Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

emgeduardo

Sequestro de navegador: desk365.exe, 22find.com, TrayDownloader.exe

4 posts neste tópico

Meu firefox travou e notei que estavam sendo instalados alguns programas: desk365.exe, 22find.com, TrayDownloader.exe

também achei instalado v9.

 

Não consigo imaginar a origem do problema pois estava navegando apenas em sites confiáveis.

 

Por gentileza me ajudem a me livrar destes sequestradores de browsers.

 

Eu também gostaria de saber a origem destas invasões para evitar que isto ocorra de novo.

 

Segue abaixo o log to Hijackthis:

 

 

 

 

 

Logfile of HijackThis v1.99.1
Scan saved at 14:00:30, on 2013.01.28
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Software Plate\svcgdp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Desk 365\deskSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\SUPERAntiSpyware\SASCORE.EXE
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\Bacula\bacula-fd.exe
C:\Arquivos de programas\DigitalPersona\Bin\DpHost.exe
C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\BakBone Software\NetVault\bin\nvpmgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Arquivos de programas\Raxco\PerfectDisk\PDAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\DigitalPersona\Bin\DPFUSMgr.exe
C:\Arquivos de programas\BakBone Software\NetVault\bin\nvstatsmngr.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Arquivos comuns\Raxco\Shared\PDEngine.exe
C:\WINDOWS\Explorer.EXE
C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe
C:\Arquivos de programas\DigitalPersona\Bin\DPAgnt.exe
C:\Arquivos de programas\Logitech\iTouch\iTouch.exe
C:\WINDOWS\system32\rundll32.exe
C:\Arquivos de programas\Logitech\SetPointP\SetPoint.exe
C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Arquivos de programas\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\Arquivos de programas\Samsung\Kies\KiesTrayAgent.exe
C:\Arquivos de programas\ClamWin\bin\ClamTray.exe
C:\Arquivos de programas\ClamSentinel\ClamSentinel.exe
C:\WINDOWS\system32\aetcrss1.exe
C:\Arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Arquivos de programas\Samsung\Kies\Kies.exe
C:\Arquivos de programas\Arquivos comuns\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Arquivos de programas\Desk 365\desk365.exe
C:\Arquivos de programas\LaunchMate\LnchMate.exe
C:\Arquivos de programas\Nikon\NkView6\NkvMon.exe
C:\Arquivos de programas\Symmetricom\SymmTime\GeTTime.exe
C:\Arquivos de programas\MagicDisc\MagicDisc.exe
C:\Arquivos de programas\Sysinternals\procexp.exe
C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Mozilla Firefox\plugin-container.exe
C:\Arquivos de programas\Notepad++\notepad++.exe
C:\WINDOWS\explorer.exe
L:\software\linux\Internet Security\clamav.net\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=gdp&from=gdp&uid=ST3500320AS_9QM2LLVNXXXX9QM2LLVN&ts=1359380642
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = &http://home.microsoft.com/intl/br/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.22find.com/newtab?utm_source=b&utm_medium=gdp&from=gdp&uid=ST3500320AS_9QM2LLVNXXXX9QM2LLVN&ts=1359380642
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.22find.com/newtab?utm_source=b&utm_medium=gdp&from=gdp&uid=ST3500320AS_9QM2LLVNXXXX9QM2LLVN&ts=1359380642
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.22find.com/newtab?utm_source=b&utm_medium=gdp&from=gdp&uid=ST3500320AS_9QM2LLVNXXXX9QM2LLVN&ts=1359380642
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.22find.com/web/?utm_source=b&utm_medium=gdp&from=gdp&uid=ST3500320AS_9QM2LLVNXXXX9QM2LLVN&ts=1359380643
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://search.22find.com/web/?utm_source=b&utm_medium=gdp&from=gdp&uid=ST3500320AS_9QM2LLVNXXXX9QM2LLVN&ts=1359380643
O1 - Hosts: ::1 localhost #[iPv6]
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre6\bin\ssv.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [soundMAX] "C:\Arquivos de programas\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [DPAgnt] C:\Arquivos de programas\DigitalPersona\Bin\DPAgnt.exe
O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\JM\JMInsIDE.exe
O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\JMRaidSetup.exe boot
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Arquivos de programas\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [iMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [iMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [bluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [EvtMgr6] C:\Arquivos de programas\Logitech\SetPointP\SetPoint.exe /launchGaming
O4 - HKLM\..\Run: [soundMAXPnP] C:\Arquivos de programas\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Arquivos de programas\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [NUSB3MON] "C:\Arquivos de programas\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Arquivos de programas\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [CheckRun22find_uninstaller] "C:\Documents and Settings\emgeduardo\Dados de aplicativos\CheckRun22find.exe" -c=http://www.22find.com/?utm_source=b&utm_medium=gdp&from=gdp&uid=ST3500320AS_9QM2LLVNXXXX9QM2LLVN&ts=1359380635
O4 - HKLM\..\Run: [ClamTray.exe] "C:\Arquivos de programas\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [ClamSentinel.exe] C:\Arquivos de programas\ClamSentinel\ClamSentinel.exe
O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe
O4 - HKCU\..\Run: [] C:\Arquivos de programas\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [KiesPreload] C:\Arquivos de programas\Samsung\Kies\Kies.exe /preload
O4 - HKCU\..\Run: [KiesAirMessage] C:\Arquivos de programas\Samsung\Kies\KiesAirMessage.exe -startup
O4 - HKCU\..\Run: [Desk 365] C:\Arquivos de programas\Desk 365\desk365.exe /autorun
O4 - Startup: MagicDisc.lnk = C:\Arquivos de programas\MagicDisc\MagicDisc.exe
O4 - Startup: Process  Explorer.lnk = C:\Arquivos de programas\Sysinternals\procexp.exe
O4 - Global Startup: LaunchMate.lnk = C:\Arquivos de programas\LaunchMate\LnchMate.exe
O4 - Global Startup: NkvMon.exe.lnk = C:\Arquivos de programas\Nikon\NkView6\NkvMon.exe
O4 - Global Startup: SymmTime.lnk = C:\Arquivos de programas\Symmetricom\SymmTime\GeTTime.exe
O8 - Extra context menu item: Baixar com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dllink.htm
O8 - Extra context menu item: Baixar vídeo com o Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlfvideo.htm
O8 - Extra context menu item: Download selecionado pelo Free Download Manager - file://C:\Arquivos de programas\Free Download Manager\dlselected.htm
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec antivírus scanner) - http://security.symantec.com/sscv6/SharedContent/você/bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\ARQUIV~1\ARQUIV~1\Skype\Skype4COM.dll
O20 - AppInit_DLLs:                 
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: DPWLN   - C:\WINDOWS\system32\DPWLEvHd.dll
O20 - Winlogon Notify: LBTWlgn - c:\arquivos de programas\arquivos comuns\logishrd\bluetooth\LBTWlgn.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Arquivos de programas\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bacula File Backup Service (Bacula-fd) - Unknown owner - C:\Arquivos de programas\Bacula\bacula-fd.exe" /service  -c "C:\Arquivos de programas\Bacula\bacula-fd.conf (file missing)
O23 - Service: Desk 365 service (desksvc) - 337 Technology Limited. - C:\Arquivos de programas\Desk 365\deskSvc.exe
O23 - Service: Windows XP FUS Manager (DPFUSMgr) - DigitalPersona, Inc. - C:\Arquivos de programas\DigitalPersona\Bin\DPFUSMgr.exe
O23 - Service: Biometric Authentication Service (DpHost) - DigitalPersona, Inc. - C:\Arquivos de programas\DigitalPersona\Bin\DpHost.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /svc (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe" /medsvc (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Arquivos de programas\Arquivos comuns\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Arquivos de programas\Arquivos comuns\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NetVault Process Manager - Unknown owner - C:/Arquivos de programas/BakBone Software/NetVault/bin/nvpmgr.exe" service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Arquivos de programas\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: OpcEnum - OPC Foundation - C:\WINDOWS\system32\OpcEnum.exe
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Arquivos de programas\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Arquivos de programas\Arquivos comuns\Raxco\Shared\PDEngine.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SiSoftware Deployment Agent Service (SandraAgentSrv) - SiSoftware - C:\Arquivos de programas\SiSoftware\SiSoftware Sandra Business 2013\RpcAgentSrv.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Arquivos de programas\Skype\Updater\Updater.exe
O23 - Service: software services (svcgdp) - Beijing Xing Technology Co., Ltd. - C:\Arquivos de programas\Software Plate\svcgdp.exe
 

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Como está a situação? Resolveu?



MVP Mr.Million

0

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia,

 

Acredito que esteja parcialmente resolvido.

 

Fiz todas as desinstalações manualmente e após isto usei o macecraft jv16 para limpar o registro do windows.

também percebi que havia um v9 instalado e desinstalei.

 

O que mais me intriga é que eu não cliquei em nada no momento em que ocorreu a instalação destes malwares.

 

Eu estava trabalhando no computador ao lado e observei o firefox fechar sozinho e começar a aparecer ícones nas barras de ferramentas.

 

Eu gostaria muito de ter uma ideia da forma como isto pode ter entrado em meu computador para tentar impedir novos ataques.

0

Compartilhar este post


Link para o post
Compartilhar em outros sites
    • 2 Mensagens
    • 295 Visualizações
    • 3 Mensagens
    • 248 Visualizações
    • 4 Mensagens
    • 182 Visualizações
    • 3 Mensagens
    • 456 Visualizações
    • 4 Mensagens
    • 202 Visualizações

  • Postagens Recentes

    • Notebook infectado
      9} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
      O9 - Extra button: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
      O9 - Extra 'Tools' menuitem: Skype for Business Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll
      O9 - Extra button: Teclado Virtual - {5547CE1F-74E9-41E5-9CBF-5211ECC37341} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\IEExt\ie_plugin.dll
      O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
      O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: www.bancobrasil.com.br
      O15 - Trusted Zone: www14.bancobrasil.com.br
      O15 - Trusted Zone: www2.bancobrasil.com.br
      O15 - Trusted Zone: aapj.bb.com.br
      O15 - Trusted Zone: seg.bb.com.br
      O15 - Trusted Zone: www.bb.com.br
      O15 - Trusted Zone: http://www.bb.com.br
      O15 - Trusted Zone: imagem.caixa.gov.br
      O15 - Trusted Zone: internetbanking.caixa.gov.br
      O15 - Trusted Zone: internetbankingpf.caixa.gov.br
      O15 - Trusted Zone: www.caixa.gov.br
      O15 - Trusted Zone: http://www.caixa.gov.br
      O15 - Trusted Zone: cloud.gastecnologia.com.br
      O15 - Trusted Zone: bankline.itau.com.br
      O15 - Trusted Zone: clickbanking.itau.com.br
      O15 - Trusted Zone: guardiao.itau.com.br
      O15 - Trusted Zone: www.itau.com.br
      O15 - Trusted Zone: *.itau.com.br
      O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
      O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
      O20 - Winlogon Notify:  GbPluginBb - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
      O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
      O20 - Winlogon Notify:  GbPluginUni - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehUni.dll
      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
      O23 - Service: AMD External Events Utility - Unknown owner - C:\WINDOWS\system32\atiesrxx.exe (file missing)
      O23 - Service: Serviço de atualização Ask (APNMCP) - APN LLC. - C:\Program Files (x86)\AskPartnerNetwork\Toolbar\apnmcp.exe
      O23 - Service: Serviço do Kaspersky Anti-Virus 15.0.2 (AVP15.0.2) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Total Security 15.0.2\avp.exe
      O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
      O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
      O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
      O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
      O23 - Service: The Desktop Weather Service (TheDesktopWeatherService) - Unknown owner - C:\Program Files (x86)\WeatherTool\2.0.1.11244\WeatherService.exe
      O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
      O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
      O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe   --
      End of file - 15364 bytes     -->