Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Carlos Uchiha

[Arquivado] Computador desliga-se ao fazer scan em Modo Segurança

Recommended Posts

Boa noite pessoal, preciso da vossa ajuda. O meu computador está com um vírus que não consigo eliminar, nem fazendo scan com o Norton nem com Malwarebytes. Fiz o scan em modo segurança, mas depois de alguns minutos o computador desliga-se de modo repentino. Preciso da vossa ajuda, please!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá! Você pode tentar fazer uma Restauração do Sistema, ou ao reiniciar apertando F8, selecione Reparar Sistema. Qual é o seu Sistema Operacional?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Já sim, já fiz um restauro do sistema para ele voltar as configurações originais, como se tivesse vindo da fábrica, mas não resolveu nada. Os problemas do computador são:

-O Chrome por vezes dá erro e fecha sozinho.

-Basta abrir apenas dois documentos ao mesmo tempo, principalmente em pdf, minutos depois as janelas se fecham.

-Quando tento abrir alguns programas, ele processa, apresenta o logotipo do programa, mas acaba por não abrir, fecha. Volto a insistir e ai o programa abre, mas quando dou um clique em algum "menu" do programa ou numa hiperligação do próprio programa, a janela fecha.

-O Norton a toda hora apresenta a mensagem "Suspicious.Cloud.5 foi removido com sucesso, o seu computador está....."

-Quando faço o scan em modo segurança, depois de scanear algumas pastas e ficheiros, o computador desliga-se.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Você utiliza desktop ou Notebook? Pois pode ser um erro a base de Software (Vírus..) ou então Hardware, super aquecimentos, problemas com o HD...(etc).

Compartilhar este post


Link para o post
Compartilhar em outros sites
Bom Dia! Carlos Uchiha


|- Parece que seus problemas não estão associados a vírus.


RegraNdeg2_HijackThis_zps29f6a7eb.jpg


|- Leia a Regra N° 02 e poste o log do HijackThis,conforme está ali orientado.


A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia. Volto novamente para apresentar os problemas que o meu computador está tendo e também posto o logfile do HijackThis.

 

Os problemas do computador são:

 

- O Chrome por vezes dá erro e fecha sozinho; o mesmo acontece com outros programas instalados como p. ex., arquivos do office e arquivos em pdf.

- Estando em modo segurança, depois de scanear algumas pastas e ficheiros, o computador desliga-se repentinamente.

 

Logfile do HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 10:44:05, on 07-06-2014

Platform: Windows 7 (WinNT 6.00.3504)

MSIE: Internet Explorer v8.00 (8.00.7600.17267)

Boot mode: Normal

 

Running processes:

C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe

C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe

C:\Program Files (x86)\Skype\Phone\Skype.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe

C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe

C:\Program Files (x86)\Java\jre6\bin\jusched.exe

C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe

C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe

C:\Program Files (x86)\Orbitdownloader\orbitdm.exe

C:\Program Files (x86)\Orbitdownloader\orbitnet.exe

C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://african.howzi...21&ocid=up21dhp

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F3 - REG:win.ini: load=C:\Users\CARLOS~1\LOCALS~1\Temp\msvwviyqu.exe

O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll

O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll

O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll

O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL

O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL

O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll

O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll

O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe"

O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume

O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"

O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe

O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden

O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - HKCU\..\Run: [soundconfig] "C:\ProgramData\audiofiltering\skskjbpjx.exe"

O4 - HKCU\..\Run: [Application Identity] C:\Users\Carlos Veiga\AppData\Roaming\Microsoft\Windows\wmiApSrv.exe

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"

O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe

O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201

O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204

O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203

O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202

O8 - Extra context menu item: E&nviar para o OneNote - res://C:\PROGRA~2\MICROS~4\Office15\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office15\EXCEL.EXE/3000

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: E&nviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll

O9 - Extra button: Funcionalidade Clicar para Chamar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra 'Tools' menuitem: Funcionalidade Clicar para Chamar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll

O9 - Extra button: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe

O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe

O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe

O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe

O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe

O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe

O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe

O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

--

End of file - 14247 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Carlos Uchira

 

|- Baixe: < desktopicon.png > ( ... by Swearware )

|- Salve-o no desktop! ( Área de trabalho! )
|- Ps: Desabilite seu antivírus,antispywares e/ou firewall. ( Menos o do Windows! )
|- Feche algum programa/arquivo que esteja aberto.
|- Feche,também,seu navegador! ( IE,Firefox,Opera ou Google Chrome )
|- Ps: Esteja conectado(a) à Internet. <- Importante!
|- É preciso estar logado no sistema com privilégios de administrador.
|- Execute ComboFix.exe,com um duplo clique.
Safe-Mode.jpg
|- Surgindo alguma mensagem de erro,execute ComboFix.exe em Modo de Segurança com rede.
|- Ps: Para completar as remoções,talvez haja necessidade da ferramenta reiniciar o computador.
|- Abrir-se-á a janela Auto Scan.
etapas.jpg
|- Aguarde a finalização de todas as Etapas.
|- Durante o scan,evite utilizar o mouse ou teclado!
|- Concluindo,poste: C:\ComboFix.txt

"Tentativa de operaçao ilegal em uma chave do Registro marcada para exclusão."

|- Ao ocorrer este erro,basta reiniciar o computador!
|- "ComboFix é uma ferramenta que pode danificar o sistema. Utilize-o,somente,sob supervisão de analistas de segurança."
Abraços!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde. Ok fiz o scan, posto abaixo o relatório do ComboFix:

 

ComboFix 14-05-13.01 - Carlos Veiga 09-06-2014 17:13:14.2.2 - x64
Microsoft Windows 7 Home Basic 6.1.7600.0.1252.351.1033.18.1787.420 [GMT 1:00]
Executando de: c:\users\Carlos Veiga\Desktop\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
FW: Norton Internet Security *Disabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
SP: Norton Internet Security *Disabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Carlos Veiga\AppData\Local\Microsoft\Windows\Temporary Internet Files\{02D33DCA-ADBC-454A-94D2-DBE4A1F7ADB9}.xps
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2014-05-09 to 2014-06-09 ))))))))))))))))))))))))))))
.
.
2014-06-09 16:25 . 2014-06-09 16:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-07 09:35 . 2014-06-07 09:35 388096 ----a-r- c:\users\Carlos Veiga\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2014-06-07 09:35 . 2014-06-07 09:35 -------- d-----w- c:\program files (x86)\Trend Micro
2014-06-01 14:05 . 2014-06-01 14:05 -------- d-----w- c:\program files\AVAST Software
2014-06-01 14:03 . 2014-06-01 14:03 -------- d-----w- c:\programdata\AVAST Software
2014-05-30 23:31 . 2014-05-30 23:31 -------- d-----w- c:\users\Carlos Veiga\AppData\Local\Ahead
2014-05-28 09:13 . 2014-05-28 09:13 -------- d-----w- c:\program files (x86)\Watchtower
2014-05-27 23:10 . 2014-05-27 23:10 -------- d-----w- c:\program files\MATLAB
2014-05-25 10:06 . 2014-05-25 10:06 -------- d-----w- c:\program files (x86)\MSXML 4.0
2014-05-22 19:51 . 2014-06-01 14:12 -------- d-----w- c:\users\Carlos Veiga\AppData\Roaming\uTorrent
2014-05-22 19:45 . 2014-05-22 19:46 -------- d-----w- c:\program files (x86)\Common Files\Nero
2014-05-22 19:45 . 2014-05-22 19:45 -------- d-----w- c:\programdata\Nero
2014-05-22 19:45 . 2014-05-22 19:45 -------- d-----w- c:\program files (x86)\Nero
2014-05-22 19:36 . 2014-05-22 19:36 -------- d-----w- c:\program files (x86)\Positivo
2014-05-21 21:34 . 2014-06-04 17:03 -------- d-----w- c:\users\Carlos Veiga\AppData\Local\CyberLink
2014-05-21 21:31 . 2014-05-30 19:21 -------- d-----r- c:\program files (x86)\Skype
2014-05-21 21:31 . 2014-05-21 21:31 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-05-21 20:13 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2014-05-21 15:06 . 2014-05-21 15:06 -------- d-----w- c:\program files (x86)\MATLAB
2014-05-19 20:57 . 2014-06-09 16:25 -------- d-----w- c:\users\Carlos Veiga\AppData\Roaming\Skype
2014-05-19 20:57 . 2014-05-30 19:21 -------- d-----w- c:\programdata\Skype
2014-05-15 19:44 . 2014-05-15 19:44 -------- d-----w- c:\programdata\Malwarebytes
2014-05-15 19:44 . 2014-05-15 19:44 -------- d-----w- c:\users\Carlos Veiga\AppData\Local\Programs
2014-05-15 13:41 . 2014-05-15 13:41 177752 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2014-05-15 13:41 . 2014-05-15 13:41 -------- d-----w- c:\program files\Common Files\Symantec Shared
2014-05-15 13:39 . 2014-05-26 11:52 -------- d-----w- c:\windows\system32\drivers\NISx64
2014-05-15 13:39 . 2014-05-15 13:39 -------- d-----w- c:\program files (x86)\Norton Internet Security
2014-05-15 10:26 . 2014-05-15 10:26 -------- d-----w- c:\program files (x86)\NortonInstaller
2014-05-14 16:26 . 2014-05-14 16:26 -------- d-----w- c:\users\Carlos Veiga\AppData\Roaming\Watchtower
2014-05-13 19:00 . 2009-10-10 03:17 14336 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2014-05-13 18:50 . 2014-05-14 16:56 -------- d-----w- c:\windows\system32\MRT
2014-05-13 18:25 . 2011-02-19 06:37 1135104 ----a-w- c:\windows\system32\FntCache.dll
2014-05-13 16:13 . 2014-06-04 07:57 -------- d-----w- c:\users\Carlos Veiga\AppData\Local\CrashDumps
2014-05-13 15:57 . 2014-05-13 16:11 67632 ----a-w- c:\windows\system32\msln.exe
2014-05-13 13:31 . 2014-05-15 17:25 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2014-05-13 13:29 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{F492DF1A-F858-4636-BE60-3E351BBB0D4F}\mpengine.dll
2014-05-13 13:29 . 2014-03-31 09:35 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-05-13 10:37 . 2014-05-13 10:37 -------- d-----w- c:\programdata\PCSettings
2014-05-13 07:05 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2014-05-13 07:05 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2014-05-13 07:05 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-05-13 07:05 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2014-05-13 06:53 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-05-13 06:53 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-05-13 06:53 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-05-13 06:53 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-05-13 06:53 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-05-13 06:53 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-05-13 06:53 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-05-12 09:42 . 2011-03-11 06:23 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2014-05-12 09:42 . 2011-03-11 06:23 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2014-05-12 09:42 . 2011-03-11 06:22 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2014-05-12 09:42 . 2011-03-11 06:18 2566144 ----a-w- c:\windows\system32\esent.dll
2014-05-12 09:42 . 2011-03-11 06:23 187264 ----a-w- c:\windows\system32\drivers\storport.sys
2014-05-12 09:42 . 2011-03-11 06:23 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2014-05-12 09:42 . 2011-03-11 06:22 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2014-05-12 09:42 . 2011-03-11 06:15 96768 ----a-w- c:\windows\system32\fsutil.exe
2014-05-12 09:42 . 2011-03-11 05:39 1686016 ----a-w- c:\windows\SysWow64\esent.dll
2014-05-12 09:42 . 2011-03-11 05:37 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2014-05-12 09:42 . 2011-03-11 04:31 91136 ----a-w- c:\windows\system32\drivers\USBSTOR.SYS
2014-05-12 09:37 . 2012-01-04 09:58 509952 ----a-w- c:\windows\system32\ntshrui.dll
2014-05-12 09:37 . 2012-01-04 09:03 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2014-05-12 09:36 . 2012-07-06 19:58 552448 ----a-w- c:\windows\system32\drivers\bthport.sys
2014-05-12 09:36 . 2011-04-28 03:58 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2014-05-12 09:33 . 2011-03-29 03:32 52224 ----a-w- c:\windows\system32\drivers\usbehci.sys
2014-05-12 09:33 . 2011-03-29 03:32 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2014-05-12 09:33 . 2011-03-29 03:32 99328 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2014-05-12 09:33 . 2011-03-29 03:32 324608 ----a-w- c:\windows\system32\drivers\usbport.sys
2014-05-12 09:33 . 2011-03-29 03:32 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2014-05-12 09:33 . 2011-03-29 03:32 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2014-05-12 09:33 . 2011-03-29 03:32 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2014-05-12 09:29 . 2011-06-16 05:31 199680 ----a-w- c:\windows\system32\xmllite.dll
2014-05-12 09:29 . 2012-11-09 05:34 751104 ----a-w- c:\windows\system32\win32spl.dll
2014-05-12 09:29 . 2012-11-09 04:49 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2014-05-12 09:29 . 2010-03-05 07:52 84992 ----a-w- c:\windows\system32\asycfilt.dll
2014-05-12 09:29 . 2010-03-05 07:42 67584 ----a-w- c:\windows\SysWow64\asycfilt.dll
2014-05-12 09:29 . 2011-04-27 02:57 102400 ----a-w- c:\windows\system32\drivers\dfsc.sys
2014-05-12 09:28 . 2011-10-01 05:28 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2014-05-12 09:28 . 2011-10-01 04:43 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2014-05-12 09:27 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2014-05-12 09:27 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2014-05-12 09:27 . 2010-08-26 05:27 148992 ----a-w- c:\windows\system32\t2embed.dll
2014-05-12 09:27 . 2010-08-26 04:39 109056 ----a-w- c:\windows\SysWow64\t2embed.dll
2014-05-12 09:27 . 2013-03-01 03:32 3150848 ----a-w- c:\windows\system32\win32k.sys
2014-05-12 09:23 . 2013-04-12 14:36 1653096 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-05-12 09:21 . 2011-03-11 06:19 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2014-05-12 09:20 . 2011-04-22 20:18 27008 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-05-12 09:20 . 2012-11-02 05:27 478208 ----a-w- c:\windows\system32\dpnet.dll
2014-05-12 09:20 . 2012-11-02 04:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2014-05-12 09:20 . 2012-11-20 05:55 307200 ----a-w- c:\windows\system32\ncrypt.dll
2014-05-12 09:20 . 2012-11-20 05:10 219136 ----a-w- c:\windows\SysWow64\ncrypt.dll
2014-05-12 09:20 . 2012-04-28 03:50 204800 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2014-05-12 09:12 . 2011-07-09 02:44 287744 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2014-05-12 09:12 . 2011-05-04 02:51 157696 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2014-05-12 09:12 . 2011-05-04 02:51 126464 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2014-05-12 09:12 . 2011-11-17 07:12 395776 ----a-w- c:\windows\system32\webio.dll
2014-05-12 09:12 . 2011-11-17 05:39 314368 ----a-w- c:\windows\SysWow64\webio.dll
2014-05-12 09:12 . 2010-03-04 07:57 2080256 ----a-w- c:\program files\Windows Mail\msoe.dll
2014-05-12 09:12 . 2010-03-04 07:33 1619968 ----a-w- c:\program files (x86)\Windows Mail\msoe.dll
2014-05-12 09:12 . 2012-01-03 06:24 515584 ----a-w- c:\windows\system32\timedate.cpl
2014-05-12 09:12 . 2012-01-03 05:44 478208 ----a-w- c:\windows\SysWow64\timedate.cpl
2014-05-12 09:08 . 2010-08-21 06:31 633856 ----a-w- c:\windows\system32\comctl32.dll
2014-05-12 09:08 . 2010-08-21 05:33 530432 ----a-w- c:\windows\SysWow64\comctl32.dll
2014-05-12 09:08 . 2012-04-26 05:34 76288 ----a-w- c:\windows\system32\rdpwsx.dll
2014-05-12 09:08 . 2012-04-26 05:34 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2014-05-12 09:08 . 2012-04-26 05:28 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2014-05-12 08:59 . 2012-05-02 05:32 208896 ----a-w- c:\windows\system32\profsvc.dll
2014-05-12 08:59 . 2011-03-03 06:17 182272 ----a-w- c:\windows\system32\dnsrslvr.dll
2014-05-12 08:59 . 2011-03-03 06:17 356352 ----a-w- c:\windows\system32\dnsapi.dll
2014-05-12 08:59 . 2011-03-03 06:14 30208 ----a-w- c:\windows\system32\dnscacheugc.exe
2014-05-12 08:59 . 2011-03-03 05:27 28672 ----a-w- c:\windows\SysWow64\dnscacheugc.exe
2014-05-12 08:57 . 2010-08-21 06:38 1024512 ----a-w- c:\windows\system32\wmpmde.dll
2014-05-12 08:57 . 2010-08-21 05:36 738816 ----a-w- c:\windows\SysWow64\wmpmde.dll
2014-05-12 08:57 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2014-05-12 08:57 . 2012-08-24 17:10 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2014-05-12 08:57 . 2013-01-04 05:30 424960 ----a-w- c:\windows\system32\KernelBase.dll
2014-05-12 08:57 . 2013-01-04 05:30 1161216 ----a-w- c:\windows\system32\kernel32.dll
2014-05-12 08:53 . 2011-08-17 05:32 613888 ----a-w- c:\windows\system32\psisdecd.dll
2014-05-12 08:52 . 2010-07-29 06:30 82944 ----a-w- c:\windows\SysWow64\iccvid.dll
2014-05-12 08:52 . 2012-06-16 05:25 609792 ----a-w- c:\windows\system32\vbscript.dll
2014-05-12 08:52 . 2012-06-16 05:25 850944 ----a-w- c:\windows\system32\jscript.dll
2014-05-12 08:51 . 2012-06-16 04:37 428032 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-05-10 22:42 . 2011-05-03 05:21 976896 ----a-w- c:\windows\system32\inetcomm.dll
2014-05-10 22:39 . 2014-05-13 16:46 -------- d-----w- c:\windows\AutoKMS
2014-05-10 22:38 . 2014-05-10 22:38 -------- d-----w- c:\users\Carlos Veiga\AppData\Local\Microsoft Toolkit
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-09 19:36 . 2014-05-09 19:36 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-20 18:38 1725128 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-20 18:38 1725128 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-20 18:38 1725128 ----a-w- c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="c:\program files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 1712184]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-02-22 2363392]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-04-17 3671872]
"soundconfig"="c:\programdata\audiofiltering\skskjbpjx.exe" [2014-05-20 346112]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-09-20 202024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-03-29 98304]
"MSN Toolbar"="c:\program files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe" [2009-11-30 240472]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-07-17 288080]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2010-01-25 61112]
"SunJavaUpdateSched"="c:\program files (x86)\Java\jre6\bin\jusched.exe" [2010-04-25 149280]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-09-20 1836328]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.141\SSScheduler.exe [2014-1-16 329944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 BTMCOM;Bluetooth Serial Port;c:\windows\system32\Drivers\btmcom.sys;c:\windows\SYSNATIVE\Drivers\btmcom.sys [x]
R3 EraserUtilDrv11311;EraserUtilDrv11311;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilDrv11311.sys [x]
R3 jraahian;jraahian; [x]
R3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.141\McCHSvc.exe [x]
R3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys;c:\windows\SYSNATIVE\DRIVERS\yk62x64.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1503000.00C\SYMDS64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1503000.00C\SYMEFA64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\SYMEFA64.SYS [x]
S1 BHDrvx64;BHDrvx64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140510.001\BHDrvx64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140510.001\BHDrvx64.sys [x]
S1 ccSet_NIS;NIS Settings Manager;c:\windows\system32\drivers\NISx64\1503000.00C\ccSetx64.sys;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\ccSetx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 IDSVia64;IDSVia64;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140606.002\IDSvia64.sys;c:\program files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140606.002\IDSvia64.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1503000.00C\Ironx64.SYS;c:\windows\SYSNATIVE\drivers\NISx64\1503000.00C\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS;c:\windows\SYSNATIVE\Drivers\NISx64\1503000.00C\SYMNETS.SYS [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files\Motorola\Bluetooth\obexsrv.exe;c:\program files\Motorola\Bluetooth\obexsrv.exe [x]
S2 c2cautoupdatesvc;Skype Click to Call Updater;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe;c:\program files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [x]
S2 c2cpnrsvc;Skype Click to Call PNR Service;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe;c:\program files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [x]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe;c:\windows\SYSNATIVE\ezSharedSvcHost.exe [x]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe;c:\program files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [x]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe;c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [x]
S3 Bluetooth Device Manager;Bluetooth Device Manager;c:\program files\Motorola\Bluetooth\devmgrsrv.exe;c:\program files\Motorola\Bluetooth\devmgrsrv.exe [x]
S3 Bluetooth Media Service;Bluetooth Media Service;c:\program files\Motorola\Bluetooth\audiosrv.exe;c:\program files\Motorola\Bluetooth\audiosrv.exe [x]
S3 BTMUSB;Motorola Bluetooth Radio Service;c:\windows\system32\Drivers\btmusb.sys;c:\windows\SYSNATIVE\Drivers\btmusb.sys [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-24 23:46 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.114\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2014-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-09 20:22]
.
2014-06-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-05-09 20:22]
.
2014-06-09 c:\windows\Tasks\HPCeeScheduleForCarlos Veiga.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-20 19:59 2328776 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-20 19:59 2328776 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-20 19:59 2328776 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BTMTrayAgent"="c:\program files\Motorola\Bluetooth\btmshell.dll" [2010-03-10 20451592]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2010-03-13 6234144]
"RtkOSD"="c:\program files (x86)\Realtek\Audio\OSD\RtVOsd64.exe" [2010-01-12 995840]
"HP Quick Launch"="c:\program files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-01-18 451072]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-04-25 172032]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-05-27 21720]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://www.bing.com
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: &Download by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files (x86)\Orbitdownloader\orbitmxt.dll/202
IE: E&nviar para o OneNote - c:\progra~2\MICROS~4\Office15\ONBttnIE.dll/105
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~4\Office15\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1 192.168.1.1
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Carlos Veiga\AppData\Roaming\Mozilla\Firefox\Profiles\gqxi6m26.default\
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2014-05-10 22:12; {35379F86-8CCB-4724-AE33-4278DE266C70}; c:\program files (x86)\Orbitdownloader\addons\OneClickYouTubeDownloader
FF - ExtSQL: 2014-05-15 18:25; {BBDA0591-3099-440a-AA10-41764D9DB4DB}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF
FF - ExtSQL: 2014-05-15 23:40; {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}; c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\coFFPlgn
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKCU-Run-Application Identity - c:\users\Carlos Veiga\AppData\Roaming\Microsoft\Windows\wmiApSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{B60DCA15-56A3-4D2D-8747-22CF7D7B588B} - c:\program files (x86)\InstallShield Installation Information\{B60DCA15-56A3-4D2D-8747-22CF7D7B588B}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12\diMaster.dll\" /prefetch:1"
"ImagePath"="\SystemRoot\System32\Drivers\NISx64\1503000.00C\SYMNETS.SYS"
"TrustedImagePaths"="c:\program files (x86)\Norton Internet Security\Engine\21.3.0.12;c:\program files (x86)\Norton Internet Security\Engine64\21.3.0.12"
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_USERS\S-1-5-21-2218803855-3297486006-618588655-1000\Software\Win7zip]
@Denied: (A B 2 3) (Everyone)
"Uuid"=hex:26,9f,e9,f6,77,76,71,4b,88,cd,87,17,46,b8,3e,e8
.
[HKEY_USERS\S-1-5-21-2218803855-3297486006-618588655-1000_Classes\CLSID\{269FE9F6-7776-714B-88CD-871746B83EE8}]
@Denied: (A 4) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Tempo para conclusão: 2014-06-09 17:29:38
ComboFix-quarantined-files.txt 2014-06-09 16:29
.
Pré-execução: 212.341.239.808 bytes free
Pós execução: 212.909.252.608 bytes free
.
- - End Of File - - 14AD0AD17AE7D7F9BDA4A93D14C121F1
26651CA52CF954CE6626026EFA9F6E13

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Carlos Uchira

 

Desinstale < Daemon Tools Pro >

 

Poste HijackThis atualizado.

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde DigRam.

 

Ok, desistalei o programa. HijackThis actulizado logo abaixo:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:05:51, on 10-06-2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17267)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe
C:\Program Files (x86)\Java\jre6\bin\jusched.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\Microsoft Office\Office15\MsoSync.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://african.howzit.msn.com/?pc=up21&ocid=up21dhp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
O2 - BHO: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.141\McAfeeMSS_IE.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\IPS\IPSBHO.DLL
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Grab Pro - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\Orbitdownloader\GrabPro.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\coIEPlg.dll
O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [MSN Toolbar] "C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe"
O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
O4 - HKLM\..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [soundconfig] "C:\ProgramData\audiofiltering\skskjbpjx.exe"
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe"
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.8.141\SSScheduler.exe
O8 - Extra context menu item: &Download by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll/202
O8 - Extra context menu item: E&nviar para o OneNote - res://C:\PROGRA~2\MICROS~4\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office15\EXCEL.EXE/3000
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: E&nviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Funcionalidade Clicar para Chamar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Funcionalidade Clicar para Chamar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Notas Ligadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Device Manager - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
O23 - Service: Bluetooth Media Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
O23 - Service: Bluetooth OBEX Service - Motorola, Inc. - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: Easybits Services for Windows (ezSharedSvc) - EasyBits Software AS - C:\Windows\System32\ezSharedSvcHost.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
O23 - Service: Serviço Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Unknown owner - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 13344 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Carlos Uchiha

 

JRAAHIAN

 

Conhece este driver? Faca uma busca utilizando o Executar. < Windows+R >

Se não o conhece,pode deletar.

O problema,ainda,permanece?

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Carlos Uchira

 

No momento estou em um Tablet e sem meus Canneds.

Portanto,acesse as indicacoes de ferramentas indo ao meu tutorial sobre as mesmas,ou do Antonio Vieira Sobrinho.

 

-/-

 

Execute a ferramenta aswMBR,em Modo de Compatibilidade com Windows XP (SP3 ).

Execute a ferramenta ZHPDiag.

 

Poste ambos relatórios!

 

ABS!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia DigRam. Desculpe a ausência. Tive problemas em acessar a internet, problemas técnicos da provedora.

 

Baixei as duas ferramentas, e já fiz o scan. Abaixo posto os relatórios.

 

Log de aswMBR:

 

aswMBR version 1.0.1.2041 Copyright© 2014 AVAST Software
Run date: 2014-06-17 21:00:32
-----------------------------
21:00:32.693 OS Version: Windows x64 5.1.2600 Service Pack 3
21:00:32.693 Number of processors: 2 586 0x603
21:00:32.695 ComputerName: CARLOSVEIGA-PC UserName: Carlos Veiga
21:00:34.310 Initialize success
21:00:34.311 VM: initialized successfully
21:00:34.319 VM: Amd CPU BiosDisabled
21:00:38.920 VM: disk I/O amdsata.sys
22:21:23.446 AVAST engine defs: 14061700
22:32:12.202 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
22:32:12.208 Disk 0 Vendor: WDC_WD32 12.0 Size: 305245MB BusType: 11
22:32:12.345 Disk 0 MBR read successfully
22:32:12.349 Disk 0 MBR scan
22:32:12.432 Disk 0 unknown MBR code
22:32:12.455 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:32:12.482 Disk 0 Boot: NTFS code=1
22:32:12.503 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 291025 MB offset 409600
22:32:12.533 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13916 MB offset 596428800
22:32:12.550 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 624928768
22:32:12.652 Disk 0 scanning C:\Windows\system32\drivers
22:32:24.311 Service scanning
22:32:27.417 Service BHDrvx64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\BASHDefs\20140606.001\BHDrvx64.sys **LOCKED** 5
22:32:31.117 Service eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys **LOCKED** 5
22:32:31.264 Service EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys **LOCKED** 5
22:32:33.831 Service IDSVia64 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\IPSDefs\20140616.001\IDSvia64.sys **LOCKED** 5
22:32:36.927 Service NAVENG C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140617.002\ENG64.SYS **LOCKED** 5
22:32:37.196 Service NAVEX15 C:\Program Files (x86)\Norton Internet Security\NortonData\21.0.0.100\Definitions\VirusDefs\20140617.002\EX64.SYS **LOCKED** 5
22:32:50.545 Modules scanning
22:32:50.556 Disk 0 trace - called modules:
22:32:50.594 ntoskrnl.exe CLASSPNP.SYS disk.sys amdxata.sys storport.sys hal.dll amdsata.sys
22:32:50.601 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80025c3060]
22:32:50.609 3 CLASSPNP.SYS[fffff88001b2f43f] -> nt!IofCallDriver -> [0xfffffa800257db10]
22:32:50.617 5 amdxata.sys[fffff8800108476b] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa8002576060]
22:32:53.808 AVAST engine scan C:\
23:16:34.999 File: C:\ProgramData\audiofiltering\skskjbpjx.exe **INFECTED** Win32:Malware-gen
23:26:37.648 File: C:\Users\Carlos Veiga\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018c2 **INFECTED** Win32:Dropper-gen [Drp]
23:33:24.937 File: C:\Users\Carlos Veiga\AppData\Local\Temp\txgxvrmqfel.exe **INFECTED** Win32:Malware-gen
01:26:08.824 Scan finished successfully
08:19:19.815 Disk 0 MBR has been saved successfully to "C:\Users\Carlos Veiga\Desktop\MBR.dat"
08:19:20.511 The log file has been saved successfully to "C:\Users\Carlos Veiga\Desktop\aswMBR.txt"
Log de ZHPdiag:
~ Relatório do ZHPDiag v2014.6.17.93 - Nicolas Coolman (17-06-2014)
~ Iniciado por Carlos Veiga (18-06-2014 09:07:36)
~ Endereço do Website : http://nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7600.16385 (Defaut)
MFIE: Mozilla Firefox 10.0
GCIE: Google Chrome v35.0.1916.153
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit (Build 7600)
Windows Server License Manager Script : OK
---\\ Softwares de proteçao do sistema
Norton Internet Security v21.3.0.12
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Deactivate)
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 10 ActiveX
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1786 MB (12% free)
System Restore: Activé (Enable)
System drive C: has 197 GB (69%) free of 284 GB
---\\ Modo de conexão ao sistema
~ Computer Name: CARLOSVEIGA-PC
~ User Name: Carlos Veiga
~ All Users Names: Guest, Carlos Veiga, Administrator,
~ Unselected Option: None
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Carlos Veiga\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Carlos Veiga\AppData\Roaming\
~ %Desktop% : C:\Users\Carlos Veiga\Desktop\
~ %Favorites% : C:\Users\Carlos Veiga\Favorites\
~ %LocalAppData% : C:\Users\Carlos Veiga\AppData\Local\
~ %StartMenu% : C:\Users\Carlos Veiga\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 197 Go of 284 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 14 Go)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.9AAAEC8DAC27AA17B053E6352AD233AE] - (.Microsoft Corporation - Windows Explorer.) (.25-04-2010 - 02:46:07.) -- C:\Windows\Explorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.14-07-2009 - 02:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.8523338F749AC8C5300C125BC4B08275] - (.Microsoft Corporation - Internet Extensions for Win32.) (.02-03-2013 - 06:49:19.) -- C:\Windows\System32\wininet.dll [1198080]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Windows Logon Application.) (.25-04-2010 - 02:46:07.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Software Licensing Library.) (.14-07-2009 - 02:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28-12-2011 - 04:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.14-07-2009 - 02:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14-07-2009 - 00:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14-07-2009 - 00:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.27-04-2011 - 03:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.14-07-2009 - 01:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.14-07-2009 - 00:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.14-07-2009 - 01:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.04-05-2011 - 03:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.14-07-2009 - 00:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - NT File System Driver.) (.12-04-2013 - 15:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.14-07-2009 - 01:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14-07-2009 - 01:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.14-07-2009 - 01:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.14-07-2009 - 00:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.06-09-2012 - 18:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Favoris (My Favorites) : 1/21
~ Mes Documents (My Documents) : 1/18613
~ Mon Bureau (My Desktop) : 1/9
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 11s
---\\ Processos lançados
[MD5.1305F77D8B17AA4C516263D6F8013836] - (.Symantec Corporation - Norton Internet Security.) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe [276376] [PID.1344]
[MD5.C06F76EC21B1CD5D8EB8A95243371A67] - (.Hewlett-Packard Company - No Comment.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2363392] [PID.4308]
[MD5.7E4AD8220AF0B281274F9785DD53E25C] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [18642024] [PID.4480]
[MD5.1E40EF882A2AFC3A715969AD7BF531B1] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe [202024] [PID.4488]
[MD5.ADA275BA873724E6C67B9287D883473E] - (.Microsoft Corp. - MSN® Toolbar.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe [240472] [PID.4676]
[MD5.3A0647BDED81DBE0BCBB51D70B22C9E0] - (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe [149280] [PID.3196]
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [54576] [PID.4868]
[MD5.279A2F9A8626E0BCEAC222BA7C3C02EF] - (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [1410344] [PID.4072]
[MD5.47D1F0444CE33A0CA42409A88896CD8D] - (.Hewlett-Packard - HP Advisor.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe [1590840] [PID.2692]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.5244]
[MD5.E4D31A3743EC6F9528A0B998CAF7F72E] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8069632] [PID.6280]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Carlos Veiga\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [user Data\Default][HomePage] http://african.howzit.msn.com
G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [user Data\Default] [bopakagnckmlgajfccecajhnimjiiedh] McAfee Security Scan+ v.3.8.141.12 (Désactivé)
G2 - GCE: Preference [user Data\Default] [mfffpogegjflfpflabcdkioaeobkgjik] GaiaAuthExtension v.0.0.1, (Activé)
G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [user Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [user Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 21 Legitimates Filtered in 00mn 18s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Carlos Veiga\AppData\Roaming\Mozilla\Firefox\Profiles\gqxi6m26.default\prefs.js
M3 - MFPP: Plugins - [Carlos Veiga] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\buscape.xml
M3 - MFPP: Plugins - [Carlos Veiga] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\mercadolivre.xml
M3 - MFPP: Plugins - [Carlos Veiga] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\wikipedia-br.xml
M3 - MFPP: Plugins - [Carlos Veiga] -- C:\Program Files (x86)\Mozilla FireFox\searchplugins\yahoo-br.xml
~ Firefox Browser: 11 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 1
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: btorbit.com [64Bits] - {000123B4-9B42-4900-B3F7-F4B073EFC214} . (.Orbitdownloader.com - Orbitcth.) -- C:\Program Files (x86)\Orbitdownloader\orbitcth.dll
~ BHO: 19 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton Internet Security\Engine64\21.3.0.12\coIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{C55BBCD6-41AD-48AD-9953-3609C48EACC7} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Carlos Veiga]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Users\Carlos Veiga\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Global Startup: 1 Legitimates Filtered in 00mn 05s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [bTMTrayAgent] . (.Motorola, Inc. - Bluetooth Shell Extension.) -- C:\Program Files\Motorola\Bluetooth\btmshell.dll
O4 - HKLM\..\Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Realtek HD Audio Manager.) -- C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
O4 - HKLM\..\Run: [RtkOSD] . (.Realtek Semiconductor Corp. - Realtek OSD for Volume/Mute.) -- C:\Program Files (x86)\Realtek\Audio\OSD\RtVOsd64.exe
O4 - HKLM\..\Run: [HP Quick Launch] . (.Hewlett-Packard Company - No Comment.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files\Java\jre6\bin\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [HPWirelessAssistant] . (...) -- C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
O4 - HKLM\..\RunOnce: [NCPluginUpdater] . (.Hewlett-Packard - NCPluginUpdater.) -- C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe
O4 - HKCU\..\Run: [HPAdvisorDock] . (.No owner - HP Advisor Dock.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - No Comment.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [soundconfig] . (.Porto Editora, Lda. - Diciopédia 2008.) -- C:\ProgramData\audiofiltering\skskjbpjx.exe
O4 - HKCU\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [startCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [MSN Toolbar] . (.Microsoft Corp. - MSN® Toolbar.) -- C:\Program Files (x86)\MSN Toolbar\Platform\4.0.0369.0\mswinext.exe
O4 - HKLM\..\Wow6432Node\Run: [Microsoft Default Manager] . (.Microsoft Corporation - Microsoft Default Manager.) -- C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [Easybits Recovery] . (.EasyBits Software AS - No Comment.) -- C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe =>.EasyBits Software AS
O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java Platform SE binary.) -- C:\Program Files (x86)\Java\jre6\bin\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [NBKeyScan] . (.Nero AG - Nero BackItUp.) -- C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
O4 - HKUS\S-1-5-21-2218803855-3297486006-618588655-1000\..\Run: [HPAdvisorDock] . (.No owner - HP Advisor Dock.) -- C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKUS\S-1-5-21-2218803855-3297486006-618588655-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - No Comment.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-2218803855-3297486006-618588655-1000\..\Run: [sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-2218803855-3297486006-618588655-1000\..\Run: [soundconfig] . (.Porto Editora, Lda. - Diciopédia 2008.) -- C:\ProgramData\audiofiltering\skskjbpjx.exe
O4 - HKUS\S-1-5-21-2218803855-3297486006-618588655-1000\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKUS\S-1-5-21-2218803855-3297486006-618588655-1000\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] . (.Nero AG - Nero Home.) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: E&nviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office15\ONBttnIE.dll (.not file.)
O9 - Extra button: Funcionalidade Clicar para Chamar do Lync [64Bits] - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -- C:\Program Files\Microsoft Office\Office15\lync.exe (.not file.)
O9 - Extra button: &Notas Ligadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office15\ONBTTN~1.dll (.not file.)
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A2D6ABF4-CDD1-495E-A0DD-CC7DDBA45198}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{A2D6ABF4-CDD1-495E-A0DD-CC7DDBA45198}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{A2D6ABF4-CDD1-495E-A0DD-CC7DDBA45198}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlmailhtml [64Bits] - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} . (...) --
O18 - Filter: text/xml [64Bits] - {807583E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{361E7204-5046-451B-95D0-65E6EAE6AD51}] (...) -- C:\Users\Carlos Veiga\Desktop\Matlab\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{66C0D3B1-2B64-4F4F-BCB2-7DEBBADC5DE4}] (...) -- G:\Programas\Programs\Matlab\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BD467EFB-867F-4533-A706-3EC89A6D4C79}] (...) -- G:\Programas\Matlab\setup.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1076]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1080]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForCarlos Veiga [360]
~ Scheduled Task: 18 Legitimates Filtered in 00mn 05s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Softonic] =>Toolbar.Conduit
~ Key Software: 340 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 09-05-2014 - 20:20:34 - [] ----D C:\ProgramData\Ask
O43 - CFD: 20-05-2014 - 10:33:07 - [] -SH-D C:\ProgramData\audiofiltering
O43 - CFD: 10-05-2014 - 22:03:52 - [] ----D C:\ProgramData\Geevs
O43 - CFD: 10-05-2014 - 22:40:49 - [] -SH-D C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
~ Program Folder: 151 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.F042EE4C8D66248D9B86DCF52ABAE416] - 09-06-2014 - 17:11:23 ---A- . (...) -- C:\Windows\PEV.exe [256000]
O44 - LFC:[MD5.9E05A9C264C8A908A8E79450FCBFF047] - 09-06-2014 - 17:11:23 ---A- . (...) -- C:\Windows\grep.exe [80412]
O44 - LFC:[MD5.2B657A67AEBB84AEA5632C53E61E23BF] - 09-06-2014 - 17:11:23 ---A- . (...) -- C:\Windows\sed.exe [98816]
O44 - LFC:[MD5.5E832F4FAF5F481F2EAF3B3A48F603B8] - 09-06-2014 - 17:11:23 ---A- . (...) -- C:\Windows\zip.exe [68096]
O44 - LFC:[MD5.0277C027A26428DB64EF4F64F52BB4FD] - 09-06-2014 - 17:11:24 ---A- . (...) -- C:\Windows\MBR.exe [208896]
O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 09-06-2014 - 17:25:23 ---A- . (...) -- C:\Windows\system.ini [215]
O44 - LFC:[MD5.8620D0D7D62805623473DAD1D183FF1E] - 09-06-2014 - 17:29:39 ---A- . (...) -- C:\ComboFix.txt [32232]
O44 - LFC:[MD5.2608A2D1E6EBB240D77D14D72FC6209E] - 11-06-2014 - 15:04:37 ---A- . (...) -- C:\Windows\ntbtlog.txt [1360878]
~ Files: 18 Legitimates Filtered in 00mn 04s
---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" [Enabled] .(.Orbitdownloader.com.) -- C:\Program Files (x86)\Orbitdownloader\orbitdm.exe
O47 - AAKE:Key Export SP - "C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" [Enabled] .(.Orbitdownloader.com.) -- C:\Program Files (x86)\Orbitdownloader\orbitnet.exe
~ Keys Export: 2 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:14-07-2009 - 02:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10-06-2009 - 21:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:14-07-2009 - 02:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
~ Drivers: 63 Legitimates Filtered in 00mn 06s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 11-06-2014 - C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (eeCtrl) .(.Symantec Corporation - Symantec Eraser Control Driver.) - LEGACY_EECTRL
~ Legacy: 89 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {E75DDF65-528C-4FEB-B3DF-3BF4CA712D7C} [DefaultScope] - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.0774E032BFBE7A532F99F94C1F587A89] [sPRF][18-06-2014] (...) -- C:\Users\Carlos Veiga\Desktop\MBR.dat [512]
~ Files: 2 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{3AACF88F-ADE6-4D2D-BB65-9D08593423F3}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Carlos Veiga\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{41CF4B89-542E-4E20-BDD7-32FAAA8578F4}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Carlos Veiga\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 02s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biSetup37031_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biSetup37031_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biSetup59857_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biSetup59857_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_orbit-downloader_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_orbit-downloader_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_2_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_2_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 186 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 24-06-2010 647680 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Demand 04-01-2010 238328 | (GameConsoleService) . (.WildTangent, Inc..) - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
SS - | Auto 09-05-2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09-05-2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09-04-2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Auto 28-02-2013 161384 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 14-07-2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08-05-2014 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 18-11-2009 98208 | (AERTFilters) . (.Andrea Electronics Corporation.) - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
SR - | Auto 20-09-2010 203264 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Demand 05-03-2010 4163848 | (Bluetooth Device Manager) . (.Motorola, Inc..) - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
SR - | Demand 05-03-2010 1040136 | (Bluetooth Media Service) . (.Motorola, Inc..) - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
SR - | Auto 10-03-2010 661768 | (Bluetooth OBEX Service) . (.Motorola, Inc..) - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
SR - | Auto 10-07-1658 0 | (ezSharedSvc) . (.EasyBits Software AS.) - C:\Windows\System32\ezSharedSvcHost.exe =>.EasyBits Software AS
SR - | Demand 24-06-2010 1028096 | (FLEXnet Licensing Service 64) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SR - | Auto 24-03-2010 121344 | (HP Health Check Service) . (.Hewlett-Packard.) - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
SR - | Auto 27-01-2010 102968 | (HP Wireless Assistant Service) . (.Hewlett-Packard.) - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
SR - | Demand 13-03-2010 230968 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
SR - | Auto 18-01-2010 20480 | (HPWMISVC) . (...) - C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
SR - | Auto 22-02-2010 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 20-09-2007 853288 | (Nero BackItUp Scheduler 3) . (.Nero AG.) - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
SR - | Auto 11-05-2014 276376 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\21.3.0.12\NIS.exe
SR - | Demand 20-09-2007 382248 | (NMIndexingService) . (.Nero AG.) - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
SR - | Auto 19-11-2009 242048 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Demand 10-07-1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 14-07-2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 22s
---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)
Run by Carlos Veiga at 18-06-2014 09:11:16
~ OS 64 not supported by MBR tool
~ MBR: 0 Legitimates Filtered in 00mn 00s
---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)
Written by ad13, http://ad13.geekstog
Run by Carlos Veiga at 18-06-2014 09:11:19
********* Dump file Name *********
C:\PhysicalDisk0_MBR.bin
~ MBR: Scanned in 00mn 02s
---\\ Scâner Aditional (088)
Database Version : 13026 - (17-06-2014)
Clés trouvées (Keys found) : 3
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
~ Additionnel Scan: 350286 Items scanned in 01mn 00s
---\\ Informações complémentaires do módulos
~ http://nicolascoolman.fr/g0-page-de-demarrage-google-chrome/ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ http://nicolascoolman.fr/g2-google-chrome-extensions/ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ http://nicolascoolman.fr/r5-internet-explorer-proxy-management-iepm/ =>.Internet Explorer, Gestão do Proxy (R5)
~ http://nicolascoolman.fr/o2-browser-helper-objects-de-navigateur/ =>.Browser Helper Objects do navegador (02)
~ http://nicolascoolman.fr/o3-internet-explorer-toolbars/ =>.Barras do Internet Explorer (03))
~ AMI: 5 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 3 link(s) detected in 00mn 00s
~ 835 Legitimates filtered by white list
End of the scan (453 lines in 04mn 57s)(0)

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa Tarde! Carlos Uchira
|- Desculpe-me a demora em lhe atender,pois estou em processo de aquisição de uma nova placa mãe para o PC e internet de alta velocidade.
-/-
|- Execute este script na ferramenta ZHPFix.
|- Copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c
|- À seguir,minimize o Bloco de Notas.
script zhpfix
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{C55BBCD6-41AD-48AD-9953-3609C48EACC7} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} Chave orfã
[MD5.00000000000000000000000000000000] [APT] [{361E7204-5046-451B-95D0-65E6EAE6AD51}] (...) -- C:\Users\Carlos Veiga\Desktop\Matlab\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{66C0D3B1-2B64-4F4F-BCB2-7DEBBADC5DE4}] (...) -- G:\Programas\Programs\Matlab\setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{BD467EFB-867F-4533-A706-3EC89A6D4C79}] (...) -- G:\Programas\Matlab\setup.exe (.not file.) [0]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biSetup37031_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biSetup37031_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biSetup59857_RASAPI32 =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\biSetup59857_RASMANCS =>Adware.MegaSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_orbit-downloader_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_para_orbit-downloader_RASMANCS =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_2_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utorrent_2_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
[HKCU\Software\Softonic] =>Toolbar.Conduit
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
C:\Users\Carlos Veiga\AppData\Local\Temp\txgxvrmqfel.exe
C:\ProgramData\audiofiltering\skskjbpjx.exe
C:\Users\Carlos Veiga\AppData\Local\Google\Chrome\User Data\Default\Cache\f_0018c2
firewallraz
emptytemp
emptyclsid
|- Abra a ferramenta ZHPFix. < ZHPFix_logo2_zpsea0f2aa4.jpg >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!
-/-

|- Abra,novamente,a ferramenta aswMBR.
|- Clique "Scan".
aswMBR_FixMBR.jpg
|- Clique "FixMBR" << Caso esteja habilitada para o Fix!
abf4jACF.jpg
|- Clique "Yes".
|- Reinicie o computador!
|- Execute,novamente,aswMBR.exe
|- Clique em "Save log".
|- Salve-o no desktop!
|- Poste o relatório!
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.

Compartilhar este post


Link para o post
Compartilhar em outros sites

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.