Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

Ir para conteúdo

turca

Participante
  • Postagens

    294
  • Desde

  • Última visita

Posts postados por turca

  1. Editado por turca


    Foi feito limpeza pelo baboo, mas logo apos programas detectaram virus, podem me ajudar

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:53:39, on 02/06/2019
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.19355)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
    C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Users\TURCA\Desktop\HijackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
    O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP
    O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AODService - Unknown owner - C:\Program Files (x86)\AMD\OverDrive\AODAssist.exe
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Serviço do CryptoTab Update (cryptobrowser) (cryptobrowser) - CRYPTOCOMPANY OU - C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe
    O23 - Service: Serviço do CryptoTab Update (cryptobrowserm) (cryptobrowserm) - CRYPTOCOMPANY OU - C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: KingoSoftService - Unknown owner - C:\Users\TURCA\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: Panda VPN Service - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe
    O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    O23 - Service: TeraCopy Service (TeraCopyService) - Code Sector - C:\Program Files\TeraCopy\TeraCopyService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 7827 bytes
     


  2. C:\Program Files (x86)\iRoot\1.8.9.21144\AppCool.apk    a variant of Android/Spy.Agent.BN trojan    deleted
    C:\Program Files (x86)\iRoot\1.8.9.21144\CleanMaster.apk    a variant of Android/DroidRooter.AC potentially unsafe application    deleted
    C:\Program Files (x86)\iRoot\1.8.9.21144\kinguser.zip    a variant of Android/DroidRooter.AG potentially unsafe application    deleted
    C:\Program Files (x86)\iRoot\1.8.9.21144\Superuser.apk    a variant of Android/DroidRooter.AC potentially unsafe application    deleted
    C:\Users\TURCA\AppData\Local\Temp\{18A721E4-9404-48E6-9567-0BAD2D5DBC23}.exe    Win32/Visicom.C potentially unwanted application    deleted
    C:\Users\TURCA\AppData\Roaming\mgyun\VRoot\RomMaster_Setup.exe    multiple threats    cleaned by deleting
    C:\Users\TURCA\AppData\Roaming\uTorrent\uTorrent.exe    Win32/OpenCandy.J potentially unsafe application    deleted
    C:\Users\TURCA\AppData\Roaming\uTorrent\updates\3.5.5_45225.exe    Win32/OpenCandy.J potentially unsafe application    deleted
    D:\BOX\EMMC\emmc dongle Ver 1.0.3 Crackd.rar    multiple threats    deleted
    D:\BOX\ROOT\free-download-rootkhp-pro--manualroot.exe    a variant of Win32/Kryptik.GNEP trojan    cleaned by deleting
    D:\BOX\ROOT\iRoot_1.8.9.21144_cid1005.exe    multiple threats    cleaned by deleting
    D:\BOX\ROOT\iRoot_171024.zip    multiple threats    deleted
    D:\BOX\ROOT\KingoRoot.exe    Win32/InstallCore.AYH potentially unwanted application    cleaned by deleting
    D:\BOX\ROOT\RootGenius.exe    a variant of Win32/RootGenius.B potentially unsafe application    cleaned by deleting
    D:\BOX\ROOT\vroot-download.zip    multiple threats    deleted
    D:\TURCATTO\13-05-2019\Download\Não confirmado 354759.crdownload    a variant of Android/Hiddad.SL trojan    deleted
     


  3. Malwarebytes
    www.malwarebytes.com

    -Detalhes de registro-
    Data da análise: 27/05/2019
    Hora da análise: 22:11
    Arquivo de registro: ed9479f0-80ed-11e9-b828-14dae9bc5ab7.json

    -Informação do software-
    Versão: 3.7.1.2839
    Versão de componentes: 1.0.586
    Versão do pacote de definições: 1.0.10792
    Licença: Gratuita

    -Informação do sistema-
    Sistema operacional: Windows 7 Service Pack 1
    CPU: x64
    Sistema de arquivos: NTFS
    Usuário: TURCA-PC\TURCA

    -Resumo da análise-
    Tipo de análise: Análise de Ameaças
    Análise Iniciada Por: Manual
    Resultado: Concluído
    Objetos verificados: 246663
    Ameaças detectadas: 173
    Ameaças em quarentena: 166
    Tempo decorrido: 5 min, 18 seg

    -Opções da análise-
    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de arquivos: Habilitado
    Arquivos compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Detectar
    PUM: Detectar

    -Detalhes da análise-
    Processo: 0
    (Nenhum item malicioso detectado)

    Módulo: 0
    (Nenhum item malicioso detectado)

    Chave de registro: 14
    Adware.SmartApplicationController.TskLnk, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CheckControllerUpdatesUA, Quarentena, [5477], [470279],1.0.10792
    Adware.SmartApplicationController.TskLnk, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{85E62323-105E-44B5-9B1D-2F45291F391D}, Quarentena, [5477], [470279],1.0.10792
    Adware.SmartApplicationController.TskLnk, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{85E62323-105E-44B5-9B1D-2F45291F391D}, Quarentena, [5477], [470279],1.0.10792
    Adware.SmartApplicationController.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CheckControllerUpdatesUA, Quarentena, [5477], [-1],0.0.0
    Adware.SmartApplicationController.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85E62323-105E-44B5-9B1D-2F45291F391D}, Quarentena, [5477], [-1],0.0.0
    Adware.SmartApplicationController.TskLnk, HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{85E62323-105E-44B5-9B1D-2F45291F391D}, Quarentena, [5477], [-1],0.0.0
    PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\beliehdniadoecbonbhlcgbdldccfigp, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\iepoegkaoeljnbhagabakjodgpfniimo, Quarentena, [247], [655213],1.0.10792
    PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\LOW RIGHTS\ELEVATIONPOLICY\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}, Quarentena, [247], [471429],1.0.10792
    PUP.Optional.MailRu, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\ru.mail.go.ext_info_host, Quarentena, [247], [485554],1.0.10792
    PUP.Optional.MailRu, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}, Quarentena, [247], [382913],1.0.10792
    PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Windows\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{8E8F97CD-60B5-456F-A201-73065652D099}, Quarentena, [319], [351113],1.0.10792
    PUP.Optional.RussAd, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}, Quarentena, [319], [351113],1.0.10792
    PUP.Optional.RussAd, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{8E8F97CD-60B5-456F-A201-73065652D099}, Quarentena, [319], [351113],1.0.10792

    Valor de registro: 8
    PUP.Optional.MailRu, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|BELIEHDNIADOECBONBHLCGBDLDCCFIGP, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|IEPOEGKAOELJNBHAGABAKJODGPFNIIMO, Quarentena, [247], [655213],1.0.10792
    PUP.Optional.MailRu, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\LOW RIGHTS\ELEVATIONPOLICY\{68AE298D-7E8A-4F53-BE55-15D2B065F6C0}|APPPATH, Quarentena, [247], [471429],1.0.10792
    PUP.Optional.MailRu, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|URL, Quarentena, [247], [382913],1.0.10792
    PUP.Optional.MailRu, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|FAVICONURLFALLBACK, Quarentena, [247], [382913],1.0.10792
    PUP.Optional.MailRu, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}|SUGGESTIONSURL, Quarentena, [247], [382913],1.0.10792
    Adware.Yelloader, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\RUN|VIEW, Quarentena, [2599], [593743],1.0.10792
    PUP.Optional.HandyTab, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|ichlgjlpcclmlojahkhhbgmklkphcgll, Falha ao remover, [226], [617104],1.0.10792

    Dados de registro: 1
    Adware.MailRu.BatBitRst, HKU\S-1-5-21-3868506572-1098764017-3779832037-1000\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|START PAGE, Substituído, [330], [481471],1.0.10792

    Fluxo de dados: 0
    (Nenhum item malicioso detectado)

    Pasta: 29
    Adware.SmartApplicationController, C:\USERS\TURCA\APPDATA\ROAMING\SMART APPLICATION CONTROLLER, Quarentena, [4278], [470282],1.0.10792
    PUP.Optional.SystemTable.Generic, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon, Quarentena, [4621], [509531],1.0.10792
    PUP.Optional.SystemTable.Generic, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\js, Quarentena, [4621], [509531],1.0.10792
    PUP.Optional.SystemTable.Generic, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0, Quarentena, [4621], [509531],1.0.10792
    PUP.Optional.SystemTable.Generic, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\SYSTEMTABLE, Quarentena, [4621], [509531],1.0.10792
    Adware.SmartApplicationController.TskLnk, C:\PROGRAM FILES (X86)\SMART APPLICATION CONTROLLER, Quarentena, [5477], [470279],1.0.10792
    Adware.SmartApplicationController, C:\PROGRAMDATA\MICROSOFT\Windows\START MENU\PROGRAMS\SMART APPLICATION CONTROLLER, Quarentena, [4278], [471427],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\assets\resources, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\_locales\en, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\_locales\ru, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\assets\img, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\icons, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\_metadata, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\_locales, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\assets, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\BELIEHDNIADOECBONBHLCGBDLDCCFIGP, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\iepoegkaoeljnbhagabakjodgpfniimo\15.1.4.3_0\_metadata, Quarentena, [247], [655213],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\iepoegkaoeljnbhagabakjodgpfniimo\15.1.4.3_0, Quarentena, [247], [655213],1.0.10792
    PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\IEPOEGKAOELJNBHAGABAKJODGPFNIIMO, Quarentena, [247], [655213],1.0.10792
    PUP.Optional.MailRu, C:\PROGRAM FILES (X86)\MAIL.RU, Quarentena, [247], [384138],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\_metadata, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\js, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll, Falha ao remover, [226], [617104],1.0.10792

    Arquivo: 121
    Adware.SmartApplicationController, C:\USERS\TURCA\APPDATA\ROAMING\SMART APPLICATION CONTROLLER\SETTINGS.INI, Quarentena, [4278], [470282],1.0.10792
    PUP.Optional.MailRu, C:\USERS\TURCA\FAVORITES\Mail.Ru.url, Quarentena, [247], [471428],1.0.10792
    PUP.Optional.SystemTable.Generic, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\SYSTEMTABLE\1.2_0\manifest.json, Quarentena, [4621], [509531],1.0.10792
    PUP.Optional.SystemTable.Generic, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon128.png, Quarentena, [4621], [509531],1.0.10792
    PUP.Optional.SystemTable.Generic, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon16.png, Quarentena, [4621], [509531],1.0.10792
    PUP.Optional.SystemTable.Generic, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon24.png, Quarentena, [4621], [509531],1.0.10792
    PUP.Optional.SystemTable.Generic, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\icon\icon32.png, Quarentena, [4621], [509531],1.0.10792
    PUP.Optional.SystemTable.Generic, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\js\background.js, Quarentena, [4621], [509531],1.0.10792
    PUP.Optional.SystemTable.Generic, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\SystemTable\1.2_0\js\libs.js, Quarentena, [4621], [509531],1.0.10792
    Adware.SmartApplicationController.TskLnk, C:\Windows\SYSTEM32\TASKS\CheckControllerUpdatesUA, Quarentena, [5477], [470279],1.0.10792
    Adware.SmartApplicationController.TskLnk, C:\PROGRAM FILES (X86)\SMART APPLICATION CONTROLLER\SMAPPSCONTROLLER.EXE, Quarentena, [5477], [470279],1.0.10792
    Adware.SmartApplicationController.TskLnk, C:\Program Files (x86)\Smart Application Controller\smappscontroller_update.exe, Quarentena, [5477], [470279],1.0.10792
    Adware.SmartApplicationController.TskLnk, C:\Program Files (x86)\Smart Application Controller\software_update.ico, Quarentena, [5477], [470279],1.0.10792
    Adware.SmartApplicationController.TskLnk, C:\Program Files (x86)\Smart Application Controller\unins000.dat, Quarentena, [5477], [470279],1.0.10792
    Adware.SmartApplicationController.TskLnk, C:\Program Files (x86)\Smart Application Controller\unins000.exe, Quarentena, [5477], [470279],1.0.10792
    Adware.SmartApplicationController.TskLnk, C:\Windows\SYSTEM32\TASKS\CheckControllerUpdatesUA, Quarentena, [5477], [-1],0.0.0
    Adware.SmartApplicationController, C:\PROGRAMDATA\MICROSOFT\Windows\START MENU\PROGRAMS\SMART APPLICATION CONTROLLER\SMART APPLICATION CONTROLLER.LNK, Quarentena, [4278], [471427],1.0.10792
    Adware.MailRu.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [330], [-1],0.0.0
    Adware.MailRu.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [330], [-1],0.0.0
    Adware.MailRu.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [330], [-1],0.0.0
    Adware.MailRu.BatBitRst, C:\PROGRAMDATA\APPLICATION DATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [330], [-1],0.0.0
    Adware.MailRu.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [330], [-1],0.0.0
    Adware.MailRu.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR0.DAT, Quarentena, [330], [-1],0.0.0
    Adware.MailRu.BatBitRst, C:\DOCUMENTS AND SETTINGS\ALL USERS\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [330], [-1],0.0.0
    Adware.MailRu.BatBitRst, C:\PROGRAMDATA\MICROSOFT\NETWORK\DOWNLOADER\QMGR1.DAT, Quarentena, [330], [-1],0.0.0
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\assets\img\loaded-empty.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\assets\resources\currency-arrow-dark-up.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\assets\resources\currency-arrow-light-down.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\assets\resources\currency-arrow-light-up.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\assets\resources\drag-arrows.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\assets\resources\search-cancel-button.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\add-128.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\add-16.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\add-32.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\add-48.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\added-128.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\added-16.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\added-32.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\added-48.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\disabled-128.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\disabled-16.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\disabled-32.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\browser-action\disabled-48.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\icons\icon-128.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\icons\icon-16.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\icons\icon-32.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\icons\icon-48.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\black-cross.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\spinner.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\trash.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\img\white-cross.png, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\_locales\en\messages.json, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\_locales\ru\messages.json, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\_metadata\verified_contents.json, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\page-script.js, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\app.bundle.css, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\app.bundle.js, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\background.bundle.css, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\background.bundle.js, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\background.html, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\context_mailru-plugin.js, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\manifest.json, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\page-script.css, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\prerender.js, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\vendors~app.bundle.css, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\vendors~app.bundle.js, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\vendors~app.bundle~background.bundle.css, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\vendors~app.bundle~background.bundle.js, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\vendors~background.bundle.js, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\beliehdniadoecbonbhlcgbdldccfigp\4.2.6_1\visual-bookmarks.html, Quarentena, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Substituído, [247], [678404],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\iepoegkaoeljnbhagabakjodgpfniimo\15.1.4.3_0\_metadata\computed_hashes.json, Quarentena, [247], [655213],1.0.10792
    PUP.Optional.MailRu, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\iepoegkaoeljnbhagabakjodgpfniimo\15.1.4.3_0\_metadata\verified_contents.json, Quarentena, [247], [655213],1.0.10792
    PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [247], [655213],1.0.10792
    PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Substituído, [247], [655213],1.0.10792
    Adware.MailRu.BatBitRst, C:\USERS\TURCA\DESKTOP\Искать в Интернете.URL, Quarentena, [330], [481462],1.0.10792
    Adware.MailRu.BatBitRst, C:\USERS\TURCA\FAVORITES\Искать в Интернете.URL, Quarentena, [330], [648495],1.0.10792
    Adware.IStartSurf, C:\USERS\TURCA\APPDATA\ROAMING\Microsoft\Windows\Recent\free-download-rootkhp-pro--manualroot.lnk, Quarentena, [533], [633882],1.0.10792
    Adware.IStartSurf, D:\BOX\ROOT\FREE-DOWNLOAD-ROOTKHP-PRO--MANUALROOT.ZIP, Quarentena, [533], [633882],1.0.10792
    Trojan.Yelloader, C:\USERS\TURCA\APPDATA\ROAMING\ZHP\QUARANTINE\VIEW.DIR\VIEWU.EXE, Quarentena, [2742], [682335],1.0.10792
    Trojan.Yelloader, C:\USERS\TURCA\APPDATA\ROAMING\ZHP\QUARANTINE\VIEW.DIR\VIEW.EXE, Quarentena, [2742], [640258],1.0.10792
    Trojan.Yelloader, C:\USERS\TURCA\APPDATA\ROAMING\ZHP\QUARANTINE\VIEW.EXE, Quarentena, [2742], [640258],1.0.10792
    MachineLearning/Anomalous.100%, C:\USERS\TURCA\Desktop\ZHPCleaner.lnk, Quarentena, [0], [392687],1.0.10792
    MachineLearning/Anomalous.100%, C:\USERS\TURCA\APPDATA\ROAMING\ZHP\ZHPCLEANER.EXE, Quarentena, [0], [392687],1.0.10792
    Generic.Malware/Suspicious, C:\PROGRAM FILES (X86)\SMART APPLICATION CONTROLLER\SMAPPSCONTROLLER_UPDATE.EXE, Quarentena, [0], [392686],1.0.10792
    Adware.SmartApplicationController, C:\USERS\TURCA\APPDATA\LOCAL\TEMP\8A09A390-5BE7-4663-9878-DC30B620AE04\8A09A390-5BE7-4663-9878-DC30B620AE04.EXE, Quarentena, [4278], [470278],1.0.10792
    PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\TEMP\A11211F3-5B4E-4085-AA8D-2F99D8082CFE\A11211F3-5B4E-4085-AA8D-2F99D8082CFE.EXE, Quarentena, [247], [609065],1.0.10792
    Generic.Malware/Suspicious, C:\USERS\TURCA\APPDATA\LOCAL\TEMP\05E16A10-C311-4E54-8688-DE26372CA985\05E16A10-C311-4E54-8688-DE26372CA985.EXE, Quarentena, [0], [392686],1.0.10792
    Adware.ExtenBro.Generic, C:\USERS\TURCA\APPDATA\LOCAL\TEMP\E12ACB53-FF66-4CCF-B740-82F39D1ED6AC\E12ACB53-FF66-4CCF-B740-82F39D1ED6AC.EXE, Quarentena, [10440], [594856],1.0.10792
    MachineLearning/Anomalous.100%, C:\USERS\TURCA\DESKTOP\ZHPCLEANER.EXE, Quarentena, [0], [392687],1.0.10792
    Adware.MailRu.BatBitRst, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [330], [481467],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\js\background.js, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\_metadata\computed_hashes.json, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\_metadata\verified_contents.json, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\handy-tab_icon-16px.png, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\handy-tab_icon-256px.png, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\handy-tab_icon-32px.png, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\handy-tab_icon-96px.png, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\icon_default.png, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Extensions\ichlgjlpcclmlojahkhhbgmklkphcgll\1.0.4_0\manifest.json, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\000003.log, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\CURRENT, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\LOCK, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\LOG, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\LOG.old, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\MANIFEST-000001, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\000003.log, Falha ao remover, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\CURRENT, Falha ao remover, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\LOCK, Falha ao remover, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\LOG, Falha ao remover, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\LOG.old, Quarentena, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\ichlgjlpcclmlojahkhhbgmklkphcgll\MANIFEST-000001, Falha ao remover, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Substituído, [226], [617104],1.0.10792
    PUP.Optional.HandyTab, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [226], [617104],1.0.10792
    PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [247], [454830],1.0.10792
    PUP.Optional.HandyTab, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [226], [617104],1.0.10792
    PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [247], [454830],1.0.10792
    PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Substituído, [247], [454830],1.0.10792
    PUP.Optional.MailRu, C:\USERS\TURCA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, Substituído, [247], [454830],1.0.10792

    Setor físico: 0
    (Nenhum item malicioso detectado)

    Instrumentação do Windows (WMI): 0
    (Nenhum item malicioso detectado)


    (end)

     

     

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 22:26:13, on 27/05/2019
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.19355)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
    C:\Users\TURCA\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe,
    O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
    O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP
    O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_2B0C6B675BCD835F78CFFB4009EC0474] "C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Serviço do CryptoTab Update (cryptobrowser) (cryptobrowser) - CRYPTOCOMPANY OU - C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe
    O23 - Service: Serviço do CryptoTab Update (cryptobrowserm) (cryptobrowserm) - CRYPTOCOMPANY OU - C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: KingoSoftService - Unknown owner - C:\Users\TURCA\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: Panda VPN Service - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe
    O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    O23 - Service: TeraCopy Service (TeraCopyService) - Code Sector - C:\Program Files\TeraCopy\TeraCopyService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 8069 bytes
     


  4. ~ ZHPCleaner v2019.5.27.72 by Nicolas Coolman (2019/05/27)
    ~ Run by TURCA (Administrator)  (27/05/2019 15:04:15)
    ~ Web: https://www.nicolascoolman.com
    ~ Blog: https://nicolascoolman.eu/
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ State version : Version OK
    ~ Certificate ZHPCleaner: Legal
    ~ Type : Scan
    ~ Report : C:\Users\TURCA\Desktop\ZHPCleaner (S).txt
    ~ Quarantine : C:\Users\TURCA\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
    ~ UAC : Deactivate
    ~ Boot Mode : Normal (Normal boot)
    Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


    ---\\  Alternate Data Stream (ADS). (0)
    ~ No malicious or unnecessary items found.


    ---\\  Services (0)
    ~ No malicious or unnecessary items found.


    ---\\  Browser internet (1)
    FOUND data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\webcompanion.com\\http [Bad : Sensitive Websites]  =>PUP.Optional.LavasoftWebCompanion


    ---\\  Hosts file (1)
    ~ The hosts file is legitimate (21)


    ---\\  Scheduled automatic tasks. (0)
    ~ No malicious or unnecessary items found.


    ---\\  Explorer ( File, Folder) (96)
    FOUND file: C:\Users\TURCA\Desktop\µTorrent.lnk  [Bad : C:\Users\TURCA\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
    FOUND file: C:\Users\TURCA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk  [Bad : C:\Users\TURCA\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
    FOUND folder: C:\Users\TURCA\AppData\Roaming\view  =>Adware.Razy
    FOUND file: C:\Users\TURCA\AppData\Roaming\uTorrent\uTorrent.exe [BitTorrent Inc. - µTorrent]  =>BitTorrent (P2P)
    FOUND file: C:\Users\TURCA\Desktop\µTorrent.lnk    =>BitTorrent (P2P)
    FOUND file: C:\Users\TURCA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk    =>BitTorrent (P2P)
    FOUND file: C:\Windows\Temp\QRemover.exe [ - QRemover MFC Application]  =>Heuristic.Suspect
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI13C1.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI15D1.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI1832.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI1FD4.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI21F1.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI2A89.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI31D8.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI3840.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI4143.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI427B.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI4DA2.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI54C3.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI54E5.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI5CA.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI650C.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI6586.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI65B4.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI6931.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI69CE.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI6A7A.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI7E43.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI7F8D.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI80B.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI84D8.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI8891.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI8AF3.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI928E.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI931B.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI95CC.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI960B.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI962C.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI9A2C.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIA1DA.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIA268.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIA41C.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIAA33.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIC3DA.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIC94C.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIDE3D.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIE0BE.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIE14C.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIE908.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIEB96.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIF097.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIF72A.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\romaster_default-large.png    =>.SUP.Temporary.Picture
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\~DF70C03966B6AB440D.TMP    =>.SUP.Temporary.Other
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\~DF7BC06D5023B05D18.TMP    =>.SUP.Temporary.Other
    FOUND folder: C:\Program Files (x86)\Common Files\Tencent\QQDownload  =>.SUP.Tencent
    FOUND folder: C:\Program Files (x86)\Common Files\Tencent  =>.SUP.Tencent
    FOUND folder: C:\ProgramData\Tencent\Desktop  =>.SUP.Tencent
    FOUND folder: C:\ProgramData\Tencent\QQDownload  =>.SUP.Tencent
    FOUND folder: C:\ProgramData\Tencent  =>.SUP.Tencent
    FOUND folder: C:\Users\TURCA\AppData\Roaming\Tencent\DeskUpdate  =>.SUP.Tencent
    FOUND folder: C:\Users\TURCA\AppData\Roaming\Tencent\QQDownload  =>.SUP.Tencent
    FOUND folder: C:\Users\TURCA\AppData\Roaming\Tencent\Tencentdl  =>.SUP.Tencent
    FOUND folder: C:\Users\TURCA\AppData\Roaming\Tencent  =>.SUP.Tencent
    FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir2728_25355  =>.SUP.Temporary.Steam
    FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir2944_30552  =>.SUP.Temporary.Steam
    FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir3464_19913  =>.SUP.Temporary.Steam
    FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir3580_27266  =>.SUP.Temporary.Steam
    FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir3764_16764  =>.SUP.Temporary.Steam
    FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir3828_4495  =>.SUP.Temporary.Steam
    FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir4184_15869  =>.SUP.Temporary.Steam
    FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir4932_26192  =>.SUP.Temporary.Steam
    FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir5280_31040  =>.SUP.Temporary.Steam
    FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir6472_22023  =>.SUP.Temporary.Steam
    FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir7760_15657  =>.SUP.Temporary.Steam
    FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir8120_2603  =>.SUP.Temporary.Steam
    FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir9072_983  =>.SUP.Temporary.Steam
    FOUND folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir9524_24048  =>.SUP.Temporary.Steam
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\000  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\002  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\003  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\004  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\006  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\007  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\008  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\009  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\010  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\014  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\015  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\016  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\017  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\018  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\019  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\020  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\view  =>Adware.Razy
    FOUND file: C:\program files (x86)\common files\Tencent\qqdownload\135\tencentdl.exe [Tencent - 腾讯高速下载引擎]  =>.SUP.Tencent


    ---\\  Registry ( Key, Value, Data) (12)
    FOUND value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_2B0C6B675BCD835F78CFFB4009EC0474 ["C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5]  =>PUP.Optional.MyBrowser
    FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
    FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\view [GoldDay Corp]  =>Adware.Razy
    FOUND key: [X64] HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman]  =>PUP.Optional.Camec
    FOUND key: [X64] HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO [Search@Mail.Ru]  =>Adware.RussAd
    FOUND key: [X64] HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO.1 [Search@Mail.Ru]  =>Adware.RussAd
    FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman]  =>PUP.Optional.Camec
    FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tencentdl_RASAPI32 []  =>.SUP.Tencent
    FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A6AE177E-D46B-4463-AA69-B9F818E0DC4A}_is1 [Smart Application Controller]  =>.SUP.SmartApps
    FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [CRYPTOCOMPANY]  =>Heuristic.Suspect
    FOUND value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{63C29816-8642-471B-BE7E-648448C992FF} [C:\program files (x86)\common files\tencent\qqdownload\135\bugreport_xf.exe]  =>.SUP.Tencent
    FOUND value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{6D77F7A6-74E5-4804-8066-0AAC5966265D} [C:\program files (x86)\common files\tencent\qqdownload\135\tencentdl.exe]  =>.SUP.Tencent


    ---\\  Summary of the elements found (14)
    https://nicolascoolman.eu/2017/03/12/superfluous-lavasoftwebcompanion/  =>PUP.Optional.LavasoftWebCompanion
    https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
    https://www.anti-malware.top/2016/11/04/adware-razy/  =>Adware.Razy
    https://nicolascoolman.eu/2017/01/28/heuristic-suspect/  =>Heuristic.Suspect
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Empty
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Picture
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Other
    https://nicolascoolman.eu/2017/02/23/tencentadressbar/  =>.SUP.Tencent
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Steam
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Chrome
    https://nicolascoolman.eu/2017/11/01/adware-mybrowser/  =>PUP.Optional.MyBrowser
    https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.Camec
    https://nicolascoolman.eu/2017/11/29/adware-russad/  =>Adware.RussAd
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.SmartApps


    ---\\ Result of repair
    ~ Any repair made
    ~ Browser not found (Mozilla Firefox)
    ~ Browser not found (Opera Software)


    ---\\ Statistics
    ~ Items scanned : 63578
    ~ Items found : 159
    ~ Items cancelled : 0
    ~ Items options : 12/12
    ~ Space saving (bytes) : 483960


    ~ End of search in 00h05mn52s

    ---\\  Reports (3)
    ZHPCleaner-[R]-02052019-12_25_17.txt
    ZHPCleaner--02052019-12_23_40.txt
    ZHPCleaner--27052019-15_10_07.txt
     

     

    ~ ZHPCleaner v2019.5.27.72 by Nicolas Coolman (2019/05/27)
    ~ Run by TURCA (Administrator)  (27/05/2019 17:54:28)
    ~ Web: https://www.nicolascoolman.com
    ~ Blog: https://nicolascoolman.eu/
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ State version : Version OK
    ~ Certificate ZHPCleaner: Legal
    ~ Type : Repair
    ~ Report : C:\Users\TURCA\Desktop\ZHPCleaner (R).txt
    ~ Quarantine : C:\Users\TURCA\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
    ~ UAC : Deactivate
    ~ Boot Mode : Normal (Normal boot)
    Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


    ---\\  Alternate Data Stream (ADS). (0)
    ~ No malicious or unnecessary items found.


    ---\\  Services (0)
    ~ No malicious or unnecessary items found.


    ---\\  Browser internet (1)
    DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\webcompanion.com\\http [Bad : Sensitive Websites]  =>PUP.Optional.LavasoftWebCompanion


    ---\\  Hosts file (1)
    ~ The hosts file is legitimate (21)


    ---\\  Scheduled automatic tasks. (0)
    ~ No malicious or unnecessary items found.


    ---\\  Explorer ( File, Folder) (87)
    MOVED file: C:\Users\TURCA\Desktop\µTorrent.lnk  [Bad : C:\Users\TURCA\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
    MOVED file: C:\Users\TURCA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk  [Bad : C:\Users\TURCA\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
    MOVED file: C:\Windows\Temp\QRemover.exe [ - QRemover MFC Application]  =>Heuristic.Suspect
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI13C1.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI15D1.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI1832.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI1FD4.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI21F1.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI2A89.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI31D8.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI3840.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI4143.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI427B.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI4DA2.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI54C3.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI54E5.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI5CA.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI650C.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI6586.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI65B4.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI6931.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI69CE.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI6A7A.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI7E43.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI7F8D.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI80B.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI84D8.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI8891.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI8AF3.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI928E.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI931B.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI95CC.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI960B.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI962C.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMI9A2C.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIA1DA.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIA268.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIA41C.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIAA33.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIC3DA.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIC94C.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIDE3D.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIE0BE.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIE14C.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIE908.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIEB96.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIF097.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\DMIF72A.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\romaster_default-large.png    =>.SUP.Temporary.Picture
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\~DF70C03966B6AB440D.TMP    =>.SUP.Temporary.Other
    MOVED file: C:\Users\TURCA\AppData\Local\Temp\~DF7BC06D5023B05D18.TMP    =>.SUP.Temporary.Other
    MOVED file: C:\program files (x86)\common files\Tencent\qqdownload\135\tencentdl.exe [Tencent - 腾讯高速下载引擎]  =>.SUP.Tencent
    MOVED folder^: C:\Users\TURCA\AppData\Roaming\view  =>Adware.Razy
    MOVED folder: C:\Program Files (x86)\Common Files\Tencent  =>.SUP.Tencent
    MOVED folder: C:\ProgramData\Tencent  =>.SUP.Tencent
    MOVED folder: C:\Users\TURCA\AppData\Roaming\Tencent  =>.SUP.Tencent
    MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir2728_25355  =>.SUP.Temporary.Steam
    MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir2944_30552  =>.SUP.Temporary.Steam
    MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir3464_19913  =>.SUP.Temporary.Steam
    MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir3580_27266  =>.SUP.Temporary.Steam
    MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir3764_16764  =>.SUP.Temporary.Steam
    MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir3828_4495  =>.SUP.Temporary.Steam
    MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir4184_15869  =>.SUP.Temporary.Steam
    MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir4932_26192  =>.SUP.Temporary.Steam
    MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir5280_31040  =>.SUP.Temporary.Steam
    MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir6472_22023  =>.SUP.Temporary.Steam
    MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir7760_15657  =>.SUP.Temporary.Steam
    MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir8120_2603  =>.SUP.Temporary.Steam
    MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir9072_983  =>.SUP.Temporary.Steam
    MOVED folder: C:\Users\TURCA\AppData\Local\Temp\scoped_dir9524_24048  =>.SUP.Temporary.Steam
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\000  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\002  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\003  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\004  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\006  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\007  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\008  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\009  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\010  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\014  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\015  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\016  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\017  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\018  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\019  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\020  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\view  =>Adware.Razy


    ---\\  Registry ( Key, Value, Data) (12)
    DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
    DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\view [GoldDay Corp]  =>Adware.Razy
    DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman]  =>PUP.Optional.Camec
    DELETED key*: [X64] HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO [Search@Mail.Ru]  =>Adware.RussAd
    DELETED key*: [X64] HKLM\SOFTWARE\Classes\IESearchPlugin.MailRuBHO.1 [Search@Mail.Ru]  =>Adware.RussAd
    DELETED key**: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman]  =>PUP.Optional.Camec
    DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\tencentdl_RASAPI32 []  =>.SUP.Tencent
    DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A6AE177E-D46B-4463-AA69-B9F818E0DC4A}_is1 [Smart Application Controller]  =>.SUP.SmartApps
    DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} [CRYPTOCOMPANY]  =>Heuristic.Suspect
    DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_2B0C6B675BCD835F78CFFB4009EC0474 ["C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5]  =>PUP.Optional.MyBrowser
    DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{63C29816-8642-471B-BE7E-648448C992FF} [C:\program files (x86)\common files\tencent\qqdownload\135\bugreport_xf.exe]  =>.SUP.Tencent
    DELETED value: HKLM\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\firewallRules\\{6D77F7A6-74E5-4804-8066-0AAC5966265D} [C:\program files (x86)\common files\tencent\qqdownload\135\tencentdl.exe]  =>.SUP.Tencent


    ---\\  Summary of the elements found (14)
    https://nicolascoolman.eu/2017/03/12/superfluous-lavasoftwebcompanion/  =>PUP.Optional.LavasoftWebCompanion
    https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
    https://nicolascoolman.eu/2017/01/28/heuristic-suspect/  =>Heuristic.Suspect
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Empty
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Picture
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Other
    https://nicolascoolman.eu/2017/02/23/tencentadressbar/  =>.SUP.Tencent
    https://www.anti-malware.top/2016/11/04/adware-razy/  =>Adware.Razy
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Steam
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Chrome
    https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.Camec
    https://nicolascoolman.eu/2017/11/29/adware-russad/  =>Adware.RussAd
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.SmartApps
    https://nicolascoolman.eu/2017/11/01/adware-mybrowser/  =>PUP.Optional.MyBrowser


    ---\\  Other deletions. (10)
    ~ Registry Keys Tracing deleted (8)
    ~ Remove the old reports ZHPCleaner. (2)


    ---\\ Result of repair
    ~ Repair carried out successfully
    ~ Browser not found (Mozilla Firefox)
    ~ Browser not found (Opera Software)
    ~ The system has been restarted.


    ---\\ Statistics
    ~ Items scanned : 474
    ~ Items found : 0
    ~ Items cancelled : 0
    ~ Items options : 12/12
    ~ Space saving (bytes) : 483960


    ~ End of clean in 00h00mn34s

    ---\\  Reports (2)
    ZHPCleaner--27052019-15_10_07.txt
    ZHPCleaner-[R]-27052019-17_55_02.txt
     

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:24:29, on 27/05/2019
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.19355)
    Boot mode: Normal

    Running processes:
    C:\Users\TURCA\AppData\Local\Mail.Ru\MailRuUpdater.exe
    C:\Program Files (x86)\Marcos Velasco Security\MV Defrag 1.9\MVDEFRAG.EXE
    C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Users\TURCA\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.ru/cnt/10445?gp=834423
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\TURCA\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll
    O4 - HKLM\..\Run: [CryptoTab Browser] C:\Program Files (x86)\CryptoTab Browser\Application\browser.exe
    O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP
    O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKCU\..\Run: [MailRuUpdater] C:\Users\TURCA\AppData\Local\Mail.Ru\MailRuUpdater.exe
    O4 - HKCU\..\Run: [view] C:\Users\TURCA\AppData\Roaming\view\viewU.exe
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_2B0C6B675BCD835F78CFFB4009EC0474] "C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
    O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Serviço do CryptoTab Update (cryptobrowser) (cryptobrowser) - CRYPTOCOMPANY OU - C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe
    O23 - Service: Serviço do CryptoTab Update (cryptobrowserm) (cryptobrowserm) - CRYPTOCOMPANY OU - C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: KingoSoftService - Unknown owner - C:\Users\TURCA\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: Mail.Ru Update Service (mrupdsrv) - Mail.Ru - C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    O23 - Service: TeraCopy Service (TeraCopyService) - Code Sector - C:\Program Files\TeraCopy\TeraCopyService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater.Mail.Ru - Mail.Ru - C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 8426 bytes
     


  5. PC esta travando muito, abrindo coisas e icones estranhos na tela

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:48:31, on 27/05/2019
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.19355)
    Boot mode: Normal

    Running processes:
    C:\Users\TURCA\AppData\Local\Mail.Ru\MailRuUpdater.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
    C:\Users\TURCA\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://mail.ru/cnt/10445?gp=834423
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: MRSearchPlugin - {8E8F97CD-60B5-456F-A201-73065652D099} - C:\Users\TURCA\AppData\Local\Mail.Ru\Sputnik\ie_addon_dll.dll
    O4 - HKLM\..\Run: [CryptoTab Browser] C:\Program Files (x86)\CryptoTab Browser\Application\browser.exe
    O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP
    O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_2B0C6B675BCD835F78CFFB4009EC0474] "C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
    O4 - HKCU\..\Run: [MailRuUpdater] C:\Users\TURCA\AppData\Local\Mail.Ru\MailRuUpdater.exe
    O4 - HKCU\..\Run: [view] C:\Users\TURCA\AppData\Roaming\view\viewU.exe
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123248286\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
    O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123248286\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
    O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123406111\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
    O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123406111\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
    O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123248384\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
    O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123248384\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
    O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123406190\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
    O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123406190\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
    O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123248466\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP (User '?')
    O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123406366\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP (User '?')
    O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123248910\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
    O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123248910\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
    O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123406838\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
    O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-05272019123406838\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://*.webcompanion.com
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Serviço do CryptoTab Update (cryptobrowser) (cryptobrowser) - CRYPTOCOMPANY OU - C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe
    O23 - Service: Serviço do CryptoTab Update (cryptobrowserm) (cryptobrowserm) - CRYPTOCOMPANY OU - C:\Program Files (x86)\CryptoCompany\Update\CryptoTabUpdate.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: KingoSoftService - Unknown owner - C:\Users\TURCA\AppData\Local\Kingosoft\Kingo Root\update_27205\bin\KingoSoftService.exe
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: Mail.Ru Update Service (mrupdsrv) - Mail.Ru - C:\Program Files (x86)\Mail.Ru\Update Service\mrupdsrv.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Common Files\Raxco\Shared\PDEngine.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: PST Service - Motorola - C:\Program Files (x86)\Motorola\MotForwardDaemon\ForwardDaemon.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    O23 - Service: TeraCopy Service (TeraCopyService) - Code Sector - C:\Program Files\TeraCopy\TeraCopyService.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: Updater.Mail.Ru - Mail.Ru - C:\Program Files (x86)\Mail.Ru\MailRuUpdater\MailRuUpdater.exe
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10753 bytes
     

  6. Editado por turca


    Obrigado, acredito em você, mas é que pesquisamos na net e falam que é tipo virus isso do aliexpress, mas obrigado, mas agora analisando no Internet Explorer abrindo as mesmas paginas no link nao fica best, somente no google chrome, não é estranho?


  7. C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00084b    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
    D:\BOX\IMEI Cleaner\Demo.zip    a variant of Win32/Packed.NoobyProtect.S suspicious application    deleted
    D:\BOX\IMEI Cleaner\Demo\IMEI Cleaner Demo.exe    a variant of Win32/Packed.NoobyProtect.S suspicious application    cleaned by deleting
    D:\BOX\IPOWER X\FILE_21D167-B2EB69-38C88F-7706EE-7F9A78-BC82CE.rar    a variant of Win32/Packed.VMProtect.AB trojan    deleted
    D:\BOX\IPOWER X\iREWORK_&_iPOWER_X_V3.0_EN_Installer.exe    a variant of Win32/Packed.VMProtect.AB trojan    cleaned by deleting
    D:\BOX\IPOWER X\iREWORK_&_iPOWER_X_V3.0_EN_Installer.rar    a variant of Win32/Packed.VMProtect.AB trojan    deleted
    D:\BOX\IPOWER X\IRW_CN.exe    a variant of Win32/Packed.VMProtect.AB trojan    cleaned by deleting
    D:\BOX\IPOWER X\IRW_EN.exe    a variant of Win32/Packed.VMProtect.AB trojan    cleaned by deleting
    D:\BOX\IPOWER X\IRW_V3.1.rar    a variant of Win32/Packed.VMProtect.AB trojan    deleted
    D:\BOX\RIFFBOX\RiffBoxDealerAdminClient_1.08_8080.exe    Win32/Virut.NBP virus    cleaned
    D:\BOX\VOLCANO\VolcanoUtility_v2.8.3_Volcano Yellowstone.rar    multiple threats    deleted
    D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module.rar    a variant of Win32/Packed.VMProtect.ABO trojan    deleted
    D:\BOX\VOLCANO\VolcanoUtility_v3.1.0_Volcano Module.rar    a variant of Win32/Packed.VMProtect.ABO trojan    deleted
    D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\VolcanoTool.exe    a variant of Win32/Packed.VMProtect.ABO trojan    cleaned by deleting
    D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\VolcanoUtility.exe    a variant of Win32/Packed.VMProtect.ABO trojan    cleaned by deleting
    D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin\FlashTool.exe    a variant of Win32/Packed.Themida.CSH trojan    cleaned by deleting
    D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin\HTCCALC.exe    a variant of Win32/Packed.Themida.AAN trojan    cleaned by deleting
    D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin\XESevice.exe    a variant of Win32/Packed.Themida.AAN trojan    cleaned by deleting
    D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin2\FlashTool.exe    a variant of Win32/Packed.Themida.AAN trojan    cleaned by deleting
    D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin3\MtkAndroid.exe    a variant of Win32/Packed.Themida.AAN trojan    cleaned by deleting
    D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin4\android_mtk.exe    a variant of Win32/Packed.Themida.AAN trojan    cleaned by deleting
    D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin6\FlashTool.exe    a variant of Win32/Packed.Themida.CSH trojan    cleaned by deleting
    D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin8\SamsungModule.exe    a variant of Win32/Packed.VMProtect.ABO trojan    cleaned by deleting
    D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\rootfiles\Superuser.apk    Android/Spy.Agent.BK trojan    deleted
    D:\PROGRAMAS PC\dfsetup222.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
    D:\PROGRAMAS PC\driver_booster_setup.exe    a variant of Win32/IObit.U potentially unwanted application    cleaned by deleting
    D:\PROGRAMAS PC\Sketchup+Pro+2016+++Crack[filewarez.tv].rar    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    deleted
    D:\PROGRAMAS PC\DRIVER PC\driverdr_for_tl-wn321g_100324.exe     a variant of MSIL/DriverNavigator.A potentially unwanted application    cleaned by deleting
    D:\PROGRAMAS PC\REPARO REGISTRO\ccsetup556.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
    D:\PROGRAMAS PC\REPARO REGISTRO\delfix_1.010.exe    Win32/Virut.NBP virus    cleaned
    D:\PROGRAMAS PC\REPARO REGISTRO\FRST.exe    Win32/Virut.NBP virus    cleaned
    D:\TABLET\Android Multi Tools v1.02b AzimBahar\Android Multi Tools v1.02b Azim Bahar.exe    Win32/Virut.NBP virus    cleaned
    D:\TABLET\Android Multi Tools v1.02b AzimBahar\fastboot.exe    Win32/Virut.NBP virus    cleaned
    D:\TABLET\ORANGE\TB755+\PhoenixCard_V3.0.9_20121211\PhoenixCard.exe    Win32/Virut.NBP virus    cleaned
    D:\TABLET\ORANGE\TB755+\PhoenixCard_V3.0.9_20121211\UpdateVer.exe    Win32/Virut.NBP virus    cleaned
    D:\TURCATTO\10-09-18\Download\DriverDr_for_TL-WN321G_100324.exe    a variant of MSIL/DriverNavigator.A potentially unwanted application    cleaned by deleting
     

     

    Pagina best.aliexpress ainda continua, vou usa rum PC para ver travamentos, mas o quue me deixa preocupado essa pagina do aliexpress que nao fica normal


  8. Malwarebytes
    www.malwarebytes.com

    -Detalhes de registro-
    Data da análise: 02/05/2019
    Hora da análise: 20:28
    Arquivo de registro: 6ad6b710-6d3a-11e9-9d71-14dae9bc5ab7.json

    -Informação do software-
    Versão: 3.7.1.2839
    Versão de componentes: 1.0.586
    Versão do pacote de definições: 1.0.10440
    Licença: Versão de Avaliação

    -Informação do sistema-
    Sistema operacional: Windows 7 Service Pack 1
    CPU: x64
    Sistema de arquivos: NTFS
    Usuário: TURCA-PC\TURCA

    -Resumo da análise-
    Tipo de análise: Análise de Ameaças
    Análise Iniciada Por: Manual
    Resultado: Concluído
    Objetos verificados: 242044
    Ameaças detectadas: 0
    Ameaças em quarentena: 0
    Tempo decorrido: 2 min, 38 seg

    -Opções da análise-
    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de arquivos: Habilitado
    Arquivos compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Detectar
    PUM: Detectar

    -Detalhes da análise-
    Processo: 0
    (Nenhum item malicioso detectado)

    Módulo: 0
    (Nenhum item malicioso detectado)

    Chave de registro: 0
    (Nenhum item malicioso detectado)

    Valor de registro: 0
    (Nenhum item malicioso detectado)

    Dados de registro: 0
    (Nenhum item malicioso detectado)

    Fluxo de dados: 0
    (Nenhum item malicioso detectado)

    Pasta: 0
    (Nenhum item malicioso detectado)

    Arquivo: 0
    (Nenhum item malicioso detectado)

    Setor físico: 0
    (Nenhum item malicioso detectado)

    Instrumentação do Windows (WMI): 0
    (Nenhum item malicioso detectado)


    (end)

     

     

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:32:29, on 02/05/2019
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.19326)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Users\TURCA\Desktop\HijackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe
    O4 - HKCU\..\Run: [Google Update] C:\Users\TURCA\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe
    O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP
    O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
    O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 6517 bytes
     


  9. ~ ZHPCleaner v2019.5.2.58 by Nicolas Coolman (2019/05/02)
    ~ Run by TURCA (Administrator)  (02/05/2019 12:19:28)
    ~ Web: https://www.nicolascoolman.com
    ~ Blog: https://nicolascoolman.eu/
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ State version : Version OK
    ~ Certificate ZHPCleaner: Legal
    ~ Type : Scan
    ~ Report : C:\Users\TURCA\Desktop\ZHPCleaner (S).txt
    ~ Quarantine : C:\Users\TURCA\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
    ~ UAC : Deactivate
    ~ Boot Mode : Normal (Normal boot)
    Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


    ---\\  Alternate Data Stream (ADS). (0)
    ~ No malicious or unnecessary items found.


    ---\\  Services (0)
    ~ No malicious or unnecessary items found.


    ---\\  Browser internet (0)
    ~ No malicious or unnecessary items found.


    ---\\  Hosts file (1)
    ~ The hosts file is legitimate (21)


    ---\\  Scheduled automatic tasks. (0)
    ~ No malicious or unnecessary items found.


    ---\\  Explorer ( File, Folder) (14)
    FOUND file: C:\Windows\Installer\wix{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}.SchedServiceConfig.rmi    =>.SUP.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI43A4.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI4B61.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI69D9.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIB71E.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIB837.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIB980.tmp    =>.SUP.Temporary.Empty
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\000  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\001  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\002  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\003  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\004  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\005  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Update  =>Heuristic.Suspect


    ---\\  Registry ( Key, Value, Data) (0)
    ~ No malicious or unnecessary items found.


    ---\\  Summary of the elements found (4)
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Empty
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Empty
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Chrome
    https://nicolascoolman.eu/2017/01/28/heuristic-suspect/  =>Heuristic.Suspect


    ---\\ Result of repair
    ~ Any repair made
    ~ Browser not found (Mozilla Firefox)
    ~ Browser not found (Opera Software)


    ---\\ Statistics
    ~ Items scanned : 60081
    ~ Items found : 14
    ~ Items cancelled : 0
    ~ Items options : 12/12
    ~ Space saving (bytes) : 0


    ~ End of search in 00h04mn12s

    ---\\  Reports (0)
    ZHPCleaner--02052019-12_23_40.txt
     

     

    ~ ZHPCleaner v2019.5.2.58 by Nicolas Coolman (2019/05/02)
    ~ Run by TURCA (Administrator)  (02/05/2019 12:19:28)
    ~ Web: https://www.nicolascoolman.com
    ~ Blog: https://nicolascoolman.eu/
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ State version : Version OK
    ~ Certificate ZHPCleaner: Legal
    ~ Type : Scan
    ~ Report : C:\Users\TURCA\Desktop\ZHPCleaner (S).txt
    ~ Quarantine : C:\Users\TURCA\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
    ~ UAC : Deactivate
    ~ Boot Mode : Normal (Normal boot)
    Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


    ---\\  Alternate Data Stream (ADS). (0)
    ~ No malicious or unnecessary items found.


    ---\\  Services (0)
    ~ No malicious or unnecessary items found.


    ---\\  Browser internet (0)
    ~ No malicious or unnecessary items found.


    ---\\  Hosts file (1)
    ~ The hosts file is legitimate (21)


    ---\\  Scheduled automatic tasks. (0)
    ~ No malicious or unnecessary items found.


    ---\\  Explorer ( File, Folder) (14)
    FOUND file: C:\Windows\Installer\wix{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}.SchedServiceConfig.rmi    =>.SUP.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI43A4.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI4B61.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI69D9.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIB71E.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIB837.tmp    =>.SUP.Temporary.Empty
    FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIB980.tmp    =>.SUP.Temporary.Empty
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\000  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\001  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\002  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\003  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\004  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\005  =>.SUP.Temporary.Chrome
    FOUND folder: C:\Users\TURCA\AppData\Local\Google\Update  =>Heuristic.Suspect


    ---\\  Registry ( Key, Value, Data) (0)
    ~ No malicious or unnecessary items found.


    ---\\  Summary of the elements found (4)
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Empty
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Empty
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Chrome
    https://nicolascoolman.eu/2017/01/28/heuristic-suspect/  =>Heuristic.Suspect


    ---\\ Result of repair
    ~ Any repair made
    ~ Browser not found (Mozilla Firefox)
    ~ Browser not found (Opera Software)


    ---\\ Statistics
    ~ Items scanned : 60081
    ~ Items found : 14
    ~ Items cancelled : 0
    ~ Items options : 12/12
    ~ Space saving (bytes) : 0


    ~ End of search in 00h04mn12s

    ---\\  Reports (0)
    ZHPCleaner--02052019-12_23_40.txt
     

     

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:27:27, on 02/05/2019
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.19326)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\TeamViewer\TeamViewer.exe
    C:\Users\TURCA\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe
    O4 - HKCU\..\Run: [Google Update] C:\Users\TURCA\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe
    O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP
    O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
    O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 6214 bytes
     


  10. Formatei PC e ta lento travando, abro a pagina do aliexpress e abre essa best.aliexpress.com, pesquisando ouvi falar que é vírus, me ajudem desde já agradeço

     

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:20:00, on 01/05/2019
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17840)
    Boot mode: Normal

    Running processes:
    C:\Users\TURCA\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe
    O4 - HKCU\..\Run: [Google Update] C:\Users\TURCA\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe
    O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP
    O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 5720 bytes
     


  11. desculpe mas tive problemas pessoais, em continuação desse link:

    https://forum.baboo.com.br/index.php?/topic/791369-PC-travando-internet-nao-conectando/

    C:\Users\TURCA\.flashTool\devices\root\iovyroot\iovyroot    a variant of Android/Exploit.Lotoor.IB trojan    cleaned by deleting
    C:\Users\TURCA\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\uTorrent.exe    a variant of MSIL/WebCompanion.A potentially unwanted application    cleaned by deleting
    C:\Users\TURCA\Desktop\Office 2019 + Ativador\Setup Office 2019.exe    a variant of Win32/HackTool.KMSAuto.E potentially unsafe application    cleaned by deleting
    C:\Users\TURCA\Downloads\utweb_installer.exe    a variant of MSIL/WebCompanion.A potentially unwanted application    cleaned by deleting
    D:\PROGRAMAS PC\driver_booster_setup.exe    a variant of Win32/IObit.N potentially unwanted application    cleaned by deleting
    D:\PROGRAMAS PC\Programas para baixar do mega.rar    a variant of Win32/UltraReach.AG potentially unsafe application    deleted
    D:\PROGRAMAS PC\uTorrent.exe    a variant of MSIL/WebCompanion.A potentially unwanted application    cleaned by deleting
    D:\PROGRAMAS PC\Programas para baixar do mega\UltraSurf\u1704.exe    a variant of Win32/UltraReach.AG potentially unsafe application    cleaned by deleting
    D:\PROGRAMAS PC\Programas para baixar do mega\UltraSurf\U1804.exe    a variant of Win32/UltraReach.AG potentially unsafe application    cleaned by deleting
    D:\PROGRAMAS PC\REPARO HD\ReimageRepair.exe    a variant of Win32/ReImageRepair.K potentially unwanted application    cleaned by deleting
    D:\PROGRAMAS PC\REPARO REGISTRO\ccsetup551.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
    D:\PROGRAMAS PC\REPARO REGISTRO\FREEAV.exe    Win32/Visicom.C potentially unwanted application    deleted
    D:\PROGRAMAS PC\Windows\Office 2019 + Ativador.rar    a variant of Win32/HackTool.KMSAuto.E potentially unsafe application    deleted
    D:\SAMSUNG\SideSync_4.3.0.92.exe    a variant of Win32/VB.ONE trojan    cleaned by deleting
    D:\SAMSUNG\FLASH\SM-J105B\COMBINATION\J1 J105b CONBINATION FILE FOR ADB ENABLE\GSMFlasher FRP ADB Remover Cracked By GSM FOJOR (1).rar    a variant of Win32/Ramnit.CF virus    deleted
    D:\SAMSUNG\FLASH\SM-J105B\COMBINATION\J1 J105b CONBINATION FILE FOR ADB ENABLE\CONTACT ME\AA_v3.exe    a variant of Win32/RemoteAdmin.Ammyy.B potentially unsafe application    cleaned by deleting
    D:\TURCATTO\27-12-18\Ativador office 365.rar    a variant of Win32/CoinMiner.GY potentially unwanted application    deleted
     


  12. Malwarebytes
    www.malwarebytes.com

    -Detalhes de registro-
    Data da análise: 11/01/2019
    Hora da análise: 12:17
    Arquivo de registro: f731e3d0-15b3-11e9-a787-14dae9bc5ab7.json

    -Informação do software-
    Versão: 3.6.1.2711
    Versão de componentes: 1.0.508
    Versão do pacote de definições: 1.0.8728
    Licença: Gratuita

    -Informação do sistema-
    Sistema operacional: Windows 7 Service Pack 1
    CPU: x86
    Sistema de arquivos: NTFS
    Usuário: TURCA-PC\TURCA

    -Resumo da análise-
    Tipo de análise: Análise de Ameaças
    Análise Iniciada Por: Manual
    Resultado: Concluído
    Objetos verificados: 176596
    Ameaças detectadas: 0
    Ameaças em quarentena: 0
    Tempo decorrido: 3 min, 31 seg

    -Opções da análise-
    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de arquivos: Habilitado
    Arquivos compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Detectar
    PUM: Detectar

    -Detalhes da análise-
    Processo: 0
    (Nenhum item malicioso detectado)

    Módulo: 0
    (Nenhum item malicioso detectado)

    Chave de registro: 0
    (Nenhum item malicioso detectado)

    Valor de registro: 0
    (Nenhum item malicioso detectado)

    Dados de registro: 0
    (Nenhum item malicioso detectado)

    Fluxo de dados: 0
    (Nenhum item malicioso detectado)

    Pasta: 0
    (Nenhum item malicioso detectado)

    Arquivo: 0
    (Nenhum item malicioso detectado)

    Setor físico: 0
    (Nenhum item malicioso detectado)

    Instrumentação do Windows (WMI): 0
    (Nenhum item malicioso detectado)


    (end)

     

     

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:44:04, on 11/01/2019
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.19236)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\Desktop\HijackThis.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL
    O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP
    O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PST Service - Motorola - C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
    O23 - Service: Qualcomm MTU Service (qcmtusvc) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qcmtusvc.exe
    O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
    O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe

    --
    End of file - 7741 bytes
     

     


  13. ~ ZHPCleaner v2019.1.11.7 by Nicolas Coolman (2019/01/11)
    ~ Run by TURCA (Administrator)  (11/01/2019 08:32:17)
    ~ Web: https://www.nicolascoolman.com
    ~ Blog: https://nicolascoolman.eu/
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ State version : Version OK
    ~ Certificate ZHPCleaner: Legal
    ~ Type : Repair
    ~ Report : C:\Users\TURCA\Desktop\ZHPCleaner.txt
    ~ Quarantine : C:\Users\TURCA\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
    ~ UAC : Deactivate
    ~ Boot Mode : Normal (Normal boot)
    Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)


    ---\\  Alternate Data Stream (ADS). (0)
    ~ No malicious or unnecessary items found.


    ---\\  Services (0)
    ~ No malicious or unnecessary items found.


    ---\\  Browser internet (0)
    ~ No malicious or unnecessary items found.


    ---\\  Hosts file (1)
    ~ The hosts file is legitimate (40)


    ---\\  Scheduled automatic tasks. (0)
    ~ No malicious or unnecessary items found.


    ---\\  Explorer ( File, Folder) (34)
    MOVED file: C:\Users\TURCA\AppData\Local\temp\DMI93E5.tmp    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\temp\officebackgroundtaskhandler.exe_c2rdll(20190108143419112C).log    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\temp\officec2rclient.exe_c2ruidll(201901081229231124).log    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\temp\officec2rclient.exe_c2ruidll(2019010814334714CC).log    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\temp\officeclicktorun.exe_c2ruidll(201901081229081108).log    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\temp\tmp6C4.tmp    =>.SUP.Temporary.Other
    MOVED file: C:\Users\TURCA\AppData\Local\temp\tmp89E7.tmp    =>.SUP.Temporary.Other
    MOVED file^: C:\Users\TURCA\AppData\Local\temp\TURCA-PC-20190111-0822.log    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\temp\wct38BC.tmp    =>.SUP.Temporary.Office
    MOVED file: C:\Users\TURCA\AppData\Local\temp\wct3FFD.tmp    =>.SUP.Temporary.Office
    MOVED file: C:\Users\TURCA\AppData\Local\temp\wct904D.tmp    =>.SUP.Temporary.Office
    MOVED file: C:\Users\TURCA\AppData\Local\temp\wctA861.tmp    =>.SUP.Temporary.Office
    MOVED file: C:\Users\TURCA\AppData\Local\temp\wctC2E1.tmp    =>.SUP.Temporary.Office
    MOVED file: C:\Users\TURCA\AppData\Local\temp\{BDFBBE2C-1F64-43CB-8EF5-6C2D7E8ED4B5} - OProcSessId.dat    =>.SUP.Temporary.Empty
    MOVED file: C:\Users\TURCA\AppData\Local\temp\~DF246835A046C87EF4.TMP    =>.SUP.Temporary.Other
    MOVED file: C:\Users\TURCA\AppData\Local\temp\~DF689E936F717360B5.TMP    =>.SUP.Temporary.Other
    MOVED file: C:\Users\TURCA\AppData\Local\temp\~DF6D2ED4D576969A09.TMP    =>.SUP.Temporary.Other
    MOVED file: C:\Users\TURCA\AppData\Local\temp\~DFBE54C339009A343D.TMP    =>.SUP.Temporary.Other
    MOVED file: C:\Users\TURCA\AppData\Local\temp\~DFEB4AF1EDAB004724.TMP    =>.SUP.Temporary.Other
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\000  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\002  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\004  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\010  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\014  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\015  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\017  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\019  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\037  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\038  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\039  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\040  =>.SUP.Temporary.Chrome
    MOVED folder: C:\ProgramData\IObit\Advanced SystemCare  =>.SUP.AdvancedSystemCare
    MOVED folder: C:\ProgramData\Application Data\IObit\Advanced SystemCare  =>.SUP.AdvancedSystemCare
    MOVED folder: C:\Users\TURCA\AppData\Roaming\IObit\Advanced SystemCare  =>.SUP.AdvancedSystemCare


    ---\\  Registry ( Key, Value, Data) (2)
    DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{DE8618D2-55CC-40DC-BF2C-BD4324AD8BD2}\\DhcpNameServer [Bad : 189.113.113.1 189.113.113.2]  =>Hijacker.Browser
    DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 189.113.113.1 189.113.113.2]  =>Hijacker.Browser


    ---\\  Summary of the elements found (6)
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Empty
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Other
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Office
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Chrome
    https://nicolascoolman.eu/2017/12/26/sup-advancedsystemcare/  =>.SUP.AdvancedSystemCare
    https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser


    ---\\  Other deletions. (14)
    ~ Registry Keys Tracing deleted (14)
    ~ Remove the old reports ZHPCleaner. (0)


    ---\\ Result of repair
    ~ Repair carried out successfully
    ~ Browser not found (Mozilla Firefox)
    ~ Browser not found (Opera Software)
    ~ The system has been restarted.


    ---\\ Statistics
    ~ Items scanned : 591
    ~ Items found : 0
    ~ Items cancelled : 0
    ~ Items options : 12/12
    ~ Space saving (bytes) : 78974915


    ~ End of clean in 00h00mn32s

    ---\\  Reports (4)
    ZHPCleaner-[R]-07012019-18_14_26.txt
    ZHPCleaner--07012019-18_12_08.txt
    ZHPCleaner--11012019-08_30_53.txt
    ZHPCleaner-[R]-11012019-08_32_49.txt
     

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 08:49:27, on 11/01/2019
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.19236)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\TURCA\Desktop\HijackThis.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL
    O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP
    O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PST Service - Motorola - C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
    O23 - Service: Qualcomm MTU Service (qcmtusvc) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qcmtusvc.exe
    O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
    O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe

    --
    End of file - 6849 bytes

     

    obrigado

     

     


  14. Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 22:32:28, on 10/01/2019
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.19230)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Windows\system32\wuauclt.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Users\TURCA\Desktop\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\root\Office16\URLREDIR.DLL
    O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
    O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP
    O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIE.dll
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: PST Service - Motorola - C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
    O23 - Service: Qualcomm MTU Service (qcmtusvc) - QUALCOMM, Inc. - C:\Program Files\QUALCOMM Incorporated\Qualcomm USB Drivers For Windows\DriverPackage\Qualcomm\Tools\qcmtusvc.exe
    O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
    O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe

    --
    End of file - 6124 bytes
     


  15. Tenho um programa no PC que nao abre, diz assim:

    File damaged oor manipulated!

    Ja desinstalei reinstalei de tudo

    Já falei com o suporte do software, diz que é virus, uma vez deu isso com os software daqui mesmo resolvi, ja tentei alguns programas, mas sem solução, em modo de segurança o software abre 

    Suporte tamebem falou que pode ser hardwarde ou Windows, alguém pode ajudar, hd tem 4 meses de uso, Windows foi reinstalado a menso de 1 mes


  16. Tenho um programa no PC que nao abre, diz assim:

    File damaged oor manipulated!

    Ja desinstalei reinstalei de tudo

    Já falei com o suporte do softwar diz que é virus, umavez deu isso com os software daqui mesmo resolvi, ja tentei alguns programas, mas sem solução, em modo de segurança o software abre

     

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 01:13:03, on 06/10/2018
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.19130)
    Boot mode: Normal

    Running processes:
    C:\Windows\System32\smss.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\services.exe
    C:\Windows\system32\lsass.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\System32\spoolsv.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\svchost.exe
    C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Windows\System32\svchost.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
    C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
    C:\Windows\system32\svchost.exe
    C:\Windows\system32\viakaraokesrv.exe
    C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\sppsvc.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Windows Media Player\wmpnetwk.exe
    C:\Windows\System32\svchost.exe
    C:\Windows\system32\csrss.exe
    C:\Windows\system32\winlogon.exe
    C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    C:\Windows\system32\nvvsvc.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperAgent.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Windows\system32\mmc.exe
    C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\IObit\Driver Booster\6.0.2\ScanDisp.exe
    C:\Users\TURCA\Desktop\OTL.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\vssvc.exe
    C:\Windows\System32\svchost.exe
    C:\Users\TURCA\AppData\Local\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\Desktop\Tweaking.com - Windows Repair\Repair_Windows.exe
    C:\Users\TURCA\Desktop\Tweaking.com - Windows Repair\WR_Tray_Icon.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\sfc.exe
    C:\Windows\servicing\TrustedInstaller.exe
    C:\Windows\explorer.exe
    C:\Users\TURCA\Desktop\HijackThis.exe
    C:\Windows\system32\wbem\wmiprvse.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O1 - Hosts: ::1 localhost
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files\VIA\VIAudioi\VDeck\VDeck.exe -r
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP
    O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    O4 - HKUS\S-1-5-21-1017730129-4113547076-1562775105-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-1017730129-4113547076-1562775105-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Motorola Device Manager Service (Motorola Device Manager) - Motorola Mobility LLC - C:\Program Files\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe
    O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PST Service - Motorola - C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe
    O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe

    --
    End of file - 7645 bytes
     

     


  17. Obrigado, mas ainda tento abrir alguns programas especificos e mostra corruted, e ja tive isso uma vez era virus, mas obrigado ja ajudou muito, ccleaner ainda nao consegue finalizar limpeza de registro, o que acha do Dr.Web Scanner, se nao me engano foi ele que limpou da ultima vez, posso confiar nele?


  18. C:\Program Files\IObit\Driver Booster\5.5.1\IObitDownloader.exe    a variant of Win32/IObit.L potentially unwanted application    cleaned by deleting
    C:\Program Files\IObit\Driver Booster\5.5.1\Vulnerabilityfix.exe    a variant of Win32/IObit.L potentially unwanted application    cleaned by deleting
    C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.Utils.dll    a variant of MSIL/WebCompanion.D potentially unwanted application    cleaned by deleting (after the next restart)
    C:\Program Files\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe    a variant of MSIL/WebCompanion.D potentially unwanted application    cleaned by deleting
    C:\Program Files\Lavasoft\Web Companion\Application\WebCompanion.exe    a variant of MSIL/WebCompanion.D potentially unwanted application    cleaned by deleting
    C:\Program Files\Lavasoft\Web Companion\Application\WebCompanionInstaller.exe    a variant of MSIL/WebCompanion.C potentially unwanted application    cleaned by deleting
    C:\Users\TURCA\.flashTool\devices\root\iovyroot\iovyroot    a variant of Android/Exploit.Lotoor.IB trojan    cleaned by deleting
    C:\Users\TURCA\AppData\Local\Temp\WebCompanion.zip    a variant of MSIL/WebCompanion.D potentially unwanted application    deleted
    C:\Users\TURCA\AppData\Local\Temp\is-J5GTS.tmp-dbinst\setup.exe    a variant of Win32/IObit.I potentially unwanted application    cleaned by deleting
    D:\BOX\SPT\SPTCARD2048.rar    multiple threats    deleted
    D:\PROGRAMAS PC\dfsetup222.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
    D:\PROGRAMAS PC\driver_booster_setup.exe    a variant of Win32/IObit.I potentially unwanted application    cleaned by deleting
    D:\PROGRAMAS PC\uTorrent.exe    a variant of MSIL/WebCompanion.A potentially unwanted application    cleaned by deleting
    D:\PROGRAMAS PC\REPARO REGISTRO\ccsetup546.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
    D:\SAMSUNG\SAMKEY\SamKey Setup By Easygsmcrack.com.rar    a variant of Win32/Packed.VMProtect.CZ trojan    deleted
    D:\TURCATTO\10-09-18\Download\NsPro v6.8.5 small.exe    multiple threats    cleaned by deleting
     


  19. Segue log, outra coisa, nao consigo fazer limpeza com ccleaner, trava em 17% e ja deixei horas, 

    Malwarebytes
    www.malwarebytes.com

    -Detalhes de registro-
    Data da análise: 17/09/2018
    Hora da análise: 21:32
    Arquivo de registro: c4ffd560-bae2-11e8-8e2b-14dae9bc5ab7.json

    -Informação do software-
    Versão: 3.5.1.2522
    Versão de componentes: 1.0.441
    Versão do pacote de definições: 1.0.6881
    Licença: Versão de Avaliação

    -Informação do sistema-
    Sistema operacional: Windows 7 Service Pack 1
    CPU: x86
    Sistema de arquivos: NTFS
    Usuário: TURCA-PC\TURCA

    -Resumo da análise-
    Tipo de análise: Análise de Ameaças
    Análise Iniciada Por: Manual
    Resultado: Concluído
    Objetos verificados: 200118
    Ameaças detectadas: 0
    (Nenhum item malicioso detectado)
    Ameaças em quarentena: 0
    (Nenhum item malicioso detectado)
    Tempo decorrido: 3 min, 29 seg

    -Opções da análise-
    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de arquivos: Habilitado
    Arquivos compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Detectar
    PUM: Detectar

    -Detalhes da análise-
    Processo: 0
    (Nenhum item malicioso detectado)

    Módulo: 0
    (Nenhum item malicioso detectado)

    Chave de registro: 0
    (Nenhum item malicioso detectado)

    Valor de registro: 0
    (Nenhum item malicioso detectado)

    Dados de registro: 0
    (Nenhum item malicioso detectado)

    Fluxo de dados: 0
    (Nenhum item malicioso detectado)

    Pasta: 0
    (Nenhum item malicioso detectado)

    Arquivo: 0
    (Nenhum item malicioso detectado)

    Setor físico: 0
    (Nenhum item malicioso detectado)

    Instrumentação do Windows (WMI): 0
    (Nenhum item malicioso detectado)


    (end)

     


  20. ~ ZHPCleaner v2018.9.14.172 by Nicolas Coolman (2018/09/14)
    ~ Run by TURCA (Administrator)  (17/09/2018 18:12:24)
    ~ Web: https://www.nicolascoolman.com
    ~ Blog: https://nicolascoolman.eu/
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ State version : Version OK
    ~ Certificate ZHPCleaner: Legal
    ~ Type : Scan
    ~ Report : C:\Users\TURCA\Desktop\ZHPCleaner.txt
    ~ Quarantine : C:\Users\TURCA\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
    ~ UAC : Deactivate
    ~ Boot Mode : Normal (Normal boot)
    Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)


    ---\\  Alternate Data Stream (ADS). (0)
    ~ No malicious or unnecessary items found.


    ---\\  Services (0)
    ~ No malicious or unnecessary items found.


    ---\\  Browser internet (0)
    ~ No malicious or unnecessary items found.


    ---\\  Hosts file (1)
    ~ The hosts file is legitimate (40)


    ---\\  Scheduled automatic tasks. (0)
    ~ No malicious or unnecessary items found.


    ---\\  Explorer ( File, Folder) (0)
    ~ No malicious or unnecessary items found.


    ---\\  Registry ( Key, Value, Data) (0)
    ~ No malicious or unnecessary items found.


    ---\\ Result of repair
    ~ Any repair made
    ~ Browser not found (Mozilla Firefox)
    ~ Browser not found (Opera Software)


    ---\\ Statistics
    ~ Items scanned : 54175
    ~ Items found : 0
    ~ Items cancelled : 0
    ~ Items options : 0/7
    ~ Space saving (bytes) : 0


    ~ End of search in 00h09mn30s

    ---\\  Reports (5)
    ZHPCleaner-[R]-15092018-13_04_41.txt
    ZHPCleaner--15092018-13_04_06.txt
    ZHPCleaner--15092018-13_14_08.txt
    ZHPCleaner--17092018-11_21_33.txt
    ZHPCleaner--17092018-18_21_54.txt
     

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:05:35, on 17/09/2018
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.19130)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Windows\system32\taskhost.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\DrWeb\spideragent.exe
    C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    C:\Program Files\Internet Download Manager\IDMan.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\TP-LINK\Common\TWCU.exe
    C:\ProgramData\MEGAsync\MEGAsync.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportService.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Program Files\Internet Download Manager\IEMonitor.exe
    C:\Program Files\DrWeb\frwl_notify.exe
    C:\Program Files\DrWeb\tips.exe
    C:\Program Files\CCleaner\CCleaner.exe
    C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwantispam.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Windows\system32\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Trusteer\Rapport\bin\RapportHelper.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Program Files\Google\Chrome\Application\chrome.exe
    C:\Users\TURCA\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_181\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_181\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files\Samsung\Kies\KiesTrayAgent.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [SpIDerAgent] "C:\Program Files\DrWeb\spideragent.exe"
    O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP
    O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
    O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
    O4 - HKUS\S-1-5-21-110099370-3803031138-126331215-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
    O4 - HKUS\S-1-5-21-110099370-3803031138-126331215-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
    O4 - Startup: MEGAsync.lnk = C:\ProgramData\MEGAsync\MEGAsync.exe
    O4 - Global Startup: TP-LINK Wireless Utility.lnk = C:\Program Files\TP-LINK\Common\TWCU.exe
    O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files\Internet Download Manager\IEExt.htm
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
    O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: Dr.Web Control Service (DrWebAVService) - Doctor Web, Ltd. - C:\Program Files\DrWeb\dwservice.exe
    O23 - Service: Dr.Web Scanning Engine (DrWebEngine) - Doctor Web, Ltd. - C:\Program Files\Common Files\Doctor Web\Scanning Engine\dwengine.exe
    O23 - Service: Dr.Web Firewall Service (DrWebFwSvc) - Doctor Web, Ltd. - C:\Program Files\DrWeb\frwl_svc.exe
    O23 - Service: Dr.Web Net Filtering Service (DrWebNetFilter) - Doctor Web, Ltd. - C:\Program Files\DrWeb\dwnetfilter.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
    O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    O23 - Service: PST Service - Motorola - C:\Program Files\Motorola\MotForwardDaemon\ForwardDaemon.exe
    O23 - Service: Ralink Registry Writer (RalinkRegistryWriter) - Ralink Technology, Corp. - C:\Program Files\TP-LINK\Common\RaRegistry.exe
    O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe
    O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
    O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - VIA Technologies, Inc. - C:\Windows\system32\viakaraokesrv.exe

    --
    End of file - 8028 bytes
     

     

×
×
  • Criar Novo...