Conteúdo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Fundo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Desenho: Liso Onda Linha Retalho Madeira Rocha Couro Colméia Vertical Triângulo
Bem-vindo ao Fórum do BABOO!

Desde 2000 o Fórum do BABOO tem ajudado milhões de internautas de Windows a resolverem seus problemas e dúvidas, além de ajudar na remoção de vírus e malwares de seus computadores. Somos o único fórum brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows, então se você tem uma dúvida ou problema que nenhum outro fórum resolve, poste-a aqui pois o MVP Babooadora desafios!
  

O Fórum do BABOO também conta com a participação exclusiva do administrador da área de Segurança MVP Mr.Million que tem reconhecimento internacional da Microsoft pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Se o seu computador está infectado por algum vírus, ele te ajudará a removê-lo!
  

Nosso time de especialistas também inclui Patropi  Osvaldomp  Caze  Ciro-Mota  XERLOUCO ROUMS  Tatha que responderão suas dúvidas sobre diversos assuntos.
 

Participe da nossa comunidade! 

 

Entre para seguir isso  
Seguidores 0
virginiagonzaga

Analise de log

9 posts neste tópico

Meu log:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:23:38, on 07/02/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Rainlendar2\Rainlendar2.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {e7cb019e-bf3b-4c48-9673-48c323b18e31} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-21-2639535693-1507912250-3813765499-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2639535693-1507912250-3813765499-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - S-1-5-21-2639535693-1507912250-3813765499-1001 Startup: Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (User 'UpdatusUser')
O4 - S-1-5-21-2639535693-1507912250-3813765499-1001 User Startup: Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: Preenchimento de formulários LastPass - file://C:\Program Files\LastPass\context.html?cmd=fillforms
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Gbp Service (GbpSv) -   - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--
End of file - 7722 bytes
 

..............................................................................................

Boa tarde,

meu PC esta começando a reinicializar sozinho novamente,

qdo ele volta dá o seguinte erro:

Nome do Evento de Problema:           BlueScreen

  Versão do sistema operacional:        6.1.7601.2.1.0.256.1

  Identificação da Localidade:             1046

 

Informações adicionais sobre o problema:

  BCCode:                                               116

  BCP1:                                                    85C66510

  BCP2:                                                    90BD495E

  BCP3:                                                    C000000D

  BCP4:                                                    00000003

  OS Version:                                          6_1_7601

  Service Pack:                                       1_0

  Product:                                               256_1

 

Arquivos que ajudam a descrever o problema:

  C:\Windows\Minidump\020713-14710-01.dmp

  C:\Users\Virginia\AppData\Local\Temp\WER-42775-0.sysdata.xml

 

Leia nossa declaração de privacidade online:

  http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0416

 

Se a declaração de privacidade online não estiver disponível, leia nossa declaração de privacidade offline:

  C:\Windows\system32\pt-BR\erofflps.txt

 

 

O que será desta vez?! :-

 

Obrigada

Editado por virginiagonzaga

''

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não acredito em Vírus e sim em problema de hardware, mas faça uma verificação..

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Download ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

É necessário estar conectado durante o procedimento com o ComboFix;

Execute o combofix.exe, tecle "Sim" para prosseguir. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.micro...kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt. Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

ComboFix 13-02-07.01 - Virginia 07/02/2013  16:00:33.1.4 - x86

Microsoft Windows 7 Ultimate   6.1.7601.1.1252.55.1046.18.1975.1188 [GMT -2:00]

Executando de: c:\users\Virginia\Desktop\ComboFix.exe

AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}

FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}

SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

ADS - system32: deleted 2 bytes in 1 streams.

ADS - drivers: deleted 208 bytes in 1 streams.

.

(((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\windows\isRS-000.tmp

c:\windows\UA000091.DLL

C:\wins

.

.

((((((((((((((((   Arquivos/Ficheiros criados de 2013-01-07 to 2013-02-07  ))))))))))))))))))))))))))))

.

.

2013-02-07 17:39 . 2013-02-07 17:39    --------    d-----w-    c:\users\Virginia\AppData\Local\Programs

2013-02-07 17:11 . 2013-02-07 17:10    94112    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll

2013-02-07 16:20 . 2013-02-07 16:20    --------    d-----w-    c:\program files\DsNET Corp

2013-02-05 11:40 . 2013-01-08 04:57    6991832    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{C671AB81-FAB8-49CF-95A6-959BA92B932E}\mpengine.dll

2013-02-04 19:22 . 2013-02-04 19:22    --------    d-----w-    c:\users\Virginia\AppData\Local\DigitalVolcano

2013-02-04 00:34 . 2013-02-04 00:34    --------    d-----w-    c:\users\Virginia\AppData\Roaming\PlataGames

2013-01-31 17:29 . 2013-01-31 17:29    --------    d-----w-    c:\programdata\rionix

2013-01-30 20:17 . 2013-01-30 21:57    --------    d-----w-    c:\users\Virginia\AppData\Roaming\PeaceCraft3

2013-01-30 14:26 . 2013-01-30 14:26    --------    d-----w-    c:\programdata\PopCap Games

2013-01-29 23:53 . 2013-01-29 23:54    --------    d-----w-    c:\users\Virginia\AppData\Local\Farmington Tales

2013-01-26 22:07 . 2013-01-26 22:07    --------    d-----w-    c:\users\Virginia\AppData\Local\JollyBear

2013-01-26 22:07 . 2013-01-26 22:07    --------    d-----w-    c:\programdata\JollyBear

2013-01-26 19:52 . 2013-01-26 19:52    --------    d-----w-    c:\users\Virginia\AppData\Roaming\2monkeys

2013-01-24 19:58 . 2013-01-24 19:58    --------    d-----w-    c:\users\Virginia\AppData\Roaming\GrandMA Studios

2013-01-17 23:46 . 2013-01-19 15:17    --------    d-----w-    c:\windows\softwaredistribution.bak1

2013-01-17 23:45 . 2013-01-17 23:50    --------    d-----w-    c:\program files\Coopoint

2013-01-17 16:37 . 2013-01-17 16:37    --------    d-----w-    c:\users\Virginia\AppData\Roaming\iWin

2013-01-17 16:37 . 2013-01-17 16:37    --------    d-----w-    c:\programdata\iWin

2013-01-17 16:05 . 2013-01-17 16:05    388608    ----a-w-    C:\HijackThis.exe

2013-01-17 01:12 . 2013-01-17 01:12    --------    d-----w-    c:\windows\system32\Wat

2013-01-17 00:46 . 2013-01-17 00:46    --------    d-----w-    c:\users\Virginia\AppData\Roaming\Lonely Troops

2013-01-16 21:01 . 2013-01-16 21:01    --------    d-----w-    C:\e49ece6abe0c9a3bf3254846c4

2013-01-16 21:00 . 2013-01-16 21:00    --------    d-----w-    c:\windows\CheckSur

2013-01-16 20:22 . 2012-11-01 04:47    1389568    ----a-w-    c:\windows\system32\msxml6.dll

2013-01-16 20:22 . 2012-11-23 02:48    49152    ----a-w-    c:\windows\system32\taskhost.exe

2013-01-16 20:22 . 2012-11-22 04:45    626688    ----a-w-    c:\windows\system32\usp10.dll

2013-01-16 20:22 . 2012-11-23 02:56    2345984    ----a-w-    c:\windows\system32\win32k.sys

2013-01-16 20:22 . 2012-11-09 04:43    492032    ----a-w-    c:\windows\system32\win32spl.dll

2013-01-16 20:20 . 2012-11-20 04:51    220160    ----a-w-    c:\windows\system32\ncrypt.dll

.

.

.

(((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-02-07 17:10 . 2012-08-12 19:13    861088    ----a-w-    c:\windows\system32\npDeployJava1.dll

2013-02-07 17:10 . 2012-08-12 19:13    782240    ----a-w-    c:\windows\system32\deployJava1.dll

2013-01-17 03:28 . 2012-06-06 19:14    232336    ------w-    c:\windows\system32\MpSigStub.exe

2013-01-16 20:47 . 2012-06-07 18:15    74248    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl

2013-01-16 20:47 . 2012-06-07 18:15    697864    ----a-w-    c:\windows\system32\FlashPlayerApp.exe

2012-12-16 14:13 . 2013-01-02 11:37    295424    ----a-w-    c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2013-01-02 11:37    34304    ----a-w-    c:\windows\system32\atmlib.dll

2012-12-14 18:49 . 2012-06-09 22:01    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys

2012-12-03 15:39 . 2013-01-02 11:05    9373032    ----a-w-    c:\windows\system32\drivers\nvlddmkm.sys

2012-12-03 15:39 . 2013-01-02 11:05    6149904    ----a-w-    c:\windows\system32\nvopencl.dll

2012-12-03 15:39 . 2013-01-02 11:05    2606440    ----a-w-    c:\windows\system32\nvcuvid.dll

2012-12-03 15:39 . 2013-01-02 11:05    20335976    ----a-w-    c:\windows\system32\nvoglv32.dll

2012-12-03 15:39 . 2013-01-02 11:05    12603960    ----a-w-    c:\windows\system32\nvwgf2um.dll

2012-12-03 15:39 . 2013-01-02 11:05    7819016    ----a-w-    c:\windows\system32\nvcuda.dll

2012-12-03 15:39 . 2013-01-02 11:05    1874280    ----a-w-    c:\windows\system32\nvcuvenc.dll

2012-12-03 15:39 . 2013-01-02 11:05    17559912    ----a-w-    c:\windows\system32\nvcompiler.dll

2012-12-03 15:39 . 2012-09-14 21:25    889192    ----a-w-    c:\windows\system32\nvdispgenco32.dll

2012-12-03 15:39 . 2012-06-06 18:40    15122280    ----a-w-    c:\windows\system32\nvd3dum.dll

2012-12-03 15:39 . 2012-06-06 18:40    1011048    ----a-w-    c:\windows\system32\nvdispco32.dll

2012-12-03 15:39 . 2012-06-06 18:40    2496976    ----a-w-    c:\windows\system32\nvapi.dll

2012-12-01 04:38 . 2012-06-06 18:41    2869608    ----a-w-    c:\windows\system32\nvsvc.dll

2012-12-01 04:38 . 2012-06-06 18:41    3984744    ----a-w-    c:\windows\system32\nvcpl.dll

2012-12-01 04:37 . 2012-06-06 18:41    645480    ----a-w-    c:\windows\system32\nvvsvc.exe

2012-12-01 04:37 . 2012-06-06 18:41    62312    ----a-w-    c:\windows\system32\nvshext.dll

2012-12-01 04:37 . 2012-06-06 18:41    2557288    ----a-w-    c:\windows\system32\nvsvcr.dll

2012-12-01 04:37 . 2012-06-06 18:41    108392    ----a-w-    c:\windows\system32\nvmctray.dll

2012-12-01 00:43 . 2012-12-01 00:43    438632    ----a-w-    c:\windows\system32\nvStreaming.exe

2012-11-14 02:09 . 2013-01-02 11:36    1800704    ----a-w-    c:\windows\system32\jscript9.dll

2012-11-14 01:58 . 2013-01-02 11:36    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl

2012-11-14 01:57 . 2013-01-02 11:36    1129472    ----a-w-    c:\windows\system32\wininet.dll

2012-11-14 01:49 . 2013-01-02 11:36    142848    ----a-w-    c:\windows\system32\ieUnatt.exe

2012-11-14 01:48 . 2013-01-02 11:36    420864    ----a-w-    c:\windows\system32\vbscript.dll

2012-11-14 01:44 . 2013-01-02 11:36    2382848    ----a-w-    c:\windows\system32\mshtml.tlb

2012-06-07 19:13 . 2012-06-07 19:13    11035168    ----a-w-    c:\program files\Common Files\lpuninstall.exe

2013-02-06 12:40 . 2013-02-06 12:40    262552    ----a-w-    c:\program files\mozilla firefox\components\browsercomps.dll

.

.

((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por padrão não são apresentadas.

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

@="{472083B0-C522-11CF-8763-00608CC02F24}"

[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

2012-10-30 22:50    121528    ----a-w-    c:\program files\AVAST Software\Avast\ashShell.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]

"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2011-08-12 2433024]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]

"Ulead AutoDetector v2"="c:\program files\Common Files\Ulead Systems\AutoDetector\monitor.exe" [2007-08-03 95504]

"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]

.

c:\users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Install LastPass IE RunOnce.lnk - c:\program files\Common Files\lpuninstall.exe [2012-6-7 11035168]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

2012-11-22 18:05    1585768    ----a-w-    c:\program files\GbPlugin\gbieh.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]

"mixer1"=wdmaud.drv

.

R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [x]

S0 aswNdis2;avast! Firewall Core Firewall Service; [x]

S0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\gbpkm.sys [x]

S1 aswFW;avast! TDI Firewall driver; [x]

S1 aswKbd;aswKbd; [x]

S1 aswSnx;aswSnx; [x]

S1 aswSP;aswSP; [x]

S2 aswFsBlk;aswFsBlk; [x]

S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]

S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [x]

S2 GbpSv;Gbp Service;c:\progra~1\GbPlugin\GbpSv.exe [x]

S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]

S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]

.

.

Conteúdo da pasta 'Tarefas Agendadas'

.

2013-02-07 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-07 20:47]

.

.

------- Scan Suplementar -------

.

IE: E&xportar para o Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000

IE: LastPass - file://c:\program files\LastPass\context.html?cmd=lastpass

IE: Preenchimento de formulários LastPass - file://c:\program files\LastPass\context.html?cmd=fillforms

Trusted Zone: bancobrasil.com.br\www

Trusted Zone: bancobrasil.com.br\www14

Trusted Zone: bancobrasil.com.br\www2

Trusted Zone: bb.com.br\www

TCP: DhcpNameServer = 201.6.2.177 201.6.2.87

FF - ProfilePath - c:\users\Virginia\AppData\Roaming\Mozilla\Firefox\Profiles\lhcod942.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.uol.com.br/

FF - prefs.js: network.proxy.type - 0

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=d27b4f35000000000000d027884ed223&q=

FF - user.js: extensions.BabylonToolbar.id - d27b4f35000000000000d027884ed223

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15600

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1220:54

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - tb9

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=44444&tt=120912_pcp_3812_1

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

.

- - - - ORFÃOS REMOVIDOS - - - -

.

URLSearchHooks-{e7cb019e-bf3b-4c48-9673-48c323b18e31} - (no file)

WebBrowser-{E7CB019E-BF3B-4C48-9673-48C323B18E31} - (no file)

.

.

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

Tempo para conclusão: 2013-02-07  16:07:28

ComboFix-quarantined-files.txt  2013-02-07 18:07

ComboFix2.txt  2012-06-06 02:27

ComboFix3.txt  2012-06-06 01:25

ComboFix4.txt  2012-06-05 23:50

.

Pré-execução: 453.304.614.912 bytes disponíveis

Pós execução: 452.833.783.808 bytes disponíveis

.

- - End Of File - - BAF139B5FCC336320F66A99AAF324343

Novo log do Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 16:16:46, on 07/02/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Windows\system32\taskhost.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Rainlendar2\Rainlendar2.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll

O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O3 - Toolbar: (no name) - {98889811-442D-49dd-99D7-DC866BE87DBC} - (no file)

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass

O8 - Extra context menu item: Preenchimento de formulários LastPass - file://C:\Program Files\LastPass\context.html?cmd=fillforms

O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll

O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify:  GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe

O23 - Service: Gbp Service (GbpSv) -   - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 6322 bytes

Editado por Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções

Download bouton-telecharger.png Salve-o no Desktop. (Área de Trabalho)

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou do Windows 7, clicar com o botão direito do mouse no arquivo e selecionar:Executar como administrador

AdwCleanerCustom-1.jpg

Clique [Delete]

Salve o Log criado.

Donload 1268r49.png Salve no seu Desktop (Área de trabalho).

Dê um duplo-clique para executar o Junkware Removal Tool (JRT)

* No Windows Vista e Windows 7:

Clique com o botão direito do mousesobre o JRT.exe e selecione run_as_adm1.png

A Ferramenta começará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco, dependendo da quantidades de ítens a serem examinados.

Ao final, um Log se abrirá e salvo no Desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + o Log do AdwCleaner e um novo Log do HijackThis.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log do AdWCleaner:

# AdwCleaner v2.111 - Logfile created 02/07/2013 at 17:30:10

# Updated 05/02/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : Virginia - VIRGINIA-PC

# Boot Mode : Normal

# Running from : C:\Users\Virginia\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

File Deleted : C:\user.js

File Deleted : C:\Users\Virginia\AppData\Roaming\Mozilla\Firefox\Profiles\lhcod942.default\BrowserMngr_extensions.sqlite

File Deleted : C:\Users\Virginia\AppData\Roaming\Mozilla\Firefox\Profiles\lhcod942.default\browsermngr_prefs.js

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\ProgramData\Ask

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\iWin

Folder Deleted : C:\Users\Virginia\AppData\Local\Conduit

Folder Deleted : C:\Users\Virginia\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Virginia\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\Virginia\AppData\Roaming\Babylon

Folder Deleted : C:\Users\Virginia\AppData\Roaming\iWin

Folder Deleted : C:\Users\Virginia\AppData\Roaming\Mozilla\Firefox\Profiles\lhcod942.default\Smartbar

Folder Deleted : C:\Users\Virginia\AppData\Roaming\OpenCandy

Folder Deleted : C:\Windows\assembly\GAC_MSIL\QuickStoresToolbar

***** [Registry] *****

Key Deleted : HKCU\Software\APN PIP

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Babylon

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0FB6A909-6086-458F-BD92-1F8EE10042A0}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}

Key Deleted : HKCU\Software\Softonic

Key Deleted : HKLM\Software\Babylon

Key Deleted : HKLM\Software\BabylonToolbar

Key Deleted : HKLM\Software\BrowserMngr

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2481031

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\Software\PIP

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [browserMngr Start Page]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [browserMngrDefaultScope]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=44444&tt=120912_pcp_3812_1&babsrc=NT_ss&mntrId=d27b4f35000000000000d027884ed223 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (pt-BR)

File : C:\Users\Virginia\AppData\Roaming\Mozilla\Firefox\Profiles\lhcod942.default\prefs.js

C:\Users\Virginia\AppData\Roaming\Mozilla\Firefox\Profiles\lhcod942.default\user.js ... Deleted !

Deleted : user_pref("CT2481031.1000082.isPlayDisplay", "true");

Deleted : user_pref("CT2481031.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]

Deleted : user_pref("CT2481031.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT2481031.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Deleted : user_pref("CT2481031.FirstTime", "true");

Deleted : user_pref("CT2481031.FirstTimeFF3", "true");

Deleted : user_pref("CT2481031.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB1[...]

Deleted : user_pref("CT2481031.UserID", "UN67984388292163998");

Deleted : user_pref("CT2481031.addressBarTakeOverEnabledInHidden", "true");

Deleted : user_pref("CT2481031.autoDisableScopes", -1);

Deleted : user_pref("CT2481031.browser.search.defaultthis.engineName", true);

Deleted : user_pref("CT2481031.defaultSearch", "true");

Deleted : user_pref("CT2481031.embeddedsData", "[{\"appId\":\"129058857959969508\",\"apiPermissions\":{\"cross[...]

Deleted : user_pref("CT2481031.enableAlerts", "false");

Deleted : user_pref("CT2481031.enableSearchFromAddressBar", "true");

Deleted : user_pref("CT2481031.firstTimeDialogOpened", "true");

Deleted : user_pref("CT2481031.fixPageNotFoundError", "true");

Deleted : user_pref("CT2481031.fixPageNotFoundErrorInHidden", "true");

Deleted : user_pref("CT2481031.installId", "ConduitNSISIntegration");

Deleted : user_pref("CT2481031.installType", "ConduitNSISIntegration");

Deleted : user_pref("CT2481031.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT2481031.isNewTabEnabled", true);

Deleted : user_pref("CT2481031.isPerformedSmartBarTransition", "true");

Deleted : user_pref("CT2481031.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Deleted : user_pref("CT2481031.keyword", true);

Deleted : user_pref("CT2481031.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp://conexaoblog10.bl[...]

Deleted : user_pref("CT2481031.openThankYouPage", "false");

Deleted : user_pref("CT2481031.openUninstallPage", "false");

Deleted : user_pref("CT2481031.search.searchAppId", "129058857959969508");

Deleted : user_pref("CT2481031.search.searchCount", "0");

Deleted : user_pref("CT2481031.searchInNewTabEnabledInHidden", "true");

Deleted : user_pref("CT2481031.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT2481031.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT2481031.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT2481031.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]

Deleted : user_pref("CT2481031.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT2481031.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT2481031.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT2481031.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT2481031.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]

Deleted : user_pref("CT2481031.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1340931558475");

Deleted : user_pref("CT2481031.serviceLayer_services_appTracking_lastUpdate", "1340931560853");

Deleted : user_pref("CT2481031.serviceLayer_services_appsMetadata_lastUpdate", "1340931558033");

Deleted : user_pref("CT2481031.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1340931558779");

Deleted : user_pref("CT2481031.serviceLayer_services_login_10.10.6.6_lastUpdate", "1340983591169");

Deleted : user_pref("CT2481031.serviceLayer_services_optimizer_lastUpdate", "1340931559809");

Deleted : user_pref("CT2481031.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1340931558645");

Deleted : user_pref("CT2481031.serviceLayer_services_searchAPI_lastUpdate", "1340931557178");

Deleted : user_pref("CT2481031.serviceLayer_services_serviceMap_lastUpdate", "1340931524614");

Deleted : user_pref("CT2481031.serviceLayer_services_toolbarContextMenu_lastUpdate", "1340931558588");

Deleted : user_pref("CT2481031.serviceLayer_services_toolbarSettings_lastUpdate", "1340983591357");

Deleted : user_pref("CT2481031.serviceLayer_services_translation_lastUpdate", "1340931558466");

Deleted : user_pref("CT2481031.settingsINI", true);

Deleted : user_pref("CT2481031.shouldFirstTimeDialog", "false");

Deleted : user_pref("CT2481031.smartbar.CTID", "CT2481031");

Deleted : user_pref("CT2481031.smartbar.Uninstall", "0");

Deleted : user_pref("CT2481031.smartbar.homepage", true);

Deleted : user_pref("CT2481031.smartbar.isHidden", true);

Deleted : user_pref("CT2481031.smartbar.toolbarName", "Ashampoo BR ");

Deleted : user_pref("CT2481031.startPage", "userChanged");

Deleted : user_pref("CT2481031.toolbarBornServerTime", "29-6-2012");

Deleted : user_pref("CT2481031.toolbarCurrentServerTime", "29-6-2012");

Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?SSPV=FFSB10&ctid=CT2481031&Se[...]

Deleted : user_pref("Smartbar.ConduitSearchEngineList", "Ashampoo BR Customized Web Search");

Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFSB10&ct[...]

Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT2481031");

Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=44444&tt=120912_pcp_3812_1[...]

Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");

Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");

Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");

Deleted : user_pref("extensions.BabylonToolbar.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=44444&tt=120912_pcp_3812_1");

Deleted : user_pref("extensions.BabylonToolbar.babext", "babExt");

Deleted : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "17");

Deleted : user_pref("extensions.BabylonToolbar.cntry", "BR");

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.dfltlng", "en");

Deleted : user_pref("extensions.BabylonToolbar.dfltsrch", "false");

Deleted : user_pref("extensions.BabylonToolbar.dp_alert", "0");

Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.firstrun", false);

Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "9481E7215C85AE85523A35C33727A008");

Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);

Deleted : user_pref("extensions.BabylonToolbar.hrdid", "d27b4f35000000000000d027884ed223");

Deleted : user_pref("extensions.BabylonToolbar.id", "d27b4f35000000000000d027884ed223");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15600");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.instlday", "15600");

Deleted : user_pref("extensions.BabylonToolbar.instlref", "sst");

Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false");

Deleted : user_pref("extensions.BabylonToolbar.keywordurl", "");

Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1220:54:56");

Deleted : user_pref("extensions.BabylonToolbar.lastdp", 17);

Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");

Deleted : user_pref("extensions.BabylonToolbar.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar.newtab", "false");

Deleted : user_pref("extensions.BabylonToolbar.newtaburl", "");

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");

Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");

Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");

Deleted : user_pref("extensions.BabylonToolbar.smplgrp", "azb");

Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar.srcext", "ss");

Deleted : user_pref("extensions.BabylonToolbar.srch", "");

Deleted : user_pref("extensions.BabylonToolbar.srchprvdr", "");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");

Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Deleted : user_pref("extensions.BabylonToolbar.tlbrid", "tb9");

Deleted : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");

Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1220:54:56");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");

Deleted : user_pref("extensions.BabylonToolbar.vrsnts", "1.6.9.1220:54:56");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=44444&tt=120912_pcp_3812_1");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1220:54:56");

Deleted : user_pref("quickstores.toolbar.affid", "2017");

Deleted : user_pref("quickstores.toolbar.guid", "{0DAA3B18-9688-98B5-B55C-6D9719657738}");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "Search the web (Babylon)");

Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://search.babylon.com/?affID=44444&tt=120912_pcp_381[...]

*************************

AdwCleaner[s1].txt - [14704 octets] - [07/02/2013 17:30:10]

########## EOF - C:\AdwCleaner[s1].txt - [14765 octets] ##########

Log do outro:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 17:38:40, on 07/02/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v9.00 (9.00.8112.16457)

Boot mode: Normal

Running processes:

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\AVAST Software\Avast\AvastUI.exe

C:\Program Files\Common Files\Ulead Systems\AutoDetector\Monitor.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Windows Sidebar\sidebar.exe

C:\Program Files\Rainlendar2\Rainlendar2.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Windows\explorer.exe

C:\Windows\system32\SearchFilterHost.exe

C:\HijackThis.exe

C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.msn.com/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files\LastPass\LPBar.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files\LastPass\LPBar.dll

O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui

O4 - HKLM\..\Run: [ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe

O4 - HKUS\S-1-5-21-2639535693-1507912250-3813765499-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-2639535693-1507912250-3813765499-1001\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-2639535693-1507912250-3813765499-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - S-1-5-21-2639535693-1507912250-3813765499-1001 Startup: Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (User 'UpdatusUser')

O4 - S-1-5-21-2639535693-1507912250-3813765499-1001 User Startup: Install LastPass IE RunOnce.lnk = C:\Program Files\Common Files\lpuninstall.exe (User 'UpdatusUser')

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: LastPass - file://C:\Program Files\LastPass\context.html?cmd=lastpass

O8 - Extra context menu item: Preenchimento de formulários LastPass - file://C:\Program Files\LastPass\context.html?cmd=fillforms

O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll

O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files\LastPass\LPBar.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL

O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify:  GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

O23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe

O23 - Service: Gbp Service (GbpSv) -   - C:\PROGRA~1\GbPlugin\GbpSv.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

--

End of file - 6720 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faltou o Log JRT.txt.

Me perdoe.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.6.2 (02.02.2013:2)

OS: Windows 7 Ultimate x86

Ran by Virginia on 07/02/2013 at 17:35:17,62

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\fighters"

Successfully deleted: [Folder] "C:\Users\Virginia\AppData\Roaming\fighters"

Successfully deleted: [Folder] "C:\Users\Virginia\start menu\programs\browser manager"

~~~ FireFox

Successfully deleted the following from C:\Users\Virginia\AppData\Roaming\mozilla\firefox\profiles\lhcod942.default\prefs.js

user_pref("extensions.wrc.SearchRules.ask.com.style", ".WRCN {display:none} #yui-main .tsrc_vnru .title + .WRCN, #yui-main #teoma-results .title + .WRCN {display:inline !impor

user_pref("extensions.wrc.SearchRules.ask.com.url", "^hxxp(s)?\\:\\/\\/(.+\\.)?ask\\.com\\/.*");

user_pref("extensions.wrc.SearchRules.baidu.com.style", ".WRCN {display:none} .result .f .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");

user_pref("extensions.wrc.SearchRules.baidu.com.url", "^hxxp\\:\\/\\/www\\.baidu\\.com\\/.*");

user_pref("extensions.wrc.SearchRules.excite.com.style", ".WRCN {display:none} .searchResult .resultTitlePane .WRCN {display:inline !important; background: url(\"IMAGE\") righ

user_pref("extensions.wrc.SearchRules.excite.com.url", "^hxxp\\\\:\\\\/\\\\/msxml\\\\.excite\\\\.com\\\\/search\\\\/.*");

Emptied folder: C:\Users\Virginia\AppData\Roaming\mozilla\firefox\profiles\lhcod942.default\minidumps [295 files]

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 07/02/2013 at 17:37:27,94

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o PC está limpo, por aqui nada mais a fazer.
Finalizando.......
Renomeie o ComboFix para Uninstall, execute-o e aguarde a remoção da Ferramenta.

Limpe a Restauração do Sistema, criando um Ponto de Restauração do sistema limpo.

Clique com o botão direito do mouse em cima do MEU COMPUTADOR > Propiedades > Proteção do Sistema > Configurar > Excluir.
Ainda em Proteção do Sistema > Criar.



MVP Mr.Million

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Quer postar a sua dúvida? Cadastre-se pois é rápido e fácil!


Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.


Entrar Agora
Esse tópico é útil para você?
Então compartilhe e ajude outros internautas!
Entre para seguir isso  
Seguidores 0

  • Posts

    • Oi, gente! Obrigado a todos pela ajuda. Finalmente formatei meu note e a principio está tudo bem. Espero muito que os problemas nao voltem hahaha Se por acaso algm estiver lendo isso e puder me tirar umas dúvidas q surgiram, agradeço novamente :D Quando comprei o note comprei também a licença do pacote office. O cara que formatou disse que baixou um pro meu PC q nao é original e que eu nao deveria logar minha conta nele. O que eu faço? Devo baixar o original (existe essa possibilidade)? Teria algum prejuízo em continuar com o que ele instalou no meu PC? O cara também disse pra eu usar o Windows Defender como antivírus, que eu nao precisava baixar outro, pq ele "tá muito forte" (palavras dele). Escaneei o note e encontrou isto "HackTool - Win32/AutoKMS". Segundo o google, isso aparece quando baixa um crack pro office nao oficial. Devo me preocupar?
    • Boa noite Para facilitar anexe uma planilha com dados. []s
    • 1. Desabilite o seu Antivírus e AntiSpyware para não haver conflitos e Mantenha-os desativados até terminar as instruções. 2. Faça download do AdwCleaner e salve-o na sua Área de Trabalho (desktop) 3. Execute o adwcleaner.exe Usuários do Windows Vista, 7, 8 ou 8.1: clique com o botão direito do mouse no ícone do adwcleaner.exe e selecione   4. Clique no botão Verificar e depois em Limpar 5. Salve o Log criado 6. Faça download do JRT (Junkware Removal Tool) e salve-o na sua Área de Trabalho 7. Dê um duplo-clique no arquivo JRT para executá-lo Usuários do Windows 7, 8, 8.1, ou 10: clique com o botão direito do mouse no ícone do JRT.exe e selecione   8. O JRT começará o exame do seu Sistema. Tenha paciência pois pode demorar alguns minutos dependendo da quantidades de itens examinados 9. No final um novo arquivo JRT.txt aparecerá na sua Área de Trabalho e uma janela se abrirá com o conteúdo deste arquivo (log do JRT) 10. Selecione todo o conteúdo desse log (tecle CTRL+A), copie-o (CTRL+C) e cole-o (CTRL+V) na sua próxima resposta juntamente com o Log do AdwCleaner (item 5 acima) e o novo log do HijackThis
    • Boa noite Geneci Baixe a planilha e veja se é isto que desejas []s   23_03_17_PROCV_Patropi.xlsx
    • Mr.Million, Não sei se tem influência no processo mas eu desinstalei o Spybot após executar o Mbam. Após a execução do Mbam cliquei no botão "Colocar em quarentena". Não localizei o botão "Remover selecionados". Segue o log do Mbam:     Malwarebytes
      www.malwarebytes.com -Detalhes de registro-
      Data da análise: 23/03/17
      Hora da análise: 17:35
      Arquivo de registro: MBAM.txt
      Administrador: Sim -Informação do software-
      Versão: 3.0.6.1469
      Versão de componentes: 1.0.75
      Versão do pacote de definições: 1.0.1579
      Licença: Grátis -Informação do sistema-
      Sistema operacional: Windows 7 Service Pack 1
      CPU: x64
      Sistema de arquivos: NTFS
      Usuário: JMARIO-PC\JMARIO -Resumo da análise-
      Tipo de análise: Análise de Ameaças
      Resultado: Concluído
      Objetos verificados: 409752
      Tempo decorrido: 3 min, 50 seg -Opções da análise-
      Memória: Habilitado
      Inicialização: Habilitado
      Sistema de arquivos: Habilitado
      Arquivos compactados: Habilitado
      Rootkits: Habilitado
      Heurística: Habilitado
      PUP: Habilitado
      PUM: Habilitado -Detalhes da análise-
      Processo: 0
      (Nenhum item malicioso detectado) Módulo: 0
      (Nenhum item malicioso detectado) Chave de registro: 2
      PUP.Optional.SpyHunter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SpyHunter 4 Service, Nenhuma ação do usuário, [1682], [340933],1.0.1579
      PUP.Optional.SpyHunter, HKLM\SOFTWARE\WOW6432NODE\ENIGMASOFTWAREGROUP\SpyHunter, Nenhuma ação do usuário, [1682], [331803],1.0.1579 Valor de registro: 0
      (Nenhum item malicioso detectado) Dados de registro: 0
      (Nenhum item malicioso detectado) Fluxo de dados: 0
      (Nenhum item malicioso detectado) Pasta: 8
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\Downloads, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\Rollback, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\Data, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\Defs, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\Log, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\mon, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\PROGRAM FILES (X86)\ENIGMA SOFTWARE GROUP\SPYHUNTER, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\USERS\JMARIO\APPDATA\ROAMING\MICROSOFT\Windows\START MENU\PROGRAMS\SPYHUNTER, Nenhuma ação do usuário, [1682], [331712],1.0.1579 Arquivo: 32
      PUP.Optional.SpyHunter, C:\PROGRAM FILES (X86)\ENIGMA SOFTWARE GROUP\SPYHUNTER\SH4SERVICE.EXE, Nenhuma ação do usuário, [1682], [340933],1.0.1579
      PUP.Optional.SpyHunter, C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE, Nenhuma ação do usuário, [1682], [340933],1.0.1579
      PUP.Optional.SpyHunter, C:\PROGRA~2\ENIGMA~1\SPYHUN~1\COMMON.DLL, Nenhuma ação do usuário, [1682], [340933],1.0.1579
      PUP.Optional.SpyHunter, C:\USERS\JMARIO\DESKTOP\SPYHUNTER.LNK, Nenhuma ação do usuário, [1682], [331703],1.0.1579
      PUP.Optional.SpyHunter, C:\Windows\INSTALLER\25B80C.MSI, Nenhuma ação do usuário, [1682], [340933],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\Data\dns.dat, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\Data\proxy.dat, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\Defs\2017032201.def, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\Log\SpyHunter4_20170322_232410.log, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\Log\SpyHunter4_20170322_232545.log, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\mon\autoexec.bat.bk, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\mon\hosts.bk, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\mon\system.ini.bk, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\mon\win.ini.bk, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\Rollback\000000.xml, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\Common.dll, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\Defman.dll, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\English.lng, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\ESGRKCHK.exe, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\ExecutionGuard.dll, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\gil.dat, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\key.dat, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\license.txt, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\native.exe, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\scan.log, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\SHDS.mht, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\ShScanner.dll, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Program Files (x86)\Enigma Software Group\SpyHunter\unkcache.dat, Nenhuma ação do usuário, [1682], [331702],1.0.1579
      PUP.Optional.SpyHunter, C:\Users\JMARIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\SpyHunter.lnk, Nenhuma ação do usuário, [1682], [331712],1.0.1579
      PUP.Optional.SpyHunter, C:\Users\JMARIO\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter\Uninstall SpyHunter.lnk, Nenhuma ação do usuário, [1682], [331712],1.0.1579 Setor físico: 0
      (Nenhum item malicioso detectado)
      (end)
    • Olá Katagiri, infelizmente esse modelo de Notebook Híbrido não possui Jumpers, e a BIOS é soldada na placa-mãe! Assim sendo, só vi 3 soluções possíveis: 1º Solução possível - Trocar a placa-mãe! 2º Solução possível - Remover a solda da BIOS e comprar uma BIOS Nova no mercado Livre e soldá-la novamente na placa. 3º Solução possível - Remover a solda da BIOS e comprar um Gravador SPI e através de outro micro localizar os drivers da BIOS e gravar fisicamente nela e depois soldar novamente na placa! Bom de todo modo, não tenho experiência com isso, mas vou me arriscar - a menos que alguém saiba de algum outro método... Gostaria de saber se alguém já fez esse tipo de procedimento, caso já, preciso saber qual Modelo de Gravador SPI próprio pra esse tipo de BIOS, e onde eu acho os arquivos e programas corretos pra rodar nessa BIOS? O site da Positivo é muito vago, e o Suporte técnico deles não dão mais atendimento para esse tipo de notebook ()... pelo jeito preciso de alguém que tenha feito backup ou uma BIOS saudável pra backapear...   Ah... mais uma dúvida... Eu não tenho o manual da placa, como faço pra identificar qual componente é a BIOS? estou anexando as fotos da placa... se alguém puder me dar uma força, pq o bagulho aqui ta loko!...  
    • Desinstale completamente o Spybot. É um Software ultrapassado que mais prejudica a remoção de Malwares, do que ajuda. Baixe o Malwarebytes Anti-Malware (MBAM) e salve ou imprima estas instruções: 1. Execute o MBAM e prossiga com a instalação até chegar na tela abaixo. Você deve desmarcar a opção Ativar trial gratuito do Malwarebytes Anti-Malware Pro  2. O programa de instalação será finalizado e o MBAM será executado e automaticamente atualizará o seu banco de dados. Enquanto ele faz isso, clique no menu Configurações > Detecção e proteção (à esquerda) e clique na opção Procurar rootkits. Verifique também se as duas opções mostradas abaixo estão ambas configuradas como Tratar detecções como malware: 3. Clique no menu Painel para voltar à tela principal e clique no botão Verificar. O MBAM iniciará a verificação de malwares no seu computador. Essa tarefa pode demorar bastante se houverem muitos arquivos. Aguarde a finalização de todos os processos. Se no final o MBAM detectou algum malware, inicialmente clique na opção Salvar resultados > escolha a opção Arquivo de texto (*.txt) > Salve o arquivo: Agora clique no botão Remover selecionados para as ameaças serem removidas.  Se o MBAM encontrar arquivos que não podem ser removidos, ele solicitará a reinicialização do computador (talvez mais de uma vez). Se isso acontecer, reinicie o computador imediatamente. 4. Agora abra o arquivo que você salvou no item anterior.  Selecione todo o conteúdo desse log (tecle CTRL+A), copie-o (CTRL+C) e cole-o (CTRL+V) na sua próxima resposta juntamente com um novo Log do HiJackThis .
    • Peço desculpa.   Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 12:16:29, on 23/03/2017
      Platform: Windows 7 SP1 (WinNT 6.00.3505)
      MSIE: Internet Explorer v11.0 (11.00.9600.18618)
      Boot mode: Normal Running processes:
      C:\Program Files\VIA XHCI UASP Utility\usb3Monitor.exe
      C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
      C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
      C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
      C:\ProgramData\MEGAsync\MEGAsync.exe
      C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
      C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
      C:\Program Files (x86)\Logitech\H800\H800.exe
      C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
      C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
      C:\PROGRA~2\GbPlugin\GbpSv.exe
      C:\Windows\SysWOW64\RunDll32.exe
      C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      C:\Program Files (x86)\Common Files\Apple\Apple Application Support\secd.exe
      C:\Program Files (x86)\Mozilla Firefox\firefox.exe
      C:\Program Files (x86)\XYplorer\XYplorer.exe
      C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://minilua.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://minilua.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://minilua.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://minilua.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://minilua.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://minilua.com/
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://minilua.com/
      R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://minilua/?q=%s
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://noblok.org/wpad.dat?356f816067bb44f4d41ab4b1f8a2be8e26579703
      R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8080
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
      F2 - REG:system.ini: UserInit=userinit.exe,
      O2 - BHO: 1Password - {037C06D5-3893-49E8-9AC0-41F7524AFBF5} - C:\PROGRA~2\1PASSW~1\x86\AGILE1~1.DLL
      O2 - BHO: Wondershare AllMyTube 4.9.0 - {067DF9EC-26B7-40DC-8DB8-CD8BE85AE367} - C:\ProgramData\Wondershare\AllMyTube\WSBrowserAppMgr.dll
      O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
      O2 - BHO: Wondershare Player 1.6.0 - {43D9786F-A485-683B-9B5B-ACC97ABC17FC} - C:\ProgramData\Wondershare\Player\WSBrowserAppMgr.dll
      O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\URLREDIR.DLL
      O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll
      O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll
      O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\GROOVEEX.DLL
      O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
      O4 - HKLM\..\Run: [DelaypluginInstall] C:\ProgramData\Wondershare\AllMyTube\DelayPluginI.exe
      O4 - HKLM\..\Run: [Logitech H800] C:\Program Files (x86)\Logitech\H800\H800.exe
      O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe"  -osboot
      O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
      O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
      O4 - HKCU\..\Run: [iCloudDrive] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
      O4 - HKCU\..\Run: [HP Deskjet 4620 series (NET)] "C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN28F212N705TN:NW" -scfn "HP Deskjet 4620 series (NET)" -AutoStart 1
      O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
      O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
      O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
      O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
      O4 - HKUS\S-1-5-18\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (User 'SISTEMA')
      O4 - HKUS\.DEFAULT\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (User 'Default user')
      O4 - Startup: AutorunsDisabled
      O4 - Startup: Fences.lnk = C:\Program Files (x86)\Stardock\Fences\Fences.exe
      O4 - Startup: MEGAsync.lnk = C:\ProgramData\MEGAsync\MEGAsync.exe
      O4 - Global Startup: Bluetooth.lnk = ?
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
      O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
      O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
      O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
      O9 - Extra button: 1Password - {35BA58F0-BE4F-4DB5-B6D7-4A593C4B7951} - C:\PROGRA~2\1PASSW~1\x86\AGILE1~1.DLL
      O9 - Extra 'Tools' menuitem: 1Password - {35BA58F0-BE4F-4DB5-B6D7-4A593C4B7951} - C:\PROGRA~2\1PASSW~1\x86\AGILE1~1.DLL
      O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
      O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
      O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\Windows live\wlidnsp.dll
      O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\Windows live\wlidnsp.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: http://www.bancoreal.com.br
      O15 - Trusted Zone: http://www.bancosantander.com.br
      O15 - Trusted Zone: bankline.itau.com.br
      O15 - Trusted Zone: clickbanking.itau.com.br
      O15 - Trusted Zone: guardiao.itau.com.br
      O15 - Trusted Zone: www.itau.com.br
      O15 - Trusted Zone: http://www.itau.com.br
      O15 - Trusted Zone: *.itau.com.br
      O15 - Trusted Zone: http://www.itaupersonnalite.com.br
      O15 - Trusted Zone: www.santander.com.br
      O15 - Trusted Zone: http://www.santander.com.br
      O15 - Trusted Zone: www.santanderempresarial.com.br
      O15 - Trusted Zone: http://www.santanderempresarial.com.br
      O15 - Trusted Zone: www.santandernet.com.br
      O15 - Trusted Zone: wwws.santandernet.com.br
      O15 - Trusted Zone: wwws2.santandernet.com.br
      O15 - Trusted Zone: www.santandernetibe.com.br
      O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
      O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
      O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
      O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
      O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      O18 - Protocol: WSAllMyTubechrome - {0A0C95CF-A116-4C74 - (no file)
      O18 - Protocol: WSIEChrome - {6D02ED5F-FD0D-4C4C - (no file)
      O20 - Winlogon Notify:  GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
      O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
      O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
      O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      O23 - Service: AppleChargerSrv - Unknown owner - C:\Windows\system32\AppleChargerSrv.exe (file missing)
      O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
      O23 - Service: Crypkey License - Unknown owner - crypserv.exe (file missing)
      O23 - Service: EaseUS Agent Service (EaseUS Agent) - CHENGDU YIWO Tech Development Co., Ltd - C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 antivírus\EHttpSrv.exe
      O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 antivírus\x86\ekrn.exe
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
      O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
      O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
      O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
      O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
      O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Label Services (LabelServices) - Euro Plus d.o.o. - C:\Program Files (x86)\Common Files\EuroPlus Shared\LblServices.exe
      O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
      O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
      O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
      O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
      O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
      O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: Splashtop® Remote Service (SplashtopRemoteService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: SpyHunter 4 Service - Enigma Software Group USA, LLC. - C:\PROGRA~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
      O23 - Service: Splashtop Software Updater Service (SSUService) - Splashtop Inc. - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
      O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
      O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe
      O23 - Service: Wondershare Driver Install Service (WsDrvInst) - Wondershare - C:\Program Files (x86)\Wondershare\TunesGo Retro\DriverInstall.exe --
      End of file - 18995 bytes  
    • No Windows 8 x64 e superiores, geralmente já executam nativamente o IE em x64. Para voltar a x86, desabilite estas opções: http://ciromota.blogspot.com/2017/01/contornando-problemas-do-site-fundacao.html
    • Exato, você vai verificar se tem algo anormal sendo carregado pelo processo. Sugiro atualizar o driver e testar.
O site BABOO está no ar para informar e ajudar o internauta de Windows. Este site foi publicado em 1999 por Aurélio "Baboo", engenheiro e um dos maiores especialistas brasileiros em Windows, que trabalha profissionalmente com esse sistema operacional desde 1987. Desde 2004 ele é premiado anualmente pela Microsoft como MVP (Most Valuable Professional) pela sua contribuição e ajuda à comunidade de usuários de Windows.

Em 2001 foi criado o
Fórum do BABOO para ajudar o internauta brasileiro a solucionar problemas e dúvidas sobre Windows, Segurança, Office, Hardware e outros temas. Desde 2010 a Microsoft também tem premiado o Mr.Million, administrador da área de Segurança do Fórum do BABOO, pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Atualmente ele é o único MVP brasileiro de Segurança em desktop.

O BABOO é o único site brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows e que participa diariamente e ativamente nos comentários e discussões do site e fórum BABOO.