Ir para conteúdo
AVISO IMPORTANTE  MUDANÇA DE FOCO DO SITE E FÓRUM DO BABOO

BABOO e KTS 2018 no YouTube Loja online do BABOO

turca

Participante
  • Postagens

    259
  • Desde

  • Última visita

Social Info

1 Seguidor

Perfil

  • Estado
    São Paulo
  • Sexo
    masculino

Últimos Visitantes

4.190 visualizações
  1. HTTPS://CHROMESEARCH.CLUB e PC doido

    Obrigado e Feliz Ano novo!
  2. HTTPS://CHROMESEARCH.CLUB e PC doido

    nem to usando o PC, para evitar, pois só vou usar depois que você falar que ta limpo rsrsrs, mas parece que sumiu aquela pesquisa louca
  3. HTTPS://CHROMESEARCH.CLUB e PC doido

    # AdwCleaner 7.0.6.0 - Logfile created on Thu Jan 04 15:07:13 2018 # Updated on 2017/21/12 by Malwarebytes # Database: 01-03-2018.1 # Running on Windows 7 Ultimate (X86) # Mode: scan # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services found. ***** [ Folders ] ***** No malicious folders found. ***** [ Files ] ***** No malicious files found. ***** [ DLL ] ***** No malicious DLLs found. ***** [ WMI ] ***** No malicious WMI found. ***** [ Shortcuts ] ***** No malicious shortcuts found. ***** [ Tasks ] ***** PUP.Optional.Legacy, Driver Booster Scheduler ***** [ Registry ] ***** No malicious registry entries found. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries. ************************* ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt ########## # AdwCleaner 7.0.6.0 - Logfile created on Thu Jan 04 15:07:29 2018 # Updated on 2017/21/12 by Malwarebytes # Running on Windows 7 Ultimate (X86) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** Deleted: Driver Booster Scheduler ***** [ Registry ] ***** No malicious registry entries deleted. ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [970 B] - [2018/1/4 15:7:13] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:51:51, on 04/01/2018 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18858) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\CCleaner\CCleaner.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\NOT\Desktop\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files\Wondershare\WAF\2.4.3.233\WsAppService.exe O23 - Service: Serviço Xperia Companion (XperiaCompanionService) - Sony - C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe -- End of file - 7259 bytes
  4. HTTPS://CHROMESEARCH.CLUB e PC doido

    Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 04/01/18 Hora da análise: 08:39 Arquivo de registro: f8aa5296-f143-11e7-9f8b-00269e0596dc.json Administrador: Sim -Informação do software- Versão: 3.2.2.2018 Versão de componentes: 1.0.212 Versão do pacote de definições: 1.0.3620 Licença: Gratuita -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x86 Sistema de arquivos: NTFS Usuário: NOT-PC\NOT -Resumo da análise- Tipo de análise: Análise de Ameaças Resultado: Concluído Objetos verificados: 204831 Ameaças detectadas: 6 Ameaças em quarentena: 4 Tempo decorrido: 21 min, 43 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 1 PUP.Optional.ChromeSearchClub.ChrPRST, HKLM\SOFTWARE\POLICIES\GOOGLE\CHROME, Quarentena, [15174], [-1],0.0.0 Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 5 PUP.Optional.ChromeSearchClub.ChrPRST, C:\USERS\NOT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Falha ao remover, [15174], [475079],1.0.3620 PUP.Optional.ChromeSearchClub.ChrPRST, C:\DOCUMENTS AND SETTINGS\ALL USERS\NTUSER.POL, Quarentena, [15174], [-1],0.0.0 PUP.Optional.ChromeSearchClub.ChrPRST, C:\PROGRAMDATA\NTUSER.POL, Quarentena, [15174], [-1],0.0.0 PUP.Optional.ChromeSearchClub.ChrPRST, C:\Windows\SYSTEM32\GROUPPOLICY\MACHINE\REGISTRY.POL, Quarentena, [15174], [-1],0.0.0 PUP.Optional.ChromeSearchClub.ChrPRST, C:\USERS\NOT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\Web Data, Falha ao remover, [15174], [475079],1.0.3620 Setor físico: 0 (Nenhum item malicioso detectado) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 09:16:42, on 04/01/2018 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18858) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\rundll32.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\IObit\Driver Booster\5.1.0\Pub\PubMonitor.exe C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\ProgramData\MEGAsync\MEGAsync.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\NOT\Desktop\HijackThis.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files\Wondershare\WAF\2.4.3.233\WsAppService.exe O23 - Service: Serviço Xperia Companion (XperiaCompanionService) - Sony - C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe -- End of file - 6558 bytes
  5. HTTPS://CHROMESEARCH.CLUB e PC doido

    ~ ZHPCleaner v2017.12.27.221 by Nicolas Coolman (2017/12/27) ~ Run by NOT (Administrator) (03/01/2018 02:10:22) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Scan ~ Report : C:\Users\NOT\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\NOT\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601) ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (2) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (0) ~ No malicious or unnecessary items found. ---\\ Registry ( Key, Value, Data) (1) FOUND key: HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman] =>PUP.Optional.Camec ---\\ Summary of the elements found (1) https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.Camec ---\\ Result of repair ~ Any repair made ---\\ Statistics ~ Items scanned : 648172 ~ Items found : 1 ~ Items cancelled : 0 ~ Items repaired : 0 ~ End of search in 05h23mn21s ZHPCleaner-[R]-22092017-07_57_13.txt ZHPCleaner-[R]-23092017-08_01_32.txt ZHPCleaner--03012018-07_33_43.txt ZHPCleaner--22092017-07_56_27.txt ZHPCleaner--23092017-07_48_43.txt ZHPCleaner--29072017-10_58_40.txt ZHPCleaner--30122017-14_29_49.txt Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:40:15, on 03/01/2018 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18858) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe C:\Windows\System32\rundll32.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\IObit\Driver Booster\5.1.0\Pub\PubMonitor.exe C:\Users\NOT\Desktop\ZHPCleaner.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchFilterHost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\NOT\Desktop\HijackThis.exe C:\Windows\System32\slui.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files\Wondershare\WAF\2.4.3.233\WsAppService.exe O23 - Service: Serviço Xperia Companion (XperiaCompanionService) - Sony - C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService End of file - 6862 bytes
  6. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 01:04:52, on 30/12/2017 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18858) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe C:\Windows\system32\Dwm.exe C:\Windows\System32\rundll32.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe C:\Program Files\Samsung\Kies\KiesTrayAgent.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Garmin\Express Tray\ExpressTray.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\NOT\AppData\Local\Google\Chrome\User Data\SwReporter\24.137.203\software_reporter_tool.exe c:\users\not\appdata\local\google\chrome\user data\swreporter\24.137.203\software_reporter_tool.exe c:\users\not\appdata\local\google\chrome\user data\swreporter\24.137.203\software_reporter_tool.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\taskhost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\NOT\Desktop\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\explorer.exe C:\Windows\system32\NOTEPAD.EXE C:\Windows\system32\SearchProtocolHost.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [eTMonitor] "C:\Program Files\Aladdin\eToken\PKIClient\x32\PKIMonitor.exe" O4 - HKLM\..\Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe" -s O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files\Garmin\Express Tray\ExpressTray.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Serviço Área de trabalho remota do Google Chrome (chromoting) - Google Inc. - C:\Program Files\Google\Chrome Remote Desktop\63.0.3239.32\remoting_host.exe O23 - Service: ETOKSRV (eTSrv) - Aladdin Knowledge Systems, Ltd. - C:\Program Files\Aladdin\eToken\PKIClient\x32\eTSrv.exe O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files\Garmin\Device Interaction Service\GarminService.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: TomTomHOMEService - TomTom - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe O23 - Service: Wondershare Application Framework Service (WsAppService) - Wondershare - C:\Program Files\Wondershare\WAF\2.4.3.233\WsAppService.exe O23 - Service: Serviço Xperia Companion (XperiaCompanionService) - Sony - C:\Program Files\Sony\Xperia Companion\Service\XperiaCompanionService.exe -- End of file - 7539 bytes
  7. Ajuda windows 7

    quando eu ligo meu PC ou reinicio sempre volta para o que eu estava fazendo, o que faço, ex se eu estava numa pagina ou programa abreto, apos desligar ou reinicializar volta no mesmo, como mudo isso?
  8. Analise de log

    Zoek.exe v5.0.0.1 Updated 27-09-2015 Tool run by NOT on 26/07/2017 at 0:55:50,76. Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\NOT\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2017-07-24-145050.log 2675 bytes C:\zoek-results2017-07-25-020654.log 2188 bytes ==== System Restore Info ====================== 26/07/2017 00:57:51 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\NOT\AppData\Roaming\Mozilla\Firefox\Profiles\zn9n74vj.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\NOT\AppData\Roaming\Mozilla\Firefox\Profiles\zn9n74vj.default - Undetermined - %ProfilePath%\extensions\sp@avast.com.xpi - Undetermined - %ProfilePath%\extensions\wrc@avast.com.xpi - DownThemAll - %ProfilePath%\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\NOT\AppData\Roaming\Mozilla\Firefox\Profiles\zn9n74vj.default 89123AC83C33EFF5C48079C9DC4C5147 - C:\Program Files\DivX\DivX Web Player\npdivx32.dll - DivX Plus Web Player 2D45A8274592D965EDFB62ACCB1150B1 - C:\Program Files\Google\Update\1.3.33.5\npGoogleUpdate3.dll - Google Update 1F167F98797F850B30498C130EAD8463 - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll - Adobe Acrobat ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions efaidnbmnnnibpcajpcglclefindmkaj - No path found[] eofcbnmajmjmplflapaojjnihcjkigck - No path found[] gomekmidlodglbbmalcneegieacbdmki - No path found[] Avast SafePrice - NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck Avast Online Security - NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki Chrome Media Router - NOT\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC" ==== Reset Google Chrome ====================== C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\NOT\Desktop\3uTools.lnk - C:\Program Files\3uTools\3uTools.exe C:\Users\NOT\Desktop\BACKUP (D) - Atalho.lnk - D:\ C:\Users\NOT\Desktop\DivX Movies.lnk - C:\Users\NOT\Videos\DivX Movies C:\Users\NOT\Desktop\Faheem Anjum Tools v1.1.lnk - C:\Program Files\Android Tools\Faheem Anjum Android Tablet Tools\Faheem.exe C:\Users\NOT\Desktop\GpGtool.lnk - C:\Gpg\gpg tool.exe C:\Users\NOT\Desktop\Jurassic UniAndroid.lnk - C:\Users\NOT\Documents\Jurassic\Jurassic UniAndroid.exe C:\Users\NOT\Desktop\MTK.exe - Atalho.lnk - D:\BOX\VOLCANO\MTK_Vol_EXT\MTK.exe C:\Users\NOT\Desktop\MultiSync.lnk - C:\MultiSync\updatemultisync.exe C:\Users\NOT\Desktop\Octoplus Samsung Tool.lnk - C:\Program Files\Octoplus\Octoplus_Samsung\OctoplusSamsung.exe C:\Users\NOT\Desktop\SamFirm.exe - Atalho.lnk - D:\SAMSUNG\SamFirm_v0.3.6\SamFirm.exe C:\Users\NOT\Desktop\Setool2g.lnk - D:\BOX\SETOOL\v1.1429\Setool2g.exe C:\Users\NOT\Desktop\SHOficina5.lnk - C:\SHARMAQ\SHOficina\shoficina3.exe C:\Users\NOT\Desktop\SHVendas.lnk - C:\SHARMAQ\SHOficina\shvenda.exe C:\Users\NOT\Desktop\µTorrent.lnk - ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Acrobat Reader DC.lnk - C:\Program Files\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe C:\Users\Public\Desktop\ASANSAMBOX.lnk - C:\HST\HST.exe C:\Users\Public\Desktop\Avast Premier.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Public\Desktop\Avast SafeZone Browser.lnk - C:\Program Files\AVAST Software\SZBrowser\launcher.exe C:\Users\Public\Desktop\DivX Converter.lnk - C:\Program Files\DivX\DivX Converter\DivXConverter.exe C:\Users\Public\Desktop\DivX Player.lnk - C:\Program Files\DivX\DivX Player\DivX Player.exe C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\InfinityBox AST.lnk - C:\InfinityBox\AST\AST.exe C:\Users\Public\Desktop\InfinityBox CM2MTK.lnk - C:\InfinityBox\CM2MTK\CM2MTK.exe C:\Users\Public\Desktop\InfinityBox CM2RKT.lnk - C:\InfinityBox\CM2RKT\CM2RKT.exe C:\Users\Public\Desktop\InfinityBox SM.lnk - C:\InfinityBox\SM\SM.exe C:\Users\Public\Desktop\iRoot.lnk - C:\Program Files\iRoot\Root.exe C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe C:\Users\Public\Desktop\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\Users\Public\Desktop\MEGAsync.lnk - C:\ProgramData\MEGAsync\MEGAsync.exe C:\Users\Public\Desktop\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\Users\Public\Desktop\RIFF JTAG Manager.lnk - D:\BOX\RIFFBOX\Rocker Team\RIFF JTAG Manager\JTAGManager.exe C:\Users\Public\Desktop\RSD Lite.lnk - C:\Windows\Installer\{494CAE58-BBC3-4782-B59F-02F163E4A32B}\_7DAB413A1EA7F2B6E80F1D.exe C:\Users\Public\Desktop\SigmaKey.lnk - C:\Program Files\GsmServer\SigmaKey\SigmaKey.exe C:\Users\Public\Desktop\Smart Switch.lnk - C:\Program Files\Samsung\Smart Switch PC\SmartSwitchPC.exe ==== shortcuts in Users Start Menu ====================== C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk - C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe -extoff C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jurassic UniAndroid\Jurassic UniAndroid.lnk - C:\Users\NOT\Documents\Jurassic\Jurassic UniAndroid.exe C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jurassic UniAndroid\Uninstall Jurassic UniAndroid.lnk - C:\Users\NOT\Documents\Jurassic\Uninstal.exe C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk - C:\Users\NOT\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{52D87F32-70E4-4348-8148-C0B9F35B1314}\AppleSoftwareUpdateIco.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk - C:\Program Files\AVAST Software\SZBrowser\launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk - C:\Windows\ehome\ehshell.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RSD Lite.lnk - C:\Windows\Installer\{494CAE58-BBC3-4782-B59F-02F163E4A32B}\_6A6654E7985D0D0D04575C.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk - C:\Program Files\DVD Maker\DVDMaker.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3uTools\3uTools.lnk - C:\Program Files\3uTools\3uTools.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3uTools\Uninstall 3uTools.lnk - C:\Program Files\3uTools\Uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Bluetooth File Transfer Wizard.lnk - C:\Windows\system32\fsquirt.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk - C:\Windows\system32\mblctr.exe /open C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk - C:\Windows\system32\NetProj.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\Windows\system32\mstsc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\Windows\system32\SnippingTool.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk - C:\Windows\system32\secpol.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Premier.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Converter.lnk - C:\Program Files\DivX\DivX Converter\DivXConverter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\DivX Player.lnk - C:\Program Files\DivX\DivX Player\DivX Player.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Registrar.lnk - C:\Program Files\DivX\DivX Control Panel\DivXControlPanelLauncher.exe /start=registration C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX\Verificar atualizações.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Chess.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Backgammon.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Checkers.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Internet Spades.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Mahjong.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Download required drivers.lnk - C:\Program Files\GsmServer\SigmaKey\drivers\Drivers.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\End-User License Agreement (IMEI).lnk - C:\Program Files\GsmServer\SigmaKey\IMEI.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\End-User License Agreement.lnk - C:\Program Files\GsmServer\SigmaKey\EULA.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\SigmaKey USB Dongle Driver.lnk - C:\Windows\explorer.exe C:\Program Files\GsmServer\SigmaKey\drivers\AU9540DrvPkg V1.7.26.0_WHQL C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\SigmaKey.lnk - C:\Program Files\GsmServer\SigmaKey\SigmaKey.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Manuals\Broadcom manual.lnk - C:\Program Files\GsmServer\SigmaKey\brcm_man.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Manuals\MTK manual.lnk - C:\Program Files\GsmServer\SigmaKey\mtk_man.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Manuals\Qualcomm manual.lnk - C:\Program Files\GsmServer\SigmaKey\qcom_man.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Manuals\Supported models.lnk - C:\Program Files\GsmServer\SigmaKey\supp_models.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Manuals\Texas Instruments manual.lnk - C:\Program Files\GsmServer\SigmaKey\ti_man.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Manuals\Video manuals.lnk - C:\Program Files\GsmServer\SigmaKey\video_man.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Social media\add us to your Circles and get all of our updates directly.lnk - C:\Program Files\GsmServer\SigmaKey\GooglePlus.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Social media\Connect with other professionals, share information.lnk - C:\Program Files\GsmServer\SigmaKey\Facebook.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Social media\Follow us on Twitter.lnk - C:\Program Files\GsmServer\SigmaKey\Twitter.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Social media\Official forum.lnk - C:\Program Files\GsmServer\SigmaKey\forum.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GsmServer\Sigma Key\Social media\Watch tutorials of unlock operations.lnk - C:\Program Files\GsmServer\SigmaKey\video_man.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HST BOX (BY HUA TEAM)\ASANSAMBOX.lnk - C:\HST\HST.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\AST\InfinityBox AST.lnk - C:\InfinityBox\AST\AST.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\AST\Uninstall InfinityBox AST.lnk - C:\InfinityBox\AST\AST_uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\CM2MTK\InfinityBox CM2MTK.lnk - C:\InfinityBox\CM2MTK\CM2MTK.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\CM2MTK\Uninstall InfinityBox CM2MTK.lnk - C:\InfinityBox\CM2MTK\CM2MTK_uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\CM2RKT\InfinityBox CM2RKT.lnk - C:\InfinityBox\CM2RKT\CM2RKT.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\CM2RKT\Uninstall InfinityBox CM2RKT.lnk - C:\InfinityBox\CM2RKT\CM2RKT_uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\Drivers\box\Drivers installation guide En.lnk - C:\InfinityBox\Drivers\box\Infinity-Box_Installation_manual_En.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\Drivers\box\Drivers installation guide Ru.lnk - C:\InfinityBox\Drivers\box\Infinity-Box_Installation_manual_Ru.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\Drivers\box\Drivers.lnk - C:\InfinityBox\Drivers\box C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\SM\InfinityBox SM.lnk - C:\InfinityBox\SM\SM.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InfinityBox\SM\Uninstall InfinityBox SM.lnk - C:\InfinityBox\SM\SM_uninstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel DnX USB Driver\Uninstall DnX USB Driver.lnk - C:\Program Files\Intel\xFSTK\DnXUSBDriver\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRoot\iRoot.lnk - C:\Program Files\iRoot\Root.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iRoot\Uninstall iRoot.lnk - C:\Program Files\iRoot\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files\iTunes\iTunes.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGA Website.lnk - C:\ProgramData\MEGAsync\MEGA Website.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync\MEGAsync.lnk - C:\ProgramData\MEGAsync\MEGAsync.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MEGAsync\Uninstall.lnk - C:\ProgramData\MEGAsync\uninst.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\xlicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\joticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\outicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\pptico.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\wordicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\msouc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\misc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\cagicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk - C:\Windows\Installer\{90140000-003D-0000-0000-0000000FF1CE}\oisicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Office Anytime Upgrade.lnk - C:\Program Files\Common Files\microsoft shared\OFFICE14\Office Setup Controller\promo.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiSync\Desinstalar MultiSync.lnk - C:\MultiSync\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiSync\Manual MultiSync GPS.lnk - C:\MultiSync\Manual_MultiSync_GPS.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiSync\Manual MultiSync Tablets e Smartphones.lnk - C:\MultiSync\Manual_MultiSync_Tablets_Smartphones.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MultiSync\MultiSync.lnk - C:\MultiSync\updatemultisync.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Octoplus\Octoplus Samsung\Desinstalar Octoplus Samsung Tool.lnk - C:\Program Files\Octoplus\Octoplus_Samsung\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Octoplus\Octoplus Samsung\Octoplus Samsung Tool.lnk - C:\Program Files\Octoplus\Octoplus_Samsung\OctoplusSamsung.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Octoplus\Octoplus Samsung\Update dongle.lnk - C:\Program Files\Octoplus\Octoplus_Samsung\Updater.exe update C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Desinstalar Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro Help.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\Revo Uninstaller Pro Help.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Smart Switch PC\Smart Switch.lnk - C:\Program Files\Samsung\Smart Switch PC\SmartSwitchPC.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Smart Switch PC\Uninstall Smart Switch.lnk - C:\Program Files\InstallShield Installation Information\{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}\setup.exe /removeonly C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\Manual.lnk - C:\SHARMAQ\SHOficina\Manual.doc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\SHAgenda.lnk - C:\SHARMAQ\SHOficina\SHAgenda.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\SHEstoque.lnk - C:\SHARMAQ\SHOficina\shestoque.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\SHOficina na Web.lnk - C:\SHARMAQ\SHOficina\AutoBackups\SHOficina.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\SHOficina.lnk - C:\SHARMAQ\SHOficina\shoficina3.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\SHVendas.lnk - C:\SHARMAQ\SHOficina\shvenda.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SHOficina\Uninstall SHOficina.lnk - C:\SHARMAQ\SHOficina\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MultiSync.lnk - C:\MultiSync\updatemultisync.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Octoplus Box Samsung software.lnk - C:\Program Files\Octoplus\Octoplus_Samsung\OctoplusSamsung.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Revo Uninstaller Pro.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller Pro\RevoUninPro.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Smart Switch.lnk - C:\Program Files\Samsung\Smart Switch PC\SmartSwitchPC.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\NOT\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyOverride"="*.local" "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Empty IE Cache ====================== C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\NOT\AppData\Local\Mozilla\Firefox\Profiles\zn9n74vj.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\NOT\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=19 folders=16 13840561 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\NOT\AppData\Local\Temp will be emptied at reboot C:\Users\USURIO~1\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\NOT\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 26/07/2017 at 8:18:40,50 ====================== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 08:23:58, on 26/07/2017 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18739) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\System32\rundll32.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\notepad.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\NOT\Desktop\HijackThis.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: MultiSync Log DB Updater (MultiSyncLogDBUpdater) - Multilaser S/A - C:\MultiSyncServiceLog\MultiSyncDBService.exe O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe -- End of file - 6274 bytes
  9. Analise de log

    Como eu disse eu cancelei e fiz em modo de segurança, mesma coisa passou a madrugada e parou no mesmo lugar, desinsta-lo o firefox e tento novamente? o que acha?
  10. Analise de log

    Nem mexi mais no PC depois que você mando fazer os serviços por isso achei estranho, Estou tentando fazer esse zoek, mas ele fica somente no firefox extension, deixei a tarde a te a noite e nada, reiniciei em mode de segurança para fazer e passou a a noite e madrugada e nada para ali, demora mesmo ou algum problema? Estou tentando fazer esse zoek, mas ele fica somente no firefox extension, deixei a tarde a te a noite e nada, reiniciei em mode de segurança para fazer e passou a a noite e madrugada e nada para ali, demora mesmo ou algum problema?
  11. Analise de log

    depois que eu fiz o que pediu, quando abri o chrome abriu essa pagina: https://duckduckgo.com/, nunca nem entrei nela # AdwCleaner 7.0.0.0 - Logfile created on Mon Jul 24 13:45:11 2017 # Updated on 2017/17/07 by Malwarebytes # Running on Windows 7 Ultimate (X86) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** No malicious services deleted. ***** [ Folders ] ***** No malicious folders deleted. ***** [ Files ] ***** No malicious files deleted. ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Key] - HKLM\SOFTWARE\Classes\Interface\{63C40CBE-DE43-4B56-BCEB-E14B825CF245} ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** SearchProvider deleted: Ask Brasil - br.ask.com Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBRHOjYN9_5EdL7qPpMxkVuvqY6tXmgtW7kgdCRemJrP8CbThd2Xjbl9_Az5fcMoiyMcVdvMg188-SBGZ00efG-WQSFFKeQQ9AW5qPxhKYtUV14Bza30YqyST_QKOcU0DrvDLUTJLk0bJJR66jh-v2eCXWL21YsDjzW0pWwR692piNUbLcgI4ruI1c, Startpage deleted: https://search.yahoo.com/?fr=vmn&type=auslog_ya_hp Startpage deleted: http://www.youndoo.com/?z=4bcf07d71ef4ba11f050f72gcz8b9w0gcb9o0qbm8t&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp Startpage deleted: http://www.youndoo.com/?z=fa948c001ca4c551a218fd6g9zdb1w1g5bdmbeao0b&from=amz&uid=ST500LM012XHN-M500MBB_S2SKJ5EC326768&type=hp ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [2467 B] - [2017/7/24 13:44:32] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 7 Ultimate x64 Ran by NOT (Administrator) on 24/07/2017 at 9:49:38,25 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 26 Successfully deleted: C:\Program Files\mozilla firefox\defaults\pref\itms.js (File) Successfully deleted: C:\Users\Public\thunder network (Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BWKP23Y (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6AIPQE00 (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6W0ZERWF (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHOO9TP2 (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJ9G5PMH (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQS0C0PH (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H72HP8JW (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HSOIM597 (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGBPI9BQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LMII0UB2 (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TC7O0X65 (Temporary Internet Files Folder) Successfully deleted: C:\Users\NOT\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZG0L4E91 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4BWKP23Y (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6AIPQE00 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6W0ZERWF (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AHOO9TP2 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AJ9G5PMH (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EQS0C0PH (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H72HP8JW (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\HSOIM597 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\IGBPI9BQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LMII0UB2 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TC7O0X65 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZG0L4E91 (Temporary Internet Files Folder) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 24/07/2017 at 9:53:20,36 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ mais uma vez obrigado
  12. Analise de log

    Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 21/07/17 Hora da análise: 17:42 Arquivo de registro: mal.txt Administrador: Sim -Informação do software- Versão: 3.1.2.1733 Versão de componentes: 1.0.160 Versão do pacote de definições: 1.0.2412 Licença: Grátis -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x86 Sistema de arquivos: NTFS Usuário: NOT-PC\NOT -Resumo da análise- Tipo de análise: Análise de Ameaças Resultado: Concluído Objetos verificados: 256324 Ameaças detectadas: 3 Ameaças em quarentena: 0 (Nenhum item malicioso detectado) Tempo decorrido: 13 min, 52 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Habilitado PUM: Habilitado -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 2 Adware.ChinAd, C:\ProgramData\Thunder Network\DownloadLib, Nenhuma ação do usuário, [570], [374745],1.0.2412 Adware.ChinAd, C:\PROGRAMDATA\THUNDER NETWORK, Nenhuma ação do usuário, [570], [374745],1.0.2412 Arquivo: 1 Adware.ChinAd, C:\PROGRAMDATA\THUNDER NETWORK\DOWNLOADLIB\PUB_STORE.DAT, Nenhuma ação do usuário, [570], [374745],1.0.2412 Setor físico: 0 (Nenhum item malicioso detectado) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:22:00, on 21/07/2017 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18739) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\NOT\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MultiSync Log DB Updater (MultiSyncLogDBUpdater) - Multilaser S/A - C:\MultiSyncServiceLog\MultiSyncDBService.exe O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe -- End of file - 7409 bytes valeu desde ja
  13. Analise de log

    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:30:50, on 19/07/2017 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18739) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\CCleaner\CCleaner.exe C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE D:\SAMSUNG\SamFirm_v0.3.6\SamFirm.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\CCleaner\CCleaner.exe C:\Users\NOT\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [DivXMediaServer] C:\Program Files\DivX\DivX Media Server\DivXMediaServer.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: MultiSync Log DB Updater (MultiSyncLogDBUpdater) - Multilaser S/A - C:\MultiSyncServiceLog\MultiSyncDBService.exe O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe -- End of file - 7598 bytes
  14. VOu ver o que ele tem de bom no pro e juntar grana e comprar, valeu mesmo
  15. ok obrigado Poderia me informar se o spyhunter 4 presta? vale a pena comprar? ne indica comprar algum sistema de segurança vale a pena ou os gratis sao confiáveis
×