logs do HijackThis ** leia antes de postar **

Após feitos os procedimentos, postar o Log do HijackThis para exame, aqui mesmo neste Tópico, clicando no segundo BOTÃO RESPONDER e aguarde novas instruções.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o log do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:39:03, on 8/1/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe
C:\WINDOWS\system32\cisvc.exe
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\Arquivos de programas\Google\Update\1.3.21.124\GoogleCrashHandler.exe
C:\WINDOWS\system32\IoctlSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Arquivos de programas\AVG\AVG2013\avgui.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer.exe
C:\Documents and Settings\barbara\Dados de aplicativos\MediaFire Express\mf_systray.exe
C:\Arquivos de programas\Microsoft Office\Office14\MSOSYNC.EXE
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe
C:\Documents and Settings\barbara\Dados de aplicativos\MediaFire Express\mf_daemon.exe
C:\Documents and Settings\barbara\Dados de aplicativos\MediaFire Express\mf_status.exe
C:\Documents and Settings\barbara\Dados de aplicativos\MediaFire Express\mf_services.exe
C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\EditPad.EXE
C:\Arquivos de programas\Microsoft Office\Office14\OUTLOOK.EXE
C:\Ultimatum\UltimatumServerCE\CadastroCliente.exe
C:\Arquivos de programas\Skype\Phone\Skype.exe
C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe
C:\Arquivos de programas\AVG\AVG2013\avgemcx.exe
C:\Arquivos de programas\AVG\AVG2013\avgnsx.exe
C:\Arquivos de programas\AVG\AVG2013\avgrsx.exe
C:\Arquivos de programas\AVG\AVG2013\avgcsrvx.exe
C:\Ultimatum\UltimatumServerCE\UltimatumControlPanel10122012.exe
C:\Arquivos de programas\Microsoft Office\Office14\EXCEL.EXE
C:\Arquivos de programas\AVG\AVG2013\avgcsrvx.exe
C:\Arquivos de programas\Microsoft Office\Office14\WINWORD.EXE
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Documents and Settings\barbara\Meus documentos\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2849856
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.71:3128
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\ARQUIV~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [AVG_UI] "C:\Arquivos de programas\AVG\AVG2013\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NokiaMServer] C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup
O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Arquivos de programas\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" /command:faststart
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MediaFire Tray] "C:\Documents and Settings\barbara\Dados de aplicativos\MediaFire Express\mf_systray.exe" --boot-start
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Arquivos de programas\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Arquivos de programas\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Arquivos de programas\Microsoft Office\Office14\GROOVE.EXE
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\ARQUIV~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\ARQUIV~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll
O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\..\{9666AC4C-4579-41AB-9AEA-79CE7344DC68}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe
O23 - Service: Client32 - NetSupport Ltd - C:\Arquivos de programas\NetSupport\NetSupport School\client32.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe
O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe

--
End of file - 11749 bytes
 

Editado por Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desinstale completamente o Spybot, é um Software defasado que mais complica do que ajuda........................

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.
Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.
Se houver atualizações a serem feitas, serão baixadas e instaladas.
Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.
Começará então o exame. Aguarde, pois pode demorar.
Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)
O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do MBAM:

 

Malwarebytes Anti-Malware (Trial) 1.70.0.1100

www.malwarebytes.org

Versão da Base de Dados:  v2013.01.09.03

Windows XP Service Pack 3 x86 NTFS

Internet Explorer 8.0.6001.18702

barbara :: BARBARAPC [administrador]

Proteção: Permitir

9/1/2013 14:04:22

mbam-log-2013-01-09 (14-04-22).txt

Tipo de Verificação:  Verificação Rápida

Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos  | Heurística/Extra | Heurística/Shuriken | PUP | PUM

Opções de verificação desativadas: P2P

Objetos escaneados:  271306

Tempo decorrido: 30 minuto(s), 9 segundo(s)

Processos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0

(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0

(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0

(Não foram detectados ítens maliciosos)

Arquivos Detectados: 2

C:\Documents and Settings\barbara\Meus documentos\Downloads\formatfactory-300-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.

C:\Documents and Settings\barbara\Meus documentos\Downloads\spybot--search-&-destroy-20120-baixaki-32-bits.exe (PUP.AdBundle) -> Enviado para a Quarentena e deletado com sucesso.

(fim)

 

 

Log do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:08:54, on 9/1/2013

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\ARQUIV~1\AVG\AVG2013\avgrsx.exe

C:\Arquivos de programas\AVG\AVG2013\avgcsrvx.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe

C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe

C:\WINDOWS\system32\cisvc.exe

C:\Arquivos de programas\Java\jre7\bin\jqs.exe

C:\Arquivos de programas\AVG\AVG2013\avgnsx.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Arquivos de programas\AVG\AVG2013\avgemcx.exe

C:\Arquivos de programas\Google\Update\1.3.21.124\GoogleCrashHandler.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

C:\WINDOWS\system32\IoctlSvc.exe

C:\WINDOWS\system32\svchost.exe

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamgui.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\WINDOWS\system32\igfxpers.exe

C:\Arquivos de programas\AVG\AVG2013\avgui.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\WINDOWS\RTHDCPL.EXE

C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer.exe

C:\Documents and Settings\barbara\Dados de aplicativos\MediaFire Express\mf_systray.exe

C:\Arquivos de programas\Microsoft Office\Office14\MSOSYNC.EXE

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Microsoft Office\Office14\GROOVE.EXE

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\Documents and Settings\barbara\Dados de aplicativos\MediaFire Express\mf_daemon.exe

C:\Documents and Settings\barbara\Dados de aplicativos\MediaFire Express\mf_status.exe

C:\Documents and Settings\barbara\Dados de aplicativos\MediaFire Express\mf_services.exe

C:\Arquivos de programas\Microsoft Office\Office14\OUTLOOK.EXE

C:\Ultimatum\UltimatumServerCE\CadastroCliente.exe

C:\Arquivos de programas\Mozilla Firefox\firefox.exe

C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe

C:\Arquivos de programas\Skype\Phone\Skype.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Ultimatum\EditPad.EXE

C:\Documents and Settings\barbara\Desktop\Pacote de Programas Necessários Para um PC\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2849856

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 192.168.0.71:3128

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\ARQUIV~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\ARQUIV~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AVG_UI] "C:\Arquivos de programas\AVG\AVG2013\avgui.exe" /TRAYONLY

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [NokiaMServer] C:\Arquivos de programas\Arquivos comuns\Nokia\MPlatform\NokiaMServer /watchfiles startup

O4 - HKLM\..\Run: [NokiaMusic FastStart] "C:\Arquivos de programas\Nokia\Nokia Music Player\NokiaMusicPlayer.exe" /command:faststart

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MediaFire Tray] "C:\Documents and Settings\barbara\Dados de aplicativos\MediaFire Express\mf_systray.exe" --boot-start

O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Arquivos de programas\Microsoft Office\Office14\MSOSYNC.EXE"

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Arquivos de programas\Microsoft Office\Office14\GROOVE.EXE

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\ARQUIV~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Arquivos de programas\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll

O10 - Unknown file in Winsock LSP: c:\arquivos de programas\arquivos comuns\nsl\nslsp.dll

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp

O17 - HKLM\System\CCS\Services\Tcpip\..\{9666AC4C-4579-41AB-9AEA-79CE7344DC68}: NameServer = 8.8.8.8,8.8.4.4

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgidsagent.exe

O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Arquivos de programas\AVG\AVG2013\avgwdsvc.exe

O23 - Service: Client32 - NetSupport Ltd - C:\Arquivos de programas\NetSupport\NetSupport School\client32.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\WINDOWS\system32\IoctlSvc.exe

O23 - Service: ServiceLayer - Nokia - C:\Arquivos de programas\Nokia\PC Connectivity Solution\ServiceLayer.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe

--

End of file - 11220 bytes

Editado por Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.micro...kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Quer postar a sua dúvida? Cadastre-se pois é rápido e fácil!


Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.


Entrar Agora
Esse tópico é útil para você?
Então compartilhe e ajude outros internautas!
Entre para seguir isso  
Seguidores 0

  • NOVIDADES DO SITE BABOO

  • Posts

    • Olá! Pode dizer qual o modelo do seu teclado e se ele usa algum driver de fabricante?
    • Atualmente eu tou fugindo de Seagate, no passado foi minha favorita mas estou tendo muita dor de cabeça atualmente. Eu comprei um HD com bom c/b recentemente da WD, que já foi um lixo mas hoje em dia está incrível, estou muito satisfeita com ele, é esse modelo: http://www.kabum.com.br/produto/63735/hd-wd-sata-35-blue-pc-1tb-7200rpm-64mb-cache-sata-6-0gb-s-wd10ezex
    • Olá galera, estou querendo montar um PC bom e comecei pelo processador, achei esse, que segundo oque eu pesquisei, é o mais top da intel, me corrijam se eu tiver errado:  http://www.kabum.com.br/produto/84404/processador-intel-core-i7-7700k-kaby-lake-7a-geracao-cache-8mb-4-2ghz-4-5ghz-max-turbo-lga-1151-intel-hd-graphics-630-bx80677i77700k/?tag=i7 Quero sugestões para compra dessas peças paraq aproveitar o máximo do processador: placa-mãe Memória Ssd gabinete Obs( JÁ TENHO OS SEGUINTES COMPONENTES): hd samsumg 160gb (mas quero trocar porque ouvir dizer que o ssd é muito mais rápido que o hd), já tenho uma fonte real cosair 430w, driver de dvd e uma gt 520( não é grande coisa mas é melhor que o chip onboard)  
    • Ok Muito agradecida!
    • muito bom obrigado.
    • Como está o PC ?
    • Olá caros leitores, estou a procura de um placa de vídeo para jogar E-sports. Estou em duvida entre a Gigabyte 1050 ti OC 4GB e a EVGA Gerforce GTX 1050 ti SC GAming 4GB  http://www.kabum.com.br/cgi-local/site/produtos/descricao.cgi?codigo=84137&origem=52&gclid=Cj0KEQiA88TFBRDYrOPKuvfY2pIBEiQA97Z8MR3bWfLxyIkX3Ppt1kdeEQZ6-niBm8C_FtAgK6ZYFzIaAv3W8P8HAQ  

    • Zoek.exe v5.0.0.1 Updated 27-09-2015
      Tool run by Silvester on 25/02/2017 at 15:46:10,01.
      Microsoft Windows 10 Home Single Language 10.0.14393  x64
      Running in: Normal Mode No Internet Access Detected
      Launched: C:\Users\Silvester\Desktop\zoek.exe [Scan all users] [Script inserted]  ==== Older Logs ====================== C:\zoek-results2016-08-13-201715.log    18059 bytes
      C:\zoek-results2016-08-18-165922.log    20260 bytes
      C:\zoek-results2017-02-25-184339.log    560 bytes ==== System Restore Info ====================== 25/02/2017 15:53:43 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. 

      # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 

      # This file contains the mappings of IP addresses to host names. Each 
      # entry should be kept on an individual line. The IP address should 
      # be placed in the first column followed by the corresponding host name. 
      # The IP address and the host name should be separated by at least one 
      # space. 

      # Additionally, comments (such as these) may be inserted on individual 
      # lines or following the machine name denoted by a '#' symbol. 

      # For example: 

      #      102.54.94.97     rhino.acme.com          # source server 
      #       38.25.63.10     x.acme.com              # x client host 
       
      127.0.0.1       localhost  ==== Empty Folders Check ====================== C:\PROGRA~3\BlueStacksSetup deleted successfully
      C:\PROGRA~3\Comms deleted successfully
      C:\PROGRA~3\SoftwareDistribution deleted successfully
      C:\Users\Guilherme\AppData\Local\ActiveSync deleted successfully
      C:\Users\Guilherme\AppData\Local\NetworkTiles deleted successfully
      C:\Users\Silvester\AppData\Local\NetworkTiles deleted successfully
      C:\Windows\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
      C:\Windows\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully ==== Deleting CLSID Registry Keys ======================
      ==== Deleting CLSID Registry Values ======================
      ==== Deleting Services ======================
      ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Universe Sandbox not found
      C:\Users\Silvester\AppData\Local\Aplicativo Itau deleted
      C:\PROGRA~3\Package Cache deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
      "light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi" [11/12/2016 13:34]
      [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
      "light_plugin_F6F079488B53499DB99380A7E11A93F6@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\FFExt\light_plugin_firefox\addon.xpi" [11/12/2016 13:34] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
      efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
      fhoibnponjcgjgcnfacekaijdbbplhib - https://chrome.google.com/webstore/detail/fhoibnponjcgjgcnfacekaijdbbplhib[] Chrome Media Router - Guilherme\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm
      AntiProtetor - Silvester\AppData\Local\Google\Chrome\User Data\Default\Extensions\ggalbojcechgnfflkndfegfffodfmjaj
      Desprotetor de Links - Silvester\AppData\Local\Google\Chrome\User Data\Default\Extensions\imcbnnnoghiihopefblgehihofbfbmei
      Chrome Media Router - Silvester\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
      C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully
      C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
      C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://dell15.msn.com/?PC=DCTE"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"="{3865FC38-6166-486E-B661-91934F650698}"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{3865FC38-6166-486E-B661-91934F650698}] not found New Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://dell15.msn.com/?PC=DCTE"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
      {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
      {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Reset Google Chrome ====================== C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
      C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
      C:\Users\Silvester\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
      C:\Users\Silvester\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
      C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
      C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
      C:\Users\Silvester\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
      C:\Users\Silvester\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\Guilherme\Desktop\Arquivos - Atalho.lnk - E:\Arquivos 
      C:\Users\Guilherme\Desktop\Kaspersky Secure Connection.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe -navigate ksde://mainwindow
      C:\Users\Guilherme\Desktop\Minecraft.lnk - C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe 
      C:\Users\Guilherme\Desktop\mods 1.10.2.lnk - C:\Users\Guilherme\AppData\Roaming\.minecraft\mods 
      C:\Users\Guilherme\Desktop\mods 1.7.10.lnk - C:\Users\Guilherme\AppData\Roaming\Mine1.7.10\mods 
      C:\Users\Guilherme\Desktop\mods 1.8 falso.lnk - C:\Users\Guilherme\AppData\Roaming\newmine\.minecraft\mods 1.8\mods 
      C:\Users\Guilherme\Desktop\mods 1.8.9.lnk - C:\Users\Guilherme\AppData\Roaming\.minecraft\mods 
      C:\Users\Guilherme\Desktop\mods1,8.lnk - C:\Users\Guilherme\AppData\Roaming\.minecraft\mods 
      C:\Users\Guilherme\Desktop\Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe 
      C:\Users\Guilherme\Desktop\Universe Sandbox.lnk - C:\Program Files (x86)\ Universe Sandbox\SmartSteamLoader.exe 
      C:\Users\Guilherme\Desktop\Silvio\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
      C:\Users\Guilherme\Desktop\Silvio\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 
      C:\Users\Guilherme\Desktop\Silvio\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe 
      C:\Users\Guilherme\Desktop\Silvio\uTorrent.exe - Atalho.lnk - C:\Users\Guilherme\AppData\Roaming\uTorrent\uTorrent.exe 
      C:\Users\Silvester\Desktop\Aluguel.lnk - E:\Silvester\aluguel 
      C:\Users\Silvester\Desktop\Any Video Converter.lnk - C:\Program Files (x86)\Anvsoft\Any Video Converter\AVCFree.exe 
      C:\Users\Silvester\Desktop\Bella Olinda.lnk - E:\Silvester\Bella Olinda 
      C:\Users\Silvester\Desktop\gg.lnk - C:\Users\Silvester\AppData\Local\Aplicativo Itau\itauaplicativo.exe 
      C:\Users\Silvester\Desktop\µTorrent.lnk -   ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Acrobat Reader DC.lnk - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 
      C:\Users\Public\Desktop\Design&Print.lnk - C:\Program Files (x86)\Design&Print\DesktopDPO.exe 
      C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe 
      C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
      C:\Users\Public\Desktop\Kaspersky Secure Connection.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksdeui.exe -navigate ksde://mainwindow
      C:\Users\Public\Desktop\Quik.lnk - C:\Program Files (x86)\GoPro\GoPro Desktop App\Quik.exe 
      C:\Users\Public\Desktop\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe 
      C:\Users\Public\Desktop\Sony.lnk - C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe  ==== shortcuts in Users Start Menu ====================== C:\Users\Guilherme\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\Silvester\AppData\Local\Microsoft\OneDrive\OneDrive.exe 
      C:\Users\Silvester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú\Central de Diagnósticos.lnk -  
      C:\Users\Silvester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú\Desinstalador.lnk -  
      C:\Users\Silvester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú\Itaú.lnk -  
      C:\Users\Silvester\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GEPath 1.4.6\GEPath 1.4.6.LNK - C:\Program Files (x86)\GEPath\GEPath1_4_6.exe  ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avery Products\Design&Print.lnk - C:\Program Files (x86)\Design&Print\DesktopDPO.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Customer Connect.lnk - C:\Program Files (x86)\Dell Customer Connect\DCCTrayApp.exe shortcut
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Notifications.lnk - C:\Program Files (x86)\Dell\Dell Foundation Services\ShellHelper.exe /FromShortcut
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in DirectX mode.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe  -setDX
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe  -setOGL
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth.lnk - C:\Windows\System32\msiexec.exe /x {F6430171-B86B-4639-839E-374913E7911D}
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro\GoPro Studio.lnk - C:\Program Files (x86)\GoPro\tools\GoPro Studio.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro\Quik.lnk - C:\Program Files (x86)\GoPro\GoPro Desktop App\Quik.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_121\bin\javacpl.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_121\bin\javacpl.exe -tab about
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\xlicons.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\outicon.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\pptico.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\wordicon.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home\Ajuda do PlayMemories Home.lnk - C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe /Help
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home\Ferramenta de Inicialização de Configurações do PlayMemories.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayMemories Home\PlayMemories Home.lnk - C:\Program Files (x86)\Sony\PlayMemories Home\PMBBrowser.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Camera Control\Ajuda do Remote Camera Control.lnk - C:\Program Files (x86)\Sony\Remote Camera Control\Help\RCC_Help.html 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Remote Camera Control\Remote Camera Control.lnk - C:\Program Files (x86)\Sony\Remote Camera Control\RemoteCameraControl.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Desinstalar Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\unins000.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller Help.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revo Uninstaller Help.pdf 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe  ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
      C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\d7a6d30ba0cb1b55\ConverttoPDFNow.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory=Default --app-id=fhejbnkchaapocpeaikmlkciccbhgcaa
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Fraps.lnk - C:\Fraps\fraps.exe 
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Minecraft.lnk - C:\Program Files (x86)\Minecraft\MinecraftLauncher.exe 
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Movie Maker.lnk - C:\Program Files (x86)\Windows Live\Photo Gallery\MovieMaker.exe 
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Paint.lnk - C:\Windows\system32\mspaint.exe 
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Shiginima Launcher SE v3.lnk - C:\Users\Guilherme\Desktop\Shiginima Launcher SE v3.100.exe 
      C:\Users\Guilherme\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2013.lnk - C:\Windows\Installer\{91150000-0011-0000-1000-0000000FF1CE}\wordicon.exe 
      C:\Users\Silvester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\Silvester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
      C:\Users\Silvester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  
      C:\Users\Silvester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
      C:\Users\Silvester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CorelDRAW X8.lnk - c:\Windows\Installer\{A66E09BB-9892-421D-9EB9-311D12AA5244}\NewShortcut1_68427AB8B2C044C58AA777A4C3F75634.exe 
      C:\Users\Silvester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
      C:\Users\Silvester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
      C:\Users\Silvester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PHOTO-PAINT X8 (64-Bit).lnk - c:\Windows\Installer\{04D8C47E-C0FE-4CA5-8878-91ECD9552109}\NewShortcut2_EBB51BFEE10948A888CB7ADF96E8EC80.exe 
      C:\Users\Silvester\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk -  
      C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -   ==== Reset IE Proxy ====================== Value(s) before fix:
      "ProxyEnable"=dword:00000000 Value(s) after fix:
      "ProxyEnable"=dword:00000000 ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\Guilherme\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\Guilherme\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
      C:\Users\Silvester\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\Silvester\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
      C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\Guilherme\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Users\Guilherme\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
      C:\Users\Silvester\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Users\Silvester\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
      C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Guilherme\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
      C:\Users\Silvester\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=195 folders=113 457364542 bytes) ==== Empty Temp Folders ====================== C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied
      C:\Users\SILVES~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 25/02/2017 at 16:41:41,73 ======================
        _____________________________ Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 16:44:49, on 25/02/2017
      Platform: Unknown Windows (WinNT 6.02.1008)
      MSIE: Internet Explorer v11.0 (11.00.14393.0000)
      Boot mode: Normal Running processes:
      C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avpui.exe
      C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
      C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe
      C:\Users\Silvester\AppData\Local\Microsoft\OneDrive\OneDrive.exe
      C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
      C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Users\Silvester\Downloads\HijackThis.exe
      C:\Windows\SysWoW64\DllHost.exe
      C:\Windows\SysWoW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell15.msn.com/?PC=DCTE
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell15.msn.com/?PC=DCTE
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\ssv.dll
      O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_121\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe /SysAutoRun
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [OneDrive] "C:\Users\Silvester\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
      O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Silvester\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Silvester\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64"
      O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
      O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
      O23 - Service: Serviço do Kaspersky Anti-Virus 17.0.0 (AVP17.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\avp.exe
      O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
      O23 - Service: Serviço Atualização do Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      O23 - Service: Serviço Atualização do Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      O23 - Service: Dell Customer Connect - Dell Inc. - C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
      O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
      O23 - Service: Dell Help & Support - Unknown owner - C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
      O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
      O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
      O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
      O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: GoPro Device Detection Service (GoProDeviceDetectionService) - Unknown owner - C:\Program Files\GoPro\GoPro Desktop App\GoProDeviceDetection.exe
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
      O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
      O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
      O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: klvssbrigde64 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 17.0.0\x64\vssbridge64.exe
      O23 - Service: Serviço do Kaspersky Secure Connection 1.0.0 (KSDE1.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 1.0\ksde.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: NovaSkinResourcepack - Unknown owner - C:\Users\Guilherme\AppData\Roaming\.minecraft\resourcepacks\novaskin\bin\nssm-x86.exe (file missing)
      O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
      O23 - Service: Product Registration - Dell - C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
      O23 - Service: Corel License Validation Service V2 x64, Powered by arvato (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
      O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) --
      End of file - 11522 bytes
       
    • Olá pessoal sou novo aqui no fórum, pois bem depois da atualização que eu fiz para instalar do Windows 10 eu não consigo mais utilizar as teclas de atalho do meu teclado(para não dizer todas apenas a de volume que funciona). Já tentei verificar se tem alguma atualização para essa correção mais não apareceu nada, eu não sei o que fazer(não que isso prejudique, mas os atalhos acabam facilitando um pouco a vida). bom pessoal desde já agradeço.
    • Olá! Possuo um arquivo em excel com duas planilhas diferentes, estas são impressas em duas impressoras diferentes. Gostaria de saber se há alguma macro que eu consiga enviar para impressão as duas planilhas nas suas respectivas impressoras diretamente, sem que eu tenha que selecionar a impressora.
      Obrigado!
O site BABOO está no ar para informar e ajudar o internauta de Windows. Este site foi publicado em 1999 por Aurélio "Baboo", engenheiro e um dos maiores especialistas brasileiros em Windows, que trabalha profissionalmente com esse sistema operacional desde 1987. Desde 2004 ele é premiado anualmente pela Microsoft como MVP (Most Valuable Professional) pela sua contribuição e ajuda à comunidade de usuários de Windows.

Em 2001 foi criado o
Fórum do BABOO para ajudar o internauta brasileiro a solucionar problemas e dúvidas sobre Windows, Segurança, Office, Hardware e outros temas. Desde 2010 a Microsoft também tem premiado o Mr.Million, administrador da área de Segurança do Fórum do BABOO, pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Atualmente ele é o único MVP brasileiro de Segurança em desktop.

O BABOO é o único site brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows e que participa diariamente e ativamente nos comentários e discussões do site e fórum BABOO.