Logo Hardware.com.br
Gabriel Acunha
Gabriel Acun... Novo Membro Registrado
20 Mensagens 6 Curtidas

[Resolvido] PC com sintomas 'estranhos' - Lerdeza, Freezes, boot em 'duas etapas' -realmente não sei o que fazer

#1 Por Gabriel Acun... 21/09/2015 - 21:10
Boa noite,
Tenho uma máquina com Windows 7 ultimate 64bits, processador Intel Core I3 2120, GPU Nvidia GeForce GT430, 4gb de RAM DDR3, placa mãe Gigabyte H61M-S1

Há um mês mais ou menos eu percebi que quando ligava o pc, na hora de ele iniciar, ele ligava o gabinete, logo em seguida desligava, passava 2~3s e então ele ligava de vez, fiquei meio preocupado, dei uma garimpada na internet e achei gente falando que isso era 'normal' e que não deveria me preocupar. Essa semana eu percebi que quando eu reinicio a máquina, tanto pelo gabinete, quanto pelo windows, a máquina trava no logo da bios, ela nao faz o boot completo e fica travada na bios eternamente. Ontem surgiu outro 'sintoma' que me preocupou mais; eu percebi que o computador andava muito lento ultimamente, e de uma hora para a outra. Parece que quanto mais tempo ele fica ligado, mais lento ele fica. Os navegadores travam e param de funcionar, o shockwave crasha, pra abrir pastas/arquivos as vezes chega a demorar 2 minutos, até o gerenciador de tarefas demora minutos para aparecer na tela, porém, nem o uso de RAM nem o da CPU ultrapassa os 40%~

Já realizei os testes de RAM e de disco rígido do windows, ambos não apresentaram nada 'errado'. Já rodei scan do Panda Antivirus, MalwareByts, Super AntiSpyware e do AdwareCleaner, todos terminaram a varredura com 0 ameaças. Também já realizei uma análise com o HijackThis que estarei colocando aqui em baixo.

Também já chequei a temperatura e voltagem de todos os componentes com o programa HWMonitor, e segundo ele, está tudo dentro do esperado. Os coolers também estão em funcionamento normal, o gabinete está limpo e também já executei uma 'limpeza' com o CCleaner.

Mainboard: 47ºC
Processador: 50~58ºC (varia muito e muito rápido)
GPU: 32ºC

Qualquer ajuda é extremamente bem-vinda, não faço mais ideia de o que fazer/tentar. hahaha

Muito obrigado desde já!
[spoiler]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:02:28, on 16/09/2015
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_232.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Users\Usuário\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Sidebar] "C:\Program Files (x86)\Windows Sidebar\sidebar.exe" /autoRun
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Usuário\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Windows\system32\EasyAntiCheat.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9917 bytes
[/spoiler]
boot freeze lag slow pc boot boa estranhos sintomas 64bits lerdeza freezes
Responder
Gabriel Acunha
Gabriel Acun... Novo Membro Registrado
20 Mensagens 6 Curtidas
#3 Por Gabriel Acun...
22/09/2015 - 20:17
Tmfeijo disse:
Boa tarde e bem vindo !

Execute o eset on line :

http://www.eset.com.br/online-scanner

Assinale permitir e todas as alternativas em configurações avançadas; com exceção de configurar proxy . E inicie !

Poste o log gerado em C:\Program Files\ESET\ESET Online Scanner\log.txt .


Abraços

Boa noite!
Muito obrigado pela rápida resposta!
Segue o log:
[spoiler]
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3eb3d9b3258b744e880072b9bd06d7bb
# end=init
# utc_time=2015-09-22 04:53:50
# local_time=2015-09-22 01:53:50 (-0300, Hora oficial do Brasil)
# country="Brazil"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25886
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3eb3d9b3258b744e880072b9bd06d7bb
# end=updated
# utc_time=2015-09-22 05:43:41
# local_time=2015-09-22 02:43:41 (-0300, Hora oficial do Brasil)
# country="Brazil"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3eb3d9b3258b744e880072b9bd06d7bb
# engine=25886
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-09-22 09:10:54
# local_time=2015-09-22 06:10:54 (-0300, Hora oficial do Brasil)
# country="Brazil"
# lang=11046
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Panda Free Antivirus'
# compatibility_mode=1557 16777213 87 100 5090818 228234228 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 91836966 194503304 0 0
# scanned=177722
# found=8
# cleaned=8
# scan_time=12432
sh=1C88A7C4FD5E9BBE5F558AB731149EC1E59A67AC ft=0 fh=0000000000000000 vn="Win32/Toolbar.TNT2.I Aplicação potencialmente não desejado (excluído - em quarentena)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\XTab\ffsearch_toolbar!1.0.0.1031.xpi.vir"
sh=933A580FF9B3DD0E7ACC12BD3DF4159056C7DCE8 ft=1 fh=7e8602554cbcb03a vn="uma variante de Win64/KeyLogger.RevealerKeylogger.NAA Aplicação potencialmente insegura (limpo por exclusão - em quarentena)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\rvlkl\rvlkl.exe.vir"
sh=A76CFA62B0423D688EC7B035200D78AF933E30E5 ft=1 fh=e4de2161f77e255c vn="uma variante de Win32/Adware.MultiPlug.MI aplicativo (limpo por exclusão - em quarentena)" ac=C fn="C:\AdwCleaner\Quarantine\C\ProgramData\{6f1e4b65-b041-4314-6f1e-e4b65b042d96}\five nights at freddys 3 v101 setupexe.exe.vir"
sh=3858994D2B8C9D8B87C826A46C05CF60A790DAA6 ft=1 fh=8a1e5e1d58892132 vn="uma variante de Win32/Toolbar.Visicom.A Aplicação potencialmente não desejado (excluído - em quarentena)" ac=C fn="C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe"
sh=2A9EB115376543E1CEE153F69250696DFB52A30C ft=1 fh=c31ceed4c9e922bb vn="uma variante de Win32/Spy.Spyrix.C Aplicação potencialmente insegura (limpo por exclusão - em quarentena)" ac=C fn="C:\Program Files (x86)\Spyrix Free Keylogger\spkl.exe"
sh=D1BDDD9CE973D0AB300AC6F565AF4184BFE58ED6 ft=1 fh=141e453f0b7cb241 vn="uma variante de Win32/Bunndle Aplicação potencialmente insegura (limpo por exclusão - em quarentena)" ac=C fn="C:\Program Files (x86)\uTorrent\uTorrent.exe"
sh=D869EA86CBFB0EC1DB2A8BDE6FA697A612BDB20F ft=1 fh=71fa698234ce1153 vn="Python/CoinMiner.B Aplicação potencialmente insegura (excluído - em quarentena)" ac=C fn="C:\Users\Usuário\Downloads\guiminer-20121203.exe"
sh=CD6798ED167CE253C0C9E8636337D92F08081538 ft=0 fh=0000000000000000 vn="uma variante de Win32/Bundled.Toolbar.Ask Aplicação potencialmente insegura (excluído - em quarentena)" ac=C fn="C:\Windows\Installer\25205f.msi"
[/spoiler]
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#4 Por TmfeijoMMonr...
22/09/2015 - 20:33
Boa noite !

1º ) Desinstale o eset on line com o revo uninstall ; pois o mesmo embora seja on line há algumas pastas e um .exe !

http://www.revouninstaller.com/revo_uninstaller_free_download.html

2º ) Execute o combofix :

http://www.bleepingcomputer.com/download/combofix/

3º ) Depois de vc rodar o combofix e postar o log ; execute a ferramenta del fix ( assinale apenas a opção de desinstalar ferramentas de desinfecção ) .

https://toolslib.net/downloads/viewdownload/2-delfix/

Vamos dar uma limpada destas ferramentas ; pois com estas acima ; vc já usou muitas ! Muitas sobras delas aí !
Mas ratifico após vc postar o log do combofix ! Pois ele e demais pastas do mesmo serão excluídos pela del fix !


Abraços
Gabriel Acunha
Gabriel Acun... Novo Membro Registrado
20 Mensagens 6 Curtidas
#5 Por Gabriel Acun...
22/09/2015 - 21:55
Tmfeijo disse:
Boa noite !

1º ) Desinstale o eset on line com o revo uninstall ; pois o mesmo embora seja on line há algumas pastas e um .exe !

http://www.revouninstaller.com/revo_uninstaller_free_download.html

2º ) Execute o combofix :

http://www.bleepingcomputer.com/download/combofix/

3º ) Depois de vc rodar o combofix e postar o log ; execute a ferramenta del fix ( assinale apenas a opção de desinstalar ferramentas de desinfecção ) .

https://toolslib.net/downloads/viewdownload/2-delfix/

Vamos dar uma limpada destas ferramentas ; pois com estas acima ; vc já usou muitas ! Muitas sobras delas aí !
Mas ratifico após vc postar o log do combofix ! Pois ele e demais pastas do mesmo serão excluídos pela del fix !


Abraços

Boa noite,
Desinstalei o ESET com o Revo e agora vou executar o Del Fix

Segue o log do ComboFix:
[spoiler]
ComboFix 15-09-21.01 - Usuário 22/09/2015 21:35:23.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.4076.1914 [GMT -3:00]
Executando de: c:\users\Usußrio\Downloads\ComboFix.exe
AV: Panda Free Antivirus *Disabled/Updated* {AAF74A68-8713-CDF1-004F-30003398BE9E}
FW: Panda Firewall *Disabled* {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
SP: Panda Free Antivirus *Disabled/Updated* {1196AB8C-A129-C27F-3AFF-0B72481FF423}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\wpcap.dll
.
c:\windows\HelpPane.exe . . . está infectado!!
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Serviços )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_npf
.
.
(((((((((((((((( Arquivos/Ficheiros criados de 2015-08-23 to 2015-09-23 ))))))))))))))))))))))))))))
.
.
2015-09-22 23:50 . 2015-09-22 23:50 -------- d-----w- c:\program files (x86)\VS Revo Group
2015-09-21 15:30 . 2015-01-29 17:21 61712 ----a-w- c:\windows\system32\drivers\PSKMAD.sys
.
.
.
((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-09-22 07:44 . 2012-10-11 21:34 780488 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-09-22 07:44 . 2012-10-11 21:34 142536 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-17 20:45 . 2015-07-31 20:41 113880 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-08-06 17:45 . 2015-08-06 17:45 33856 ---ha-w- c:\windows\system32\drivers\hamachi.sys
.
.
(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))
.
.
*Nota* entradas vazias e legítimas por padrão não são apresentadas.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"PSUAMain"="c:\program files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" [2015-02-26 40184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NanoServiceMain]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PSUAService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R3 EasyAntiCheat;EasyAntiCheat;c:\windows\system32\EasyAntiCheat.exe;c:\windows\SYSNATIVE\EasyAntiCheat.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S1 NNSALPC;NNSALPC;c:\windows\system32\DRIVERS\NNSAlpc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSAlpc.sys [x]
S1 NNSHTTP;NNSHTTP;c:\windows\system32\DRIVERS\NNSHttp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttp.sys [x]
S1 NNSHTTPS;NNSHTTPS;c:\windows\system32\DRIVERS\NNSHttps.sys;c:\windows\SYSNATIVE\DRIVERS\NNSHttps.sys [x]
S1 NNSIDS;NNSIDS;c:\windows\system32\DRIVERS\NNSIds.sys;c:\windows\SYSNATIVE\DRIVERS\NNSIds.sys [x]
S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;c:\windows\system32\DRIVERS\NNSNAHSL.sys;c:\windows\SYSNATIVE\DRIVERS\NNSNAHSL.sys [x]
S1 NNSPICC;NNSPICC;c:\windows\system32\DRIVERS\NNSPicc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPicc.sys [x]
S1 NNSPIHSW;NNSPIHSW;c:\windows\system32\DRIVERS\NNSPihsw.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPihsw.sys [x]
S1 NNSPOP3;NNSPOP3;c:\windows\system32\DRIVERS\NNSPop3.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPop3.sys [x]
S1 NNSPROT;NNSPROT;c:\windows\system32\DRIVERS\NNSProt.sys;c:\windows\SYSNATIVE\DRIVERS\NNSProt.sys [x]
S1 NNSPRV;NNSPRV;c:\windows\system32\DRIVERS\NNSPrv.sys;c:\windows\SYSNATIVE\DRIVERS\NNSPrv.sys [x]
S1 NNSSMTP;NNSSMTP;c:\windows\system32\DRIVERS\NNSSmtp.sys;c:\windows\SYSNATIVE\DRIVERS\NNSSmtp.sys [x]
S1 NNSSTRM;NNSSTRM;c:\windows\system32\DRIVERS\NNSStrm.sys;c:\windows\SYSNATIVE\DRIVERS\NNSStrm.sys [x]
S1 NNSTLSC;NNSTLSC;c:\windows\system32\DRIVERS\NNSTlsc.sys;c:\windows\SYSNATIVE\DRIVERS\NNSTlsc.sys [x]
S1 PSINKNC;PSINKNC;c:\windows\system32\DRIVERS\psinknc.sys;c:\windows\SYSNATIVE\DRIVERS\psinknc.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
S2 NanoServiceMain;Panda Protection Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 PandaAgent;Panda Devices Agent;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe;c:\program files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [x]
S2 PSINAflt;PSINAflt;c:\windows\system32\DRIVERS\PSINAflt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINAflt.sys [x]
S2 PSINFile;PSINFile;c:\windows\system32\DRIVERS\PSINFile.sys;c:\windows\SYSNATIVE\DRIVERS\PSINFile.sys [x]
S2 PSINProc;PSINProc;c:\windows\system32\DRIVERS\PSINProc.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProc.sys [x]
S2 PSINProt;PSINProt;c:\windows\system32\DRIVERS\PSINProt.sys;c:\windows\SYSNATIVE\DRIVERS\PSINProt.sys [x]
S2 PSINReg;PSINReg;c:\windows\system32\DRIVERS\PSINReg.sys;c:\windows\SYSNATIVE\DRIVERS\PSINReg.sys [x]
S2 PSUAService;Panda Product Service;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe;c:\program files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 PSKMAD;PSKMAD;c:\windows\system32\DRIVERS\PSKMAD.sys;c:\windows\SYSNATIVE\DRIVERS\PSKMAD.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
--- =Outros Serviços/Drivers Na Memória ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-09-17 18:12 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\45.0.2454.93\Installer\chrmstp.exe
.
Conteúdo da pasta 'Tarefas Agendadas'
.
2015-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 07:44]
.
2015-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 21:59]
.
2015-09-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-05-15 21:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-01-16 12445288]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2015-05-23 2754704]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2015-05-23 1571696]
.
------- Scan Suplementar -------
.
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
IE: E&xportar para o Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\users\Usuário\AppData\Roaming\Mozilla\Firefox\Profiles\theg8z79.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.bing.com/
.
- - - - ORFÃOS REMOVIDOS - - - -
.
Wow6432Node-HKLM-Run-kbdsprt - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-AVG Web TuneUp - c:\program files (x86)\AVG Web TuneUp\UNINSTALL.exe
AddRemove-PlanetSide 2 - c:\users\Public\Sony Online Entertainment\Installed Games\PlanetSide 2\Uninstaller.exe
.
.
.
--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_19_0_0_185_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.19"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_19_0_0_185.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Outros Processos em Execução ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
.
**************************************************************************
.
Tempo para conclusão: 2015-09-22 21:53:29 - Máquina reiniciou
ComboFix-quarantined-files.txt 2015-09-23 00:53
.
Pré-execução: 69.964.754.944 bytes disponíveis
Pós execução: 69.087.064.064 bytes disponíveis
.
- - End Of File - - B20DB66A0BD823C40074FBB7D672628C
A36C5E4F47E84449FF07ED3517B43A31
[/spoiler]

** EDIT: executei o Del Fix também, segue o log:
[spoiler]
# DelFix v1.011 - Relatório criado 22/09/2015 às 21:57:12
# Atualizado 18/08/2015 por Xplode
# Usuário : Usuário - USUÁRIO-PC
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removendo ferramentas de desinfecção ...

Removido : C:\Qoobox
Removido : C:\AdwCleaner
Removido : C:\ComboFix.txt
Removido : C:\Users\Usuário\Desktop\hijackthis.log
Removido : C:\Users\Usuário\Downloads\adwcleaner_5.007.exe
Removido : C:\Users\Usuário\Downloads\ComboFix.exe
Removido : C:\Users\Usuário\Downloads\esetsmartinstaller_ptg.exe
Removido : C:\Users\Usuário\Downloads\HijackThis.exe
Removido : C:\Windows\grep.exe
Removido : C:\Windows\PEV.exe
Removido : C:\Windows\NIRCMD.exe
Removido : C:\Windows\MBR.exe
Removido : C:\Windows\SED.exe
Removido : C:\Windows\SWREG.exe
Removido : C:\Windows\SWSC.exe
Removido : C:\Windows\SWXCACLS.exe
Removido : C:\Windows\Zip.exe
Removido : HKLM\SOFTWARE\AdwCleaner
Removido : HKLM\SOFTWARE\Swearware
Removido : HKLM\SOFTWARE\TrendMicro\Hijackthis
Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\combofix.exe

########## - EOF - ##########
[/spoiler]
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#6 Por TmfeijoMMonr...
22/09/2015 - 22:02
Boa noite !

Ok . Ciente . Como está o pc ?


Rode o SystemLook :
http://jpshortstuff.247fixes.com/SystemLook.exe (versão 32 bits) .
http://jpshortstuff.247fixes.com/SystemLook_x64.exe (versão 64 bits) . O seu aqui !!!


Após abrir o SystemLook.exe, selecione e copie todo este texto destacado em vermelho abaixo:


:filefind
baidu

:folderfind
baidu

:regfind
baidu

Cole o texto que você acabou de copiar na caixa de texto do SystemLook.

Clique no botão Look e ao fim do exame um log (relatório) se abrirá. Ele é salvo como SystemLook.txt no Desktop

Depois com esta busca :


:filefind
PSafe

:folderfind
PSafe

:regfind
PSafe

Abraços
Gabriel Acunha
Gabriel Acun... Novo Membro Registrado
20 Mensagens 6 Curtidas
#7 Por Gabriel Acun...
22/09/2015 - 22:15
Tmfeijo disse:
Boa noite !

Ok . Ciente . Como está o pc ?


Rode o SystemLook :
http://jpshortstuff.247fixes.com/SystemLook.exe (versão 32 bits) .
http://jpshortstuff.247fixes.com/SystemLook_x64.exe (versão 64 bits) . O seu aqui !!!


Após abrir o SystemLook.exe, selecione e copie todo este texto destacado em vermelho abaixo:


:filefind
baidu

:folderfind
baidu

:regfind
baidu

Cole o texto que você acabou de copiar na caixa de texto do SystemLook.

Clique no botão Look e ao fim do exame um log (relatório) se abrirá. Ele é salvo como SystemLook.txt no Desktop

Depois com esta busca :


:filefind
PSafe

:folderfind
PSafe

:regfind
PSafe

Abraços


O computador, aparentemente, está bem mais fluido, porém antes em algumas inicializações ele também se encontrava mais rápido, porém eram raras as vezes. O boot continua estranho - travando na bios quando reinicializado e inicializando duas vezes quando ligado

Seguem os logs:
Baidu
[spoiler]
SystemLook 30.07.11 by jpshortstuff
Log created at 22:09 on 22/09/2015 by Usuário
Administrator - Elevation successful

========== filefind ==========

Searching for "baidu"
No files found.

========== folderfind ==========

Searching for "baidu"
No folders found.

========== regfind ==========

Searching for "baidu"
[HKEY_CURRENT_USER\Software\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_USERS\S-1-5-21-1782589835-129142536-760186026-1000\Software\Baidu Security]

-= EOF =-
[/spoiler]
PSafe
[spoiler]
SystemLook 30.07.11 by jpshortstuff
Log created at 22:13 on 22/09/2015 by Usuário
Administrator - Elevation successful

========== filefind ==========

Searching for "PSafe"
No files found.

========== folderfind ==========

Searching for "PSafe"
C:\Users\Usuário\PSafe d------ [15:48 20/10/2012]

========== regfind ==========

Searching for "PSafe"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\PSafe]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\PSafe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EF870383-83AB-4EA9-BE48-56FA4251AF10}]
@="IWMPSafeBrowser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EF870383-83AB-4EA9-BE48-56FA4251AF10}]
@="IWMPSafeBrowser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360OEM.exe]
"Path"="C:\Program Files (x86)\PSafe\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{722DC91D-A2EF-488A-9A5F-B27D7BDFD991}"="PSafe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}"="PSafeOL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\MyComputer\NameSpace\{35B6525E-071A-4EA9-B3BD-F6A742572F08}]
@="PSafe LockBox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{722DC91D-A2EF-488A-9A5F-B27D7BDFD991}"="PSafe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}"="PSafeOL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{35B6525E-071A-4EA9-B3BD-F6A742572F08}"="PSafe LockBox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\360OEM.exe]
"Path"="C:\Program Files (x86)\PSafe\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{EF870383-83AB-4EA9-BE48-56FA4251AF10}]
@="IWMPSafeBrowser"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\PSafeSVC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\PSafeSVC]
"EventMessageFile"="C:\Program Files (x86)\PSafe\PSafesvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\PSafeWD]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\PSafeWD]
"EventMessageFile"="C:\Program Files (x86)\PSafe\PSafeWD.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\PSafeSVC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\PSafeSVC]
"EventMessageFile"="C:\Program Files (x86)\PSafe\PSafesvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\PSafeWD]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\PSafeWD]
"EventMessageFile"="C:\Program Files (x86)\PSafe\PSafeWD.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PSafeSVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PSafeSVC]
"EventMessageFile"="C:\Program Files (x86)\PSafe\PSafesvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PSafeWD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PSafeWD]
"EventMessageFile"="C:\Program Files (x86)\PSafe\PSafeWD.exe"
[HKEY_USERS\S-1-5-21-1782589835-129142536-760186026-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\PSafe]
[HKEY_USERS\S-1-5-21-1782589835-129142536-760186026-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\PSafe]

-= EOF =-
[/spoiler]
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#8 Por TmfeijoMMonr...
22/09/2015 - 22:21
Boa noite ! Gabriel Acunha

Me diz uma coisa . Esta matéria de boot e BIOS . Ao iniciar o sistema vc tem que dar F1 para ir da placa mãe para a BIOS e depois ESC para sair da BIOS e iniciar o sistema ? Seria esta circunstância ? É isto ?


Abraços


Gabriel Acunha disse:
O computador, aparentemente, está bem mais fluido, porém antes em algumas inicializações ele também se encontrava mais rápido, porém eram raras as vezes. O boot continua estranho - travando na bios quando reinicializado e inicializando duas vezes quando ligado

Seguem os logs:
Baidu
[spoiler]
SystemLook 30.07.11 by jpshortstuff
Log created at 22:09 on 22/09/2015 by Usuário
Administrator - Elevation successful

========== filefind ==========

Searching for "baidu"
No files found.

========== folderfind ==========

Searching for "baidu"
No folders found.

========== regfind ==========

Searching for "baidu"
[HKEY_CURRENT_USER\Software\Baidu Security]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{77FEF28E-EB96-44FF-B511-3185DEA48697}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{B580CF65-E151-49C3-B73F-70B13FCA8E86}]
"DllName"="baidubar.dll;BaiduBarX.dll;BaiduBarX.dll;BaiduBarX.dll"
[HKEY_USERS\S-1-5-21-1782589835-129142536-760186026-1000\Software\Baidu Security]

-= EOF =-
[/spoiler]
PSafe
[spoiler]
SystemLook 30.07.11 by jpshortstuff
Log created at 22:13 on 22/09/2015 by Usuário
Administrator - Elevation successful

========== filefind ==========

Searching for "PSafe"
No files found.

========== folderfind ==========

Searching for "PSafe"
C:\Users\Usuário\PSafe d------ [15:48 20/10/2012]

========== regfind ==========

Searching for "PSafe"
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\PSafe]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\PSafe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EF870383-83AB-4EA9-BE48-56FA4251AF10}]
@="IWMPSafeBrowser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EF870383-83AB-4EA9-BE48-56FA4251AF10}]
@="IWMPSafeBrowser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360OEM.exe]
"Path"="C:\Program Files (x86)\PSafe\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{722DC91D-A2EF-488A-9A5F-B27D7BDFD991}"="PSafe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}"="PSafeOL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\MyComputer\NameSpace\{35B6525E-071A-4EA9-B3BD-F6A742572F08}]
@="PSafe LockBox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{722DC91D-A2EF-488A-9A5F-B27D7BDFD991}"="PSafe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}"="PSafeOL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{35B6525E-071A-4EA9-B3BD-F6A742572F08}"="PSafe LockBox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\360OEM.exe]
"Path"="C:\Program Files (x86)\PSafe\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{EF870383-83AB-4EA9-BE48-56FA4251AF10}]
@="IWMPSafeBrowser"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\PSafeSVC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\PSafeSVC]
"EventMessageFile"="C:\Program Files (x86)\PSafe\PSafesvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\PSafeWD]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\PSafeWD]
"EventMessageFile"="C:\Program Files (x86)\PSafe\PSafeWD.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\PSafeSVC]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\PSafeSVC]
"EventMessageFile"="C:\Program Files (x86)\PSafe\PSafesvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\PSafeWD]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\PSafeWD]
"EventMessageFile"="C:\Program Files (x86)\PSafe\PSafeWD.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PSafeSVC]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PSafeSVC]
"EventMessageFile"="C:\Program Files (x86)\PSafe\PSafesvc.exe"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PSafeWD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\PSafeWD]
"EventMessageFile"="C:\Program Files (x86)\PSafe\PSafeWD.exe"
[HKEY_USERS\S-1-5-21-1782589835-129142536-760186026-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\C:\Program Files (x86)\PSafe]
[HKEY_USERS\S-1-5-21-1782589835-129142536-760186026-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.8.false\C:\Program Files (x86)\PSafe]

-= EOF =-
[/spoiler]
Gabriel Acunha
Gabriel Acun... Novo Membro Registrado
20 Mensagens 6 Curtidas
#9 Por Gabriel Acun...
22/09/2015 - 22:24
Tmfeijo disse:
Boa noite ! Gabriel Acunha

Me diz uma coisa . Esta matéria de boot e BIOS . Ao iniciar o sistema vc tem que dar F1 para ir da placa mãe para a BIOS e depois ESC para sair da BIOS e iniciar o sistema ? Seria esta circunstância ? É isto ?


Abraços

Não, o que acontece é que, após ligar o computador, todos os componentes ligam e logo em seguida desligam (1s~2s), o computador permanece desligado por alguns poucos segundos (o intervalo varia de vez para vez) e então liga novamente e faz o boot completamente. Já quando eu reinicio a máquina (tanto pelo windows quanto pelo botão do gabinete) o sistema fica trancado na tela da BIOS e nenhum dos comandos funcionam (f12 / DEL / F1 / F6...)
Gabriel Acunha
Gabriel Acun... Novo Membro Registrado
20 Mensagens 6 Curtidas
#11 Por Gabriel Acun...
22/09/2015 - 22:37
Tmfeijo disse:
Boa noite !

Embora sua máquina com muitas infecções ! Teve alguma queda brusca de energia e o pc ligado no momento ?

Drivers estão atualizados ?

Abraços

Não que eu me recorde.
Quanto aos drivers, nunca procurei atualizações manualmente, porém sempre que sou notificado pelo windows ou por algum programa eu faço a atualização. Como poderia checar se estão todos devidamente atualizados?
Mais uma vez, muito obrigado pela ajuda!
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#12 Por TmfeijoMMonr...
22/09/2015 - 22:44
Boa tarde !

Pois bem ! Vamos checar . Com log< execute a DDS :

http://www.bleepingcomputer.com/download/dds/


Poste os dois logs ! Dá para ver mais malwares também !


Com software ! Execute o slimdrivers :

https://www.slimwareutilities.com/slimdrivers.php



PS : Vamos comparar em que constar device em um dos log da DDS com o que o slimdrivers puxar !
OK ?

No mais em gerenciador de dispositivos consta algum ponto de exclamação ?



Anexo do post

Abraços Anexo do post



E não esqueça dos novos logs da systemlook !!

Anexos

upload_2015-9-22_22-44-27.png
Gabriel Acunha
Gabriel Acun... Novo Membro Registrado
20 Mensagens 6 Curtidas
#13 Por Gabriel Acun...
22/09/2015 - 23:55
Eu tinha relatado que o PC se encontrava bem mais fluido, porém a lerdeza e os freezes voltaram meio que aos poucos.
Não consta nenhum ponto de exclamação no gerenciador de dispositivos, segue print: [spoiler]Imagem
[/spoiler]
Também aqui uma print das voltagens e temperaturas dos componentes (medido pelo HWMonitor): [spoiler]Imagem
[/spoiler]

O slimdrivers achou 15 atualizações;[spoiler]Imagem
[/spoiler]

Segue os logs do DDS:

Attach.txt
[spoiler]
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume1
Install Date: 15/05/2012 14:55:33
System Uptime: 22/09/2015 22:06:38 (1 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | H61M-S1
Processor: Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz | Intel(R) Core(TM) i3-2120 CPU @ 3.30GHz | 3300/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 156 GiB total, 64,485 GiB free.
D: is FIXED (NTFS) - 310 GiB total, 303,046 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
7 Days to Die
Adobe Flash Player 19 ActiveX
Adobe Flash Player 19 NPAPI
Adobe Reader XI - Português
Adobe Shockwave Player 11.6
Apple Mobile Device Support
Apple Software Update
µTorrent
Atualizações da NVIDIA 2.4.5.28
Atualização do produto Microsoft Office Excel 2007 Help (KB963678)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669)
Atualização do produto Microsoft Office Word 2007 Help (KB963665)
Audacity 2.0.2
AVG Web TuneUp
Bonjour
CamStudio version 2.7
CCleaner
CCleaner, ?????? 4.14.4808
Counter-Strike: Global Offensive
CPUID CPU-Z 1.73
CPUID HWMonitor 1.28
D3DX10
DAEMON Tools Lite
Emergency Download Driver
Facebook Video Calling 3.1.0.521
Google Chrome
Google Update Helper
GoPro CineForm Studio 1.3.2
iTunes
Java 8 Update 45
Java 8 Update 45 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 45 (64-bit)
K-Lite Mega Codec Pack 11.1.0
LogMeIn Hamachi
Lumia UEFI Blue Driver
Malwarebytes Anti-Malware versão 2.1.8.1057
Microsoft .NET Framework 4.5
Microsoft .NET Framework 4.5 PTB Language Pack
Microsoft Application Error Reporting
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (Portuguese (Brazil)) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (Portuguese (Brazil)) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (Portuguese (Brazil)) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007
Microsoft Office Word MUI (Portuguese (Brazil)) 2007
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
Microsoft WSE 3.0 Runtime
Mozilla Firefox 40.0.3 (x86 pt-BR)
Mozilla Maintenance Service
MSVCRT
MSVCRT Redists
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Ultra Edition
neroxml
NVIDIA 3D Vision Controller Driver
NVIDIA Driver de controle do 3D Vision 352.65
NVIDIA Driver de gráficos 352.86
NVIDIA Driver de áudio HD 1.3.34.3
NVIDIA Driver do 3D Vision 352.86
NVIDIA GeForce Experience 2.4.5.28
NVIDIA GeForce Experience Service
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA ShadowPlay 2.4.5.28
NVIDIA Software do sistema PhysX 9.15.0428
NVIDIA Stereoscopic 3D Driver
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.28
Pacote de Idiomas do Microsoft .NET Framework 4.5 - Português (Brasil)
Painel de controle da NVIDIA 352.86
Panda Devices Agent
Panda Free Antivirus
Photo Common
PhotoFiltre 7
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Revo Uninstaller 1.95
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SHIELD Streaming
SHIELD Wireless Controller Driver
Steam
SUPERAntiSpyware
Suporte para Aplicativos Apple (32-bit)
Suporte para Aplicativos Apple Apple (64-bit)
swMSM
TeamSpeak 3 Client
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760573) 32-Bit Edition
Vegas Pro 12.0 (64-bit)
VirtualDJ Home FREE
Visual Studio 2012 x64 Redistributables
Visual Studio 2012 x86 Redistributables
Winamp
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices (03/07/2012 )
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Phone app for desktop
Windows Phone Recovery Tool 2.1.1
WinPcap 4.1.1
WinRAR 4.11 (64-bit)
WinUsb CoInstallers
WinUSB Compatible ID Drivers
WinUSB Drivers ext
.
==== End Of File ===========================
[/spoiler]

DDS.txt
[spoiler]
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 11.45.2
Run by Usuário at 23:01:28 on 2015-09-22
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.55.1046.18.4076.2353 [GMT -3:00]
.
AV: Panda Free Antivirus *Enabled/Updated* {AAF74A68-8713-CDF1-004F-30003398BE9E}
SP: Panda Free Antivirus *Enabled/Updated* {1196AB8C-A129-C27F-3AFF-0B72481FF423}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Panda Firewall *Disabled* {92CCCB4D-CD7C-CCA9-2B10-9935CD4BF9E5}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\taskhost.exe
C:\Windows\regedit.exe
C:\Users\Usuário\Downloads\dds.com
C:\Windows\system32\DeviceDisplayObjectProvider.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mSearch Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.google.com
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
BHO: Auxiliar de Conexão de Conta da Microsoft: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Sidebar] "C:\Program Files (x86)\Windows Sidebar\sidebar.exe" /autoRun
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportar para o Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
TCP: NameServer = 8.8.8.8 8.8.4.4
TCP: Interfaces\{5738AE4E-7C47-4FD8-8857-DA4722AAD919} : DHCPNameServer = 8.8.8.8 8.8.4.4
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
SSODL: WebCheck -
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\45.0.2454.93\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://www.google.com
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_45\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_45\bin\jp2ssv.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [Sidebar] "C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} -
x64-SSODL: WebCheck -
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Usuário\AppData\Roaming\Mozilla\Firefox\Profiles\theg8z79.default\
.
============= SERVICES / DRIVERS ===============
.
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2014-8-13 50976]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-10-11 283200]
R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2015-2-9 93968]
R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2015-2-9 202000]
R1 NNSHTTPS;NNSHTTPS;C:\Windows\System32\drivers\NNSHttps.sys [2015-2-9 110864]
R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2015-2-9 116496]
R1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\System32\drivers\NNSNAHSL.sys [2014-12-31 48400]
R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2015-2-9 99600]
R1 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2015-2-9 69904]
R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2015-2-9 124176]
R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2015-2-9 299792]
R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2015-2-9 166160]
R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2015-2-9 113424]
R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2015-2-9 257296]
R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2015-2-9 106256]
R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2015-2-25 197392]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2014-7-22 172344]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-1-19 77128]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-5-19 1152656]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2015-8-6 2545512]
R2 LMIGuardianSvc;LMIGuardianSvc;C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [2015-8-6 417552]
R2 NanoServiceMain;Panda Protection Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe [2015-2-26 142584]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-5-19 1893008]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-5-19 23006864]
R2 PandaAgent;Panda Devices Agent;C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe [2014-10-9 66808]
R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2015-4-21 163600]
R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2015-2-25 121616]
R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2015-2-25 124176]
R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2015-2-25 133904]
R2 PSINReg;PSINReg;C:\Windows\System32\drivers\PSINReg.sys [2015-2-25 107792]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe [2015-2-26 38136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-5-19 410768]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2015-7-31 25816]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-5-19 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-6-1 38032]
R3 PSKMAD;PSKMAD;C:\Windows\System32\drivers\PSKMAD.sys [2015-9-21 61712]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-5-15 646248]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-7-31 1133880]
S3 EasyAntiCheat;EasyAntiCheat;C:\Windows\System32\EasyAntiCheat.exe --> C:\Windows\System32\EasyAntiCheat.exe [?]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-7-31 63704]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-11 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-13 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 WatAdminSvc;Serviço de Tecnologias de Ativação do Windows;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-10-10 1255736]
.
=============== Created Last 30 ================
.
2015-09-23 02:03:43 -------- d-----w- C:\Users\Usußrio\AppData\Local\Microsoft
2015-09-23 00:49:26 -------- d-----w- C:\$RECYCLE.BIN
2015-09-22 23:50:21 -------- d-----w- C:\Program Files (x86)\VS Revo Group
2015-09-21 15:30:50 61712 ----a-w- C:\Windows\System32\drivers\PSKMAD.sys
.
==================== Find3M ====================
.
2015-09-22 07:44:48 780488 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-09-22 07:44:46 142536 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-09-17 20:45:35 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-08-06 17:45:54 33856 ---ha-w- C:\Windows\System32\drivers\hamachi.sys
.
============= FINISH: 23:12:07,05 ===============
[/spoiler]

Novos logs da SystemLook:
Baidu
[spoiler]
SystemLook 30.07.11 by jpshortstuff
Log created at 23:22 on 22/09/2015 by Usuário
Administrator - Elevation successful

========== filefind ==========

Searching for "baidu"
No files found.

========== folderfind ==========

Searching for "baidu"
No folders found.

========== regfind ==========

Searching for "baidu"
No data found.

-= EOF =-
[/spoiler]

PSafe
[spoiler]
SystemLook 30.07.11 by jpshortstuff
Log created at 23:23 on 22/09/2015 by Usuário
Administrator - Elevation successful

========== filefind ==========

Searching for "PSafe"
No files found.

========== folderfind ==========

Searching for "PSafe"
No folders found.

========== regfind ==========

Searching for "PSafe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{EF870383-83AB-4EA9-BE48-56FA4251AF10}]
@="IWMPSafeBrowser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{EF870383-83AB-4EA9-BE48-56FA4251AF10}]
@="IWMPSafeBrowser"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\360OEM.exe]
"Path"="C:\Program Files (x86)\PSafe\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{722DC91D-A2EF-488A-9A5F-B27D7BDFD991}"="PSafe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}"="PSafeOL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\MyComputer\NameSpace\{35B6525E-071A-4EA9-B3BD-F6A742572F08}]
@="PSafe LockBox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{722DC91D-A2EF-488A-9A5F-B27D7BDFD991}"="PSafe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{A48EC0D3-3DDF-4A75-B35E-B1AFBC6E40F7}"="PSafeOL"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved]
"{35B6525E-071A-4EA9-B3BD-F6A742572F08}"="PSafe LockBox"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\360OEM.exe]
"Path"="C:\Program Files (x86)\PSafe\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{EF870383-83AB-4EA9-BE48-56FA4251AF10}]
@="IWMPSafeBrowser"

-= EOF =-
[/spoiler]
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#14 Por TmfeijoMMonr...
23/09/2015 - 00:11
Boa noite !

Certo ! Muito bom trabalho !

Vamos lá !

Pela DDS realmente não consta nenhum driver à ser atualizado . Se não vejamos em Disabled Device Manager Items :


==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 156 GiB total, 64,485 GiB free.
D: is FIXED (NTFS) - 310 GiB total, 303,046 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.


Mas como o slimdriver puxou . Recomendo vc atualizar apenas o driver de video !!!

E vc tem muito drivers repetidos . Pode desativar alguns ! Outros são atualizações ; basta ver a série !

E tbm muitos programas que podem ser removidos como por exemplo o Bonjour e a versão antiga do JAVA .

Desinstale o java com o revo uninstall e instale a atual !

https://www.java.com/pt_BR/download/


Vou relacionar com tempo os programas que vc poderá excluir com o revo uninstall . Editarei sempre aqui !



Tudo que é java pode remover :


Java 8 Update 45
Java 8 Update 45 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 45 (64-bit)

Desinstale tudo e sempre com o revo uninstall no modo avançado; para futuramente ter uma reinstalação limpa !


Bonjour pode remover ! O SUPERAntiSpyware idem .


Isto aqui tbm :



Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Messenger
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Phone app for desktop
Windows Phone Recovery Tool 2.1.1

MSN acabou faz tempo !





Tudo isto pode ser a causa de lentidões no sistema !


Abraços
Gabriel Acunha
Gabriel Acun... Novo Membro Registrado
20 Mensagens 6 Curtidas
#15 Por Gabriel Acun...
23/09/2015 - 00:36
Tmfeijo disse:
Boa noite !

Certo ! Muito bom trabalho !

Vamos lá !

Pela DDS realmente não consta nenhum driver à ser atualizado . Se não vejamos em Disabled Device Manager Items :


==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 156 GiB total, 64,485 GiB free.
D: is FIXED (NTFS) - 310 GiB total, 303,046 GiB free.
E: is CDROM ()
F: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.


Mas como o slimdriver puxou . Recomendo vc atualizar apenas o driver de video !!!

E vc tem muito drivers repetidos . Pode desativar alguns ! Outros são atualizações ; basta ver a série !

E tbm muitos programas que podem ser removidos como por exemplo o Bonjour e a versão antiga do JAVA .

Desinstale o java com o revo uninstall e instale a atual !

https://www.java.com/pt_BR/download/


Vou relacionar com tempo os programas que vc poderá excluir com o revo uninstall . Editarei sempre aqui !



Tudo que é java pode remover :


Java 8 Update 45
Java 8 Update 45 (64-bit)
Java Auto Updater
Java SE Development Kit 7 Update 45 (64-bit)

Desinstale tudo com o revo uninstall para futuramente ter uma reinstalação limpa !


Bonjour pode remover ! O SUPERAntiSpyware idem .





Tudo isto pode ser a causa de lentidões no sistema !


Abraços

Como eu faço para saber quais drivers posso desabilitar? E como eu desabilito eles?

Abraços!
Responder Tópico
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal