Ir para conteúdo

Foto

Windows 7 as vezes não inicia


Este tópico foi arquivado. Isto significa que você não pode mais responder ao tópico.
21 respostas neste tópico

#1
Tiago Freitas

Tiago Freitas

    Novato

  • Membro
  • Pip
  • 15 posts
Logfile of HijackThis v1.99.1
Scan saved at 18:25:51, on 13/11/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)

Running processes:
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Cryptainer LE 10\cryptainerle.exe
C:\Users\Tiago\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tiago\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tiago\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tiago\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tiago\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tiago\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tiago\Documents\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oquefazernainternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazer...ternet.com/q/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Tiago\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apache2.4 - Unknown owner - c:\xampp\apache\bin\httpd.exe" -k runservice (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Cryptainer 10 service (cryptainer10service) - Cypherix Software (India) Pvt. Ltd. - C:\Windows\SysWOW64\crytsrv10.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZillaServer - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe
O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

Esse é meu primeiro post, uso windows 7 home basic, Turion II p560, radeon 6370, 4gb ram. Uso o pc para estudo e lazer.

De tempo em tempo o pc trava na telinha de inicialização, as cores ficam lá brilhando mas não sai disso, ja deixei mas de hora pra ver e nada, tempo que reiniciar a força para ele voltar. Hoje depois de uma atualização critica do windows update (service pack1) ele não quis voltar de jeito nenhum, tive que executar um ponto de restauração pra ele voltar.

Se faltou ou sobrou algo da um grito. valeu :)

#2
JoseMelo

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 125.298 posts
Bem-vindo(a) à Linha Defensiva

Meu nome é José Humberto e "nickname" JoseMelo

Para que possamos ter sucesso ao final dos procedimentos, sugiro que siga estritamente o que lhe for proposto e não use qualquer ferramenta ou programa, que não seja os aqui recomendados;
Não desinstale nenhuma ferramenta que esteja sendo usada, até a finalização dos procedimentos;
Caso tenha um tópico em andamento em outro fórum, recomendo que o abandone para que os procedimentos não sejam conflitantes;
Se preferir receber por e-mail um aviso toda vez que houver resposta no seu tópico, clique em Imagem Postada no alto da página.
Se tiver mais de um programa, com proteção residente instalado (antivírus, antispyware, firewall), mantenha somente um para evitar conflitos e lentidão ao sistema.


- Faça o download do Malwarebytes Anti-Malware
http://www.malwareby...am-download.php
  • Desative o antivírus;
  • Faça a instalação dando um duplo clique em "mbam-setup.exe";
  • Marque "Atualizar Malwarebytes Anti-Malware" e "Executar Malwarebytes Anti-Malware", e clique em concluir;
  • Marque "Verificação Completa" e depois clique em Verificar;
  • Quando o scan terminar, clique em Ok e em "Mostrar Resultados" para ver o log;
  • Se algo for detectado, veja se tudo está marcado e clique em "Remover";
  • O log é automaticamente gravado e pode ser consultado clicando em "Logs" do menu principal;
  • Copie e cole o conteúdo desse log na sua próxima resposta.
- Poste novo log do HijackThis.

#3
Tiago Freitas

Tiago Freitas

    Novato

  • Membro
  • Pip
  • 15 posts
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Versão da Base de Dados: v2012.11.14.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Tiago :: TIAGO-HP [administrador]

14/11/2012 20:52:47
mbam-log-2012-11-14 (20-52-47).txt

Tipo de Verificação: Verificação Completa (C:\|D:\|G:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM
Opções de verificação desativadas: P2P
Objetos escaneados: 543103
Tempo decorrido: 1 hora(s), 56 minuto(s), 47 segundo(s)

Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos)

Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos)

Pastas Detectadas: 0
(Não foram detectados ítens maliciosos)

Arquivos Detectados: 5
C:\Users\Tiago\Documents\Downloads\InstallRARFileOpenKnife.exe (PUP.BundleInstaller.BI) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Tiago\Downloads\Majesty.2.The.Fantasy.Kingdom.Sim-KaOs\d3drm.dll (Malware.Packer.Gen) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Tiago\Outros\Aplicativos\Audio e Video\WECPSetup.exe (Adware.Installcore) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Tiago\sames\Corel Draw X5 with Keygen\Corel Draw X5 with Keygen\Keygen.exe (RiskWare.Tool.CK) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\Tiago\Tiago Freitas\notepads\SoftonicDownloader_para_notepad.exe (PUP.OfferBundler.ST) -> Enviado para a Quarentena e deletado com sucesso.

(fim)


Logfile of HijackThis v1.99.1
Scan saved at 23:13:48, on 14/11/2012
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)

Running processes:
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\SysWOW64\RunDll32.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Ares\Ares.exe
C:\Users\Tiago\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tiago\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tiago\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tiago\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tiago\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Tiago\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\uTorrent\uTorrent.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Tiago\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
c:\Users\Tiago\Documents\Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oquefazernainternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/3
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazer...ternet.com/q/%s
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O11 - Options group: [INTERNATIONAL] International
O13 - Gopher Prefix:
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - c:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea RT Filters Service (AERTFilters) - Andrea Electronics Corporation - C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apache2.4 - Unknown owner - c:\xampp\apache\bin\httpd.exe" -k runservice (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FileZillaServer - FileZilla Project - c:\xampp\FileZillaFTP\FileZillaServer.exe
O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP Client Services (HPClientSvc) - Hewlett-Packard Company - C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: mysql - Unknown owner - c:\xampp\mysql\bin\mysqld.exe
O23 - Service: MySQL51 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: RtVOsdService Installer (RtVOsdService) - Realtek Semiconductor Corp. - C:\Program Files\Realtek\RtVOsd\RtVOsdService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %PROGRAMFILES%\Windows Media Player\wmpnetwk.exe (file missing)

#4
JoseMelo

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 125.298 posts
- Clique com o botão direito do mouse sobre o executável do HijackThis > Executar como administrador, clique em Do a system scan only e marque as entradas abaixo:


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oquefazernainternet.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.oquefazernainternet.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.oquefazernainternet.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.oquefazer...ternet.com/q/%s
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO


- Feche todas as janelas, clique em Fix checked e em Sim;


Faça o download do AdwCleaner e salve no desktop.
http://general-chang...de/2-adwcleaner

Clique no ícone Imagem Postada para baixar o arquivo.

Execute o adwcleaner.exe

OBS: Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo AdwCleaner.exe, depois clique em Imagem Postada

Clique em Delete.

Será aberto o bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.

#5
Tiago Freitas

Tiago Freitas

    Novato

  • Membro
  • Pip
  • 15 posts
# AdwCleaner v2.007 - Logfile created 11/15/2012 at 19:31:51
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Basic Service Pack 1 (64 bits)
# User : Tiago - TIAGO-HP
# Boot Mode : Normal
# Running from : C:\Users\Tiago\Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Users\Tiago\AppData\Local\Babylon
Folder Deleted : C:\Users\Tiago\AppData\Roaming\Babylon

***** [Registry] *****

Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (pt-BR)

Profile name : default
File : C:\Users\Tiago\AppData\Roaming\Mozilla\Firefox\Profiles\h7ggkc5t.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Tiago\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.17] : homepage = "hxxp://search.babylon.com/?AF=108293&babsrc=HP_ss&mntrId=4c100a37000000000000cc52af951b49",
Deleted [l.1716] : homepage = "hxxp://search.babylon.com/?AF=108293&babsrc=HP_ss&mntrId=4c100a37000000000000cc52af951b49",

*************************

AdwCleaner[S1].txt - [2326 octets] - [15/11/2012 19:31:51]

########## EOF - C:\AdwCleaner[S1].txt - [2386 octets] ##########

#6
JoseMelo

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 125.298 posts
Baixe MbrScan.exe by Eric_71 > salve no desktop.

Dê um duplo-clique para executar a ferramenta.

* No Windows Vista e Windows 7:

Clique com o direito sobre a ferramenta e selecione Imagem Postada

Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

Selecione, copie e cole o seu conteúdo na próxima resposta.

#7
Tiago Freitas

Tiago Freitas

    Novato

  • Membro
  • Pip
  • 15 posts
Me desculpa a demora, o trabalho tem me sugado bastante.

O Mbr travo duas veses aqui, mas acho deu certo.


MBRScan v1.1.1

OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
BOOT           : Normal Boot
DATE           : 2012/11/17 (ISO 8601) at 21:43:58
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST950042 0AS (0006)
BUS_TYPE       : (0x0B)  S-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0 465.8 Go  [Fixed] ==> 7 MBR Code... ==> PARTITION TABLE FAKED !!

MBR_MD5   : 7199067A5FE400AD1AABB527DCF84DDC
MBR_SHA1  : 11E68BB6A592CE0540F288778570DB3421E9BE15

Device\Harddisk0\Partition1 199.0 Mo   0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 448.9 Go   0x07 NTFS / HPFS
Device\Harddisk0\Partition3 16.52 Go   0x07 NTFS / HPFS
Device\Harddisk0\Partition4 103.0 Mo   0x0C FAT32 [LBA] 
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\Windows\system32\hal.dll => Invisible on the disk
ADDRESS : 0x033EE000
SIZE    : 292.0 Ko

DRIVER  : C:\Windows\system32\kdcom.dll => Invisible on the disk
ADDRESS : 0x00B96000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\mcupdate_AuthenticAMD.dll => Invisible on the disk
ADDRESS : 0x00C57000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\CLFS.SYS => Invisible on the disk
ADDRESS : 0x00C78000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\system32\CI.dll => Invisible on the disk
ADDRESS : 0x00CD6000
SIZE    : 768.0 Ko

DRIVER  : C:\Windows\system32\drivers\Wdf01000.sys => Invisible on the disk
ADDRESS : 0x00E90000
SIZE    : 776.0 Ko

DRIVER  : C:\Windows\system32\drivers\WDFLDR.SYS => Invisible on the disk
ADDRESS : 0x00F52000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spjr.sys => Invisible on the disk
ADDRESS : 0x010B8000
SIZE    : 1.15 Mo

DRIVER  : C:\Windows\System32\Drivers\WMILIB.SYS => Invisible on the disk
ADDRESS : 0x011DE000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\SCSIPORT.SYS => Invisible on the disk
ADDRESS : 0x01000000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\drivers\ACPI.sys => Invisible on the disk
ADDRESS : 0x0102F000
SIZE    : 348.0 Ko

DRIVER  : C:\Windows\system32\drivers\msisadrv.sys => Invisible on the disk
ADDRESS : 0x01086000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\vdrvroot.sys => Invisible on the disk
ADDRESS : 0x01090000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\drivers\pci.sys => Invisible on the disk
ADDRESS : 0x00F62000
SIZE    : 204.0 Ko

DRIVER  : C:\Windows\System32\drivers\partmgr.sys => Invisible on the disk
ADDRESS : 0x0109D000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\compbatt.sys => Invisible on the disk
ADDRESS : 0x011E7000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\BATTC.SYS => Invisible on the disk
ADDRESS : 0x011F0000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\volmgr.sys => Invisible on the disk
ADDRESS : 0x00F95000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\System32\drivers\volmgrx.sys => Invisible on the disk
ADDRESS : 0x00E00000
SIZE    : 368.0 Ko

DRIVER  : C:\Windows\System32\drivers\mountmgr.sys => Invisible on the disk
ADDRESS : 0x00E5C000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\drivers\atapi.sys => Invisible on the disk
ADDRESS : 0x00E76000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\ataport.SYS => Invisible on the disk
ADDRESS : 0x00FAA000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\drivers\msahci.sys => Invisible on the disk
ADDRESS : 0x00FD4000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\PCIIDEX.SYS => Invisible on the disk
ADDRESS : 0x00FDF000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\amd_sata.sys => Invisible on the disk
ADDRESS : 0x00D96000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\storport.sys => Invisible on the disk
ADDRESS : 0x012E9000
SIZE    : 396.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\amd_xata.sys => Invisible on the disk
ADDRESS : 0x0134C000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\amdxata.sys => Invisible on the disk
ADDRESS : 0x01357000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\drivers\fltmgr.sys => Invisible on the disk
ADDRESS : 0x01362000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\system32\drivers\fileinfo.sys => Invisible on the disk
ADDRESS : 0x013AE000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Ntfs.sys => Invisible on the disk
ADDRESS : 0x01459000
SIZE    : 1.64 Mo

DRIVER  : C:\Windows\System32\Drivers\msrpc.sys => Invisible on the disk
ADDRESS : 0x01200000
SIZE    : 376.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecdd.sys => Invisible on the disk
ADDRESS : 0x01400000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\System32\Drivers\cng.sys => Invisible on the disk
ADDRESS : 0x0125E000
SIZE    : 456.0 Ko

DRIVER  : C:\Windows\System32\drivers\pcw.sys => Invisible on the disk
ADDRESS : 0x0141B000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Fs_Rec.sys => Invisible on the disk
ADDRESS : 0x0142C000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\ndis.sys => Invisible on the disk
ADDRESS : 0x01690000
SIZE    : 968.0 Ko

DRIVER  : C:\Windows\system32\drivers\NETIO.SYS => Invisible on the disk
ADDRESS : 0x01782000
SIZE    : 384.0 Ko

DRIVER  : C:\Windows\System32\Drivers\ksecpkg.sys => Invisible on the disk
ADDRESS : 0x01600000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpip.sys => Invisible on the disk
ADDRESS : 0x01815000
SIZE    : 2.00 Mo

DRIVER  : C:\Windows\System32\drivers\fwpkclnt.sys => Invisible on the disk
ADDRESS : 0x01A16000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\drivers\volsnap.sys => Invisible on the disk
ADDRESS : 0x01A60000
SIZE    : 304.0 Ko

DRIVER  : C:\Windows\System32\Drivers\spldr.sys => Invisible on the disk
ADDRESS : 0x01AAC000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\System32\drivers\rdyboost.sys => Invisible on the disk
ADDRESS : 0x01AB4000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\System32\Drivers\mup.sys => Invisible on the disk
ADDRESS : 0x01AEE000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\drivers\hwpolicy.sys => Invisible on the disk
ADDRESS : 0x01B00000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\fvevol.sys => Invisible on the disk
ADDRESS : 0x01B09000
SIZE    : 232.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\disk.sys => Invisible on the disk
ADDRESS : 0x01B43000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CLASSPNP.SYS => Invisible on the disk
ADDRESS : 0x01B59000
SIZE    : 192.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\AtiPcie64.sys => Invisible on the disk
ADDRESS : 0x01B89000
SIZE    : 32.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\cdrom.sys => Invisible on the disk
ADDRESS : 0x01BD2000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswSnx.SYS => Invisible on the disk
ADDRESS : 0x03C0A000
SIZE    : 600.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Null.SYS => Invisible on the disk
ADDRESS : 0x03CA0000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Beep.SYS => Invisible on the disk
ADDRESS : 0x03CA9000
SIZE    : 28.0 Ko

DRIVER  : C:\Windows\System32\drivers\vga.sys => Invisible on the disk
ADDRESS : 0x03CB0000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\drivers\VIDEOPRT.SYS => Invisible on the disk
ADDRESS : 0x03CBE000
SIZE    : 148.0 Ko

DRIVER  : C:\Windows\System32\drivers\watchdog.sys => Invisible on the disk
ADDRESS : 0x03CE3000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\RDPCDD.sys => Invisible on the disk
ADDRESS : 0x03CF3000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdpencdd.sys => Invisible on the disk
ADDRESS : 0x03CFC000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\rdprefmp.sys => Invisible on the disk
ADDRESS : 0x03D05000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Msfs.SYS => Invisible on the disk
ADDRESS : 0x03D0E000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\Drivers\Npfs.SYS => Invisible on the disk
ADDRESS : 0x03D19000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tdx.sys => Invisible on the disk
ADDRESS : 0x03D2A000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\TDI.SYS => Invisible on the disk
ADDRESS : 0x03D4C000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswTdi.SYS => Invisible on the disk
ADDRESS : 0x03D59000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\drivers\afd.sys => Invisible on the disk
ADDRESS : 0x03D6B000
SIZE    : 548.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswRdr.SYS => Invisible on the disk
ADDRESS : 0x01800000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\netbt.sys => Invisible on the disk
ADDRESS : 0x0162A000
SIZE    : 276.0 Ko

DRIVER  : C:\Windows\system32\drivers\ws2ifsl.sys => Invisible on the disk
ADDRESS : 0x03DF4000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wfplwf.sys => Invisible on the disk
ADDRESS : 0x03C00000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\pacer.sys => Invisible on the disk
ADDRESS : 0x013C2000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\vwififlt.sys => Invisible on the disk
ADDRESS : 0x0166F000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\netbios.sys => Invisible on the disk
ADDRESS : 0x017E2000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\wanarp.sys => Invisible on the disk
ADDRESS : 0x01436000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\VBoxUSBMon.sys => Invisible on the disk
ADDRESS : 0x00DAC000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\VBoxDrv.sys => Invisible on the disk
ADDRESS : 0x00C00000
SIZE    : 240.0 Ko

DRIVER  : C:\Windows\system32\drivers\termdd.sys => Invisible on the disk
ADDRESS : 0x013E8000
SIZE    : 80.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rdbss.sys => Invisible on the disk
ADDRESS : 0x04054000
SIZE    : 324.0 Ko

DRIVER  : C:\Windows\system32\drivers\nsiproxy.sys => Invisible on the disk
ADDRESS : 0x040A5000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\drivers\mssmbios.sys => Invisible on the disk
ADDRESS : 0x040B1000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\drivers\discache.sys => Invisible on the disk
ADDRESS : 0x040BC000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dfsc.sys => Invisible on the disk
ADDRESS : 0x040CB000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\blbdrive.sys => Invisible on the disk
ADDRESS : 0x040E9000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswSP.SYS => Invisible on the disk
ADDRESS : 0x040FA000
SIZE    : 324.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\tunnel.sys => Invisible on the disk
ADDRESS : 0x0414B000
SIZE    : 152.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\amdppm.sys => Invisible on the disk
ADDRESS : 0x04171000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\atikmpag.sys => Invisible on the disk
ADDRESS : 0x04186000
SIZE    : 296.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\atikmdag.sys => Invisible on the disk
ADDRESS : 0x04A12000
SIZE    : 7.73 Mo

DRIVER  : C:\Windows\System32\drivers\dxgkrnl.sys => Invisible on the disk
ADDRESS : 0x02EC9000
SIZE    : 976.0 Ko

DRIVER  : C:\Windows\System32\drivers\dxgmms1.sys => Invisible on the disk
ADDRESS : 0x02E00000
SIZE    : 280.0 Ko

DRIVER  : C:\Windows\system32\drivers\HDAudBus.sys => Invisible on the disk
ADDRESS : 0x02E46000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bcmwl664.sys => Invisible on the disk
ADDRESS : 0x0426F000
SIZE    : 2.94 Mo

DRIVER  : C:\Windows\system32\DRIVERS\vwifibus.sys => Invisible on the disk
ADDRESS : 0x0455F000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\Rt64win7.sys => Invisible on the disk
ADDRESS : 0x0456C000
SIZE    : 532.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbohci.sys => Invisible on the disk
ADDRESS : 0x045F1000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBPORT.SYS => Invisible on the disk
ADDRESS : 0x04200000
SIZE    : 344.0 Ko

DRIVER  : C:\Windows\System32\Drivers\fastfat.SYS => Invisible on the disk
ADDRESS : 0x02E6A000
SIZE    : 216.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbfilter.sys => Invisible on the disk
ADDRESS : 0x04256000
SIZE    : 52.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbehci.sys => Invisible on the disk
ADDRESS : 0x02EA0000
SIZE    : 68.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\i8042prt.sys => Invisible on the disk
ADDRESS : 0x02FBD000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\system32\drivers\kbdclass.sys => Invisible on the disk
ADDRESS : 0x02FDB000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\SynTP.sys => Invisible on the disk
ADDRESS : 0x0524D000
SIZE    : 412.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\USBD.SYS => Invisible on the disk
ADDRESS : 0x052B4000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mouclass.sys => Invisible on the disk
ADDRESS : 0x052B6000
SIZE    : 60.0 Ko

DRIVER  : C:\Windows\System32\Drivers\a6620xxp.SYS => Invisible on the disk
ADDRESS : 0x052C5000
SIZE    : 276.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\CmBatt.sys => Invisible on the disk
ADDRESS : 0x0530A000
SIZE    : 20.0 Ko

DRIVER  : C:\Windows\system32\drivers\wmiacpi.sys => Invisible on the disk
ADDRESS : 0x0530F000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\CompositeBus.sys => Invisible on the disk
ADDRESS : 0x05318000
SIZE    : 64.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\clwvd.sys => Invisible on the disk
ADDRESS : 0x05328000
SIZE    : 24.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ks.sys => Invisible on the disk
ADDRESS : 0x0532E000
SIZE    : 268.0 Ko

DRIVER  : C:\Windows\system32\drivers\ksthunk.sys => Invisible on the disk
ADDRESS : 0x05371000
SIZE    : 24.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\AgileVpn.sys => Invisible on the disk
ADDRESS : 0x05377000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rasl2tp.sys => Invisible on the disk
ADDRESS : 0x0538D000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndistapi.sys => Invisible on the disk
ADDRESS : 0x053B1000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndiswan.sys => Invisible on the disk
ADDRESS : 0x053BD000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspppoe.sys => Invisible on the disk
ADDRESS : 0x05200000
SIZE    : 108.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\raspptp.sys => Invisible on the disk
ADDRESS : 0x0521B000
SIZE    : 132.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rassstp.sys => Invisible on the disk
ADDRESS : 0x051CE000
SIZE    : 104.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\VBoxNetAdp.sys => Invisible on the disk
ADDRESS : 0x041D0000
SIZE    : 168.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\VBoxNetFlt.sys => Invisible on the disk
ADDRESS : 0x04000000
SIZE    : 188.0 Ko

DRIVER  : C:\Windows\system32\drivers\swenum.sys => Invisible on the disk
ADDRESS : 0x0523C000
SIZE    : 8.0 Ko

DRIVER  : C:\Windows\system32\drivers\umbus.sys => Invisible on the disk
ADDRESS : 0x053EC000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\usbhub.sys => Invisible on the disk
ADDRESS : 0x05A25000
SIZE    : 360.0 Ko

DRIVER  : C:\Windows\System32\Drivers\NDProxy.SYS => Invisible on the disk
ADDRESS : 0x05A7F000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\drivers\AtiHdmi.sys => Invisible on the disk
ADDRESS : 0x05A94000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\system32\drivers\portcls.sys => Invisible on the disk
ADDRESS : 0x05AB7000
SIZE    : 244.0 Ko

DRIVER  : C:\Windows\system32\drivers\drmk.sys => Invisible on the disk
ADDRESS : 0x05AF4000
SIZE    : 136.0 Ko

DRIVER  : C:\Windows\system32\drivers\RTKVHD64.sys => Invisible on the disk
ADDRESS : 0x06653000
SIZE    : 2.38 Mo

DRIVER  : C:\Windows\system32\DRIVERS\usbccgp.sys => Invisible on the disk
ADDRESS : 0x068B3000
SIZE    : 116.0 Ko

DRIVER  : C:\Windows\System32\Drivers\usbvideo.sys => Invisible on the disk
ADDRESS : 0x068D0000
SIZE    : 184.0 Ko

DRIVER  : C:\Windows\System32\win32k.sys => Invisible on the disk
ADDRESS : 0x00020000
SIZE    : 3.09 Mo

DRIVER  : C:\Windows\System32\drivers\Dxapi.sys => Invisible on the disk
ADDRESS : 0x068FE000
SIZE    : 48.0 Ko

DRIVER  : C:\Windows\System32\Drivers\crashdmp.sys => Invisible on the disk
ADDRESS : 0x0690A000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_diskdump.sys => Invisible on the disk
ADDRESS : 0x06918000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_amd_sata.sys => Invisible on the disk
ADDRESS : 0x06922000
SIZE    : 88.0 Ko

DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
ADDRESS : 0x06938000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\System32\TSDDD.dll => Invisible on the disk
ADDRESS : 0x004D0000
SIZE    : 40.0 Ko

DRIVER  : C:\Windows\system32\drivers\luafv.sys => Invisible on the disk
ADDRESS : 0x06959000
SIZE    : 140.0 Ko

DRIVER  : C:\Windows\system32\drivers\aswMonFlt.sys => Invisible on the disk
ADDRESS : 0x0697C000
SIZE    : 240.0 Ko

DRIVER  : C:\Windows\System32\Drivers\aswFsBlk.SYS => Invisible on the disk
ADDRESS : 0x069B8000
SIZE    : 36.0 Ko

DRIVER  : C:\Windows\system32\drivers\WudfPf.sys => Invisible on the disk
ADDRESS : 0x069C1000
SIZE    : 100.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\lltdio.sys => Invisible on the disk
ADDRESS : 0x069DA000
SIZE    : 84.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\nwifi.sys => Invisible on the disk
ADDRESS : 0x06600000
SIZE    : 332.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\ndisuio.sys => Invisible on the disk
ADDRESS : 0x05B16000
SIZE    : 76.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\rspndr.sys => Invisible on the disk
ADDRESS : 0x05B29000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\System32\cdd.dll => Invisible on the disk
ADDRESS : 0x00720000
SIZE    : 156.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\monitor.sys => Invisible on the disk
ADDRESS : 0x0694B000
SIZE    : 56.0 Ko

DRIVER  : C:\Windows\system32\drivers\HTTP.sys => Invisible on the disk
ADDRESS : 0x02802000
SIZE    : 804.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\bowser.sys => Invisible on the disk
ADDRESS : 0x028CB000
SIZE    : 120.0 Ko

DRIVER  : C:\Windows\System32\drivers\mpsdrv.sys => Invisible on the disk
ADDRESS : 0x028E9000
SIZE    : 96.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb.sys => Invisible on the disk
ADDRESS : 0x02901000
SIZE    : 180.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb10.sys => Invisible on the disk
ADDRESS : 0x0292E000
SIZE    : 312.0 Ko

DRIVER  : C:\Windows\system32\DRIVERS\mrxsmb20.sys => Invisible on the disk
ADDRESS : 0x0297C000
SIZE    : 144.0 Ko

DRIVER  : C:\Windows\system32\drivers\peauth.sys => Invisible on the disk
ADDRESS : 0x05B41000
SIZE    : 664.0 Ko

DRIVER  : C:\Windows\System32\Drivers\secdrv.SYS => Invisible on the disk
ADDRESS : 0x029A0000
SIZE    : 44.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srvnet.sys => Invisible on the disk
ADDRESS : 0x029AB000
SIZE    : 196.0 Ko

DRIVER  : C:\Windows\System32\drivers\tcpipreg.sys => Invisible on the disk
ADDRESS : 0x029DC000
SIZE    : 72.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv2.sys => Invisible on the disk
ADDRESS : 0x08C5E000
SIZE    : 420.0 Ko

DRIVER  : C:\Windows\System32\DRIVERS\srv.sys => Invisible on the disk
ADDRESS : 0x08CC7000
SIZE    : 608.0 Ko

DRIVER  : C:\Windows\System32\smss.exe => Invisible on the disk
ADDRESS : 0x480E0000
SIZE    : 128.0 Ko

BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)

SystemStartOptions :  NOEXECUTE=OPTIN

________________________________________________________________________________

_____FAKED   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A FE D1 2A 4B 00 00 80 FE   em...c{.þÑ*K...þ
0x000001C0   FF FF 07 FE FF FF 00 00 42 0B 00 60 09 00 00 00   ...þ....B..`....
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__ORIGINAL   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 8E C0 8E D8 8B F4 BF 00   3À.м.|û.À.Ø.ô¿.
0x00000010   06 B9 00 02 FC F3 A4 EA 60 06 00 00 00 00 00 00   .¹..üó¤ê`.......
0x00000020   52 65 63 6F 76 65 72 79 4D 67 72 20 00 68 24 38   RecoveryMgr .h$8
0x00000030   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000040   00 00 00 00 00 00 00 00 00 00 00 00 00 00 0D 0A   ................
0x00000050   00 00 00 00 57 00 00 00 FF FF FF FF FF FF FF FF   ....W...........
0x00000060   86 4C BD BE 30 06 AC B4 0E 33 DB CD 10 0A C0 75   .L½¾0.¬´.3ÛÍ..Àu
0x00000070   F5 E3 0B FE 06 13 06 53 53 E8 6D 00 EB 36 B8 12   õã.þ...SSèm.ë6¸.
0x00000080   5F 66 BA 51 50 48 5F CD 15 80 E3 01 74 20 EB 24   _fºQPH_Í..ã.t ë$
0x00000090   8B 16 6C 04 FA 66 A1 1C 06 BF 54 06 B1 03 F2 66   ..l.úf¡..¿T.±.òf
0x000000A0   AF FB 74 0A A1 3D 00 00 C2 83 F8 24 76 E6 B0 01   ¯ût.¡=..Â.ø$væ°.
0x000000B0   84 C0 75 1C BB C6 7D 66 8B 37 66 8B 3E 2C 06 66   .Àu.»Æ}f.7f.>,.f
0x000000C0   3B F7 74 07 80 C3 10 73 EE EB 05 BB 28 06 EB 10   ;÷t..Ã.sîë.»(.ë.
0x000000D0   BB C2 7D 80 7F FC 00 78 07 80 C3 10 73 F5 EB FE   »Â}..ü.x..Ã.sõëþ
0x000000E0   66 FF 77 04 E8 02 00 FF E4 C8 10 00 00 B4 08 B2   f.w.è...äÈ...´.²
0x000000F0   80 CD 13 8A C1 24 3F FE C6 8A D8 F6 E6 C0 E9 06   .Í..Á$?þÆ.ØöæÀé.
0x00000100   86 CD 41 91 F7 E1 39 56 06 8B 56 06 8B 46 04 73   .ÍA.÷á9V..V..F.s
0x00000110   1C F7 F1 91 92 F6 F3 86 CD C0 E1 06 02 CC 41 8A   .÷ñ..öó.ÍÀá..ÌA.
0x00000120   F0 B8 01 02 BB 00 7C 86 26 13 06 EB 14 83 C4 10   ð¸..».|.&..ë..Ä.
0x00000130   0E 0E 52 50 0E 68 00 7C 6A 01 6A 10 8B F4 B8 00   ..RP.h.|j.j..ô¸.
0x00000140   42 B2 80 CD 13 C9 C2 04 00 1E 50 53 0E 1F BB 1B   B².Í.ÉÂ...PS..».
0x00000150   06 A0 17 04 24 0F 88 47 04 E4 60 3C E0 74 1A 3C   ....$..G.ä`<àt.<
0x00000160   1D 74 10 3C 2A 74 0C 3C 36 74 08 3C 38 74 04 84   .t.<*t.<6t.<8t..
0x00000170   C0 79 06 66 83 27 00 EB 06 FE 07 02 1F 88 07 5B   Ày.f.'.ë.þ.....[
0x00000180   58 1F EA 00 00 00 00 00 00 00 00 00 00 00 00 00   X.ê.............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 00 00 00 EB D1 2A 4B 00 00 80 20   ........ëÑ*K... 
0x000001C0   21 00 07 7E 25 19 00 08 00 00 00 38 06 00 00 7E   !..~%......8...~
0x000001D0   26 19 07 FE FF FF 00 40 06 00 00 28 1E 38 00 FE   &..þ...@...(.8.þ
0x000001E0   FF FF 07 FE FF FF 00 68 24 38 00 B8 10 02 00 FE   ...þ...h$8.¸...þ
0x000001F0   FF FF 0C FE FF FF 00 20 35 3A 30 38 03 00 55 AA   ...þ... 5:08..Uª


#8
JoseMelo

JoseMelo

    Assistente Profissional

  • Assistente Profissional
  • 125.298 posts
Estou repassando seu problema para um especialista em remoção de rootkit. Ele fará a análise e, caso seja confirmado, indicará os procedimentos a serem adotados.
Peço que aguarde para darmos andamento ao tópico.

#9
Sam Spade

Sam Spade

    Assistente Profissional

  • Assistente Profissional
  • 21.005 posts
Olá Tiago Freitas! Você verá no seu desktop um arquivo criado pelo MBRScan, que é um dump do MBR.

Acesse o VirusTotal.com. Clique no botão Choose File e na janela Escolher arquivo a carregar localize no desktop o dump criado pelo MBRScan:

Dump_Hdd0_DR0.mbr

Clique no botão Scan it!. Agüarde a análise terminar, depois copie o link que estará na barra de endereço do seu navegador e cole na sua próxima resposta. Exemplo:

https://www.virustotal.com/file/be174c2ea137c2401cc50a92086c8a7cfde
69f711176737737b1d7bdf91b9f4d/analysis/1331728637/


Obs: Se você usar o VirusTotal, caso o arquivo já tenha sido analisado anteriormente pelo site, você verá uma imagem semelhante a esta:

Imagem Postada

Se isso acontecer, reanalise o arquivo.

Baixe Imagem Postada e salve no desktop. Dê um duplo clique para executar o ListParts64 by Farbar.

Proceda como na imagem abaixo:

Imagem Postada

Ao final do exame abrirá esta janela:

Imagem Postada
Dê o Ok e um log abrirá. Ele é salvo no mesmo diretório do programa, ou seja, no desktop, com o nome de Result.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta, juntamente com o link da análise no VT.
Linha Defensiva no Facebook
Junte-se ao ARIS//Linha Defensiva no Twitter
Imagem Postada
Não abandone o seu tópico.
Alguém dedicou parte do seu tempo para ajudá-lo!

#10
Tiago Freitas

Tiago Freitas

    Novato

  • Membro
  • Pip
  • 15 posts
https://www.virustot...sis/1353288973/


ListParts by Farbar Version: 30-10-2012
Ran by Tiago (administrator) on 18-11-2012 at 23:39:04
Windows 7 (X64)
Running From: C:\Users\Tiago\Documents\Downloads
Language: 0416
************************************************************

========================= Memory info ======================

Percentage of memory in use: 43%
Total physical RAM: 3834.9 MB
Available physical RAM: 2161.28 MB
Total Pagefile: 7668 MB
Available Pagefile: 5401.01 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: () (Fixed) (Total:448.94 GB) (Free:151.27 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (RECOVERY) (Fixed) (Total:16.52 GB) (Free:2.39 GB) NTFS ==>[System with boot components (obtained from reading drive)]
5 Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32

N§ Disco Status Tam. Livre Din. GPT
-------- ------------- ------- ------- --- ---
Disco 0 Online 465 GB 0 B

Partitions of Disk 0:
===============

O disco 0 ‚ o disco selecionado.

Parti‡Æo No. Tipo Tamanho Deslocamento
------------- ---------------- ------- ------------
Parti‡Æo 1 Prim rio 199 MB 1024 KB
Parti‡Æo 2 Prim rio 448 GB 200 MB
Parti‡Æo 3 Prim rio 16 GB 449 GB
Parti‡Æo 4 Prim rio 103 MB 465 GB

======================================================================================================

Disk: 0
O disco 0 ‚ o disco selecionado.

1 ‚ a parti‡Æo selecionada.

Parti‡Æo 1
Tipo : 07
Oculto: NÆo
Ativo : Sim
Desloc. em Bytes: 1048576

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 SYSTEM NTFS Parti‡Æo 199 MB Öntegro Sistema

======================================================================================================

Disk: 0
O disco 0 ‚ o disco selecionado.

2 ‚ a parti‡Æo selecionada.

Parti‡Æo 2
Tipo : 07
Oculto: NÆo
Ativo : NÆo
Desloc. em Bytes: 209715200

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 C NTFS Parti‡Æo 448 GB Öntegro Iniciali

======================================================================================================

Disk: 0
O disco 0 ‚ o disco selecionado.

3 ‚ a parti‡Æo selecionada.

Parti‡Æo 3
Tipo : 07
Oculto: NÆo
Ativo : NÆo
Desloc. em Bytes: 482257928192

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 5 D RECOVERY NTFS Parti‡Æo 16 GB Öntegro

======================================================================================================

Disk: 0
O disco 0 ‚ o disco selecionado.

4 ‚ a parti‡Æo selecionada.

Parti‡Æo 4
Tipo : 0C
Oculto: NÆo
Ativo : NÆo
Desloc. em Bytes: 499998785536

Volume No. Ltr R¢tulo Fs Tipo Tamanho Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 6 G HP_TOOLS FAT32 Parti‡Æo 103 MB Öntegro

======================================================================================================

Gerenciador de Inicializa‡Æo do Windows
--------------------
identificador {9dea862c-5cdd-4e70-acc1-f32b344d4795}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale pt-BR
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
extendedinput Yes
default {c279be76-9b51-11de-9b93-a29d207e6d0e}
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
displayorder {c279be76-9b51-11de-9b93-a29d207e6d0e}
toolsdisplayorder {b2721d73-1db4-4c62-bf78-c548a880142d}
timeout 30
customactions 0x1000085000001
0x5400000f
custom:5400000f {1f2659ab-c08b-11e0-9584-fe9c1d046ee3}

Carregador de Inicializa‡Æo do Windows
-------------------
identificador {1f2659ab-c08b-11e0-9584-fe9c1d046ee3}
device ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{1f2659ac-c08b-11e0-9584-fe9c1d046ee3}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
osdevice ramdisk=[D:]\Recovery\WindowsRE\Winre.wim,{1f2659ac-c08b-11e0-9584-fe9c1d046ee3}
systemroot \windows
nx OptIn
winpe Yes
custom:46000010 Yes

Carregador de Inicializa‡Æo do Windows
-------------------
identificador {572bcd60-ffa7-11d9-aae0-0007e994107d}
device ramdisk=[boot]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
path \windows\system32\boot\winload.exe
description Microsoft Windows PE 2.0
osdevice ramdisk=[boot]\sources\boot.wim,{ae5534e0-a924-466c-b836-758539a3ee3a}
systemroot \windows
detecthal Yes
winpe Yes
ems Yes

Carregador de Inicializa‡Æo do Windows
-------------------
identificador {c279be76-9b51-11de-9b93-a29d207e6d0e}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale pt-BR
inherit {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
recoverysequence {1f2659ab-c08b-11e0-9584-fe9c1d046ee3}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {c279be75-9b51-11de-9b93-a29d207e6d0e}
nx OptIn

Continuar da Hiberna‡Æo
---------------------
identificador {c279be75-9b51-11de-9b93-a29d207e6d0e}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale pt-BR
inherit {1afa9c49-16ab-4a5c-901b-212802da9460}
filedevice partition=C:
filepath \hiberfil.sys
debugoptionenabled No

Testador de Mem¢ria do Windows
---------------------
identificador {b2721d73-1db4-4c62-bf78-c548a880142d}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale pt-BR
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
badmemoryaccess Yes

Configura‡äes de EMS
------------
identificador {0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
bootems Yes

Configura‡äes do Depurador
-----------------
identificador {4636856e-540f-4170-a130-a84776f4c654}
debugtype Serial
debugport 1
baudrate 115200

Defeitos de RAM
-----------
identificador {5189b25c-5558-4bf2-bca4-289b11bd29e2}

Configura‡äes Globais
---------------
identificador {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
inherit {4636856e-540f-4170-a130-a84776f4c654}
{0ce4991b-e6b3-4b16-b23c-5e0d9250e5d9}
{5189b25c-5558-4bf2-bca4-289b11bd29e2}

Configura‡äes do Carregador de Inicializa‡Æo
--------------------
identificador {6efb52bf-1766-41db-a6b3-0ee5eff72bd7}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}
{7ff607e0-4395-11db-b0de-0800200c9a66}

Configura‡äes do Hypervisor
-------------------
identificador {7ff607e0-4395-11db-b0de-0800200c9a66}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200
Configura‡äes do Carregador de Retorno
----------------------
identificador {1afa9c49-16ab-4a5c-901b-212802da9460}
inherit {7ea2e1ac-2e61-4728-aaa3-896d9d0a9f0e}

Op‡äes de dispositivo
--------------
identificador {1f2659ac-c08b-11e0-9584-fe9c1d046ee3}
description Ramdisk Options
ramdisksdidevice partition=D:
ramdisksdipath \Recovery\WindowsRE\boot.sdi

Instalar Op‡äes do Disco Ram
---------------------
identificador {ae5534e0-a924-466c-b836-758539a3ee3a}
description Ramdisk Options
ramdisksdidevice boot
ramdisksdipath \boot\boot.sdi


****** End Of Log ******

#11
Sam Spade

Sam Spade

    Assistente Profissional

  • Assistente Profissional
  • 21.005 posts
Observação: leia com atenção todo o procedimento antes de executar a ferramenta.

Baixe e salve-o em seu Desktop Imagem Postada

Dê um duplo-clique no aswMBR.exe para iniciar a ferramenta.

No Windows Vista e Windows 7:

Clique com o direito sobre o aswMBR.exe e selecione Imagem Postada
  • Surgirá uma janela de aviso para atualizar o banco de dados, clique em Sim;

    Imagem Postada
  • Ao terminar a atualização clique em Scan
  • Após a conclusão Scan finished sucessfully, clique em Save log para salvá-lo em seu Desktop,
  • Clique em Exit para sair do programa;
  • Selecione, copie e cole o conteúdo do log do aswMBR na sua próxima resposta.
  • Atenção: NÃO clique no botão Fix, apenas aguarde pelos próximos procedimentos.
  • Irá notar no Desktop um outro arquivo chamado MBR.dat.
  • Não delete esse arquivo, pois é um arquivo de backup.
  • Antes de enviar seu log siga os procedimentos abaixo:
  • Clique em cima do arquivo MBR.dat com o botão direito do mouse e compacte-o (ZIP - o fórum não aceita RAR);
  • Ao postar o log anexe esse arquivo também na sua resposta!

Linha Defensiva no Facebook
Junte-se ao ARIS//Linha Defensiva no Twitter
Imagem Postada
Não abandone o seu tópico.
Alguém dedicou parte do seu tempo para ajudá-lo!

#12
Tiago Freitas

Tiago Freitas

    Novato

  • Membro
  • Pip
  • 15 posts
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-19 10:43:18
-----------------------------
10:43:18.386 OS Version: Windows x64 6.1.7601 Service Pack 1
10:43:18.386 Number of processors: 2 586 0x603
10:43:18.386 ComputerName: TIAGO-HP UserName: Tiago
10:43:21.178 Initialize success
10:43:21.272 AVAST engine defs: 12111900
10:43:22.536 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
10:43:22.551 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 11
10:43:22.567 Disk 0 MBR read successfully
10:43:22.567 Disk 0 MBR scan
10:43:22.582 Disk 0 unknown MBR code
10:43:22.582 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
10:43:22.598 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459717 MB offset 409600
10:43:22.629 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16919 MB offset 941910016
10:43:22.645 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
10:43:22.692 Disk 0 scanning C:\Windows\system32\drivers
10:43:33.373 Service scanning
10:43:47.659 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:43:53.098 Modules scanning
10:43:53.112 Disk 0 trace - called modules:
10:43:53.131 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80043d42c0]<<spso.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
10:43:53.136 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004704060]
10:43:53.140 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa800468fb80]
10:43:53.145 \Driver\amd_xata[0xfffffa800447f710] -> IRP_MJ_CREATE -> 0xfffffa80043d42c0
10:43:53.151 5 amd_xata.sys[fffff88000fed7a8] -> nt!IofCallDriver -> \Device\00000066[0xfffffa800468b060]
10:43:53.157 \Driver\amd_sata[0xfffffa800447fac0] -> IRP_MJ_CREATE -> 0xfffffa80043d22c0
10:43:56.116 AVAST engine scan C:\Windows
10:43:59.064 AVAST engine scan C:\Windows\system32
10:46:58.580 AVAST engine scan C:\Windows\system32\drivers
10:47:11.921 AVAST engine scan C:\Users\Tiago
11:17:54.644 AVAST engine scan C:\ProgramData
11:21:30.554 Scan finished successfully
11:52:12.566 Disk 0 MBR has been saved successfully to "C:\Users\Tiago\Desktop\MBR.dat"
11:52:12.572 The log file has been saved successfully to "C:\Users\Tiago\Desktop\aswMBR.txt"

Arquivo(s) anexado(s)

  • Arquivo anexado  MBR.zip   531bytes   1 Downloads


#13
Sam Spade

Sam Spade

    Assistente Profissional

  • Assistente Profissional
  • 21.005 posts
Ok, siga estas instruções:
  • Clique duas vezes no aswMBR.exe;
  • Clique em Scan;
  • Após a conclusão do scan, clique no botão Fix;
  • Aguardar pelo relatório Infection fixed successfully.
Imagem Postada
  • Reinicie o computador assim que for solicitado;
  • Após o reinicio poste o conteúdo do log aswMBR.txt em sua próxima resposta.

Linha Defensiva no Facebook
Junte-se ao ARIS//Linha Defensiva no Twitter
Imagem Postada
Não abandone o seu tópico.
Alguém dedicou parte do seu tempo para ajudá-lo!

#14
Tiago Freitas

Tiago Freitas

    Novato

  • Membro
  • Pip
  • 15 posts
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-19 10:43:18
-----------------------------
10:43:18.386 OS Version: Windows x64 6.1.7601 Service Pack 1
10:43:18.386 Number of processors: 2 586 0x603
10:43:18.386 ComputerName: TIAGO-HP UserName: Tiago
10:43:21.178 Initialize success
10:43:21.272 AVAST engine defs: 12111900
10:43:22.536 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
10:43:22.551 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 11
10:43:22.567 Disk 0 MBR read successfully
10:43:22.567 Disk 0 MBR scan
10:43:22.582 Disk 0 unknown MBR code
10:43:22.582 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
10:43:22.598 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459717 MB offset 409600
10:43:22.629 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16919 MB offset 941910016
10:43:22.645 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
10:43:22.692 Disk 0 scanning C:\Windows\system32\drivers
10:43:33.373 Service scanning
10:43:47.659 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:43:53.098 Modules scanning
10:43:53.112 Disk 0 trace - called modules:
10:43:53.131 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80043d42c0]<<spso.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
10:43:53.136 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004704060]
10:43:53.140 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa800468fb80]
10:43:53.145 \Driver\amd_xata[0xfffffa800447f710] -> IRP_MJ_CREATE -> 0xfffffa80043d42c0
10:43:53.151 5 amd_xata.sys[fffff88000fed7a8] -> nt!IofCallDriver -> \Device\00000066[0xfffffa800468b060]
10:43:53.157 \Driver\amd_sata[0xfffffa800447fac0] -> IRP_MJ_CREATE -> 0xfffffa80043d22c0
10:43:56.116 AVAST engine scan C:\Windows
10:43:59.064 AVAST engine scan C:\Windows\system32
10:46:58.580 AVAST engine scan C:\Windows\system32\drivers
10:47:11.921 AVAST engine scan C:\Users\Tiago
11:17:54.644 AVAST engine scan C:\ProgramData
11:21:30.554 Scan finished successfully
11:52:12.566 Disk 0 MBR has been saved successfully to "C:\Users\Tiago\Desktop\MBR.dat"
11:52:12.572 The log file has been saved successfully to "C:\Users\Tiago\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-20 21:50:31
-----------------------------
21:50:31.217 OS Version: Windows x64 6.1.7601 Service Pack 1
21:50:31.217 Number of processors: 2 586 0x603
21:50:31.218 ComputerName: TIAGO-HP UserName: Tiago
21:50:33.335 Initialize success
21:50:34.180 AVAST engine defs: 12111901
21:50:41.969 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
21:50:41.974 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 11
21:50:42.047 Disk 0 MBR read successfully
21:50:42.053 Disk 0 MBR scan
21:50:42.061 Disk 0 unknown MBR code
21:50:42.097 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:50:42.109 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459717 MB offset 409600
21:50:42.146 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16919 MB offset 941910016
21:50:42.169 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
21:50:42.218 Disk 0 scanning C:\Windows\system32\drivers
21:50:58.821 Service scanning
21:51:13.448 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:51:18.994 Modules scanning
21:51:19.024 Disk 0 trace - called modules:
21:51:19.051 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80043b72c0]<<sprx.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
21:51:19.056 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046e7060]
21:51:19.062 3 CLASSPNP.SYS[fffff88001bb443f] -> nt!IofCallDriver -> [0xfffffa800466c040]
21:51:19.067 \Driver\amd_xata[0xfffffa8004463060] -> IRP_MJ_CREATE -> 0xfffffa80043b72c0
21:51:19.073 5 amd_xata.sys[fffff88000ff07a8] -> nt!IofCallDriver -> \Device\00000065[0xfffffa80046689c0]
21:51:19.078 \Driver\amd_sata[0xfffffa8004453690] -> IRP_MJ_CREATE -> 0xfffffa80043b52c0
21:51:20.862 AVAST engine scan C:\Windows
21:51:23.859 AVAST engine scan C:\Windows\system32
21:54:48.674 AVAST engine scan C:\Windows\system32\drivers
21:55:03.686 AVAST engine scan C:\Users\Tiago
22:25:35.515 AVAST engine scan C:\ProgramData
22:28:09.682 Scan finished successfully
23:15:19.967 Verifying
23:15:29.983 Disk 0 Windows 601 MBR fixed successfully
23:17:14.611 Verifying
23:17:24.628 Disk 0 Windows 601 MBR fixed successfully
23:17:34.221 Disk 0 MBR has been saved successfully to "C:\Users\Tiago\Documents\Downloads\MBR.dat"
23:17:34.231 The log file has been saved successfully to "C:\Users\Tiago\Documents\Downloads\aswMBR.txt"

#15
Sam Spade

Sam Spade

    Assistente Profissional

  • Assistente Profissional
  • 21.005 posts
Por favor, rode novamente o aswMBR, só o scan e poste o novo log.
Linha Defensiva no Facebook
Junte-se ao ARIS//Linha Defensiva no Twitter
Imagem Postada
Não abandone o seu tópico.
Alguém dedicou parte do seu tempo para ajudá-lo!

#16
Tiago Freitas

Tiago Freitas

    Novato

  • Membro
  • Pip
  • 15 posts
aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-19 10:43:18
-----------------------------
10:43:18.386 OS Version: Windows x64 6.1.7601 Service Pack 1
10:43:18.386 Number of processors: 2 586 0x603
10:43:18.386 ComputerName: TIAGO-HP UserName: Tiago
10:43:21.178 Initialize success
10:43:21.272 AVAST engine defs: 12111900
10:43:22.536 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
10:43:22.551 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 11
10:43:22.567 Disk 0 MBR read successfully
10:43:22.567 Disk 0 MBR scan
10:43:22.582 Disk 0 unknown MBR code
10:43:22.582 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
10:43:22.598 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459717 MB offset 409600
10:43:22.629 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16919 MB offset 941910016
10:43:22.645 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
10:43:22.692 Disk 0 scanning C:\Windows\system32\drivers
10:43:33.373 Service scanning
10:43:47.659 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
10:43:53.098 Modules scanning
10:43:53.112 Disk 0 trace - called modules:
10:43:53.131 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80043d42c0]<<spso.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
10:43:53.136 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004704060]
10:43:53.140 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa800468fb80]
10:43:53.145 \Driver\amd_xata[0xfffffa800447f710] -> IRP_MJ_CREATE -> 0xfffffa80043d42c0
10:43:53.151 5 amd_xata.sys[fffff88000fed7a8] -> nt!IofCallDriver -> \Device\00000066[0xfffffa800468b060]
10:43:53.157 \Driver\amd_sata[0xfffffa800447fac0] -> IRP_MJ_CREATE -> 0xfffffa80043d22c0
10:43:56.116 AVAST engine scan C:\Windows
10:43:59.064 AVAST engine scan C:\Windows\system32
10:46:58.580 AVAST engine scan C:\Windows\system32\drivers
10:47:11.921 AVAST engine scan C:\Users\Tiago
11:17:54.644 AVAST engine scan C:\ProgramData
11:21:30.554 Scan finished successfully
11:52:12.566 Disk 0 MBR has been saved successfully to "C:\Users\Tiago\Desktop\MBR.dat"
11:52:12.572 The log file has been saved successfully to "C:\Users\Tiago\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-20 21:50:31
-----------------------------
21:50:31.217 OS Version: Windows x64 6.1.7601 Service Pack 1
21:50:31.217 Number of processors: 2 586 0x603
21:50:31.218 ComputerName: TIAGO-HP UserName: Tiago
21:50:33.335 Initialize success
21:50:34.180 AVAST engine defs: 12111901
21:50:41.969 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000065
21:50:41.974 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 11
21:50:42.047 Disk 0 MBR read successfully
21:50:42.053 Disk 0 MBR scan
21:50:42.061 Disk 0 unknown MBR code
21:50:42.097 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
21:50:42.109 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459717 MB offset 409600
21:50:42.146 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16919 MB offset 941910016
21:50:42.169 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
21:50:42.218 Disk 0 scanning C:\Windows\system32\drivers
21:50:58.821 Service scanning
21:51:13.448 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
21:51:18.994 Modules scanning
21:51:19.024 Disk 0 trace - called modules:
21:51:19.051 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80043b72c0]<<sprx.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
21:51:19.056 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80046e7060]
21:51:19.062 3 CLASSPNP.SYS[fffff88001bb443f] -> nt!IofCallDriver -> [0xfffffa800466c040]
21:51:19.067 \Driver\amd_xata[0xfffffa8004463060] -> IRP_MJ_CREATE -> 0xfffffa80043b72c0
21:51:19.073 5 amd_xata.sys[fffff88000ff07a8] -> nt!IofCallDriver -> \Device\00000065[0xfffffa80046689c0]
21:51:19.078 \Driver\amd_sata[0xfffffa8004453690] -> IRP_MJ_CREATE -> 0xfffffa80043b52c0
21:51:20.862 AVAST engine scan C:\Windows
21:51:23.859 AVAST engine scan C:\Windows\system32
21:54:48.674 AVAST engine scan C:\Windows\system32\drivers
21:55:03.686 AVAST engine scan C:\Users\Tiago
22:25:35.515 AVAST engine scan C:\ProgramData
22:28:09.682 Scan finished successfully
23:15:19.967 Verifying
23:15:29.983 Disk 0 Windows 601 MBR fixed successfully
23:17:14.611 Verifying
23:17:24.628 Disk 0 Windows 601 MBR fixed successfully
23:17:34.221 Disk 0 MBR has been saved successfully to "C:\Users\Tiago\Documents\Downloads\MBR.dat"
23:17:34.231 The log file has been saved successfully to "C:\Users\Tiago\Documents\Downloads\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-11-21 22:40:48
-----------------------------
22:40:48.146 OS Version: Windows x64 6.1.7601 Service Pack 1
22:40:48.146 Number of processors: 2 586 0x603
22:40:48.146 ComputerName: TIAGO-HP UserName: Tiago
22:41:04.589 Initialize success
22:41:04.854 AVAST engine defs: 12112101
22:41:19.534 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
22:41:19.534 Disk 0 Vendor: ST950042 0006 Size: 476940MB BusType: 11
22:41:19.549 Disk 0 MBR read successfully
22:41:19.565 Disk 0 MBR scan
22:41:19.565 Disk 0 Windows 7 default MBR code
22:41:19.580 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
22:41:19.612 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 459717 MB offset 409600
22:41:19.658 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 16919 MB offset 941910016
22:41:19.721 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 976560128
22:41:19.814 Disk 0 scanning C:\Windows\system32\drivers
22:41:38.066 Service scanning
22:41:57.098 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
22:42:02.621 Modules scanning
22:42:03.136 Disk 0 trace - called modules:
22:42:03.151 ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80043d42c0]<<spgj.sys amd_xata.sys storport.sys hal.dll amd_sata.sys
22:42:03.167 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80047006f0]
22:42:03.182 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa800468c040]
22:42:03.182 \Driver\amd_xata[0xfffffa800447ecb0] -> IRP_MJ_CREATE -> 0xfffffa80043d42c0
22:42:03.182 5 amd_xata.sys[fffff88000fee7a8] -> nt!IofCallDriver -> \Device\00000066[0xfffffa80046831f0]
22:42:03.198 \Driver\amd_sata[0xfffffa800447e060] -> IRP_MJ_CREATE -> 0xfffffa80043d22c0
22:42:05.210 AVAST engine scan C:\Windows
22:42:13.556 AVAST engine scan C:\Windows\system32
22:46:09.711 AVAST engine scan C:\Windows\system32\drivers
22:46:37.516 AVAST engine scan C:\Users\Tiago
23:16:10.810 AVAST engine scan C:\ProgramData
23:18:45.314 Scan finished successfully
23:22:37.168 Disk 0 MBR has been saved successfully to "C:\Users\Tiago\Documents\Downloads\MBR.dat"
23:22:37.174 The log file has been saved successfully to "C:\Users\Tiago\Documents\Downloads\aswMBR.txt"

#17
Sam Spade

Sam Spade

    Assistente Profissional

  • Assistente Profissional
  • 21.005 posts
O MBR agora está Ok. Vamos fazer uma verificação do sistema com o ComboFix.

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

Faça o download do ComboFix (by sUBs) e salve na área de trabalho.
  • Feche todas as janelas e programas.
  • Dê um duplo-clique no ComboFix.exe e tecle "Sim" para prosseguir.
Não clique em nada e não aperte nenhuma tecla durante o exame, pois a ferramenta não funcionará corretamente.

Quando a ferramenta terminar de rodar, gerará um log. Anexe o arquivo C:\ComboFix.txt na sua próxima resposta.

Importante:
  • É necessário estar conectado durante o procedimento com o ComboFix;
  • É preciso estar logado no sistema com privilégios de administrador.
  • Não execute o ComboFix na janela do seu navegador.
  • Mantenha seu antivirus, antispywares e firewall desativados durante os procedimentos com o ComboFix. Torne a ativá-los quando terminar tudo.
  • Caso você já tenha usado o Combofix anteriormente, então delete o Combofix.exe e baixe-o novamente. Veja bem: é somente para deletar o arquivo. NÃO É para desinstalá-lo.
  • Não rode o ComboFix mais do que uma vez. Isso irá sobreescrever o log e atrasará a remoção do(s) malware(s)
  • O ComboFix é uma ferramenta que pode danificar o sistema se for usada incorretamente. Use-o apenas sob supervisão de um analista de segurança.

Linha Defensiva no Facebook
Junte-se ao ARIS//Linha Defensiva no Twitter
Imagem Postada
Não abandone o seu tópico.
Alguém dedicou parte do seu tempo para ajudá-lo!

#18
Tiago Freitas

Tiago Freitas

    Novato

  • Membro
  • Pip
  • 15 posts
o log do combo fix.

Arquivo(s) anexado(s)

  • Arquivo anexado  log.txt   20,73K   1 Downloads


#19
Sam Spade

Sam Spade

    Assistente Profissional

  • Assistente Profissional
  • 21.005 posts
Desinstale esta extensão do Firefox:

extensions\onlinehdtv@onlinehd.tv.xpi

Veja o motivo no link abaixo:

http://www.bleepingcomputer.com/virus-removal/remove-coupondropdown

Vou retornar o tópico para o JoseMelo para finalização ou se quiser acrescentar algo. :legal:

Abraço.
Linha Defensiva no Facebook
Junte-se ao ARIS//Linha Defensiva no Twitter
Imagem Postada
Não abandone o seu tópico.
Alguém dedicou parte do seu tempo para ajudá-lo!

#20
Tiago Freitas

Tiago Freitas

    Novato

  • Membro
  • Pip
  • 15 posts
Valeu Sam Spade, muito obrigado pelo seu tempo.