Ir para conteúdo

turca

Participante
  • Postagens

    253
  • Desde

  • Última visita

Social Info

1 Seguidor

Sobre turca

Perfil

  • Estado
    São Paulo
  • Sexo
    masculino

Últimos Visitantes

4.065 visualizações
  1. Ajuda windows 7

    quando eu ligo meu PC ou reinicio sempre volta para o que eu estava fazendo, o que faço, ex se eu estava numa pagina ou programa abreto, apos desligar ou reinicializar volta no mesmo, como mudo isso?
  2. Analise de log

    Zoek.exe v5.0.0.1 Updated 27-09-2015 Tool run by NOT on 26/07/2017 at 0:55:50,76. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\NOT\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2017-07-24-145050.log 2675 bytes C:\zoek-results2017-07-25-020654.log 2188 bytes ==== System Restore Info ====================== 26/07/2017 00:57:51 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\NOT\AppData\Roaming\Mozilla\Firefox\Profiles\zn9n74vj.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\NOT\AppData\Roaming\Mozilla\Firefox\Profiles\zn9n74vj.default - Undetermined - %ProfilePath%\extensions\sp@avast.com.xpi - Undetermined - %ProfilePath%\extensions\wrc@avast.com.xpi - DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\NOT\AppData\Roaming\Mozilla\Firefox\Profiles\zn9n74vj.default 89123AC83C33EFF5C48079C9DC4C5147 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Plus Web Player 2D45A8274592D965EDFB62ACCB1150B1 - C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll - Google Update 1F167F98797F850B30498C130EAD8463 - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions efaidnbmnnnibpcajpcglclefindmkaj - No path found[] eofcbnmajmjmplflapaojjnihcjkigck - No path found[] gomekmidlodglbbmalcneegieacbdmki - No path found[] Avast SafePrice - NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Avast Online Security - NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Chrome Media Router - NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Reset Google Chrome ====================== C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\NOT\Desktop\3uTools.lnk - C:\Program Files\3uTools\3uTools.exe C:\Users\NOT\Desktop\BACKUP (D) - Atalho.lnk - D:\ C:\Users\NOT\Desktop\DivX Movies.lnk - C:\Users\NOT\Videos\DivX Movies C:\Users\NOT\Desktop\Faheem Anjum Tools v1.1.lnk - C:\Program Files\Android Tools\Faheem Anjum Android Tablet Tools\Faheem.exe C:\Users\NOT\Desktop\GpGtool.lnk - C:\Gpg\gpg tool.exe C:\Users\NOT\Desktop\Jurassic UniAndroid.lnk - C:\Users\NOT\Documents\Jurassic\Jurassic UniAndroid.exe C:\Users\NOT\Desktop\MTK.exe - Atalho.lnk - D:\BOX\VOLCANO\MTK_Vol_EXT\MTK.exe C:\Users\NOT\Desktop\MultiSync.lnk - C:\MultiSync\updatemultisync.exe C:\Users\NOT\Desktop\Octoplus Samsung Tool.lnk - C:\Program Files\Octoplus\Octoplus_Samsung\OctoplusSamsung.exe C:\Users\NOT\Desktop\SamFirm.exe - Atalho.lnk - D:\SAMSUNG\SamFirm_v0.3.6\SamFirm.exe C:\Users\NOT\Desktop\Setool2g.lnk - D:\BOX\SETOOL\v1.1429\Setool2g.exe C:\Users\NOT\Desktop\SHOficina5.lnk - C:\SHARMAQ\SHOficina\shoficina3.exe C:\Users\NOT\Desktop\SHVendas.lnk - C:\SHARMAQ\SHOficina\shvenda.exe C:\Users\NOT\Desktop\µTorrent.lnk - ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Acrobat Reader DC.lnk - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Users\Public\Desktop\ASANSAMBOX.lnk - C:\HST\HST.exe C:\Users\Public\Desktop\Avast Premier.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Public\Desktop\Avast SafeZone Browser.lnk - C:\Program Files\AVAST Software\SZBrowser\launcher.exe C:\Users\Public\Desktop\DivX Converter.lnk - C:\Program Files\DivX\DivX Converter\DivXConverter.exe C:\Users\Public\Desktop\DivX Player.lnk - C:\Program Files\DivX\DivX Player\DivX Player.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\InfinityBox AST.lnk - C:\InfinityBox\AST\AST.exe C:\Users\Public\Desktop\InfinityBox CM2MTK.lnk - C:\InfinityBox\CM2MTK\CM2MTK.exe C:\Users\Public\Desktop\InfinityBox CM2RKT.lnk - C:\InfinityBox\CM2RKT\CM2RKT.exe C:\Users\Public\Desktop\InfinityBox SM.lnk - C:\InfinityBox\SM\SM.exe C:\Users\Public\Desktop\iRoot.lnk - C:\Program Files\iRoot\Root.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe C:\Users\Public\Desktop\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\Users\Public\Desktop\MEGAsync.lnk - C:\ProgramData\MEGAsync\MEGAsync.exe C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\Users\Public\Desktop\RIFF JTAG Manager.lnk - D:\BOX\RIFFBOX\Rocker Team\RIFF JTAG Manager\JTAGManager.exe C:\Users\Public\Desktop\RSD Lite.lnk - C:\Windows\Installer\{494CAE58-BBC3-4782-B59F-02F163E4A32B}\_7DAB413A1EA7F2B6E80F1D.exe C:\Users\Public\Desktop\SigmaKey.lnk - C:\Program Files\GsmServer\SigmaKey\SigmaKey.exe C:\Users\Public\Desktop\Smart Switch.lnk - C:\Program Files\Samsung\Smart Switch PC\SmartSwitchPC.exe ==== shortcuts in Users Start Menu ====================== C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk - C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jurassic UniAndroid\Jurassic UniAndroid.lnk - C:\Users\NOT\Documents\Jurassic\Jurassic UniAndroid.exe C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jurassic UniAndroid\Uninstall Jurassic UniAndroid.lnk - C:\Users\NOT\Documents\Jurassic\Uninstal.exe C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk - C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{52D87F32-70E4-4348-8148-C0B9F35B1314}\AppleSoftwareUpdateIco.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk - C:\Program Files\AVAST Software\SZBrowser\launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSD Lite.lnk - C:\Windows\Installer\{494CAE58-BBC3-4782-B59F-02F163E4A32B}\_6A6654E7985D0D0D04575C.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk - C:\Program Files\DVD Maker\DVDMaker.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3uTools\3uTools.lnk - C:\Program Files\3uTools\3uTools.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3uTools\Uninstall 3uTools.lnk - C:\Program Files\3uTools\Uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk - C:\Windows\system32\fsquirt.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk - C:\Windows\system32\mblctr.exe /open C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk - C:\Windows\system32\NetProj.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\Windows\system32\SnippingTool.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk - C:\Windows\system32\secpol.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Premier.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Converter.lnk - C:\Program Files\DivX\DivX Converter\DivXConverter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Player.lnk - C:\Program Files\DivX\DivX Player\DivX Player.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Registrar.lnk - C:\Program Files\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=registration C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Verificar atualizações.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Download required drivers.lnk - C:\Program Files\GsmServer\SigmaKey\drivers\Drivers.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\End-User License Agreement (IMEI).lnk - C:\Program Files\GsmServer\SigmaKey\IMEI.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\End-User License Agreement.lnk - C:\Program Files\GsmServer\SigmaKey\EULA.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\SigmaKey USB Dongle Driver.lnk - C:\Windows\explorer.exe C:\Program Files\GsmServer\SigmaKey\drivers\AU9540DrvPkg V1.7.26.0_WHQL C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\SigmaKey.lnk - C:\Program Files\GsmServer\SigmaKey\SigmaKey.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Manuals\Broadcom manual.lnk - C:\Program Files\GsmServer\SigmaKey\brcm_man.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Manuals\MTK manual.lnk - C:\Program Files\GsmServer\SigmaKey\mtk_man.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Manuals\Qualcomm manual.lnk - C:\Program Files\GsmServer\SigmaKey\qcom_man.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Manuals\Supported models.lnk - C:\Program Files\GsmServer\SigmaKey\supp_models.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Manuals\Texas Instruments manual.lnk - C:\Program Files\GsmServer\SigmaKey\ti_man.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Manuals\Video manuals.lnk - C:\Program Files\GsmServer\SigmaKey\video_man.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Social media\add us to your Circles and get all of our updates directly.lnk - C:\Program Files\GsmServer\SigmaKey\GooglePlus.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Social media\Connect with other professionals, share information.lnk - C:\Program Files\GsmServer\SigmaKey\Facebook.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Social media\Follow us on Twitter.lnk - C:\Program Files\GsmServer\SigmaKey\Twitter.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Social media\Official forum.lnk - C:\Program Files\GsmServer\SigmaKey\forum.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Social media\Watch tutorials of unlock operations.lnk - C:\Program Files\GsmServer\SigmaKey\video_man.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HST BOX (BY HUA TEAM)\ASANSAMBOX.lnk - C:\HST\HST.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\AST\InfinityBox AST.lnk - C:\InfinityBox\AST\AST.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\AST\Uninstall InfinityBox AST.lnk - C:\InfinityBox\AST\AST_uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\CM2MTK\InfinityBox CM2MTK.lnk - C:\InfinityBox\CM2MTK\CM2MTK.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\CM2MTK\Uninstall InfinityBox CM2MTK.lnk - C:\InfinityBox\CM2MTK\CM2MTK_uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\CM2RKT\InfinityBox CM2RKT.lnk - C:\InfinityBox\CM2RKT\CM2RKT.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\CM2RKT\Uninstall InfinityBox CM2RKT.lnk - C:\InfinityBox\CM2RKT\CM2RKT_uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\Drivers\box\Drivers installation guide En.lnk - C:\InfinityBox\Drivers\box\Infinity-Box_Installation_manual_En.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\Drivers\box\Drivers installation guide Ru.lnk - C:\InfinityBox\Drivers\box\Infinity-Box_Installation_manual_Ru.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\Drivers\box\Drivers.lnk - C:\InfinityBox\Drivers\box C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\SM\InfinityBox SM.lnk - C:\InfinityBox\SM\SM.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\SM\Uninstall InfinityBox SM.lnk - C:\InfinityBox\SM\SM_uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel DnX USB Driver\Uninstall DnX USB Driver.lnk - C:\Program Files\Intel\xFSTK\DnXUSBDriver\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRoot\iRoot.lnk - C:\Program Files\iRoot\Root.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRoot\Uninstall iRoot.lnk - C:\Program Files\iRoot\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGA Website.lnk - C:\ProgramData\MEGAsync\MEGA Website.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGAsync.lnk - C:\ProgramData\MEGAsync\MEGAsync.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync\Uninstall.lnk - C:\ProgramData\MEGAsync\uninst.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Office Anytime Upgrade.lnk - C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\promo.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiSync\Desinstalar MultiSync.lnk - C:\MultiSync\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiSync\Manual MultiSync GPS.lnk - C:\MultiSync\Manual_MultiSync_GPS.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiSync\Manual MultiSync Tablets e Smartphones.lnk - C:\MultiSync\Manual_MultiSync_Tablets_Smartphones.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiSync\MultiSync.lnk - C:\MultiSync\updatemultisync.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Octoplus\Octoplus Samsung\Desinstalar Octoplus Samsung Tool.lnk - C:\Program Files\Octoplus\Octoplus_Samsung\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Octoplus\Octoplus Samsung\Octoplus Samsung Tool.lnk - C:\Program Files\Octoplus\Octoplus_Samsung\OctoplusSamsung.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Octoplus\Octoplus Samsung\Update dongle.lnk - C:\Program Files\Octoplus\Octoplus_Samsung\Updater.exe update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Desinstalar Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro Help.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\Revo Uninstaller Pro Help.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Smart Switch PC\Smart Switch.lnk - C:\Program Files\Samsung\Smart Switch PC\SmartSwitchPC.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Smart Switch PC\Uninstall Smart Switch.lnk - C:\Program Files\InstallShield Installation Information\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}\setup.exe /removeonly C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\Manual.lnk - C:\SHARMAQ\SHOficina\Manual.doc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\SHAgenda.lnk - C:\SHARMAQ\SHOficina\SHAgenda.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\SHEstoque.lnk - C:\SHARMAQ\SHOficina\shestoque.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\SHOficina na Web.lnk - C:\SHARMAQ\SHOficina\AutoBackups\SHOficina.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\SHOficina.lnk - C:\SHARMAQ\SHOficina\shoficina3.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\SHVendas.lnk - C:\SHARMAQ\SHOficina\shvenda.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\Uninstall SHOficina.lnk - C:\SHARMAQ\SHOficina\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MultiSync.lnk - C:\MultiSync\updatemultisync.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Octoplus Box Samsung software.lnk - C:\Program Files\Octoplus\Octoplus_Samsung\OctoplusSamsung.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Smart Switch.lnk - C:\Program Files\Samsung\Smart Switch PC\SmartSwitchPC.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyOverride"="*.local" "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Empty IE Cache ====================== C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\NOT\AppData\Local\Mozilla\Firefox\Profiles\zn9n74vj.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=19 folders=16 13840561 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\NOT\AppData\Local\Temp will be emptied at reboot C:\Users\USURIO~1\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\NOT\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 26/07/2017 at 8:18:40,50 ====================== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:23:58, on 26/07/2017 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18739) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\System32\rundll32.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\notepad.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\NOT\Desktop\HijackThis.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: MultiSync Log DB Updater (MultiSyncLogDBUpdater) - Multilaser S/A - C:\MultiSyncServiceLog\MultiSyncDBService.exe O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe -- End of file - 6274 bytes
  3. Analise de log

    Como eu disse eu cancelei e fiz em modo de segurança, mesma coisa passou a madrugada e parou no mesmo lugar, desinsta-lo o firefox e tento novamente? o que acha?
  4. Analise de log

    Nem mexi mais no PC depois que você mando fazer os serviços por isso achei estranho, Estou tentando fazer esse zoek, mas ele fica somente no firefox extension, deixei a tarde a te a noite e nada, reiniciei em mode de segurança para fazer e passou a a noite e madrugada e nada para ali, demora mesmo ou algum problema? Estou tentando fazer esse zoek, mas ele fica somente no firefox extension, deixei a tarde a te a noite e nada, reiniciei em mode de segurança para fazer e passou a a noite e madrugada e nada para ali, demora mesmo ou algum problema?
  5. Analise de log

    depois que eu fiz o que pediu, quando abri o chrome abriu essa pagina: https://duckduckgo.com/, nunca nem entrei nela # AdwCleaner 7.0.0.0 - Logfile created on Mon Jul 24 13:45:11 2017 # Updated on 2017/17/07 by Malwarebytes # Running on Windows 7 Ultimate (X86) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{63C40CBE-DE43-4B56-BCEB-E14B825CF245} ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** SearchProvider deleted: Ask Brasil - br.ask.com Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [2467 B] - [2017/7/24 13:44:32] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 7 Ultimate x64 Ran by NOT (Administrator) on 24/07/2017 at 9:49:38,25 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 26 Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File) Successfully deleted: C:\Users\Public\thunder network (Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BWKP23Y (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6AIPQE00 (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6W0ZERWF (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHOO9TP2 (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJ9G5PMH (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQS0C0PH (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H72HP8JW (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HSOIM597 (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGBPI9BQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LMII0UB2 (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TC7O0X65 (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZG0L4E91 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BWKP23Y (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6AIPQE00 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6W0ZERWF (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHOO9TP2 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJ9G5PMH (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQS0C0PH (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H72HP8JW (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HSOIM597 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGBPI9BQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LMII0UB2 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TC7O0X65 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZG0L4E91 (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 24/07/2017 at 9:53:20,36 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mais uma vez obrigado
  6. Analise de log

    Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 21/07/17 Hora da análise: 17:42 Arquivo de registro: mal.txt Administrador: Sim -Informação do software- Versão: 3.1.2.1733 Versão de componentes: 1.0.160 Versão do pacote de definições: 1.0.2412 Licença: Grátis -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x86 Sistema de arquivos: NTFS Usuário: NOT-PC\NOT -Resumo da análise- Tipo de análise: Análise de Ameaças Resultado: Concluído Objetos verificados: 256324 Ameaças detectadas: 3 Ameaças em quarentena: 0 (Nenhum item malicioso detectado) Tempo decorrido: 13 min, 52 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Habilitado PUM: Habilitado -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 2 Adware.ChinAd, C:\ProgramData\Thunder Network\DownloadLib, Nenhuma ação do usuário, [570], [374745],1.0.2412 Adware.ChinAd, C:\PROGRAMDATA\THUNDER NETWORK, Nenhuma ação do usuário, [570], [374745],1.0.2412 Arquivo: 1 Adware.ChinAd, C:\PROGRAMDATA\THUNDER NETWORK\DOWNLOADLIB\PUB_STORE.DAT, Nenhuma ação do usuário, [570], [374745],1.0.2412 Setor físico: 0 (Nenhum item malicioso detectado) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:22:00, on 21/07/2017 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18739) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\NOT\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MultiSync Log DB Updater (MultiSyncLogDBUpdater) - Multilaser S/A - C:\MultiSyncServiceLog\MultiSyncDBService.exe O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe -- End of file - 7409 bytes valeu desde ja
  7. Analise de log

    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:30:50, on 19/07/2017 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18739) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\CCleaner\CCleaner.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE D:\SAMSUNG\SamFirm_v0.3.6\SamFirm.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\CCleaner\CCleaner.exe C:\Users\NOT\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MultiSync Log DB Updater (MultiSyncLogDBUpdater) - Multilaser S/A - C:\MultiSyncServiceLog\MultiSyncDBService.exe O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe -- End of file - 7598 bytes
  8. VOu ver o que ele tem de bom no pro e juntar grana e comprar, valeu mesmo
  9. ok obrigado Poderia me informar se o spyhunter 4 presta? vale a pena comprar? ne indica comprar algum sistema de segurança vale a pena ou os gratis sao confiáveis
  10. Nao consegui fazer nem em modo de segurança, ficou muto tempo e nao fez, travou no firefox, mas desinstalei e instalei novamente o firefox ai sim fez, tenho o log salvo ate travar no firefox se quiser mando tb, obrigado mais uma vez Zoek.exe v5.0.0.1 Updated 27-09-2015 Tool run by NOT on 19/06/2017 at 16:53:27,43. Microsoft Windows 10 Home Single Language 10.0.15063 x64 Running in: Safe Mode MINIMAL No Internet Access Detected Launched: C:\Users\NOT\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results old.log 3058 bytes ==== System Restore Info ====================== ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions efaidnbmnnnibpcajpcglclefindmkaj - No path found[] Chrome Media Router - NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pt.savefrom.net_0.localstorage deleted successfully C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pt.savefrom.net_0.localstorage-journal deleted successfully C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.freelogoservices.com_0.localstorage deleted successfully C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.freelogoservices.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&PC=UE12&ocid=UE12DHP" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=619797&PC=UE12&ocid=UE12DHP" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Reset Google Chrome ====================== C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\NOT\Desktop\Assistente de Atualização do Windows 10.lnk - C:\Users\NOT\Desktop\ExtractNow.lnk - C:\Program Files (x86)\ExtractNow\extractnow.exe C:\Users\NOT\Desktop\FlashTool - Atalho.lnk - C:\Flashtool\FlashTool.exe C:\Users\NOT\Desktop\FlashTool64 - Atalho.lnk - C:\Flashtool\FlashTool64.exe C:\Users\NOT\Desktop\PSCS6 - Atalho.lnk - D:\PHOTOSHOP\Photoshop CS6 Portable Completo,Crackeado e Ativado\PSCS6.exe C:\Users\NOT\Desktop\putty - Atalho.lnk - C:\Program Files (x86)\PuTTY\putty.exe C:\Users\NOT\Desktop\SHOficina5.lnk - C:\SHARMAQ\SHOficina\shoficina3.exe C:\Users\NOT\Desktop\SHVendas.lnk - C:\SHARMAQ\SHOficina\shvenda.exe C:\Users\NOT\Desktop\WhatsApp.lnk - C:\Users\NOT\AppData\Local\WhatsApp\Update.exe --processStart WhatsApp.exe C:\Users\NOT\Desktop\fotos\TRABALHO MIKAELLY - Atalho.lnk - D:\MIKAELLY\TRABALHO MIKAELLY.docx ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\7-Data Android Recovery.lnk - C:\Program Files (x86)\7-Data Android Recovery\7DataAndroidRecovery.exe C:\Users\Public\Desktop\Acrobat Reader DC.lnk - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Users\Public\Desktop\BatteryCare.lnk - C:\Program Files (x86)\BatteryCare\BatteryCare.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\iRoot.lnk - C:\Program Files (x86)\iRoot\Root.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe C:\Users\Public\Desktop\Kingo ROOT.lnk - C:\Program Files (x86)\Kingo ROOT\Kingo Root.exe C:\Users\Public\Desktop\LayOut 2017.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2017\LayOut\LayOut.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\MEGAsync.lnk - C:\ProgramData\MEGAsync\MEGAsync.exe C:\Users\Public\Desktop\MiniTool Partition Wizard.lnk - C:\Program Files\MiniTool Partition Wizard 10\PartitionWizard.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Public\Desktop\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe C:\Users\Public\Desktop\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite C:\Users\Public\Desktop\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe C:\Users\Public\Desktop\SigmaKey.lnk - C:\Program Files (x86)\GsmServer\SigmaKey\SigmaKey.exe C:\Users\Public\Desktop\SketchUp 2017.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2017\SketchUp.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{FC965A47-4839-40CA-B618-18F486F042C6}\SkypeIcon.exe C:\Users\Public\Desktop\Smart Switch.lnk - C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPC.exe C:\Users\Public\Desktop\Style Builder 2017.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2017\Style Builder\Style Builder.exe ==== shortcuts in Users Start Menu ====================== C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk - C:\Users\NOT\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\NOT\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool\Flashtool.lnk - C:\Flashtool\FlashTool.exe C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool\Flashtool64.lnk - C:\Flashtool\FlashTool64.exe C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flashtool\Uninstall Flashtool.lnk - C:\Flashtool\uninstall.exe C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk - C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\ClockworkMod\Start ADB Server.lnk - C:\Windows\Installer\{C0E08D8D-6076-4117-B644-2AF34F35B757}\_376EF0DA1723590BE67F63.exe start-server C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Assistente de Atualização do Windows 10.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Data Android Recovery\7-Data Android Recovery.lnk - C:\Program Files (x86)\7-Data Android Recovery\7DataAndroidRecovery.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Data Android Recovery\Desinstalar 7-Data Android Recovery.lnk - C:\Program Files (x86)\7-Data Android Recovery\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\AMD Catalyst Control Center.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Help.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe Start Help -help C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BatteryCare\BatteryCare.lnk - C:\Program Files (x86)\BatteryCare\BatteryCare.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BatteryCare\Desinstalar o BatteryCare.lnk - C:\Program Files (x86)\BatteryCare\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016\Centro de Carregamento do Office 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Download required drivers.lnk - C:\Program Files (x86)\GsmServer\SigmaKey\drivers\Drivers.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\End-User License Agreement (IMEI).lnk - C:\Program Files (x86)\GsmServer\SigmaKey\IMEI.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\End-User License Agreement.lnk - C:\Program Files (x86)\GsmServer\SigmaKey\EULA.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\SigmaKey USB Dongle Driver.lnk - C:\Windows\explorer.exe C:\Program Files (x86)\GsmServer\SigmaKey\drivers\AU9540DrvPkg V1.7.26.0_WHQL C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\SigmaKey.lnk - C:\Program Files (x86)\GsmServer\SigmaKey\SigmaKey.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Manuals\Broadcom manual.lnk - C:\Program Files (x86)\GsmServer\SigmaKey\brcm_man.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Manuals\MTK manual.lnk - C:\Program Files (x86)\GsmServer\SigmaKey\mtk_man.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Manuals\Qualcomm manual.lnk - C:\Program Files (x86)\GsmServer\SigmaKey\qcom_man.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Manuals\Supported models.lnk - C:\Program Files (x86)\GsmServer\SigmaKey\supp_models.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Manuals\Texas Instruments manual.lnk - C:\Program Files (x86)\GsmServer\SigmaKey\ti_man.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Manuals\Video manuals.lnk - C:\Program Files (x86)\GsmServer\SigmaKey\video_man.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Social media\add us to your Circles and get all of our updates directly.lnk - C:\Program Files (x86)\GsmServer\SigmaKey\GooglePlus.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Social media\Connect with other professionals, share information.lnk - C:\Program Files (x86)\GsmServer\SigmaKey\Facebook.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Social media\Follow us on Twitter.lnk - C:\Program Files (x86)\GsmServer\SigmaKey\Twitter.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Social media\Official forum.lnk - C:\Program Files (x86)\GsmServer\SigmaKey\forum.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Social media\Watch tutorials of unlock operations.lnk - C:\Program Files (x86)\GsmServer\SigmaKey\video_man.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRoot\iRoot.lnk - C:\Program Files (x86)\iRoot\Root.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRoot\Uninstall iRoot.lnk - C:\Program Files (x86)\iRoot\unins001.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingo ROOT\Kingo ROOT.lnk - C:\Program Files (x86)\Kingo ROOT\Kingo Root.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kingo ROOT\Uninstall Kingo ROOT.lnk - C:\Program Files (x86)\Kingo ROOT\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Log KMSpico.lnk - C:\Program Files\KMSpico\scripts\Log.cmd C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico\Uninstall KMSpico.lnk - C:\Program Files\KMSpico\UninsHs.exe /u0=KMSpico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.50907.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)\Pageant.lnk - C:\Program Files (x86)\PuTTY\pageant.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)\PSFTP.lnk - C:\Program Files (x86)\PuTTY\psftp.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)\PuTTY Manual.lnk - C:\Program Files (x86)\PuTTY\putty.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)\PuTTY Web Site.lnk - C:\Program Files (x86)\PuTTY\website.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)\PuTTY.lnk - C:\Program Files (x86)\PuTTY\putty.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PuTTY (64-bit)\PuTTYgen.lnk - C:\Program Files (x86)\PuTTY\puttygen.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Desinstalar Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller Help.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revo Uninstaller Help.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\RevoUnin.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Kies\Uninstall Kies.lnk - C:\Program Files (x86)\InstallShield Installation Information\{758C8301-2696-4855-AF45-534B1200980A}\setup.exe /removeonly C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Smart Switch PC\Smart Switch.lnk - C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPC.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Smart Switch PC\Uninstall Smart Switch.lnk - C:\Program Files (x86)\InstallShield Installation Information\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}\setup.exe /removeonly C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2017\LayOut.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2017\LayOut\LayOut.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2017\SketchUp.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2017\SketchUp.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SketchUp 2017\Style Builder.lnk - C:\Program Files (x86)\SketchUp\SketchUp 2017\Style Builder\Style Builder.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE /recycle C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Smart Switch.lnk - C:\Program Files (x86)\Samsung\Smart Switch PC\SmartSwitchPC.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OneNote 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Outlook 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\PowerPoint 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcpltui_exe deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\NOT\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Application Data\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\TEMP\Local Settings\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\NOT\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\TEMP\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=9 folders=0 248716 bytes) ==== Empty Temp Folders ====================== C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\NOT\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 19/06/2017 at 17:47:25,50 ====================== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:54:06, on 19/06/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.15063.0000) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\Windows\SysWOW64\notepad.exe C:\Users\NOT\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\SHARMAQ\SHOficina\SHBackUp.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Users\NOT\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&PC=UE12&ocid=UE12DHP R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [BatteryCare] C:\Program Files (x86)\BatteryCare\BatteryCare.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [OneDrive] "C:\Users\NOT\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKCU\..\Run: [SHBackUp3] C:\SHARMAQ\SHOficina\SHBackUp.exe O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.google.com.br O15 - Trusted Zone: www.itau.b.br O15 - Trusted Zone: *.itau.b.br O15 - Trusted Zone: bankline.itau.com.br O15 - Trusted Zone: banklineplus.itau.com.br O15 - Trusted Zone: clickbanking.itau.com.br O15 - Trusted Zone: guardiao.itau.com.br O15 - Trusted Zone: www.itau.com.br O15 - Trusted Zone: http://www.itau.com.br O15 - Trusted Zone: *.itau.com.br O15 - Trusted Zone: www.itaupersonnalite.com.br O15 - Trusted Zone: http://www.itaupersonnalite.com.br O17 - HKLM\System\CCS\Services\Tcpip\..\{22d3c863-0496-49cb-b4eb-be7c4760c712}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe O23 - Service: Asus WebStorage Windows Service - Unknown owner - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KingoSoftService - Unknown owner - C:\Users\NOT\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11913 bytes
  11. foi o que fiz, apareceu algo de ask, mas fiz novamente # AdwCleaner v6.047 - Relatório criado 17/06/2017 às 19:39:16 # Atualizado em 19/05/2017 por Malwarebytes # Banco de dados : 2017-06-16.2 [Local] # Sistema operacional : Windows 10 Home Single Language (X64) # Usuário : NOT - Windows # Executando de : C:\Users\NOT\Desktop\AdwCleaner.exe # Modo: Limpo # Apoio : https://www.malwarebytes.com/support ***** [ Serviços ] ***** ***** [ Pastas ] ***** ***** [ Arquivos ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Atalhos ] ***** ***** [ Atividades agendadas ] ***** ***** [ Registro ] ***** ***** [ Verificando navegadores ... ] ***** ************************* :: Chaves "Tracing" excluídas :: Configurações Winsock restauradas ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1147 Bytes] - [16/06/2017 19:31:42] C:\AdwCleaner\AdwCleaner[C2].txt - [879 Bytes] - [17/06/2017 19:39:16] C:\AdwCleaner\AdwCleaner[S0].txt - [1591 Bytes] - [16/06/2017 19:30:31] C:\AdwCleaner\AdwCleaner[S1].txt - [1461 Bytes] - [17/06/2017 19:38:49] ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1097 Bytes] ##########
  12. # AdwCleaner v6.047 - Relatório criado 16/06/2017 às 19:30:31 # Atualizado em 19/05/2017 por Malwarebytes # Banco de dados : 2017-06-16.2 [Servidor] # Sistema operacional : Windows 10 Home Single Language (X64) # Usuário : NOT - Windows # Executando de : C:\Users\NOT\Desktop\AdwCleaner.exe # Modo: Digitalizar # Apoio : https://www.malwarebytes.com/support ***** [ Serviços ] ***** Não foram encontrados serviços maliciosos. ***** [ Pastas ] ***** Nenhuma pasta maliciosa encontrada. ***** [ Arquivos ] ***** Nenhum arquivo malicioso encontrado. ***** [ DLL ] ***** Não foram encontradas DLLs mal-intencionadas. ***** [ WMI ] ***** Nenhuma chave mal-intencionada encontrada. ***** [ Atalhos ] ***** Nenhum atalho infectado encontrado. ***** [ Atividades agendadas ] ***** Nenhuma tarefa maliciosa encontrada. ***** [ Registro ] ***** Nenhuma entrada de registro malicioso encontrada. ***** [ Navegadores ] ***** Nenhum item de navegador baseado em Firefox malicioso encontrado. Chromium pref Encontrado: [C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Web data] - br.ask.com [!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.google.com/chrome/answer/3097271?hl=en [!] ************************* C:\AdwCleaner\AdwCleaner[S0].txt - [1439 Bytes] - [16/06/2017 19:30:31] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1512 Bytes] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.3 (04.10.2017) Operating System: Windows 10 Home Single Language x64 Ran by NOT (Limited) on 17/06/2017 at 0:48:37,82 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 17/06/2017 at 1:01:18,81 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Fiz JRT no modo de segurança, pois em normail ficou muito tempo e nao acabava Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 01:12:17, on 17/06/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.15063.0000) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Users\NOT\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\SHARMAQ\SHOficina\SHBackUp.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\Users\NOT\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&PC=UE12&ocid=UE12DHP R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: 23.13.171.66 guardiao.itau.com.br # GbPlugin O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [BatteryCare] C:\Program Files (x86)\BatteryCare\BatteryCare.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [OneDrive] "C:\Users\NOT\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKCU\..\Run: [SHBackUp3] C:\SHARMAQ\SHOficina\SHBackUp.exe O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.google.com.br O15 - Trusted Zone: www.itau.b.br O15 - Trusted Zone: *.itau.b.br O15 - Trusted Zone: bankline.itau.com.br O15 - Trusted Zone: banklineplus.itau.com.br O15 - Trusted Zone: clickbanking.itau.com.br O15 - Trusted Zone: guardiao.itau.com.br O15 - Trusted Zone: www.itau.com.br O15 - Trusted Zone: http://www.itau.com.br O15 - Trusted Zone: *.itau.com.br O15 - Trusted Zone: www.itaupersonnalite.com.br O15 - Trusted Zone: http://www.itaupersonnalite.com.br O17 - HKLM\System\CCS\Services\Tcpip\..\{22d3c863-0496-49cb-b4eb-be7c4760c712}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe O23 - Service: Asus WebStorage Windows Service - Unknown owner - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KingoSoftService - Unknown owner - C:\Users\NOT\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11988 bytes
  13. Malwarebytes Anti-Malware www.malwarebytes.org Data da verificação: 15/06/2017 Hora da verificação: 21:53 Arquivo de registro: mal.txt Administrador: Sim Versão: 2.2.1.1043 Banco de dados de malware: v2017.06.15.09 Banco de dados de rootkit: v2017.05.27.01 Licença: Gratuita Proteção contra malware: Desabilitado Proteção contra website malicioso: Desabilitado Autoproteção: Desabilitado Sistema operacional: Windows 10 CPU: x64 Sistema de arquivos: NTFS Usuário: NOT Tipo de verificação: Verificação da ameaça Resultado: Concluído Objetos verificados: 303992 Tempo decorrido: 1 hr, 9 min, 57 seg Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Habilitado PUM: Habilitado Processos: 0 (Nenhum item malicioso detectado) Módulos: 0 (Nenhum item malicioso detectado) Chaves de registro: 8 PUP.Optional.Solvusoft, HKLM\SOFTWARE\CLASSES\APPLICATIONS\WinThrusterSetup.exe, , [61249da27633b185b1617fcf67996b95], PUP.Optional.Solvusoft, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPLICATIONS\WinThrusterSetup.exe, , [dda8ed5224858aacc64ca4aade22fe02], PUP.Optional.Solvusoft, HKLM\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\07B51C13962E8BF49BAFEA042FB2D4A6, , [6223a59af9b07db99d40e663e31d6d93], PUP.Optional.Solvusoft, HKLM\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\8E64601C02B9B8A49B2094D918AAB059, , [7e07c17e6742da5cc31aed5ca8580ff1], PUP.Optional.Solvusoft, HKLM\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\A139670AC5F063A409103EC6C72644F6, , [83022b147435979fd805ab9ecc34d828], PUP.Optional.Solvusoft, HKLM\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\AF70C113ECEA42B46B60F3B0F849D237, , [21641827426721152faef1586c94a35d], PUP.Optional.Solvusoft, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPLICATIONS\WinThrusterSetup.exe, , [88fd69d6a702092da969d97536cae21e], PUP.Optional.InstallCore, HKU\S-1-5-21-2982737377-722400272-4200008662-1001\SOFTWARE\csastats, , [f4915fe0e7c2ab8b990437e4c04347b9], Valores de registro: 4 PUP.Optional.Solvusoft, HKLM\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\07B51C13962E8BF49BAFEA042FB2D4A6|00000000000000000000000000000000, C:\?Program Files (x86)\Solvusoft\Tray\SuiteClient.dll, , [6223a59af9b07db99d40e663e31d6d93] PUP.Optional.Solvusoft, HKLM\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\8E64601C02B9B8A49B2094D918AAB059|00000000000000000000000000000000, C:\?Program Files (x86)\Solvusoft\Tray\SolvusoftTray.exe, , [7e07c17e6742da5cc31aed5ca8580ff1] PUP.Optional.Solvusoft, HKLM\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\A139670AC5F063A409103EC6C72644F6|00000000000000000000000000000000, C:\?Program Files (x86)\Solvusoft\Tray\MsgSys.exe, , [83022b147435979fd805ab9ecc34d828] PUP.Optional.Solvusoft, HKLM\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INSTALLER\USERDATA\S-1-5-18\COMPONENTS\AF70C113ECEA42B46B60F3B0F849D237|00000000000000000000000000000000, C:\?Program Files (x86)\Solvusoft\Tray\sfhtml.dll, , [21641827426721152faef1586c94a35d] Dados de registro: 0 (Nenhum item malicioso detectado) Pastas: 20 PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\common, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\logo, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\revert, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\settings, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\settings\common, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\settings\partner, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\_metadata, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\common, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\content_script, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\logo, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\newtab, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\revert, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\settings, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\settings\common, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\settings\partner, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\_metadata, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd, , [077eaf9091188fa715b6364fd03143bd], Arquivos: 55 PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mllhonmmblkokjedoamlpfmpgdkbkbnd_0.localstorage, , [186d77c85f4a62d4590ae59f7d83d22e], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mllhonmmblkokjedoamlpfmpgdkbkbnd_0.localstorage-journal, , [ff864cf3624705312d36770dbf416799], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_abicfbjlfphmdjndigagmfkgaobeppbp_0.localstorage, , [9ee7b7882188ff37e9a1f5906898bd43], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_abicfbjlfphmdjndigagmfkgaobeppbp_0.localstorage-journal, , [ed98f44b43662d099cee2a5bd72928d8], PUP.Optional.MindSpark, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_televisionfanatic.dl.myway.com_0.localstorage, , [513452ed04a59f974e1ea13cb94948b8], PUP.Optional.MindSpark, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_televisionfanatic.dl.myway.com_0.localstorage-journal, , [d8ad66d98e1b9b9b06663ba2c73b7090], PUP.Optional.MindSpark, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_translationbuddy.dl.myway.com_0.localstorage, , [a8ddda653d6cba7c125a716c39c9ae52], PUP.Optional.MindSpark, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_translationbuddy.dl.myway.com_0.localstorage-journal, , [add8ef50981145f1a7c58c5124ded729], PUP.Optional.MindSpark, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_televisionfanatic.dl.tb.ask.com_0.localstorage, , [5035122d3c6daa8cc1ac13cabe441be5], PUP.Optional.MindSpark, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_televisionfanatic.dl.tb.ask.com_0.localstorage-journal, , [e2a35be4119855e1abc2a439ab573dc3], PUP.Optional.MindSpark, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_translationbuddy.dl.tb.ask.com_0.localstorage, , [b3d2b08fadfc80b6501d10cdb250926e], PUP.Optional.MindSpark, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_translationbuddy.dl.tb.ask.com_0.localstorage-journal, , [a8ddeb5401a83bfb8fde419cb84a8d73], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.mysearch.com_0.localstorage, , [f68f3807505935011f1864b1ab584eb2], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.mysearch.com_0.localstorage-journal, , [a2e36ed19e0b4de99b9cac697d864fb1], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\manifest.json, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\common\browseraction.js, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\common\config.js, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\common\feed.js, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\common\utils.js, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\common\winner.js, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\logo\logo_128x.png, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\logo\logo_16x.png, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\logo\logo_19x.png, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\logo\logo_24x.png, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\logo\logo_32x.png, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\logo\logo_48x.png, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\logo\newtablogo.png, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\logo\toolbar-icon-ask.ico, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\logo\toolbar-icons.png, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\revert\index.css, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\revert\index.html, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\revert\index.js, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\settings\common\redirect.js, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\settings\partner\Reporting.js, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\_metadata\computed_hashes.json, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.MySearch, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\abicfbjlfphmdjndigagmfkgaobeppbp\28.11_0\_metadata\verified_contents.json, , [e2a3c87769401422c4e97dd5d62d44bc], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\manifest.json, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\common\browseraction.js, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\common\config.js, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\common\feed.js, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\common\utils.js, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\common\winner.js, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\content_script\overlayer.js, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\logo\logo_128x.png, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\logo\logo_16x.png, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\logo\logo_19x.png, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\logo\logo_48x.png, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\newtab\newtab.html, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\revert\index.css, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\revert\index.html, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\revert\index.js, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\settings\common\redirect.js, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\settings\partner\Reporting.js, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\_metadata\computed_hashes.json, , [077eaf9091188fa715b6364fd03143bd], PUP.Optional.SeenOnScreen, C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\mllhonmmblkokjedoamlpfmpgdkbkbnd\29.14_0\_metadata\verified_contents.json, , [077eaf9091188fa715b6364fd03143bd], Setores físicos: 0 (Nenhum item malicioso detectado) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:20:23, on 15/06/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.15063.0000) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Users\NOT\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\SHARMAQ\SHOficina\SHBackUp.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnCfg.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\Users\NOT\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&PC=UE12&ocid=UE12DHP R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: 23.13.171.66 guardiao.itau.com.br # GbPlugin O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware" O4 - HKCU\..\Run: [BatteryCare] C:\Program Files (x86)\BatteryCare\BatteryCare.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [OneDrive] "C:\Users\NOT\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKCU\..\Run: [SHBackUp3] C:\SHARMAQ\SHOficina\SHBackUp.exe O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.google.com.br O15 - Trusted Zone: www.itau.b.br O15 - Trusted Zone: *.itau.b.br O15 - Trusted Zone: bankline.itau.com.br O15 - Trusted Zone: banklineplus.itau.com.br O15 - Trusted Zone: clickbanking.itau.com.br O15 - Trusted Zone: guardiao.itau.com.br O15 - Trusted Zone: www.itau.com.br O15 - Trusted Zone: http://www.itau.com.br O15 - Trusted Zone: *.itau.com.br O15 - Trusted Zone: www.itaupersonnalite.com.br O15 - Trusted Zone: http://www.itaupersonnalite.com.br O17 - HKLM\System\CCS\Services\Tcpip\..\{22d3c863-0496-49cb-b4eb-be7c4760c712}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe O23 - Service: Asus WebStorage Windows Service - Unknown owner - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KingoSoftService - Unknown owner - C:\Users\NOT\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12289 bytes
  14. Segue log para analise Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:07:24, on 05/06/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.15063.0000) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Users\NOT\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe C:\Program Files (x86)\ASUS\Splendid\ACMON.exe C:\Windows\SysWOW64\ACEngSvr.exe C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\Users\NOT\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&PC=UE12&ocid=UE12DHP R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O1 - Hosts: 23.13.171.66 guardiao.itau.com.br # GbPlugin O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [BatteryCare] C:\Program Files (x86)\BatteryCare\BatteryCare.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [OneDrive] "C:\Users\NOT\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKCU\..\Run: [SHBackUp3] C:\SHARMAQ\SHOficina\SHBackUp.exe O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.google.com.br O15 - Trusted Zone: www.itau.b.br O15 - Trusted Zone: *.itau.b.br O15 - Trusted Zone: bankline.itau.com.br O15 - Trusted Zone: banklineplus.itau.com.br O15 - Trusted Zone: clickbanking.itau.com.br O15 - Trusted Zone: guardiao.itau.com.br O15 - Trusted Zone: www.itau.com.br O15 - Trusted Zone: http://www.itau.com.br O15 - Trusted Zone: *.itau.com.br O15 - Trusted Zone: www.itaupersonnalite.com.br O15 - Trusted Zone: http://www.itaupersonnalite.com.br O17 - HKLM\System\CCS\Services\Tcpip\..\{22d3c863-0496-49cb-b4eb-be7c4760c712}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing) O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe O23 - Service: Asus WebStorage Windows Service - Unknown owner - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: KingoSoftService - Unknown owner - C:\Users\NOT\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11985 bytes
  15. Windows 7 professional oem em pt-br

    alguém pode passar o link para baixar o OEM da microsoft?
×