Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

Ir para conteúdo

Bulldog

Participante
  • Postagens

    284
  • Desde

  • Última visita

Posts postados por Bulldog


  1. Malwarebytes
    www.malwarebytes.com

    -Detalhes de registro-
    Data da análise: 18/05/2019
    Hora da análise: 09:28
    Arquivo de registro: 7c4549d2-7968-11e9-a9da-641c67963878.json

    -Informação do software-
    Versão: 3.7.1.2839
    Versão de componentes: 1.0.586
    Versão do pacote de definições: 1.0.10654
    Licença: Gratuita

    -Informação do sistema-
    Sistema operacional: Windows 10 (Build 17763.503)
    CPU: x64
    Sistema de arquivos: NTFS
    Usuário: LAPTOP-9UAE06KG\Murillo

    -Resumo da análise-
    Tipo de análise: Análise de Ameaças
    Análise Iniciada Por: Manual
    Resultado: Concluído
    Objetos verificados: 288422
    Ameaças detectadas: 0
    Ameaças em quarentena: 0
    Tempo decorrido: 6 min, 19 seg

    -Opções da análise-
    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de arquivos: Habilitado
    Arquivos compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Detectar
    PUM: Detectar

    -Detalhes da análise-
    Processo: 0
    (Nenhum item malicioso detectado)

    Módulo: 0
    (Nenhum item malicioso detectado)

    Chave de registro: 0
    (Nenhum item malicioso detectado)

    Valor de registro: 0
    (Nenhum item malicioso detectado)

    Dados de registro: 0
    (Nenhum item malicioso detectado)

    Fluxo de dados: 0
    (Nenhum item malicioso detectado)

    Pasta: 0
    (Nenhum item malicioso detectado)

    Arquivo: 0
    (Nenhum item malicioso detectado)

    Setor físico: 0
    (Nenhum item malicioso detectado)

    Instrumentação do Windows (WMI): 0
    (Nenhum item malicioso detectado)
     

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 09:39:17, on 18/05/2019
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.17763.0001)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
    C:\Users\Murillo\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
    C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
    C:\Users\Murillo\Desktop\HijackThis.exe
    C:\Windows\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo17win10.msn.com/?PC=LCTE
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
    O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [OneDrive] "C:\Users\Murillo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
    O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office16\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office16\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: aapj.bb.com.br
    O15 - Trusted Zone: seg.bb.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: cloud.gastecnologia.com.br
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8869f9f0-4a7b-4945-a2d6-b788ff2d9d1f}: NameServer = 8.8.8.8,8.8.4.4
    O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
    O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Serviço do Kaspersky Anti-Virus 19.0.0 (AVP19.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_6d34ac0763025a06\IntelCpHeciSvc.exe
    O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_6d34ac0763025a06\IntelCpHDCPSvc.exe
    O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
    O23 - Service: Dolby DAX2 API Service - Dolby Laboratories, Inc. - C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.157\elevation_service.exe
    O23 - Service: Conectividade do Windows para Gramblr. (gramblrclient) - Unknown owner - C:\Program Files\Gramblr\gramblr.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @oem25.inf,%iaStorAfsWindowsService.Name%;Intel(R) Optane(TM) Memory Service (iaStorAfsService) - Intel Corporation - C:\Windows\IAStorAfsService\iaStorAfsService.exe
    O23 - Service: @oem30.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\Windows\system32\ibtsiva (file missing)
    O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_6d34ac0763025a06\igfxCUIService.exe
    O23 - Service: @oem5.inf,%ImcSvcDisplayName%;System Interface Foundation Service (ImControllerService) - Lenovo Group Ltd. - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: klvssbridge64_19.0.0 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe
    O23 - Service: Serviço do Kaspersky Secure Connection 3.0.0 (KSDE3.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
    O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
    O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14470 bytes
     


  2. ~ ZHPCleaner v2019.5.15.65 by Nicolas Coolman (2019/05/15)
    ~ Run by Murillo (Administrator)  (17/05/2019 20:49:57)
    ~ Web: https://www.nicolascoolman.com
    ~ Blog: https://nicolascoolman.eu/
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ State version : Version OK
    ~ Certificate ZHPCleaner: Legal
    ~ Type : Repair
    ~ Report : C:\Users\Murillo\Desktop\ZHPCleaner (R).txt
    ~ Quarantine : C:\Users\Murillo\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
    ~ UAC : Activate
    ~ Boot Mode : Normal (Normal boot)
    Windows 10 Home Single Language, 64-bit  (Build 17763)


    ---\\  Alternate Data Stream (ADS). (0)
    ~ No malicious or unnecessary items found.


    ---\\  Services (0)
    ~ No malicious or unnecessary items found.


    ---\\  Browser internet (0)
    ~ No malicious or unnecessary items found.


    ---\\  Hosts file (1)
    ~ The hosts file is legitimate (22)


    ---\\  Scheduled automatic tasks. (0)
    ~ No malicious or unnecessary items found.


    ---\\  Explorer ( File, Folder) (230)
    MOVED file: C:\Users\Murillo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo App Explorer.lnk  [Bad : C:\Users\Murillo\AppData\Local\Host App Service\Engine\HostAppService.exe](.SweetLabs, Inc.)  =>.SUP.SweetLabs
    MOVED file: C:\Windows\Installer\wix{133A2E34-3E09-4A1A-A9AA-F9D8E5417199}.SchedServiceConfig.rmi    =>.SUP.Empty
    MOVED file: C:\Windows\Installer\wix{479E8CC7-CD68-4EB4-BB04-34A5C2C74102}.SchedServiceConfig.rmi    =>.SUP.Empty
    MOVED file: C:\Windows\Installer\wix{91684B6D-153D-4C12-B6B1-59F7496BE44A}.SchedServiceConfig.rmi    =>.SUP.Empty
    MOVED file: C:\Windows\Installer\wix{9CBA860F-7437-4A75-941C-8EF559F2D145}.SchedServiceConfig.rmi    =>.SUP.Empty
    MOVED file: C:\Windows\Installer\wix{A6F2ADC4-12C4-41E8-B90B-3BE018F5787C}.SchedServiceConfig.rmi    =>.SUP.Empty
    MOVED file: C:\Windows\Installer\wix{A951B9A0-13C0-4A4B-8E04-3CCF05701086}.SchedServiceConfig.rmi    =>.SUP.Empty
    MOVED file: C:\Windows\Installer\wix{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}.SchedServiceConfig.rmi    =>.SUP.Empty
    MOVED file: C:\Windows\Installer\wix{F814D094-197F-43C8-87FA-3210BB780486}.SchedServiceConfig.rmi    =>.SUP.Empty
    MOVED file: C:\Windows\Installer\wix{F94A5095-E4DD-4ED8-AB0B-BFAC62176F8C}.SchedServiceConfig.rmi    =>.SUP.Empty
    MOVED file: C:\Windows\Installer\67f41ca.msp    =>.SUP.Obsolete.Adobe
    MOVED file: C:\ProgramData\Lenovo\ImController\Plugins\GenericMessagingPlugin\x86\SLSCore.dll [SweetLabs, Inc. - SLSCore]  =>.SUP.SweetLabs
    MOVED file: C:\ProgramData\Lenovo\ImController\Plugins\GenericMessagingPlugin\x86\SLSLib.dll [SweetLabs, Inc. - SLSLib]  =>.SUP.SweetLabs
    MOVED file^: C:\Users\Murillo\AppData\Local\Temp\aria-debug-10452.log    =>.SUP.Temporary.OneDrive
    MOVED file: C:\Users\Murillo\AppData\Local\Temp\aria-debug-19324.log    =>.SUP.Temporary.OneDrive
    MOVED file: C:\Users\Murillo\AppData\Local\Temp\wct3643.tmp    =>.SUP.Temporary.Office
    MOVED file: C:\Users\Murillo\AppData\Local\Temp\wct8383.tmp    =>.SUP.Temporary.Office
    MOVED file: C:\Users\Murillo\AppData\Local\Temp\wctF800.tmp    =>.SUP.Temporary.Office
    MOVED file: C:\Users\Murillo\AppData\Local\Host App Service\Engine\HostAppServiceUpdater.exe [SweetLabs, Inc - Host App Service Updater]  =>.SUP.SweetLabs
    MOVED folder^: C:\Program Files (x86)\Skillbrains  =>.SUP.Skillbrains
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\001  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\012  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\074  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\075  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\076  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\077  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\078  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\081  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\082  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\083  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\084  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\085  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\086  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\087  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\089  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\090  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\091  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\092  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\093  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\094  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\096  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\097  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\098  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\099  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\100  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\101  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\102  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\103  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\104  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\105  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\106  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\107  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\108  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\109  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\110  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\111  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\112  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\113  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\114  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\115  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\116  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\117  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\119  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\120  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\121  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\122  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\123  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\124  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\125  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\126  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\127  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\129  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\130  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\131  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\132  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\133  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\134  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\135  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\136  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\137  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\138  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\139  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\140  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\141  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\142  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\143  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\144  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\145  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\146  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\147  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\148  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\149  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\150  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\151  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\152  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\153  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\154  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\155  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\156  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\157  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\158  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\159  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\160  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\161  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\162  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\163  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\164  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\165  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\167  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\170  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\171  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\172  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\173  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\174  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\175  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\176  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\177  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\178  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\179  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\180  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\181  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\182  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\183  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\184  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\185  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\186  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\187  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\188  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\189  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\190  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\191  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\192  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\194  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\195  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\196  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\197  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\198  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\199  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\200  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\201  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\202  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\203  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\204  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\205  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\206  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\207  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\208  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\209  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\210  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\211  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\212  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\213  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\214  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\215  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\216  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\217  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\218  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\219  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\220  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\221  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\222  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\223  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\224  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\225  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\226  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\237  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\238  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\239  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\240  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\241  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\242  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\243  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\244  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\251  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\252  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\253  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\254  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\255  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\256  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\257  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\258  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\259  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\260  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\261  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\262  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\263  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\264  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\265  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\266  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\267  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\268  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\269  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\270  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\271  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\272  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\273  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\274  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\275  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\276  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\277  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\278  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\279  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\280  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\281  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\282  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\283  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\284  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\285  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\286  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\287  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\288  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\292  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\293  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\294  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\295  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\296  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\297  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\298  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\299  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\300  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\301  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\302  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Users\Murillo\AppData\Local\Google\Chrome\User Data\Default\File System\303  =>.SUP.Temporary.Chrome
    MOVED folder: C:\Windows\Installer\MSI6B1.tmp-  =>.SUP.Empty
    MOVED folder: C:\Windows\Installer\MSI9488.tmp-  =>.SUP.Empty
    MOVED folder: C:\Windows\Installer\MSI9758.tmp-  =>.SUP.Empty
    MOVED folder: C:\Windows\Installer\MSI98E0.tmp-  =>.SUP.Empty
    MOVED folder: C:\Windows\Installer\MSIBE99.tmp-  =>.SUP.Empty
    MOVED folder: C:\Windows\Installer\MSIC149.tmp-  =>.SUP.Empty
    MOVED folder: C:\Windows\Installer\MSIEEC6.tmp-  =>.SUP.Empty


    ---\\  Registry ( Key, Value, Data) (8)
    DELETED key*: HKEY_USERS\S-1-5-21-2317215598-4247144937-2148942001-1001\SOFTWARE\App Host Service []  =>.SUP.SweetLabs
    DELETED key*: HKEY_USERS\S-1-5-21-2317215598-4247144937-2148942001-1001\SOFTWARE\SkillBrains []  =>.SUP.Skillbrains
    DELETED key**: HKCU\Software\App Host Service []  =>.SUP.SweetLabs
    DELETED key**: HKCU\Software\SkillBrains []  =>.SUP.Skillbrains
    DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Host App Service [SweetLabs for Lenovo]  =>.SUP.SweetLabs
    DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Skillbrains []  =>.SUP.Skillbrains
    DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1 [Skillbrains]  =>.SUP.Skillbrains
    DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32\\Lightshot [0x040000000000000000000000]  =>.SUP.Skillbrains


    ---\\  Summary of the elements found (7)
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.SweetLabs
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Empty
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Obsolete.Adobe
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.OneDrive
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Office
    https://nicolascoolman.eu/2019/01/sup-skillbrains  =>.SUP.Skillbrains
    https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Chrome


    ---\\  Other deletions. (22)
    ~ Registry Keys Tracing deleted (22)
    ~ Remove the old reports ZHPCleaner. (0)


    ---\\ Result of repair
    ~ Repair carried out successfully
    ~ Browser not found (Opera Software)
    ~ The system has been restarted.


    ---\\ Statistics
    ~ Items scanned : 803
    ~ Items found : 0
    ~ Items cancelled : 0
    ~ Items options : 12/12
    ~ Space saving (bytes) : 40813


    ~ End of clean in 00h00mn55s

    ---\\  Reports (2)
    ZHPCleaner--17052019-20_48_01.txt
    ZHPCleaner-[R]-17052019-20_50_52.txt
     

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:52:02, on 17/05/2019
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.17763.0001)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
    C:\Users\Murillo\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
    C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    C:\Users\Murillo\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo17win10.msn.com/?PC=LCTE
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
    O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [OneDrive] "C:\Users\Murillo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
    O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office16\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office16\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: aapj.bb.com.br
    O15 - Trusted Zone: seg.bb.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: cloud.gastecnologia.com.br
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8869f9f0-4a7b-4945-a2d6-b788ff2d9d1f}: NameServer = 8.8.8.8,8.8.4.4
    O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
    O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Serviço do Kaspersky Anti-Virus 19.0.0 (AVP19.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_6d34ac0763025a06\IntelCpHeciSvc.exe
    O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_6d34ac0763025a06\IntelCpHDCPSvc.exe
    O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
    O23 - Service: Dolby DAX2 API Service - Dolby Laboratories, Inc. - C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.157\elevation_service.exe
    O23 - Service: Conectividade do Windows para Gramblr. (gramblrclient) - Unknown owner - C:\Program Files\Gramblr\gramblr.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @oem25.inf,%iaStorAfsWindowsService.Name%;Intel(R) Optane(TM) Memory Service (iaStorAfsService) - Intel Corporation - C:\Windows\IAStorAfsService\iaStorAfsService.exe
    O23 - Service: @oem30.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\Windows\system32\ibtsiva (file missing)
    O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_6d34ac0763025a06\igfxCUIService.exe
    O23 - Service: @oem5.inf,%ImcSvcDisplayName%;System Interface Foundation Service (ImControllerService) - Lenovo Group Ltd. - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: klvssbridge64_19.0.0 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe
    O23 - Service: Serviço do Kaspersky Secure Connection 3.0.0 (KSDE3.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
    O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
    O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14488 bytes
     


  3. Já fiz todos os procedimentos solicitados no Tópico Oficial.

    O meu problema é computador lento e não abrindo os aplicativos

    Segue meu log para exame: 

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:02:18, on 17/05/2019
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.17763.0001)
    Boot mode: Normal

    Running processes:
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avpui.exe
    C:\Users\Murillo\AppData\Local\Microsoft\OneDrive\OneDrive.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
    C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe
    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe
    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
    C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe
    C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe
    C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    C:\Program Files (x86)\Lenovo\iMController\PluginHost\Lenovo.Modern.ImController.PluginHost.Device.exe
    C:\Users\Murillo\Desktop\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo17win10.msn.com/?PC=LCTE
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
    O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
    O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [OneDrive] "C:\Users\Murillo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
    O4 - HKCU\..\Run: [ShowBatteryBar] "C:\Program Files\BatteryBar\ShowBatteryBar.exe" show
    O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office16\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office16\EXCEL.EXE/3000
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIE.dll
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\OCHelper.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: aapj.bb.com.br
    O15 - Trusted Zone: seg.bb.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: cloud.gastecnologia.com.br
    O17 - HKLM\System\CCS\Services\Tcpip\..\{8869f9f0-4a7b-4945-a2d6-b788ff2d9d1f}: NameServer = 8.8.8.8,8.8.4.4
    O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Microsoft Office\Office16\MSOSB.DLL
    O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
    O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
    O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Serviço do Kaspersky Anti-Virus 19.0.0 (AVP19.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\avp.exe
    O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_6d34ac0763025a06\IntelCpHeciSvc.exe
    O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_6d34ac0763025a06\IntelCpHDCPSvc.exe
    O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
    O23 - Service: Dolby DAX2 API Service - Dolby Laboratories, Inc. - C:\Program Files\Dolby\Dolby DAX2\DAX2_API\DolbyDAX2API.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.157\elevation_service.exe
    O23 - Service: Conectividade do Windows para Gramblr. (gramblrclient) - Unknown owner - C:\Program Files\Gramblr\gramblr.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google LLC - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @oem25.inf,%iaStorAfsWindowsService.Name%;Intel(R) Optane(TM) Memory Service (iaStorAfsService) - Intel Corporation - C:\Windows\IAStorAfsService\iaStorAfsService.exe
    O23 - Service: @oem30.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\Windows\system32\ibtsiva (file missing)
    O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_6d34ac0763025a06\igfxCUIService.exe
    O23 - Service: @oem5.inf,%ImcSvcDisplayName%;System Interface Foundation Service (ImControllerService) - Lenovo Group Ltd. - C:\Program Files\Lenovo\ImController\Service\Lenovo.Modern.ImController.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: klvssbridge64_19.0.0 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 19.0.0\x64\vssbridge64.exe
    O23 - Service: Serviço do Kaspersky Secure Connection 3.0.0 (KSDE3.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
    O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
    O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
    O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
    O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
    O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 14728 bytes

     


  4.  

    Zoek.exe v5.0.0.0 Updated 04-May-2015

    Tool run by mesporto on 19/05/2015 at 19:25:48,56.

    Microsoft Windows 8.1 Single Language 6.3.9600  x64

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\mesporto\Desktop\zoek.exe [scan all users] [script inserted] 

     

    ==== Older Logs ======================

     

    C:\zoek-results2015-05-19-212632.log 3018 bytes

     

    ==== System Restore Info ======================

     

    19/05/2015 19:26:17 Zoek.exe System Restore Point Created Successfully.

     

    ==== Reset Hosts File ======================

     

    # Copyright © 1993-2006 Microsoft Corp. 


    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 


    # This file contains the mappings of IP addresses to host names. Each 

    # entry should be kept on an individual line. The IP address should 

    # be placed in the first column followed by the corresponding host name. 

    # The IP address and the host name should be separated by at least one 

    # space. 


    # Additionally, comments (such as these) may be inserted on individual 

    # lines or following the machine name denoted by a '#' symbol. 


    # For example: 


    #      102.54.94.97     rhino.acme.com          # source server 

    #       38.25.63.10     x.acme.com              # x client host 

     

    127.0.0.1       localhost 

     

    ==== Deleting CLSID Registry Keys ======================

     

     

    ==== Deleting CLSID Registry Values ======================

     

     

    ==== Deleting Services ======================

     

     

    ==== FireFox Fix ======================

     

    Deleted from C:\Users\mesporto\AppData\Roaming\Mozilla\Firefox\Profiles\6gbwki1r.default\prefs.js:

    user_pref("browser.startup.homepage", "

     

     

    ==== Chromium Fix ======================

     

    C:\Users\mesporto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.aguasclarashopping.com.br_0.localstorage deleted successfully

    C:\Users\mesporto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.aguasclarashopping.com.br_0.localstorage-journal deleted successfully

    C:\Users\mesporto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.mlstatic.com_0.localstorage deleted successfully

    C:\Users\mesporto\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.mlstatic.com_0.localstorage-journal deleted successfully

     

    ==== Set IE to Default ======================

     

    Old Values:

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

    "Search Page"="http://www.google.com"

    "Default_Search_URL"="http://www.google.com"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

    "Default_Search_URL"="http://www.google.com"

    "Search Page"="http://www.google.com"

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

    "Default_Search_URL"="http://www.google.com"

    "Search Page"="http://www.google.com"

     

    New Values:

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]



    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]



     

    ==== All HKCU SearchScopes ======================

     

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

    "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

    {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

     

    ==== Reset Google Chrome ======================

     

    C:\Users\mesporto\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

    C:\Users\mesporto\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully

    C:\Users\mesporto\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences.bad was reset successfully

    C:\Users\mesporto\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

    C:\Users\mesporto\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

     

    ==== shortcuts on Users Desktops ======================

     

    C:\Users\mesporto\Desktop\Meu computador.lnk -  

    C:\Users\mesporto\Desktop\Painel de Controle.lnk -  

    C:\Users\mesporto\Desktop\Photoshop.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CC 2014\Photoshop.exe 

    C:\Users\mesporto\Desktop\Rainlendar2.lnk - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe 

    C:\Users\mesporto\Desktop\Word.lnk - C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE 

     

    ==== shortcuts on All Users Desktop ======================

     

    C:\Users\Public\Desktop\Acrobat Reader.lnk - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 

    C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 

    C:\Users\Public\Desktop\EssentialPIM.lnk - C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe 

    C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\Public\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 

    C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe 

    C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 

     

    ==== shortcuts in Users Start Menu ======================

     

    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk - C:\Users\mesporto\Documents 

    C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk - C:\Users\mesporto\Pictures 

    C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk - C:\Users\mesporto\Documents 

    C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk - C:\Users\mesporto\Pictures 

    C:\Users\mesporto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk - C:\Users\mesporto\Documents 

    C:\Users\mesporto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 

    C:\Users\mesporto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk - C:\Users\mesporto\Pictures 

    C:\Users\mesporto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\S Agent.lnk - C:\Program Files (x86)\Samsung\S Agent\CommonAgent.exe 

    C:\Users\mesporto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm 

    C:\Users\mesporto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt 

    C:\Users\mesporto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -  

    C:\Users\mesporto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe 

     

    ==== shortcuts in All Users Start Menu ======================

     

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk - C:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileManager.lnk - C:\windows\FileManager\FileManager.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk - C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE /OEM

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Central de Mouse e Teclado da Microsoft\Central de Mouse e Teclado da Microsoft.lnk - C:\windows\Installer\{23D2AFC7-C01E-4413-9D9A-0BABF52569BF}\DeviceCenter.ico 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Adicionar dispositivo.lnk - C:\Program Files (x86)\HP\Digital Imaging\{28981D56-C55A-4972-998F-823590FD43A2}\hpzstub.exe -addadevice

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Ajuda.lnk - C:\Program Files (x86)\HP\Digital Imaging\HelpViewer\hpqhvshm.exe /product-class=HP Photosmart C4700 series

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Configurar o Dispositivo de rede.lnk - C:\Program Files (x86)\HP\Digital Imaging\{28981D56-C55A-4972-998F-823590FD43A2}\hpzstub.exe -addadevice -usbsetup

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Desinstalar.lnk - C:\Program Files (x86)\HP\Digital Imaging\{28981D56-C55A-4972-998F-823590FD43A2}\setup\hpzscr40.exe -datfile hposcr43.dat -onestop -forcereboot

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Guia de instalação.lnk -  

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Leiame.lnk - C:\Program Files (x86)\HP\Digital Imaging\help\PS_AIO_06_C4700_readme\readme.html 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Registro do produto.lnk - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqwrg.exe "HP Photosmart C4700 Series"

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Site de suporte a produtos.lnk - C:\Program Files (x86)\HP\Digital Imaging\HP Photosmart C4700 Series\help\HP Product Support Website.url 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\USB para sem fio.lnk - C:\Program Files (x86)\HP\Digital Imaging\{28981D56-C55A-4972-998F-823590FD43A2}\hpzstub.exe -addadevice -usbtowireless

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® HD Graphics Control Panel.lnk - C:\windows\system32\igfxstarter.exe Metro

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -  

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe -tab about

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -  

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -  

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus\Ajuda do Kaspersky Anti-Virus.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\Doc\pt-BR\kav\context.chm 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus\Contrato de Licença do Usuário Final.lnk -  

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus\Kaspersky Anti-Virus.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus\Remover o Kaspersky Anti-Virus.lnk - C:\Windows\SysWOW64\msiexec.exe /i{653C1B5A-3287-47B1-8613-0745D4E771C4} REMOVE=ALL

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus\Visitar a Kaspersky Lab na Web.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\kl.url 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk - C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk - C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe  /design 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk - C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk - C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk - C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk - C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk - C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk - C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk - C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk -  

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Help Desk.lnk - C:\Program Files (x86)\Samsung\Help Desk\HelpDesk.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Online Support (S Service).lnk - C:\Program Files (x86)\Samsung\sService\sService.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Quick Starter.lnk - C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Recovery.lnk - C:\Program Files\Samsung\Recovery\Manager1.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Samsung Link.lnk - C:\windows\Installer\{82EC241F-DFCA-4166-A8C3-EA5D2B9A41C4}\NewShortcut2_5B46A39CEC59430697F2793DDD568D50.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Settings.lnk - C:\Program Files (x86)\Samsung\Settings\Settings.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\SideSync.lnk - C:\Program Files (x86)\Samsung\SideSync\SideSync.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Sua opinião é importante.lnk -  

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Support Center.lnk - C:\Program Files (x86)\Samsung\Support Center\GuaranaMain.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\SW Update.lnk - C:\Program Files (x86)\Samsung\SW Update\sManager.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\User Manual.lnk - C:\Program Files (x86)\Samsung\User Manual\RunManual.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Samsung Link\Samsung Link (Background Service).lnk - C:\Program Files (x86)\Samsung\Samsung Link\Samsung Link Menu Start.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk - C:\windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -  

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe 

     

    ==== shortcuts in Quick Launch ======================

     

    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

    C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

    C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

    C:\Users\mesporto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\mesporto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe 

    C:\Users\mesporto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

    C:\Users\mesporto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

    C:\Users\mesporto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\EssentialPIM.lnk - C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe 

    C:\Users\mesporto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  

    C:\Users\mesporto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\mesporto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 

    C:\Users\mesporto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\windows\system32\notepad.exe 

     

    ==== Reset IE Proxy ======================

     

    Value(s) before fix:

    "ProxyEnable"=dword:00000000

     

    Value(s) after fix:

    "ProxyEnable"=dword:00000000

     

    ==== Empty IE Cache ======================

     

    C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\mesporto\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

    C:\Users\mesporto\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully

    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

    C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

    C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully

    C:\Users\mesporto\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

    C:\Users\mesporto\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully

    C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

    C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

     

    ==== Empty FireFox Cache ======================

     

    C:\Users\mesporto\AppData\Local\Mozilla\Firefox\Profiles\6gbwki1r.default\cache2 emptied successfully

     

    ==== Empty Chrome Cache ======================

     

    C:\Users\mesporto\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

     

    ==== Empty All Flash Cache ======================

     

    Flash Cache Emptied Successfully

     

    ==== Empty All Java Cache ======================

     

    Java Cache cleared successfully

     

    ==== C:\zoek_backup content ======================

     

    C:\zoek_backup (files=92 folders=65 38553168 bytes)

     

    ==== Empty Temp Folders ======================

     

    C:\Users\Default\AppData\Local\Temp emptied successfully

    C:\Users\Default User\AppData\Local\Temp emptied successfully

    C:\Users\mesporto\AppData\Local\Temp will be emptied at reboot

    C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

    C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

    C:\windows\Temp will be emptied at reboot

     

    ==== After Reboot ======================

     

    ==== Empty Temp Folders ======================

     

    C:\windows\Temp successfully emptied

    C:\Users\mesporto\AppData\Local\Temp successfully emptied

     

    ==== Empty Recycle Bin ======================

     

    C:\$RECYCLE.BIN successfully emptied

     

    ==== EOF on 19/05/2015 at 19:40:10,88 ======================

  5.  

    Zoek.exe v5.0.0.0 Updated 04-May-2015

    Tool run by mesporto on 19/05/2015 at 18:15:57,98.

    Microsoft Windows 8.1 Single Language 6.3.9600  x64

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\mesporto\Desktop\zoek.exe [scan all users] [script inserted] 

     

    ===== Runcheck 18:16:15,40 =====

     

    --- Create Environment Variables 18:16:16,62 

    --- Create System Restore Point 18:16:22,73 

    --- Checking Input 18:16:23,81 

    --- Reset Hosts File 18:16:31,65 

    --- AU AppData Check 18:16:32,17 

    --- Remove From Windows Installer 18:16:34,81 

    --- Empty Folders Check 18:17:24,48 

    --- Registry HKLM Software Check 18:17:24,50 

    --- Quick Launch Shortcut Check 18:17:39,70 

    --- IE Startpage Check 18:17:42,08 

    --- Program Files DB Check 18:17:58,61 

    --- C:\Users\Default\AppData\Roaming DB Check 18:18:45,58 

    --- C:\Users\Default User\AppData\Roaming DB Check 18:18:45,58 

    --- C:\Users\mesporto\AppData\Roaming DB Check 18:18:45,58 

    --- C:\windows\SysNative\config\systemprofile\AppData\Roaming DB Check 18:18:45,58 

    --- C:\windows\sysWoW64\config\systemprofile\AppData\Roaming DB Check 18:18:45,58 

    --- C:\windows\serviceprofiles\networkservice\AppData\Roaming DB Check 18:18:45,58 

    --- C:\windows\serviceprofiles\Localservice\AppData\Roaming DB Check 18:18:45,58 

    --- C:\Users\mesporto DB Check 18:21:00,96 

    --- C:\PROGRA~3 DB Check 18:21:18,42 

    --- C:\Users\Default\AppData\Local DB Check 18:21:22,46 

    --- C:\Users\Default User\AppData\Local DB Check 18:21:22,46 

    --- C:\Users\mesporto\AppData\Local DB Check 18:21:22,46 

    --- C:\windows\SysNative\config\systemprofile\AppData\Local DB Check 18:21:22,46 

    --- C:\windows\sysWoW64\config\systemprofile\AppData\Local DB Check 18:21:22,46 

    --- C:\windows\serviceprofiles\networkservice\AppData\Local DB Check 18:21:22,46 

    --- C:\windows\serviceprofiles\Localservice\AppData\Local DB Check 18:21:22,46 

    --- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 18:22:55,87 

    --- C:\Users\mesporto\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 18:23:05,77 

    --- Tasks DB Check 18:23:12,31 

    --- Downloads DB Check 18:23:16,09 

    --- C:\Users\mesporto\AppData\LocalLow DB Check 18:23:20,41 

    --- C:\windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 18:23:20,41 

    --- C:\windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 18:23:20,41 

    --- C:\windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 18:23:20,41 

    --- C:\windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 18:23:20,41 

    --- Tasks2 DB Check 18:24:11,25 

    --- Documents DB Check 18:24:40,54 

    --- C:\Users\mesporto\AppData\Roaming\Mozilla\Firefox\Profiles\6gbwki1r.default DB Check 18:24:49,10 

    --- C:\Users\Public\Desktop DB Check 18:24:51,35 

    --- C:\Users\mesporto\Desktop DB Check 18:24:56,02 

    --- Services DB Check 18:25:03,76 

    --- FF prefs.js DB Check 18:25:23,76 

    --- Del by CLSID 18:26:02,01 

    --- Delete Services 18:26:25,96 

    --- Firefox Fix 18:26:28,04 

    --- Delete files\folders 18:26:29,17 

    --- Create Backups 18:26:29,26 

     

     


    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 18:56:51, on 19/05/2015

    Platform: Unknown Windows (WinNT 6.02.1008)

    MSIE: Internet Explorer v11.0 (11.00.9600.17416)

    Boot mode: Normal

     

    Running processes:

    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe

    C:\PROGRA~2\GbPlugin\GbpSv.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\windows\SysWOW64\cmd.exe

    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\plugin-nm-server.exe

    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\klwtblfs.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Users\mesporto\Desktop\HijackThis.exe

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

    F2 - REG:system.ini: UserInit=userinit.exe

    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll

    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll

    O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_909C5755A8CBF8BC1409BB7EE7FAA78E] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe

    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

    O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

    O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O15 - Trusted Zone: www.bancobrasil.com.br

    O15 - Trusted Zone: www14.bancobrasil.com.br

    O15 - Trusted Zone: www2.bancobrasil.com.br

    O15 - Trusted Zone: www.bb.com.br

    O15 - Trusted Zone: http://www.bb.com.br

    O18 - Protocol: WSWSVCUchrome - (no CLSID) - (no file)

    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

    O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe

    O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

    O23 - Service: Serviço do Kaspersky Anti-Virus 15.0.0 (AVP15.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe

    O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

    O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

    O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

    O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

    O23 - Service: Samsung Link Service - Copyright 2013 SAMSUNG - C:\Program Files\Samsung\Samsung Link\Samsung Link.exe

    O23 - Service: Settings Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

    O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

    O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

     

    --

    End of file - 11090 bytes

     


  6. Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 17:44:22, on 19/05/2015

    Platform: Unknown Windows (WinNT 6.02.1008)

    MSIE: Internet Explorer v11.0 (11.00.9600.17416)

    Boot mode: Normal

     

    Running processes:

    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe

    C:\PROGRA~2\GbPlugin\GbpSv.exe

    C:\Users\mesporto\Desktop\HijackThis.exe

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

    F2 - REG:system.ini: UserInit=userinit.exe

    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll

    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll

    O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

    O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_909C5755A8CBF8BC1409BB7EE7FAA78E] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe

    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

    O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"

    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

    O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O15 - Trusted Zone: www.bancobrasil.com.br

    O15 - Trusted Zone: www14.bancobrasil.com.br

    O15 - Trusted Zone: www2.bancobrasil.com.br

    O15 - Trusted Zone: www.bb.com.br

    O15 - Trusted Zone: http://www.bb.com.br

    O18 - Protocol: WSWSVCUchrome - (no CLSID) - (no file)

    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)

    O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe

    O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe

    O23 - Service: Serviço do Kaspersky Anti-Virus 15.0.0 (AVP15.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe

    O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)

    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

    O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

    O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

    O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

    O23 - Service: Samsung Link Service - Copyright 2013 SAMSUNG - C:\Program Files\Samsung\Samsung Link\Samsung Link.exe

    O23 - Service: Settings Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)

    O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)

    O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)

    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

     

    --

    End of file - 10529 bytes

     

     


    # AdwCleaner v4.204 - Relatório criado 19/05/2015 às 17:36:52

    # Atualizado 12/05/2015 por Xplode

    # Base de dados : 2015-05-12.2 [servidor]

    # Sistema operacional : Windows 8.1 Single Language  (x64)

    # Usuário : mesporto - MURILLOEDUARDO

    # Executando de : C:\Users\mesporto\Desktop\adwcleaner_4.204.exe

    # Opção : Limpar

     

    ***** [ Serviços ] *****

     

     

    ***** [ Arquivos / Pastas ] *****

     

     

    ***** [ Tarefas agendadas ] *****

     

     

    ***** [ Atalhos ] *****

     

     

    ***** [ Registro ] *****

     

    Dados Apagado : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:51935;hxxps=127.0.0.1:51935

    Dados Apagado : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

    Dados Apagado : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

     

    ***** [ Navegadores ] *****

     

    -\\ Internet Explorer v11.0.9600.17416

     

     

    -\\ Mozilla Firefox v38.0.1 (x86 pt-BR)

     

     

    -\\ Google Chrome v42.0.2311.152

     

    [C:\Users\mesporto\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Apagado [startup_URLs] : hxxps://www.google.com.br/", "hxxp://do-search.com/?type=hp&ts=1432044729&z=eced7950a9ff865554556b2gbzdc7o6e7zez6m6o1m&from=cor&uid=ST500LT012-1DG142_S3PMZDCDXXXXS3PMZDCD

     

    *************************

     

    AdwCleaner[R0].txt - [10512 bytes] - [04/05/2015 23:07:43]

    AdwCleaner[R1].txt - [13271 bytes] - [19/05/2015 11:56:36]

    AdwCleaner[R2].txt - [1969 bytes] - [19/05/2015 17:35:43]

    AdwCleaner[s0].txt - [7843 bytes] - [04/05/2015 23:08:33]

    AdwCleaner[s1].txt - [3412 bytes] - [19/05/2015 11:57:33]

    AdwCleaner[s2].txt - [1639 bytes] - [19/05/2015 17:36:52]

     

    ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1698  bytes] ##########

     

     


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Thisisu

    Version: 6.7.4 (05.19.2015:1)

    OS: Windows 8.1 Single Language x64

    Ran by mesporto on 19/05/2015 at 17:40:59,49

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

     

     

    ~~~ Services

     

     

     

    ~~~ Tasks

     

    Successfully deleted: [Task] C:\windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3592234319-3575132284-456529214-1001

    Successfully deleted: [Task] C:\windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-3592234319-3575132284-456529214-500

    Successfully deleted: [Task] C:\windows\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-421214586-2430289774-1517383855-500

     

     

     

    ~~~ Registry Values

     

    Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\displayswitch

     

     

     

    ~~~ Registry Keys

     

     

     

    ~~~ Files

     

    Successfully deleted: [File] C:\windows\syswow64\wscm64.dll

    Successfully deleted: [File] C:\windows\prefetch\BAIDUANTIVIRUS_SETUP_2004--5F-3960537D.pf

     

     

     

    ~~~ Folders

     

    Successfully deleted: [Folder] C:\ProgramData\baidu security

     

     

     

    ~~~ FireFox

     

    Successfully deleted the following from C:\Users\mesporto\AppData\Roaming\mozilla\firefox\profiles\6gbwki1r.default\prefs.js

     

    user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);

    user_pref(browser.search.searchengine.ptid, cor);

    user_pref(browser.search.searchengine.uid, ST500LT012-1DG142_S3PMZDCDXXXXS3PMZDCD);

     

     

     

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on 19/05/2015 at 17:43:39,29

    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     



  7. Versão: 2.01.6.1022

    Base de Dados de Malware: v2015.03.09.05
    Base de Dados de Rootkit: v2015.05.16.01
    Licença: Grátis
    Proteção de Malware: Desabilitado
    Proteção de Site Malicioso: Desabilitado
    Auto-Proteção: Desabilitado
     
    SO: Windows 8.1
    Processador: x64
    Sistema de Arquivos: NTFS
    Usuário: mesporto
     
    Tipo da Verificação: Verificar Ameaça
    Resultado: Terminado
    Objetos Verificados: 360784
    Tempo Decorrido: 26 min, 12 seg
     
    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de Arquivos: Habilitado
    Arquivos Compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Habilitado
    PUM: Habilitado
     
    Processos: 0
    (Nenhum item malicioso detectado)
     
    Módulos: 0
    (Nenhum item malicioso detectado)
     
    Chaves de Registro: 0
    (Nenhum item malicioso detectado)
     
    Valores de Registro: 0
    (Nenhum item malicioso detectado)
     
    Dados de Registro: 0
    (Nenhum item malicioso detectado)
     
    Pastas: 0
    (Nenhum item malicioso detectado)
     
    Arquivos: 0
    (Nenhum item malicioso detectado)
     
    Setores Físicos: 0
    (Nenhum item malicioso detectado)
     
     
    (end)
     
     
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:30:57, on 19/05/2015
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17416)
    Boot mode: Normal
     
    Running processes:
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
    C:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\SysWOW64\cmd.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\plugin-nm-server.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\klwtblfs.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\mesporto\Desktop\HijackThis.exe
     
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    O4 - HKCU\..\Run: [DisplaySwitch] C:\programdata\samsung\DisplaySwitch.exe
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_909C5755A8CBF8BC1409BB7EE7FAA78E] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: http://www.bb.com.br
    O18 - Protocol: WSWSVCUchrome - (no CLSID) - (no file)
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
    O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    O23 - Service: Serviço do Kaspersky Anti-Virus 15.0.0 (AVP15.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
    O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Samsung Link Service - Copyright 2013 SAMSUNG - C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
    O23 - Service: Settings Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
     
    --
    End of file - 11367 bytes
     

  8. Já fiz todos os procedimentos recomendados por vocês.

    Estou com um problema com um redirecionador de paginas, especificamente o "do-search". Já tentei vários softwares de remoção, sem sucesso.

     

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:10:39, on 19/05/2015
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17416)
    Boot mode: Normal
     
    Running processes:
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avpui.exe
    C:\Program Files\Rainlendar2\Rainlendar2.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\windows\SysWOW64\cmd.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\plugin-nm-server.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\klwtblfs.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\mesporto\Desktop\HijackThis.exe
     
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    O4 - HKCU\..\Run: [DisplaySwitch] C:\programdata\samsung\DisplaySwitch.exe
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_909C5755A8CBF8BC1409BB7EE7FAA78E] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: http://www.bb.com.br
    O18 - Protocol: WSWSVCUchrome - (no CLSID) - (no file)
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
    O23 - Service: AllShare Framework DMS - Samsung - C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe
    O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
    O23 - Service: Serviço do Kaspersky Anti-Virus 15.0.0 (AVP15.0.0) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 15.0.0\avp.exe
    O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\windows\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: Samsung Link Service - Copyright 2013 SAMSUNG - C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
    O23 - Service: Settings Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\SettingsLauncher.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
    O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
    O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
     
    --
    End of file - 11245 bytes

  9. Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 19:55:00, on 07/05/2015
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17416)
    Boot mode: Normal
     
    Running processes:
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
    C:\Program Files (x86)\STOPzilla\STOPzilla.exe
    C:\Program Files (x86)\Skype\Phone\Skype.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Users\Sherida\Downloads\HijackThis.exe
    C:\Users\Sherida\Downloads\HijackThis.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\WINDOWS\SysWOW64\DllHost.exe
     
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
     
     
    ==== Set IE to Default ======================
     
    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Search_URL"="http://www.google.com"
    "Search Page"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
    "Default_Search_URL"="http://www.google.com"
    "Search Page"="http://www.google.com"
     
    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
     
    ==== All HKCU SearchScopes ======================
     
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
    {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
    {33BB0A4E-99AF-4226-BDF6-49120163DE86} Unknown  Url="Not_Found"
    {40BAD8B9-B985-4C9A-8B33-B7A8AA337875} Bing  Url="Not_Found"
    {E733165D-CBCF-4FDA-883E-ADEF965B476C} Google  Url="Not_Found"
     
    ==== Reset Google Chrome ======================
     
    C:\Users\Sherida\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
    C:\Users\Sherida\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
    C:\Users\Sherida\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
    C:\Users\Sherida\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
     
    ==== Deleting CLSID Registry Keys ======================
     
    HKEY_USERS\S-1-5-21-2321293755-3812385516-1550897827-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} deleted successfully
    HKEY_USERS\S-1-5-21-2321293755-3812385516-1550897827-1001\Software\Microsoft\Internet Explorer\SearchScopes\{40BAD8B9-B985-4C9A-8B33-B7A8AA337875} deleted successfully
    HKEY_USERS\S-1-5-21-2321293755-3812385516-1550897827-1001\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C} deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{40BAD8B9-B985-4C9A-8B33-B7A8AA337875} deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{40BAD8B9-B985-4C9A-8B33-B7A8AA337875} deleted successfully
     
    ==== Deleting CLSID Registry Values ======================
     
     
    ==== shortcuts on Users Desktops ======================
     
    C:\Users\Sherida\Desktop\Audio Amplifier Pro.lnk - C:\Program Files (x86)\Audio Amplifier Pro\AudioAmplifierPro.exe 
    C:\Users\Sherida\Desktop\Calculator.lnk - C:\WINDOWS\system32\calc.exe 
    C:\Users\Sherida\Desktop\controle_biometrico.lnk - C:\Users\Sherida\Downloads\controle_biometrico.docx 
    C:\Users\Sherida\Desktop\Notepad.lnk - C:\WINDOWS\system32\notepad.exe 
    C:\Users\Sherida\Desktop\Photoshop.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CC 2014\Photoshop.exe 
    C:\Users\Sherida\Desktop\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe 
    C:\Users\Sherida\Desktop\WORD.lnk - C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE 
    C:\Users\Sherida\Desktop\µTorrent.lnk -  
    C:\Users\Sherida\Desktop\Jogos\Burger Island.lnk - C:\My Games\Burger Island\BurgerIsland.exe 
    C:\Users\Sherida\Desktop\Jogos\FarmFrenzy3_MadagascarPT.exe.lnk - C:\games\Jogolandia\Farm Frenzy 3 Madagascar_PT\FarmFrenzy3_MadagascarPT.exe 
    C:\Users\Sherida\Desktop\Jogos\Chocolate\Chocolatier.lnk - C:\My Games\Chocolatier\chocolatier.exe 
     
    ==== shortcuts on All Users Desktop ======================
     
    C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
    C:\Users\Public\Desktop\Central de Soluções HP.lnk -  
    C:\Users\Public\Desktop\EssentialPIM.lnk - C:\Program Files (x86)\EssentialPIM\EssentialPIM.exe 
    C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
    C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe 
    C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 
    C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
    C:\Users\Public\Desktop\Skype.lnk - C:\WINDOWS\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe 
     
    ==== shortcuts in Users Start Menu ======================
     
    C:\Users\Sherida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
    C:\Users\Sherida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe 
    C:\Users\Sherida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm 
    C:\Users\Sherida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt 
    C:\Users\Sherida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -  
    C:\Users\Sherida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe 
     
    ==== shortcuts in All Users Start Menu ======================
     
    C:\ProgramData\Microsoft\Windows\Start Menu\Central de Soluções HP.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe --appletID=CCM_UI --appletVersion=1.0 --workflow=CCM_workflow_launch
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2014.lnk - C:\Program Files\Adobe\Adobe Photoshop CC 2014\Photoshop.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon 1Button App\Amazon.lnk - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Amplifier Pro\Audio Amplifier Pro.lnk - C:\Program Files (x86)\Audio Amplifier Pro\AudioAmplifierPro.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Amplifier Pro\Uninstall.lnk - C:\Program Files (x86)\Audio Amplifier Pro\unins000.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Atualização HP.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Central de Soluções HP.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Loja de Suprimentos HP.lnk - C:\Program Files (x86)\Hp\HPSSUPPLY\hpqSSupply.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Adicionar dispositivo.lnk - C:\Program Files (x86)\Hp\Digital Imaging\{28981D56-C55A-4972-998F-823590FD43A2}\hpzstub.exe -addadevice
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Ajuda.lnk - C:\Program Files (x86)\Hp\Digital Imaging\HelpViewer\hpqhvshm.exe /product-class=HP Photosmart C4700 series
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Configurar o Dispositivo de rede.lnk - C:\Program Files (x86)\Hp\Digital Imaging\{28981D56-C55A-4972-998F-823590FD43A2}\hpzstub.exe -addadevice -usbsetup
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Desinstalar.lnk - C:\Program Files (x86)\Hp\Digital Imaging\{28981D56-C55A-4972-998F-823590FD43A2}\setup\hpzscr40.exe -datfile hposcr43.dat -onestop -forcereboot
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Guia de instalação.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Leiame.lnk - C:\Program Files (x86)\Hp\Digital Imaging\help\PS_AIO_06_C4700_readme\readme.html 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Registro do produto.lnk - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqwrg.exe "HP Photosmart C4700 Series"
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Site de suporte a produtos.lnk - C:\Program Files (x86)\HP\Digital Imaging\HP Photosmart C4700 Series\help\HP Product Support Website.url 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\USB para sem fio.lnk - C:\Program Files (x86)\Hp\Digital Imaging\{28981D56-C55A-4972-998F-823590FD43A2}\hpzstub.exe -addadevice -usbtowireless
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_45\bin\javacpl.exe -tab about
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe  /design 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain\MP3Gain Help.lnk - C:\Program Files (x86)\MP3Gain\MP3Gain.chm 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain\MP3Gain.lnk - C:\Program Files (x86)\MP3Gain\MP3GainGUI.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain\Uninstall MP3Gain.lnk - C:\Program Files (x86)\MP3Gain\uninst-mp3gain.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype para a área de trabalho.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla\STOPzilla.lnk - C:\Program Files (x86)\STOPzilla\STOPzilla.exe 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla\Uninstall STOPzilla.lnk - C:\Windows\SysWOW64\msiexec.exe /x {C201C1A5-FDFC-45BD-866E-1084D92BA5E5}
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt 
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe 
     
    ==== shortcuts in Quick Launch ======================
     
    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe 
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Control Panel.lnk -  
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
    C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
    C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
     
    ==== Reset IE Proxy ======================
     
    Value(s) before fix:
    "ProxyEnable"=dword:00000000
     
    Value(s) after fix:
    "ProxyEnable"=dword:00000000
     
    ==== Empty IE Cache ======================
     
    C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Sherida\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\Users\Sherida\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
    C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\Users\Sherida\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
    C:\Users\Sherida\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
    C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
    C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
     
    ==== Empty FireFox Cache ======================
     
    C:\Users\Sherida\AppData\Local\Mozilla\Firefox\Profiles\qdhai7ps.default\cache2 emptied successfully
     
    ==== Empty Chrome Cache ======================
     
    C:\Users\Sherida\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
     
    ==== Empty All Flash Cache ======================
     
    Flash Cache Emptied Successfully
     
    ==== Empty All Java Cache ======================
     
    Java Cache cleared successfully
     
    ==== C:\zoek_backup content ======================
     
    C:\zoek_backup (files=39 folders=34 28963937 bytes)
     
    ==== Empty Temp Folders ======================
     
    C:\Users\Administrator\AppData\Local\Temp emptied successfully
    C:\Users\Default\AppData\Local\Temp emptied successfully
    C:\Users\Sherida\AppData\Local\Temp will be emptied at reboot
    C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
    C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
    C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
    C:\WINDOWS\Temp will be emptied at reboot
     
    ==== After Reboot ======================
     
    ==== Empty Temp Folders ======================
     
    C:\WINDOWS\Temp successfully emptied
    C:\Users\Sherida\AppData\Local\Temp successfully emptied
     
    ==== Empty Recycle Bin ======================
     
    C:\$RECYCLE.BIN successfully emptied
     
    ==== Deleting Files / Folders ======================
     
    "C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted
     
    ==== EOF on 07/05/2015 at 19:53:45,26 ======================
     

  10. Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 17:07:58, on 07/05/2015

    Platform: Unknown Windows (WinNT 6.02.1008)

    MSIE: Internet Explorer v11.0 (11.00.9600.17416)

    Boot mode: Normal

     

    Running processes:

    C:\PROGRA~2\GbPlugin\GbpSv.exe

    C:\Program Files (x86)\Skype\Phone\Skype.exe

    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe

    C:\Users\Sherida\Downloads\HijackThis.exe

    C:\Users\Sherida\Downloads\HijackThis.exe

    C:\WINDOWS\SysWOW64\DllHost.exe

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

    F2 - REG:system.ini: UserInit=userinit.exe,

    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll

    O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll

    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll

    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_3C50E3DA1A70431DB8F000B46335F6C2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

    O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

    O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

    O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll

    O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O15 - Trusted Zone: www.bancobrasil.com.br

    O15 - Trusted Zone: www14.bancobrasil.com.br

    O15 - Trusted Zone: www2.bancobrasil.com.br

    O15 - Trusted Zone: www.bb.com.br

    O15 - Trusted Zone: http://www.bb.com.br

    O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

    O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe

    O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe

    O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

    O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)

    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)

    O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

    O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

    O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

    O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe

    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)

    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

    O23 - Service: STOPzilla! (SBAMSvc) - ThreatTrack Security, Inc. - C:\Program Files (x86)\STOPzilla\SBAMSvc.exe

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)

    O23 - Service: STOPzilla Service (sz7) - iS3, Inc. - C:\Program Files (x86)\STOPzilla\SZServer.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)

    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

     

    --

    End of file - 11724 bytes

     

     


    # AdwCleaner v4.203 - Relatório criado 07/05/2015 às 16:54:57

    # Atualizado 30/04/2015 por Xplode

    # Base de dados : 2015-05-05.1 [servidor]

    # Sistema operacional : Windows 8.1 Single Language  (x64)

    # Usuário : Sherida - PCXÉRIDA

    # Executando de : C:\Users\Sherida\Downloads\adwcleaner_4.203 (1).exe

    # Opção : Limpar

     

    ***** [ Serviços ] *****

     

     

    ***** [ Arquivos / Pastas ] *****

     

    Arquivo Excluído : C:\Users\Sherida\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.claro.com.br_0.localstorage

    Arquivo Excluído : C:\Users\Sherida\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.claro.com.br_0.localstorage-journal

     

    ***** [ Tarefas agendadas ] *****

     

     

    ***** [ Atalhos ] *****

     

     

    ***** [ Registro ] *****

     

     

    ***** [ Navegadores ] *****

     

    -\\ Internet Explorer v11.0.9600.17416

     

     

    -\\ Mozilla Firefox v37.0.2 (x86 pt-BR)

     

     

    -\\ Google Chrome v42.0.2311.135

     

     

    *************************

     

    AdwCleaner[R0].txt - [8958 bytes] - [09/03/2015 19:07:18]

    AdwCleaner[R1].txt - [1154 bytes] - [17/03/2015 12:59:35]

    AdwCleaner[R2].txt - [1021 bytes] - [17/03/2015 13:18:47]

    AdwCleaner[R3].txt - [1081 bytes] - [17/03/2015 13:20:56]

    AdwCleaner[R4].txt - [4281 bytes] - [04/04/2015 10:56:44]

    AdwCleaner[R5].txt - [1529 bytes] - [04/04/2015 20:07:18]

    AdwCleaner[R6].txt - [4849 bytes] - [05/05/2015 13:08:40]

    AdwCleaner[R7].txt - [1808 bytes] - [07/05/2015 16:53:39]

    AdwCleaner[s0].txt - [7855 bytes] - [09/03/2015 19:09:25]

    AdwCleaner[s1].txt - [1225 bytes] - [17/03/2015 13:04:24]

    AdwCleaner[s2].txt - [3452 bytes] - [04/04/2015 11:05:10]

    AdwCleaner[s3].txt - [1583 bytes] - [04/04/2015 20:08:24]

    AdwCleaner[s4].txt - [4094 bytes] - [05/05/2015 13:10:17]

    AdwCleaner[s5].txt - [1722 bytes] - [07/05/2015 16:54:57]

     

    ########## EOF - C:\AdwCleaner\AdwCleaner[s5].txt - [1781  bytes] ##########

     

     


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Thisisu

    Version: 6.6.8 (05.06.2015:1)

    OS: Windows 8.1 Single Language x64

    Ran by Sherida on 07/05/2015 at 16:59:28,14

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

     

     

    ~~~ Services

     

     

     

    ~~~ Tasks

     

    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2321293755-3812385516-1550897827-1001

    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-2321293755-3812385516-1550897827-500

    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-307532667-2838866804-990517792-500

     

     

     

    ~~~ Registry Values

     

     

     

    ~~~ Registry Keys

     

     

     

    ~~~ Files

     

     

     

    ~~~ Folders

     

     

     

    ~~~ FireFox

     

    Successfully deleted the following from C:\Users\Sherida\AppData\Roaming\mozilla\firefox\profiles\qdhai7ps.default\prefs.js

     

    user_pref(browser.search.searchengine.alias, luckysearches);

    user_pref(browser.search.searchengine.desc, this is my first firefox searchEngine);

    user_pref(browser.search.searchengine.name, luckysearches);

    user_pref(browser.search.searchengine.ptid, rbm);

    user_pref(browser.search.searchengine.uid, ST500LM012XHN-M500MBB_S33HJ5DF401525);

     

     

     

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on 07/05/2015 at 17:06:56,53

    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     



  11. Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 15:28:11, on 07/05/2015

    Platform: Unknown Windows (WinNT 6.02.1008)

    MSIE: Internet Explorer v11.0 (11.00.9600.17416)

    Boot mode: Normal

     

    Running processes:

    C:\PROGRA~2\GbPlugin\GbpSv.exe

    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe

    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

    C:\Program Files (x86)\STOPzilla\STOPzilla.exe

    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Users\Sherida\Downloads\HijackThis.exe

    C:\WINDOWS\SysWOW64\DllHost.exe

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

    F2 - REG:system.ini: UserInit=userinit.exe,

    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll

    O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll

    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll

    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll

    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices

    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_3C50E3DA1A70431DB8F000B46335F6C2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window

    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR

    O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

    O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

    O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll

    O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O15 - Trusted Zone: www.bancobrasil.com.br

    O15 - Trusted Zone: www14.bancobrasil.com.br

    O15 - Trusted Zone: www2.bancobrasil.com.br

    O15 - Trusted Zone: www.bb.com.br

    O15 - Trusted Zone: http://www.bb.com.br

    O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)

    O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe

    O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe

    O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)

    O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)

    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)

    O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

    O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

    O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

    O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe

    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe

    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)

    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)

    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

    O23 - Service: STOPzilla! (SBAMSvc) - ThreatTrack Security, Inc. - C:\Program Files (x86)\STOPzilla\SBAMSvc.exe

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)

    O23 - Service: STOPzilla Service (sz7) - iS3, Inc. - C:\Program Files (x86)\STOPzilla\SZServer.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)

    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

     

    --

    End of file - 12410 bytes

     

     

     


    Malwarebytes Anti-Malware

    www.malwarebytes.org

     

    Data da Verificação: 07/05/2015

    Hora da Verificação: 14:52:32

    Arquivo de Log: LOg.txt

    Administrador: Sim

     

    Versão: 2.01.6.1022

    Base de Dados de Malware: v2015.05.07.03

    Base de Dados de Rootkit: v2015.04.21.01

    Licença: Avaliação Gratuita

    Proteção de Malware: Habilitado

    Proteção de Site Malicioso: Habilitado

    Auto-Proteção: Desabilitado

     

    SO: Windows 8.1

    Processador: x64

    Sistema de Arquivos: NTFS

    Usuário: Sherida

     

    Tipo da Verificação: Verificar Ameaça

    Resultado: Terminado

    Objetos Verificados: 403174

    Tempo Decorrido: 31 min, 10 seg

     

    Memória: Habilitado

    Inicialização: Habilitado

    Sistema de Arquivos: Habilitado

    Arquivos Compactados: Habilitado

    Rootkits: Habilitado

    Heurística: Habilitado

    PUP: Habilitado

    PUM: Habilitado

     

    Processos: 0

    (Nenhum item malicioso detectado)

     

    Módulos: 0

    (Nenhum item malicioso detectado)

     

    Chaves de Registro: 0

    (Nenhum item malicioso detectado)

     

    Valores de Registro: 0

    (Nenhum item malicioso detectado)

     

    Dados de Registro: 0

    (Nenhum item malicioso detectado)

     

    Pastas: 0

    (Nenhum item malicioso detectado)

     

    Arquivos: 0

    (Nenhum item malicioso detectado)

     

    Setores Físicos: 0

    (Nenhum item malicioso detectado)

     

     

    (end)


  12. Meu computador está com um redirect toda vez que eu entro em qualquer browser para navegar. Ele redireciona para páginas com pornografia e outras.

     

    Segue o log do HijackThis e eu já fiz todos os procedimentos recomendados por vocês:

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:12:20, on 07/05/2015
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17416)
    Boot mode: Normal
     
    Running processes:
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
    C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    C:\Program Files (x86)\STOPzilla\STOPzilla.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Sherida\Downloads\HijackThis.exe
    C:\WINDOWS\SysWOW64\DllHost.exe
     
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll
    O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_3C50E3DA1A70431DB8F000B46335F6C2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: http://www.bb.com.br
    O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
    O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
    O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: STOPzilla! (SBAMSvc) - ThreatTrack Security, Inc. - C:\Program Files (x86)\STOPzilla\SBAMSvc.exe
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: STOPzilla Service (sz7) - iS3, Inc. - C:\Program Files (x86)\STOPzilla\SZServer.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
     
    --
    End of file - 12288 bytes
     

     


  13. Zoek.exe v5.0.0.0 Updated 02-April-2015
    Tool run by Sherida on 04/04/2015 at 21:07:22,41.
    Microsoft Windows 8.1 Single Language 6.3.9600  x64
    Running in: Normal Mode Internet Access Detected
    Launched: C:\Users\Sherida\Downloads\zoek(1).exe [scan all users] [script inserted]

    ==== Older Logs ======================

    C:\zoek-results2015-03-17-201043.log    22180 bytes

    ==== System Restore Info ======================

    04/04/2015 21:08:29 Zoek.exe System Restore Point Created Successfully.

    ==== Reset Hosts File ======================

    # Copyright © 1993-2006 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    #      102.54.94.97     rhino.acme.com          # source server
    #       38.25.63.10     x.acme.com              # x client host
     
    127.0.0.1       localhost

    ==== Empty Folders Check ======================

    C:\PROGRA~2\SlySoft deleted successfully
    C:\Users\Sherida\AppData\Local\Adobe deleted successfully

    ==== Deleting CLSID Registry Keys ======================


    ==== Deleting CLSID Registry Values ======================


    ==== Deleting Services ======================


    ==== FireFox Fix ======================

    Deleted from C:\Users\Sherida\AppData\Roaming\Mozilla\Firefox\Profiles\qdhai7ps.default\prefs.js:
    user_pref("browser.startup.homepage", "


    ==== Set IE to Default ======================

    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Search_URL"="
    http://www.google.com"
    "Search Page"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
    "Default_Search_URL"="http://www.google.com"
    "Search Page"="http://www.google.com"

    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
    {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
    {40BAD8B9-B985-4C9A-8B33-B7A8AA337875} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

    ==== Reset Google Chrome ======================

    C:\Users\Sherida\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
    C:\Users\Sherida\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
    C:\Users\Sherida\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
    C:\Users\Sherida\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

    ==== shortcuts on Users Desktops ======================

    C:\Users\Sherida\Desktop\Audio Amplifier Pro.lnk - C:\Program Files (x86)\Audio Amplifier Pro\AudioAmplifierPro.exe
    C:\Users\Sherida\Desktop\Calculator.lnk - C:\WINDOWS\system32\calc.exe
    C:\Users\Sherida\Desktop\controle_biometrico.lnk - C:\Users\Sherida\Downloads\controle_biometrico.docx
    C:\Users\Sherida\Desktop\Notepad.lnk - C:\WINDOWS\system32\notepad.exe
    C:\Users\Sherida\Desktop\WORD.lnk - C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
    C:\Users\Sherida\Desktop\Jogos\Burger Island.lnk - C:\My Games\Burger Island\BurgerIsland.exe
    C:\Users\Sherida\Desktop\Jogos\FarmFrenzy3_MadagascarPT.exe.lnk - C:\games\Jogolandia\Farm Frenzy 3 Madagascar_PT\FarmFrenzy3_MadagascarPT.exe
    C:\Users\Sherida\Desktop\Jogos\Chocolate\Chocolatier.lnk - C:\My Games\Chocolatier\chocolatier.exe

    ==== shortcuts on All Users Desktop ======================

    C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
    C:\Users\Public\Desktop\Central de Soluções HP.lnk -  
    C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
    C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Public\Desktop\Skype.lnk - C:\WINDOWS\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe

    ==== shortcuts in Users Start Menu ======================

    C:\Users\Sherida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Sherida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
    C:\Users\Sherida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk - C:\Program Files (x86)\Realtek\Audio\HDA\RAVCpl64.exe

    ==== shortcuts in All Users Start Menu ======================

    C:\ProgramData\Microsoft\Windows\Start Menu\Central de Soluções HP.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon 1Button App\Amazon.lnk - C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonTaskbarApp.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Amplifier Pro\Audio Amplifier Pro.lnk - C:\Program Files (x86)\Audio Amplifier Pro\AudioAmplifierPro.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Amplifier Pro\Uninstall.lnk - C:\Program Files (x86)\Audio Amplifier Pro\unins000.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Atualização HP.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Central de Soluções HP.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Loja de Suprimentos HP.lnk - C:\Program Files (x86)\Hp\HPSSUPPLY\hpqSSupply.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Adicionar dispositivo.lnk - C:\Program Files (x86)\Hp\Digital Imaging\{28981D56-C55A-4972-998F-823590FD43A2}\hpzstub.exe -addadevice
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Ajuda.lnk - C:\Program Files (x86)\Hp\Digital Imaging\HelpViewer\hpqhvshm.exe /product-class=HP Photosmart C4700 series
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Configurar o Dispositivo de rede.lnk - C:\Program Files (x86)\Hp\Digital Imaging\{28981D56-C55A-4972-998F-823590FD43A2}\hpzstub.exe -addadevice -usbsetup
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Desinstalar.lnk - C:\Program Files (x86)\Hp\Digital Imaging\{28981D56-C55A-4972-998F-823590FD43A2}\setup\hpzscr40.exe -datfile hposcr43.dat -onestop -forcereboot
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Guia de instalação.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Leiame.lnk - C:\Program Files (x86)\Hp\Digital Imaging\help\PS_AIO_06_C4700_readme\readme.html
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Registro do produto.lnk - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqwrg.exe "HP Photosmart C4700 Series"
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Site de suporte a produtos.lnk - C:\Program Files (x86)\HP\Digital Imaging\HP Photosmart C4700 Series\help\HP Product Support Website.url
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\USB para sem fio.lnk - C:\Program Files (x86)\Hp\Digital Imaging\{28981D56-C55A-4972-998F-823590FD43A2}\hpzstub.exe -addadevice -usbtowireless
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab about
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe  /design
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype para a área de trabalho.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

    ==== shortcuts in Quick Launch ======================

    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Control Panel.lnk -  
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
    C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

    ==== Reset IE Proxy ======================

    Value(s) before fix:
    "ProxyEnable"=dword:00000000

    Value(s) after fix:
    "ProxyEnable"=dword:00000000

    ==== Empty IE Cache ======================

    C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Sherida\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\Users\Sherida\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
    C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\Users\Sherida\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
    C:\Users\Sherida\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
    C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
    C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

    ==== Empty FireFox Cache ======================

    C:\Users\Sherida\AppData\Local\Mozilla\Firefox\Profiles\qdhai7ps.default\cache2 emptied successfully

    ==== Empty Chrome Cache ======================

    C:\Users\Sherida\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=26 folders=16 14859010 bytes)

    ==== Empty Temp Folders ======================

    C:\Users\Administrator\AppData\Local\Temp emptied successfully
    C:\Users\Default\AppData\Local\Temp emptied successfully
    C:\Users\Sherida\AppData\Local\Temp will be emptied at reboot
    C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
    C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
    C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
    C:\WINDOWS\Temp will be emptied at reboot

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\WINDOWS\Temp successfully emptied
    C:\Users\Sherida\AppData\Local\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\$RECYCLE.BIN successfully emptied

    ==== Deleting Files / Folders ======================

    "C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp\Low" not deleted

    ==== EOF on 04/04/2015 at 21:37:37,88 ======================
     

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 21:39:57, on 04/04/2015
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17416)
    Boot mode: Normal

    Running processes:
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
    C:\Users\Sherida\Downloads\HijackThis.exe
    C:\WINDOWS\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_3C50E3DA1A70431DB8F000B46335F6C2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: http://www.bb.com.br
    O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
    O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
    O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11450 bytes
     


  14. Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 20:22:56, on 04/04/2015
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17416)
    Boot mode: Normal

    Running processes:
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Users\Sherida\Downloads\JRT.exe
    C:\WINDOWS\SysWOW64\cmd.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Windows\SysWOW64\notepad.exe
    C:\Users\Sherida\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_3C50E3DA1A70431DB8F000B46335F6C2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: http://www.bb.com.br
    O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
    O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
    O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11284 bytes
     

     

     

    # AdwCleaner v4.200 - Arquivo de log criado 04/04/2015 às 20:08:24
    # Atualizado 29/03/2015 por Xplode
    # Base de dados : 2015-03-29.1 [servidor]
    # Sistema operacional : Windows 8.1 Single Language  (x64)
    # Usuário : Sherida - PCXÉRIDA
    # Executando de : C:\Users\Sherida\Downloads\adwcleaner_4.200(1).exe
    # Opção : Limpar

    ***** [ Serviços ] *****


    ***** [ Arquivos / Pastas ] *****


    ***** [ Tarefas agendadas ] *****


    ***** [ Atalhos ] *****


    ***** [ Registro ] *****


    ***** [ Navegadores ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v36.0.4 (x86 pt-BR)


    -\\ Google Chrome v41.0.2272.118

    [C:\Users\Sherida\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [search Provider] : hxxp://www.mystartsearch.com/web/?type=ds&ts=1428083502&from=slbnew&uid=ST500LM012XHN-M500MBB_S33HJ5DF401525&q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [8958 bytes] - [09/03/2015 19:07:18]
    AdwCleaner[R1].txt - [1154 bytes] - [17/03/2015 12:59:35]
    AdwCleaner[R2].txt - [1021 bytes] - [17/03/2015 13:18:47]
    AdwCleaner[R3].txt - [1081 bytes] - [17/03/2015 13:20:56]
    AdwCleaner[R4].txt - [4281 bytes] - [04/04/2015 10:56:44]
    AdwCleaner[R5].txt - [1529 bytes] - [04/04/2015 20:07:18]
    AdwCleaner[s0].txt - [7855 bytes] - [09/03/2015 19:09:25]
    AdwCleaner[s1].txt - [1225 bytes] - [17/03/2015 13:04:24]
    AdwCleaner[s2].txt - [3452 bytes] - [04/04/2015 11:05:10]
    AdwCleaner[s3].txt - [1444 bytes] - [04/04/2015 20:08:24]

    ########## EOF - C:\AdwCleaner\AdwCleaner[s3].txt - [1503  bytes] ##########
     

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.5.1 (04.02.2015:1)
    OS: Windows 8.1 Single Language x64
    Ran by Sherida on 04/04/2015 at 20:14:32,22
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders



    ~~~ FireFox

    Successfully deleted the following from C:\Users\Sherida\AppData\Roaming\mozilla\firefox\profiles\qdhai7ps.default\prefs.js

    user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
    user_pref("browser.search.searchengine.ptid", "slbnew");
    user_pref("browser.search.searchengine.uid", "ST500LM012XHN-M500MBB_S33HJ5DF401525");



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 04/04/2015 at 20:22:29,35
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     


  15. Malwarebytes Anti-Malware
    www.malwarebytes.org

    Data da Verificação: 04/04/2015
    Hora da Verificação: 18:46:39
    Arquivo de Log: Log.txt
    Administrador: Sim

    Versão: 2.01.4.1018
    Base de Dados de Malware: v2015.04.04.06
    Base de Dados de Rootkit: v2015.03.31.01
    Licença: Grátis
    Proteção de Malware: Desabilitado
    Proteção de Site Malicioso: Desabilitado
    Auto-Proteção: Desabilitado

    SO: Windows 8.1
    Processador: x64
    Sistema de Arquivos: NTFS
    Usuário: Sherida

    Tipo da Verificação: Verificar Ameaça
    Resultado: Terminado
    Objetos Verificados: 398006
    Tempo Decorrido: 26 min, 10 seg

    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de Arquivos: Habilitado
    Arquivos Compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Habilitado
    PUM: Habilitado

    Processos: 0
    (Nenhum item malicioso detectado)

    Módulos: 0
    (Nenhum item malicioso detectado)

    Chaves de Registro: 2
    PUP.Optional.Multiplug, HKU\S-1-5-21-2321293755-3812385516-1550897827-1001_Classes\TYPELIB\{157B1AA6-3E5C-404A-9118-C1D91F537040}, Quarentena, [197d6afe9befd3635cfd64ce06fdc33d],
    PUP.Optional.Multiplug, HKU\S-1-5-21-2321293755-3812385516-1550897827-1001_Classes\INTERFACE\{3B3F3AAD-FB97-49FF-BFEE-D22869AC4326}, Quarentena, [197d6afe9befd3635cfd64ce06fdc33d],

    Valores de Registro: 0
    (Nenhum item malicioso detectado)

    Dados de Registro: 0
    (Nenhum item malicioso detectado)

    Pastas: 0
    (Nenhum item malicioso detectado)

    Arquivos: 1
    PUP.Optional.Solimba, C:\Users\Sherida\Downloads\CloneCD.exe, Quarentena, [d5c1125696f489ad30e91f13c73fc43c],

    Setores Físicos: 0
    (Nenhum item malicioso detectado)


    (end)

     

     

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:17:54, on 04/04/2015
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17416)
    Boot mode: Normal

    Running processes:
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\SysWOW64\cmd.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\plugin-nm-server.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Sherida\Downloads\HijackThis (1).exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_3C50E3DA1A70431DB8F000B46335F6C2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe -update pepperplugin
    O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: http://www.bb.com.br
    O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
    O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
    O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11990 bytes
     


  16. Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:15:22, on 04/04/2015
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17416)
    Boot mode: Normal

    Running processes:
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Sherida\Downloads\HijackThis.exe
    C:\WINDOWS\SysWOW64\DllHost.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
    O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_3C50E3DA1A70431DB8F000B46335F6C2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
    O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_16_0_0_310_pepper.exe -update pepperplugin
    O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\syswow64\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: http://www.bb.com.br
    O18 - Protocol: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
    O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
    O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11230 bytes
     


  17. Zoek.exe v5.0.0.0 Updated 15-March-2015
    Tool run by Sherida on 17/03/2015 at 16:37:58,65.
    Microsoft Windows 8.1 Single Language 6.3.9600  x64
    Running in: Normal Mode Internet Access Detected
    Launched: C:\Users\Sherida\Downloads\zoek.exe [scan all users] [script inserted]

    ==== System Restore Info ======================

    17/03/2015 16:40:14 Zoek.exe System Restore Point Created Successfully.

    ==== Reset Hosts File ======================

    # Copyright © 1993-2006 Microsoft Corp.
    #
    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
    #
    # This file contains the mappings of IP addresses to host names. Each
    # entry should be kept on an individual line. The IP address should
    # be placed in the first column followed by the corresponding host name.
    # The IP address and the host name should be separated by at least one
    # space.
    #
    # Additionally, comments (such as these) may be inserted on individual
    # lines or following the machine name denoted by a '#' symbol.
    #
    # For example:
    #
    #      102.54.94.97     rhino.acme.com          # source server
    #       38.25.63.10     x.acme.com              # x client host
     
    127.0.0.1       localhost

    ==== Empty Folders Check ======================

    C:\PROGRA~2\ActSys deleted successfully
    C:\Users\Sherida\AppData\Local\Adobe deleted successfully
    C:\Users\Sherida\AppData\Local\PackageStaging deleted successfully

    ==== Deleting CLSID Registry Keys ======================

    HKEY_USERS\S-1-5-21-2321293755-3812385516-1550897827-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9D7A8D1D-8D57-44C7-9958-1A7AAF7D2416} deleted successfully

    ==== Deleting CLSID Registry Values ======================


    ==== Deleting Services ======================


    ==== FireFox Fix ======================

    Deleted from C:\Users\Sherida\AppData\Roaming\Mozilla\Firefox\Profiles\qdhai7ps.default\prefs.js:
    user_pref("browser.startup.homepage", "https://www.google.com.br/");
    user_pref("browser.search.useDBForOrder", true);

    Added to C:\Users\Sherida\AppData\Roaming\Mozilla\Firefox\Profiles\qdhai7ps.default\prefs.js:
    user_pref("browser.startup.homepage", "about:home");
    user_pref("browser.newtab.url", "about:newtab");

    ProfilePath: C:\Users\Sherida\AppData\Roaming\Mozilla\Firefox\Profiles\qdhai7ps.default

    user.js not found
    ---- Lines extensions.1whJbPx8aXibyC0j removed from prefs.js ----
    user_pref("extensions.1whJbPx8aXibyC0j.epoch", "1426015257");
    ---- Lines extensions.5sWyeDxUiLI11xKs removed from prefs.js ----
    user_pref("extensions.5sWyeDxUiLI11xKs.epoch", "1426015258");
    user_pref("extensions.5sWyeDxUiLI11xKs.url", "http://bloggerstoryget.info/sync2/?q=hfZ9oe4MhyhHhdUMCyVUojsEqdCHtMqLDe49CNU0nVsMCMlNhd9FqjaHrdsFrdn5rHY
    ---- Lines extensions.NjC7ufZHEAAaxRe0 removed from prefs.js ----
    user_pref("extensions.NjC7ufZHEAAaxRe0.epoch", "1426015257");
    user_pref("extensions.NjC7ufZHEAAaxRe0.url", "http://safefacile.net/sync2/?q=hfZ9oeZNAdkMCyVUojsEqdCHtMqLDe49CNU0nVsMCMlNhd9FqjaHrdUErTn9rjCMBzqUojw8r
    ---- FireFox user.js and prefs.js backups ----

    prefs_032015_1701_.backup

    ==== Deleting Files \ Folders ======================

    C:\PROGRA~2\ActSys not found
    C:\PROGRA~2\History deleted
    C:\PROGRA~3\{9c8a1db2-0441-beda-9c8a-a1db204476c8} deleted
    C:\Users\Sherida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\startup\Ativador Office 2013 DEFINITIVO - Atualizado 2014  - PH Downs (1).lnk deleted
    C:\PROGRA~3\6069326235060931005 deleted
    C:\Users\Public\Pokki deleted
    C:\Users\Sherida\AppData\Roaming\appdataFr3.bin deleted
    C:\PROGRA~3\boost_interprocess deleted
    C:\Users\Sherida\AppData\Local\Pokki deleted
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
    C:\Users\Sherida\AppData\LocalLow\Company deleted
    C:\Users\Sherida\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A} deleted
    C:\windows\SysNative\tasks\060184C3-9766-46a0-B258-F4518A0B2633 deleted
    C:\WINDOWS\SysNative\config\systemprofile\Searches deleted
    C:\Users\Public\Documents\AlawarWrapper deleted
    C:\Users\Sherida\AppData\Roaming\unins000.exe deleted
    "C:\Windows\Installer\87b79.msi" deleted

    ==== Firefox Start and Search pages ======================

    ProfilePath: C:\Users\Sherida\AppData\Roaming\Mozilla\Firefox\Profiles\qdhai7ps.default
    user_pref("browser.startup.homepage", "about:home");
    user_pref("browser.newtab.url", "about:newtab");

    ==== Firefox Extensions Registry ======================

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
    "content_blocker@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\FFExt\content_blocker@kaspersky.com" [09/03/2015 17:31]
    [HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
    "{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Sherida\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" []

    ==== Firefox Extensions ======================

    AppDir: C:\Program Files (x86)\Mozilla Firefox
    - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

    ==== Firefox Plugins ======================

    Profilepath: C:\Users\Sherida\AppData\Roaming\Mozilla\Firefox\Profiles\qdhai7ps.default
    1DE5D05F67114FAEA17AD47B5E01DF6F    - C:\Users\Sherida\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll -    Módulo de Proteção - Banco do Brasil
    9E2ACEFA9A03FA35133459B0F8613B40    - C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1215155.dll -    Shockwave for Director / Shockwave for Director
    A7D38CD759C7AD594D1B255001BDDD8E    - C:\Users\Sherida\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll -    Módulo de Proteção - Banco do Brasil


    ==== Chromium Look ======================

    Google Chrome Version: 41.0.2272.89 (Up to date, latest Stable version: 41.0.2272.89)

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
    blbkdnmdcafmfhinpmnlhhddbepgkeaa - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa[]
    dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\ChromeExt\urladvisor.crx[14/10/2013 15:37]


    ==== Set IE to Default ======================

    Old Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Search_URL"="http://www.google.com"
    "Start Page"="http://www.google.com"
    "Search Page"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
    "Default_Search_URL"="http://www.google.com"
    "Start Page"="http://www.google.com"
    "Search Page"="http://www.google.com"

    New Values:
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
    "Start Page"="http://www.google.com"
    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
    "Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
    "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

    ==== All HKCU SearchScopes ======================

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
    "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
    {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
    {40BAD8B9-B985-4C9A-8B33-B7A8AA337875} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02"

    ==== Reset Google Chrome ======================

    C:\Users\Sherida\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
    C:\Users\Sherida\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

    ==== Deleting CLSID Registry Keys ======================


    ==== Deleting CLSID Registry Values ======================

    HKEY_USERS\S-1-5-21-2321293755-3812385516-1550897827-1001\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} deleted successfully

    ==== shortcuts on Users Desktops ======================

    C:\Users\Sherida\Desktop\AdwCleaner.lnk - C:\Users\Sherida\Downloads\AdwCleaner.exe
    C:\Users\Sherida\Desktop\Calculator.lnk - C:\WINDOWS\system32\calc.exe
    C:\Users\Sherida\Desktop\controle_biometrico.lnk - C:\Users\Sherida\Downloads\controle_biometrico.docx
    C:\Users\Sherida\Desktop\Notepad.lnk - C:\WINDOWS\system32\notepad.exe
    C:\Users\Sherida\Desktop\zoek - Atalho.lnk - C:\Users\Sherida\Downloads\zoek.exe
    C:\Users\Sherida\Desktop\Jogos\Burger Island.lnk - C:\My Games\Burger Island\BurgerIsland.exe
    C:\Users\Sherida\Desktop\Jogos\FarmFrenzy3_MadagascarPT.exe.lnk - C:\games\Jogolandia\Farm Frenzy 3 Madagascar_PT\FarmFrenzy3_MadagascarPT.exe
    C:\Users\Sherida\Desktop\Jogos\Chocolate\Chocolatier.lnk - C:\My Games\Chocolatier\chocolatier.exe

    ==== shortcuts on All Users Desktop ======================

    C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
    C:\Users\Public\Desktop\Central de Soluções HP.lnk -  
    C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Public\Desktop\Kaspersky Anti-Virus.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
    C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe

    ==== shortcuts in Users Start Menu ======================

    C:\Users\Sherida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Sherida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
    C:\Users\Sherida\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RtkGUI.lnk - C:\Program Files (x86)\Realtek\Audio\HDA\RAVCpl64.exe

    ==== shortcuts in All Users Start Menu ======================

    C:\ProgramData\Microsoft\Windows\Start Menu\Central de Soluções HP.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Atualização HP.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Central de Soluções HP.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Loja de Suprimentos HP.lnk - C:\Program Files (x86)\Hp\HPSSUPPLY\hpqSSupply.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Adicionar dispositivo.lnk - C:\Program Files (x86)\Hp\Digital Imaging\{28981D56-C55A-4972-998F-823590FD43A2}\hpzstub.exe -addadevice
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Ajuda.lnk - C:\Program Files (x86)\Hp\Digital Imaging\HelpViewer\hpqhvshm.exe /product-class=HP Photosmart C4700 series
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Configurar o Dispositivo de rede.lnk - C:\Program Files (x86)\Hp\Digital Imaging\{28981D56-C55A-4972-998F-823590FD43A2}\hpzstub.exe -addadevice -usbsetup
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Desinstalar.lnk - C:\Program Files (x86)\Hp\Digital Imaging\{28981D56-C55A-4972-998F-823590FD43A2}\setup\hpzscr40.exe -datfile hposcr43.dat -onestop -forcereboot
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Guia de instalação.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Leiame.lnk - C:\Program Files (x86)\Hp\Digital Imaging\help\PS_AIO_06_C4700_readme\readme.html
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Registro do produto.lnk - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqwrg.exe "HP Photosmart C4700 Series"
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\Site de suporte a produtos.lnk - C:\Program Files (x86)\HP\Digital Imaging\HP Photosmart C4700 Series\help\HP Product Support Website.url
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Photosmart C4700 Series\USB para sem fio.lnk - C:\Program Files (x86)\Hp\Digital Imaging\{28981D56-C55A-4972-998F-823590FD43A2}\hpzstub.exe -addadevice -usbtowireless
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_31\bin\javacpl.exe -tab about
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Access 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\accicons.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Excel 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Designer 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe  /design
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft InfoPath Filler 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\inficon.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft OneNote 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\joticon.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft PowerPoint 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pptico.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Publisher 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\pubs.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft SharePoint Workspace 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Microsoft Word 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Centro de Carregamento do Microsoft Office 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\msouc.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Certificado Digital para Projetos do VBA.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\misc.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Media Gallery.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\cagicon.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Microsoft Office Picture Manager.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\oisicon.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office\Ferramentas do Microsoft Office 2010\Preferências de Idioma do Microsoft Office 2010.lnk -  
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint\Microsoft SharePoint Workspace 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\grvicons.exe
    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\HP Digital Imaging Monitor.lnk - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe

    ==== shortcuts in Quick Launch ======================

    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Control Panel.lnk -  
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\Sherida\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
    C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

    ==== Reset IE Proxy ======================

    Value(s) before fix:
    "ProxyEnable"=dword:00000000

    Value(s) after fix:
    "ProxyEnable"=dword:00000000

    ==== Deleting Registry Keys ======================

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\203E62EEA6789D84098513925E9B9999 deleted successfully
    HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
    HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EE26E302-876A-48D9-9058-3129E5B99999} deleted successfully
    HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\203E62EEA6789D84098513925E9B9999 deleted successfully

    ==== Empty IE Cache ======================

    C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
    C:\Users\Sherida\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\Users\Sherida\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
    C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
    C:\Users\Sherida\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
    C:\Users\Sherida\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
    C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
    C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

    ==== Empty FireFox Cache ======================

    C:\Users\Sherida\AppData\Local\Mozilla\Firefox\Profiles\qdhai7ps.default\cache2 emptied successfully

    ==== Empty Chrome Cache ======================

    C:\Users\Sherida\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

    ==== Empty All Flash Cache ======================

    Flash Cache Emptied Successfully

    ==== Empty All Java Cache ======================

    Java Cache cleared successfully

    ==== C:\zoek_backup content ======================

    C:\zoek_backup (files=26 folders=16 14858790 bytes)

    ==== Empty Temp Folders ======================

    C:\Users\Administrator\AppData\Local\Temp emptied successfully
    C:\Users\Default\AppData\Local\Temp emptied successfully
    C:\Users\Sherida\AppData\Local\Temp will be emptied at reboot
    C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
    C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
    C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
    C:\WINDOWS\Temp will be emptied at reboot

    ==== After Reboot ======================

    ==== Empty Temp Folders ======================

    C:\WINDOWS\Temp successfully emptied
    C:\Users\Sherida\AppData\Local\Temp successfully emptied

    ==== Empty Recycle Bin ======================

    C:\$RECYCLE.BIN successfully emptied

    ==== EOF on 17/03/2015 at 17:10:43,66 ======================
     

     

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 17:13:48, on 17/03/2015
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17416)
    Boot mode: Normal

    Running processes:
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Sherida\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_3C50E3DA1A70431DB8F000B46335F6C2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: http://www.bb.com.br
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
    O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
    O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
    O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10762 bytes
     


  18. Log do JRT:

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.5 (03.17.2015:1)
    OS: Windows 8.1 Single Language x64
    Ran by Sherida on 17/03/2015 at 13:08:35,99
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files

    Successfully deleted: [File] "C:\WINDOWS\wininit.ini"



    ~~~ Folders

    Successfully deleted: [Folder] "C:\ProgramData\baidu security"
    Successfully deleted: [Folder] "C:\Users\Sherida\AppData\Roaming\baidu security"
    Successfully deleted: [Folder] "C:\Program Files (x86)\baidu security"



    ~~~ FireFox

    Successfully deleted the following from C:\Users\Sherida\AppData\Roaming\mozilla\firefox\profiles\qdhai7ps.default\prefs.js

    user_pref("browser.search.searchengine.desc", "this is my first firefox searchEngine");
    user_pref("browser.search.searchengine.ptid", "slb2");
    user_pref("browser.search.searchengine.uid", "ST500LM012XHN-M500MBB_S33HJ5DF401525");
    user_pref("extensions.1whJbPx8aXibyC0j.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjCFqTn4qHn6rTYFrdw9qdwEqTC\")>-1){return;}}catch(e){}try{var d=[[\"aceb
    user_pref("extensions.1whJbPx8aXibyC0j.url", "hxxp://extsync.info/sync2/?q=hfZ9ofV9CShEAen0rTa9qHrMg708BNmGWj8ckShGheDUojw8rdrErTwEqdUHrchIC7n0rjkErHaGrja8rHaEtNhVCT94tMVKhd9G
    user_pref("extensions.5sWyeDxUiLI11xKs.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjCFqTn4qHn6rTYFrdw9qdwEqTC\")>-1){return;}}catch(e){}try{var d=[[\"aceb



    ~~~ Event Viewer Logs were cleared





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 17/03/2015 at 13:16:57,02
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     

     

    Log do ADW Cleaner:

    # AdwCleaner v4.112 - Logfile created 17/03/2015 at 13:04:24
    # Updated 09/03/2015 by Xplode
    # Database : 2015-03-15.1 [server]
    # Operating system : Windows 8.1 Single Language  (x64)
    # Username : Sherida - PCXÉRIDA
    # Running from : C:\Users\Sherida\Downloads\AdwCleaner.exe
    # Option : Cleaning

    ***** [ Services ] *****


    ***** [ Files / Folders ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v11.0.9600.17416


    -\\ Mozilla Firefox v36.0.1 (x86 pt-BR)


    -\\ Google Chrome v41.0.2272.89

    [C:\Users\Sherida\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [search Provider] : hxxp://br.ask.com/web?q={searchTerms}

    *************************

    AdwCleaner[R0].txt - [8958 bytes] - [09/03/2015 19:07:18]
    AdwCleaner[R1].txt - [1154 bytes] - [17/03/2015 12:59:35]
    AdwCleaner[s0].txt - [7855 bytes] - [09/03/2015 19:09:25]
    AdwCleaner[s1].txt - [1086 bytes] - [17/03/2015 13:04:24]

    ########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1145  bytes] ##########
     

    Log do HijackThis:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 13:23:13, on 17/03/2015
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17416)
    Boot mode: Normal

    Running processes:
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Sherida\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_3C50E3DA1A70431DB8F000B46335F6C2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
    O4 - Startup: Ativador Office 2013 DEFINITIVO - Atualizado 2014  - PH Downs (1).lnk = C:\ProgramData\{9c8a1db2-0441-beda-9c8a-a1db204476c8}\Ativador Office 2013 DEFINITIVO - Atualizado 2014  - PH Downs (1).exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: http://www.bb.com.br
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
    O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
    O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
    O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10631 bytes
     


  19. Log do MBAM:

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Data da Verificação: 17/03/2015
    Hora da Verificação: 11:55:48
    Arquivo de Log: log_MBAM.txt
    Administrador: Sim

    Versão: 2.00.4.1028
    Base de Dados de Malware: v2015.03.17.04
    Base de Dados de Rootkit: v2015.02.25.01
    Licença: Grátis
    Proteção de Malware: Desabilitado
    Proteção de Site Malicioso: Desabilitado
    Auto-Proteção: Desabilitado

    SO: Windows 8.1
    Processador: x64
    Sistema de Arquivos: NTFS
    Usuário: Sherida

    Tipo da Verificação: Verificar Ameaça
    Resultado: Terminado
    Objetos Verificados: 394566
    Tempo Decorrido: 24 min, 20 seg

    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de Arquivos: Habilitado
    Arquivos Compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Habilitado
    PUM: Habilitado

    Processos: 0
    (Nenhum item malicioso detectado)

    Módulos: 0
    (Nenhum item malicioso detectado)

    Chaves de Registro: 5
    PUP.Optional.MultiPlug, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{478472F9-9E09-492A-BDAB-42EE595EF1AD}, Quarentena, [f7b22ef43852be780c29cae6c2418977],
    PUP.Optional.Shopperz.A, HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarentena, [a40565bd3a503ff718fcebc25aa93dc3],
    PUP.Optional.Shopperz.A, HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarentena, [4f5a7aa8c1c9162015ff654853b09f61],
    PUP.Optional.Shopperz.A, HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarentena, [2d7c50d24b3fef474dc7e4c9b44fbf41],
    PUP.Optional.Shopperz.A, HKU\S-1-5-21-2321293755-3812385516-1550897827-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\{4E7638A1-6962-4e44-A6B9-F40E84FD6D09}, Quarentena, [b0f968ba7416e353c3512f7ea16217e9],

    Valores de Registro: 1
    PUP.Optional.MBot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|mbot_br_642, Quarentena, [a0091e04a7e339fd2bf44987eb182bd5],

    Dados de Registro: 0
    (Nenhum item malicioso detectado)

    Pastas: 2
    PUP.Optional.SaveSys, C:\Program Files (x86)\SaveSys, Quarentena, [b1f875ad256560d656074ef25da843bd],
    PUP.Optional.NoMoreAds.A, C:\ProgramData\NoMore Ads, Quarentena, [bdec9191a9e1270fa0dbd4c30af9f10f],

    Arquivos: 10
    PUP.Optional.Unizeto, C:\ProgramData\{9c8a1db2-0441-beda-9c8a-a1db204476c8}\Ativador Office 2013 DEFINITIVO - Atualizado 2014  - PH Downs (1).exe, Quarentena, [2881e33f6d1d280e1c179c93a55deb15],
    PUP.Optional.Unizeto, C:\Users\Sherida\Downloads\Ativador Office 2013 DEFINITIVO - Atualizado 2014  - PH Downs (1).exe, Quarentena, [3d6ce0428ffbfa3c1023ba75fb079b65],
    PUP.Optional.Solimba, C:\Users\Sherida\Downloads\ativador.rar.exe, Quarentena, [f6b3c65ccfbbed49120a1a0b7989d12f],
    PUP.Optional.Bundle, C:\Users\Sherida\Downloads\Baixe Ativador Office 2013 Definitivo(1).exe, Quarentena, [98112cf6dab0e2540857c16e946e1de3],
    PUP.Optional.Bundle, C:\Users\Sherida\Downloads\Baixe Ativador Office 2013 Definitivo.exe, Quarentena, [16937aa817737db994cb9c9331d115eb],
    PUP.Optional.SaveSys, C:\Program Files (x86)\SaveSys\SaveSys.exe, Quarentena, [b1f875ad256560d656074ef25da843bd],
    PUP.Optional.SaveSys, C:\Program Files (x86)\SaveSys\nfapi.dll, Quarentena, [b1f875ad256560d656074ef25da843bd],
    PUP.Optional.SaveSys, C:\Program Files (x86)\SaveSys\nfregdrv.exe, Quarentena, [b1f875ad256560d656074ef25da843bd],
    PUP.Optional.SaveSys, C:\Program Files (x86)\SaveSys\ProtocolFilters.dll, Quarentena, [b1f875ad256560d656074ef25da843bd],
    PUP.Optional.NoMoreAds.A, C:\ProgramData\NoMore Ads\NoMore Ads.exe, Quarentena, [bdec9191a9e1270fa0dbd4c30af9f10f],

    Setores Físicos: 0
    (Nenhum item malicioso detectado)


    (end)

     

    Log do HijackThis:

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:28:17, on 17/03/2015
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17416)
    Boot mode: Normal

    Running processes:
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Sherida\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_3C50E3DA1A70431DB8F000B46335F6C2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
    O4 - Startup: Ativador Office 2013 DEFINITIVO - Atualizado 2014  - PH Downs (1).lnk = C:\ProgramData\{9c8a1db2-0441-beda-9c8a-a1db204476c8}\Ativador Office 2013 DEFINITIVO - Atualizado 2014  - PH Downs (1).exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: http://www.bb.com.br
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
    O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
    O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
    O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10816 bytes
     


  20. Meu computador está infectado com algum vírus ou malware e não consigo mais navegar em alguns browsers, como o Chrome.

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 08:49:35, on 17/03/2015
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.9600.17416)
    Boot mode: Normal

    Running processes:
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avpui.exe
    C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
    C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    C:\Users\Sherida\Downloads\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
    O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
    O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [sDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
    O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
    O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_3C50E3DA1A70431DB8F000B46335F6C2] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
    O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
    O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe"
    O4 - Startup: Ativador Office 2013 DEFINITIVO - Atualizado 2014  - PH Downs (1).lnk = C:\ProgramData\{9c8a1db2-0441-beda-9c8a-a1db204476c8}\Ativador Office 2013 DEFINITIVO - Atualizado 2014  - PH Downs (1).exe
    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
    O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: http://www.bb.com.br
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
    O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe
    O23 - Service: Serviço do Kaspersky Anti-Virus (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 14.0.0\avp.exe
    O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Portal\CCDMonitorService.exe
    O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
    O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
    O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
    O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
    O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
    O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
    O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
    O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
    O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 11317 bytes
     


  21. ComboFix 10-05-26.04 - Murillo 27/05/2010 17:08:11.5.2 - x86 MINIMAL

    Microsoft Windows XP Professional 5.1.2600.2.1252.55.1046.18.2046.1677 [GMT -3:00]

    Executando de: C:\Documents and Settings\Murillo\Desktop\ComboFix.exe

    AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    FW: Kaspersky Anti-Virus *disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}

    .

    ADS - drivers: deleted 204 bytes in 1 streams.

    ((((((((((((((((((((((((((((((((((((( Outras Exclusões )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    ---- Execuções precedente -------

    .

    C:\WINDOWS\system32\AbaleZip.dll

    .

    (((((((((((((((( Arquivos/Ficheiros criados de 2010-04-27 to 2010-05-27 ))))))))))))))))))))))))))))

    .

    2010-05-27 07:02:06 . 2010-05-27 07:02:07 -------- d-----w- C:\Arquivos de programas\NitroPC

    2010-05-27 06:19:09 . 2010-05-27 06:19:09 388096 ----a-r- C:\Documents and Settings\Murillo\Dados de aplicativos\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe

    2010-05-27 06:19:08 . 2010-05-27 06:19:08 -------- d-----w- C:\Arquivos de programas\Trend Micro

    2010-05-27 06:13:28 . 2010-05-27 06:13:28 -------- d-----w- C:\Documents and Settings\Murillo\Dados de aplicativos\Yahoo!

    2010-05-27 06:13:22 . 2010-05-27 15:56:48 -------- d-----w- C:\Arquivos de programas\Yahoo!

    2010-05-26 13:46:50 . 2010-05-26 13:47:20 -------- d-----w- C:\Arquivos de programas\Real

    2010-05-26 13:46:49 . 2010-05-26 13:47:32 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Real

    2010-05-25 20:44:47 . 2010-05-25 20:44:47 60928 ----a-w- C:\Documents and Settings\Murillo\Dados de aplicativos\Mozilla\Firefox\Profiles\oggb3po3.default\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}\components\nsNativeCaller.dll

    2010-05-22 15:19:12 . 2010-05-22 15:19:12 -------- d-sh--w- C:\Documents and Settings\Murillo\IECompatCache

    2010-05-21 21:05:31 . 2010-03-15 09:31:48 165376 ----a-w- C:\WINDOWS\system32\unrar.dll

    2010-05-21 21:05:30 . 2009-05-29 21:37:40 205824 ----a-w- C:\WINDOWS\system32\xvidvfw.dll

    2010-05-21 21:05:30 . 2009-05-29 21:31:52 881664 ----a-w- C:\WINDOWS\system32\xvidcore.dll

    2010-05-21 21:05:30 . 2004-01-25 16:18:44 217088 ----a-w- C:\WINDOWS\system32\yv12vfw.dll

    2010-05-21 21:05:29 . 2010-04-16 18:00:00 85504 ----a-w- C:\WINDOWS\system32\ff_vfw.dll

    2010-05-21 21:05:28 . 2010-05-23 10:26:27 -------- d-----w- C:\Arquivos de programas\K-Lite Codec Pack

    2010-05-21 21:00:01 . 2010-05-27 19:09:12 -------- d-----w- C:\Documents and Settings\Murillo\Dados de aplicativos\Media Player Classic

    2010-05-21 01:03:21 . 2010-05-21 01:03:21 -------- d-----w- C:\Documents and Settings\Murillo\Dados de aplicativos\Megaupload

    2010-05-21 01:02:59 . 2010-05-21 01:03:00 -------- d-----w- C:\Arquivos de programas\Megaupload

    2010-05-20 11:07:58 . 2010-05-20 11:08:00 -------- d-----w- C:\Arquivos de programas\Personal Finances Home

    2010-05-18 22:08:52 . 2010-05-20 01:10:40 -------- d-----w- C:\Arquivos de programas\PokerStars.NET

    2010-05-18 19:37:01 . 2010-05-27 19:17:02 -------- d-----w- C:\Documents and Settings\Murillo\Dados de aplicativos\HPAppData

    2010-05-18 19:20:42 . 2008-10-06 18:38:06 121344 ----a-w- C:\WINDOWS\system32\hpf3l083.dll

    2010-05-18 19:20:42 . 2008-10-06 18:37:30 315392 ----a-w- C:\WINDOWS\system32\Spool\prtprocs\w32x86\hpfpp083.dll

    2010-05-18 19:20:21 . 2008-10-29 18:37:43 737280 ----a-r- C:\WINDOWS\system32\hposwia_d02a.dll

    2010-05-18 19:20:21 . 2008-10-29 18:37:43 598016 ----a-r- C:\WINDOWS\system32\hpost_d02a.dll

    2010-05-18 19:20:21 . 2008-10-29 18:37:43 307200 ----a-r- C:\WINDOWS\system32\hposc_d02a.dll

    2010-05-18 19:13:41 . 2010-05-18 19:13:41 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\HP Product Assistant

    2010-05-18 19:06:16 . 2010-05-18 19:21:22 174244 ----a-w- C:\WINDOWS\hpoins37.dat

    2010-05-18 19:06:15 . 2009-07-08 14:40:39 632 ------w- C:\WINDOWS\hpomdl37.dat

    2010-04-30 16:03:04 . 2010-04-30 16:03:04 -------- d-----w- C:\Documents and Settings\Murillo\Dados de aplicativos\Windows Search

    2010-04-30 08:49:49 . 2004-08-04 03:45:28 25600 ----a-w- C:\Documents and Settings\LocalService\Dados de aplicativos\Microsoft\UPnP Device Host\upnphost\udhisapi.dll

    2010-04-30 08:21:35 . 2010-04-30 08:21:35 -------- d-----w- C:\Documents and Settings\Murillo\Dados de aplicativos\Windows Desktop Search

    2010-04-30 07:59:08 . 2010-05-19 09:32:30 -------- d--h--w- C:\WINDOWS\system32\GroupPolicy

    2010-04-30 07:59:08 . 2010-04-30 08:30:03 -------- d-----w- C:\Arquivos de programas\Windows Desktop Search

    2010-04-30 07:58:22 . 2010-04-30 07:58:23 -------- d-----w- C:\Arquivos de programas\Windows Media Connect 2

    2010-04-30 07:57:31 . 2010-04-30 07:57:52 -------- d-----w- C:\WINDOWS\system32\drivers\UMDF

    2010-04-30 07:57:31 . 2010-04-30 07:57:31 -------- d-----w- C:\WINDOWS\system32\LogFiles

    2010-04-30 07:55:20 . 2010-04-30 07:55:20 -------- d-----w- C:\WINDOWS\system32\URTTEMP

    2010-04-30 07:50:10 . 2010-04-30 08:03:20 -------- d-----w- C:\Arquivos de programas\Microsoft Silverlight

    2010-04-29 22:04:07 . 2010-04-29 22:05:12 -------- d-----w- C:\Arquivos de programas\WorldUnlock Codes Calculator

    2010-04-29 21:45:56 . 2010-04-29 21:45:56 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\NVIDIA Corporation

    2010-04-29 21:45:51 . 2010-04-29 21:46:15 -------- d-----w- C:\Arquivos de programas\NVIDIA Corporation

    2010-04-29 15:07:02 . 2004-08-04 03:45:28 221184 ----a-w- C:\WINDOWS\system32\wmpns.dll

    2010-04-29 15:01:02 . 2010-04-29 15:01:02 -------- d-----w- C:\Arquivos de programas\MSXML 6.0

    2010-04-29 14:57:16 . 2010-04-30 08:28:34 -------- d--h--w- C:\WINDOWS\$hf_mig$

    2010-04-29 14:47:44 . 2002-10-22 11:57:18 118784 ------w- C:\WINDOWS\system32\SKUTIL.DLL

    2010-04-29 14:47:44 . 2002-06-17 08:49:46 151552 ------w- C:\WINDOWS\system32\SKUNINST.EXE

    2010-04-29 14:47:44 . 2001-12-11 22:37:00 45056 ------w- C:\WINDOWS\system32\SKOSD.DLL

    2010-04-29 14:47:44 . 2001-04-28 10:00:00 32768 ------w- C:\WINDOWS\system32\SKSMAILD.EXE

    2010-04-29 14:47:44 . 2001-04-28 09:59:00 45056 ------w- C:\WINDOWS\system32\SKMEDIA.DLL

    2010-04-29 14:47:44 . 2001-04-28 09:58:00 49152 ------w- C:\WINDOWS\system32\SKHOOKS.DLL

    2010-04-29 14:47:44 . 2000-11-23 18:16:00 53248 ------w- C:\WINDOWS\system32\SKSETUP.DLL

    2010-04-29 14:47:43 . 2002-10-21 15:33:50 53248 ------w- C:\WINDOWS\system32\SKUSBKBD.DLL

    2010-04-29 14:47:43 . 2002-07-01 19:24:34 40960 ------w- C:\WINDOWS\system32\SKDAEMON.EXE

    2010-04-29 14:47:43 . 2002-03-19 10:09:00 1216168 ------w- C:\WINDOWS\system32\RAK3CFG.EXE

    2010-04-29 14:47:34 . 2010-04-29 14:47:34 -------- d-----w- C:\Ibmtools

    .

    ((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2010-05-27 20:05:08 . 2010-03-25 00:11:15 729120 --sha-w- C:\WINDOWS\system32\drivers\fidbox2.dat

    2010-05-27 20:05:08 . 2010-03-25 00:11:15 4620 --sha-w- C:\WINDOWS\system32\drivers\fidbox2.idx

    2010-05-27 20:05:08 . 2010-03-25 00:11:15 4168224 --sha-w- C:\WINDOWS\system32\drivers\fidbox.dat

    2010-05-27 20:05:08 . 2010-03-25 00:11:15 34692 --sha-w- C:\WINDOWS\system32\drivers\fidbox.idx

    2010-05-27 20:04:46 . 2010-03-24 23:42:22 -------- d---a-w- C:\Documents and Settings\All Users\Dados de aplicativos\TEMP

    2010-05-27 20:04:44 . 1782-01-19 03:14:07 83888 ----a-w- C:\WINDOWS\system32\perfc016.dat

    2010-05-27 20:04:44 . 1782-01-19 03:14:07 479704 ----a-w- C:\WINDOWS\system32\perfh016.dat

    2010-05-27 20:04:39 . 2010-03-25 00:11:15 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab

    2010-05-27 15:47:06 . 2010-04-03 17:02:00 -------- d-----w- C:\Arquivos de programas\Malwarebytes' Anti-Malware

    2010-05-27 06:13:20 . 2010-03-26 09:42:03 -------- d-----w- C:\Arquivos de programas\CCleaner

    2010-05-27 06:06:14 . 2010-03-25 14:42:08 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\GbPlugin

    2010-05-26 13:47:37 . 2010-05-26 13:47:37 45056 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimwmp.dll

    2010-05-26 13:47:37 . 2010-05-26 13:47:37 45056 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimswf.dll

    2010-05-26 13:47:37 . 2010-05-26 13:47:37 45056 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimrp.dll

    2010-05-26 13:47:36 . 2010-05-26 13:47:36 49152 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext\Components\nprpffbrowserrecordext.dll

    2010-05-26 13:47:36 . 2010-05-26 13:47:36 45056 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\ThinShims\rpnpshimqt.dll

    2010-05-26 13:47:36 . 2010-05-26 13:47:36 308808 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Common\rpmainbrowserrecordplugin.dll

    2010-05-26 13:47:36 . 2010-05-26 13:47:36 14848 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll

    2010-05-26 13:47:35 . 2010-05-26 13:47:35 40960 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\Chrome\Hook\rpchromebrowserrecordhelper.dll

    2010-05-26 13:47:33 . 2010-05-26 13:47:33 341600 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll

    2010-05-26 13:47:11 . 2010-05-26 13:47:11 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\xing shared

    2010-05-26 13:46:51 . 2009-05-21 23:21:18 499712 ----a-w- C:\WINDOWS\system32\msvcp71.dll

    2010-05-26 13:46:51 . 2009-05-21 21:57:02 348160 ----a-w- C:\WINDOWS\system32\msvcr71.dll

    2010-05-21 01:02:59 . 2010-03-24 18:53:53 -------- d--h--w- C:\Arquivos de programas\InstallShield Installation Information

    2010-05-20 11:07:59 . 2010-04-15 19:34:36 -------- d-----w- C:\Documents and Settings\Murillo\Dados de aplicativos\Alzex

    2010-05-18 19:21:40 . 2010-03-24 19:15:09 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\HP

    2010-05-18 19:21:29 . 2010-03-25 01:08:58 -------- d-----w- C:\Documents and Settings\Murillo\Dados de aplicativos\HP

    2010-05-18 19:15:37 . 2010-03-24 19:11:41 -------- d-----w- C:\Arquivos de programas\HP

    2010-05-11 15:11:39 . 2010-03-24 16:40:14 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Microsoft Help

    2010-05-10 06:26:31 . 2010-03-25 14:42:08 -------- d-----w- C:\Arquivos de programas\GbPlugin

    2010-05-06 05:03:00 . 2010-03-25 00:11:33 97549 ----a-w- C:\WINDOWS\system32\drivers\klick.dat

    2010-05-06 05:03:00 . 2010-03-25 00:11:33 113933 ----a-w- C:\WINDOWS\system32\drivers\klin.dat

    2010-04-30 12:18:34 . 2010-03-25 14:42:20 45472 ----a-w- C:\WINDOWS\system32\drivers\gbpkm.sys

    2010-04-29 18:39:38 . 2010-04-03 17:02:02 38224 ----a-w- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

    2010-04-29 18:39:26 . 2010-04-03 17:02:00 20952 ----a-w- C:\WINDOWS\system32\drivers\mbam.sys

    2010-04-29 15:14:31 . 2010-04-05 10:19:20 -------- d-----w- C:\Documents and Settings\Murillo\Dados de aplicativos\GetRightToGo

    2010-04-18 21:08:57 . 2010-04-18 21:08:57 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Java

    2010-04-18 21:08:29 . 2010-04-18 21:08:40 411368 ----a-w- C:\WINDOWS\system32\deployJava1.dll

    2010-04-18 21:08:26 . 2010-04-18 21:08:26 -------- d-----w- C:\Arquivos de programas\Java

    2010-04-15 19:34:36 . 2010-04-15 19:34:36 -------- d-----w- C:\Arquivos de programas\Personal Finances Free

    2010-04-15 19:23:59 . 2010-04-15 19:23:59 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Borland Shared

    2010-04-11 08:16:50 . 2010-04-11 08:09:52 -------- d-----w- C:\Documents and Settings\Murillo\Dados de aplicativos\D-Book

    2010-04-11 08:09:48 . 2010-04-11 08:09:20 -------- d-----w- C:\Arquivos de programas\Digipix D-Book

    2010-04-10 23:04:59 . 2010-04-10 23:01:29 -------- d-----w- C:\Arquivos de programas\FrameShow

    2010-04-10 23:01:46 . 2010-04-10 23:01:38 -------- d-----w- C:\Documents and Settings\Murillo\Dados de aplicativos\PhotoFrameShow

    2010-04-10 13:20:47 . 2010-03-25 15:41:26 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Adobe

    2010-04-10 13:20:41 . 2010-04-10 13:20:41 -------- d-----w- C:\Documents and Settings\Murillo\Dados de aplicativos\Leadertech

    2010-04-09 10:44:00 . 2010-04-09 10:43:59 -------- d-----w- C:\Arquivos de programas\Adobe Media Player

    2010-04-09 10:43:54 . 2010-04-09 10:43:54 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Adobe AIR

    2010-04-09 10:43:47 . 2010-04-01 08:47:50 38784 ----a-w- C:\Documents and Settings\Murillo\Dados de aplicativos\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe

    2010-04-09 10:03:59 . 2010-04-09 10:03:29 -------- d-----w- C:\Arquivos de programas\Flash Slideshow Maker Professional

    2010-04-03 22:23:18 . 2010-04-03 22:23:18 278120 ----a-w- C:\WINDOWS\system32\nvmccs.dll

    2010-04-03 22:23:16 . 2010-04-03 22:23:16 154216 ----a-w- C:\WINDOWS\system32\nvsvc32.exe

    2010-04-03 22:23:16 . 2010-04-03 22:23:16 145000 ----a-w- C:\WINDOWS\system32\nvcolor.exe

    2010-04-03 22:23:16 . 2010-04-03 22:23:16 13670504 ----a-w- C:\WINDOWS\system32\nvcpl.dll

    2010-04-03 22:23:16 . 2010-04-03 22:23:16 110696 ----a-w- C:\WINDOWS\system32\nvmctray.dll

    2010-04-03 22:22:54 . 2010-04-03 22:22:54 81920 ----a-w- C:\WINDOWS\system32\nvwddi.dll

    2010-04-03 17:02:12 . 2010-04-03 17:02:12 -------- d-----w- C:\Documents and Settings\Murillo\Dados de aplicativos\Malwarebytes

    2010-04-03 17:02:00 . 2010-04-03 17:02:00 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Malwarebytes

    2010-04-03 11:32:19 . 2010-04-03 11:32:19 -------- d-----w- C:\Documents and Settings\Murillo\Dados de aplicativos\Canneverbe Limited

    2010-04-03 11:32:19 . 2010-04-03 11:32:19 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Canneverbe Limited

    2010-04-03 11:32:09 . 2010-04-03 11:32:08 -------- d-----w- C:\Arquivos de programas\CDBurnerXP

    2010-04-03 09:01:13 . 2010-04-03 09:01:13 -------- d-----w- C:\Arquivos de programas\TrendMicro

    2010-04-03 07:59:37 . 2010-04-03 07:59:17 -------- d-----w- C:\Arquivos de programas\AssistentePimacoV2_0_1

    2010-04-03 07:59:26 . 2010-04-03 07:59:17 -------- d--h--w- C:\Arquivos de programas\Zero G Registry

    2010-04-01 23:12:50 . 2010-04-01 23:12:50 503808 ----a-w- C:\Documents and Settings\Murillo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b2953f8-n\msvcp71.dll

    2010-04-01 23:12:50 . 2010-04-01 23:12:50 499712 ----a-w- C:\Documents and Settings\Murillo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b2953f8-n\jmc.dll

    2010-04-01 23:12:50 . 2010-04-01 23:12:50 348160 ----a-w- C:\Documents and Settings\Murillo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\54\1a209876-2b2953f8-n\msvcr71.dll

    2010-04-01 23:12:19 . 2010-04-01 23:12:19 61440 ----a-w- C:\Documents and Settings\Murillo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5955d0a5-n\decora-sse.dll

    2010-04-01 23:12:19 . 2010-04-01 23:12:19 12800 ----a-w- C:\Documents and Settings\Murillo\Dados de aplicativos\Sun\Java\Deployment\SystemCache\6.0\17\6d0ad391-5955d0a5-n\decora-d3d.dll

    2010-04-01 22:30:14 . 2010-04-01 22:30:14 -------- d-----w- C:\Documents and Settings\Murillo\Dados de aplicativos\Alien Skin

    2010-03-31 23:57:02 . 2010-03-31 22:46:25 -------- d-----w- C:\Arquivos de programas\MP3Gain

    2010-03-30 06:25:56 . 2010-03-28 13:03:04 -------- d-----w- C:\Documents and Settings\Murillo\Dados de aplicativos\Photodex

    2010-03-30 06:25:03 . 2010-03-28 13:04:13 -------- d-----w- C:\Arquivos de programas\Photodex Presenter

    2010-03-30 05:31:03 . 2010-03-25 15:01:27 -------- d-----w- C:\Arquivos de programas\Arquivos comuns\Nero

    2010-03-30 05:30:37 . 2010-03-25 15:01:27 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Nero

    2010-03-29 13:44:03 . 2010-03-26 21:04:15 -------- d-----w- C:\Documents and Settings\Murillo\Dados de aplicativos\Nero

    2010-03-28 21:41:01 . 2010-03-28 21:41:01 -------- d-----w- C:\Arquivos de programas\Alien Skin

    2010-03-28 21:26:22 . 2010-03-28 21:26:22 -------- d-----w- C:\Arquivos de programas\Photodex

    2010-03-28 21:25:18 . 2010-03-28 13:16:42 -------- d-----w- C:\Documents and Settings\All Users\Dados de aplicativos\Photodex

    2010-03-25 14:41:38 . 2010-03-25 14:41:38 79488 ----a-w- C:\Documents and Settings\Murillo\Dados de aplicativos\Sun\Java\jre1.6.0_18\gtapi.dll

    2010-03-25 14:41:38 . 2010-03-25 14:41:38 152576 ----a-w- C:\Documents and Settings\Murillo\Dados de aplicativos\Sun\Java\jre1.6.0_18\lzma.dll

    2010-03-25 13:56:20 . 2010-04-08 18:47:04 131360 ----a-w- C:\Documents and Settings\Murillo\Dados de aplicativos\Mozilla\Firefox\Profiles\oggb3po3.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

    2010-03-25 10:49:05 . 2010-03-25 10:49:05 0 ----a-w- C:\WINDOWS\nsreg.dat

    2010-03-25 00:58:24 . 2008-01-29 20:29:38 33808 ----a-w- C:\WINDOWS\system32\drivers\klbg.sys

    2010-03-25 00:58:20 . 2010-03-25 00:58:20 109072 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd3.dll

    2010-03-25 00:58:19 . 2010-03-25 00:58:19 59920 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\mzvkbd.dll

    2010-03-25 00:58:18 . 2010-03-25 00:58:18 33808 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys

    2010-03-25 00:58:18 . 2010-03-25 00:58:18 208616 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe

    2010-03-25 00:58:18 . 2010-03-25 00:58:16 226832 ----a-w- C:\Documents and Settings\All Users\Dados de aplicativos\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys

    2010-03-24 19:00:10 . 2010-03-24 19:00:11 4608 ----a-w- C:\WINDOWS\system32\w95inf32.dll

    2010-03-24 19:00:10 . 2010-03-24 19:00:11 2272 ----a-w- C:\WINDOWS\system32\w95inf16.dll

    2010-03-24 18:53:20 . 2010-03-24 18:50:27 15600 ----a-w- C:\WINDOWS\gdrv.sys

    2010-03-24 17:20:39 . 2010-03-24 16:00:49 86327 ----a-w- C:\WINDOWS\pchealth\helpctr\OfflineCache\index.dat

    2010-03-24 15:58:02 . 2010-03-24 15:58:02 21844 ----a-w- C:\WINDOWS\system32\emptyregdb.dat

    2010-03-10 06:16:48 . 2004-08-04 03:45:28 420352 ----a-w- C:\WINDOWS\system32\vbscript.dll

    2010-03-08 13:41:48 . 2010-03-24 18:54:03 220112 ----a-w- C:\WINDOWS\system32\drivers\Rtenicxp.sys

    .

    ((((((((((((((((((((((((((((( SnapShot@2010-05-27_19.22.28 )))))))))))))))))))))))))))))))))))))))))

    .

    - 1782-01-19 03:14:07 . 2010-04-30 08:27:56 71982 C:\WINDOWS\system32\perfc009.dat

    + 1782-01-19 03:14:07 . 2010-05-27 20:04:44 71982 C:\WINDOWS\system32\perfc009.dat

    + 1782-01-19 03:14:07 . 2010-05-27 20:04:44 443724 C:\WINDOWS\system32\perfh009.dat

    - 1782-01-19 03:14:07 . 2010-04-30 08:27:56 443724 C:\WINDOWS\system32\perfh009.dat

    .

    (((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por defeito não são mostradas.

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "NitroPC"="C:\Arquivos de programas\NitroPC\NitroPC.exe" [2009-12-10 01:44:26 4740624]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "JMB36X IDE Setup"="C:\WINDOWS\RaidTool\xInsIDE.exe" [2007-03-20 06:36:18 36864]

    "36X Raid Configurer"="C:\WINDOWS\system32\xRaidSetup.exe" [2007-05-25 06:07:56 1953792]

    "Hot Key Kbd Daemon"="SKDAEMON.EXE" [2002-07-01 19:24:34 40960]

    "C-Media Mixer"="Mixer.exe" [2002-10-15 21:00:20 1818624]

    "nwiz"="nwiz.exe" [bU]

    "NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2010-04-03 22:23:16 110696]

    "NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2010-04-03 22:23:16 13670504]

    "HP Software Update"="C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 19:24:20 54840]

    "TkBellExe"="C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" [2010-05-26 13:46:50 202256]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

    "CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 03:45:32 15360]

    C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\

    HP Digital Imaging Monitor.lnk - C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe [2009-5-21 275768]

    Windows Search.lnk - C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]

    [hkey_local_machine\software\Microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Arquivos de programas\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 01:41:34 304128]

    [HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    2010-04-30 12:18:20 328992 ----a-w- C:\Arquivos de programas\GbPlugin\gbieh.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Iniciar^Programas^Inicializar^HP Digital Imaging Monitor.lnk]

    path=C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\HP Digital Imaging Monitor.lnk

    backup=C:\WINDOWS\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\Adobe ARM]

    2010-03-24 18:17:47 952768 ----a-w- C:\Arquivos de programas\Arquivos comuns\Adobe\ARM\1.0\AdobeARM.exe

    [HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

    2010-04-04 05:42:51 36272 ----a-w- C:\Arquivos de programas\Adobe\Reader 9.0\Reader\reader_sl.exe

    [HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\AdobeBridge]

    2008-08-28 22:34:14 13145448 ----a-w- C:\Arquivos de programas\Adobe\Adobe Bridge CS4\Bridge.exe

    [HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]

    2008-08-14 10:58:34 611712 ----a-w- C:\Arquivos de programas\Arquivos comuns\Adobe\CS4ServiceManager\CS4ServiceManager.exe

    [HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\C-Media Mixer]

    2002-10-15 21:00:20 1818624 ----a-w- C:\WINDOWS\mixer.exe

    [HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

    2008-10-25 14:44:34 31072 ----a-w- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe

    [HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\HP Software Update]

    2007-05-08 19:24:20 54840 ----a-w- C:\Arquivos de programas\HP\HP Software Update\hpwuSchd2.exe

    [HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\IntelliPoint]

    C:\Arquivos de programas\Microsoft IntelliPoint\ipoint.exe [bU]

    [HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\itype]

    C:\Arquivos de programas\Microsoft IntelliType Pro\itype.exe [bU]

    [HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\nwiz]

    nwiz.exe [bU]

    [HKEY_LOCAL_MACHINE\software\Microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

    2010-02-18 14:43:18 248040 ----a-w- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe

    [HKEY_LOCAL_MACHINE\software\Microsoft\security center\Monitoring\KasperskyAntiVirus]

    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "C:\\Arquivos de programas\\Microsoft Office\\Office12\\OUTLOOK.EXE"=

    "C:\\Arquivos de programas\\Microsoft Office\\Office12\\GROOVE.EXE"=

    "C:\\Arquivos de programas\\Microsoft Office\\Office12\\ONENOTE.EXE"=

    "C:\\Arquivos de programas\\TeamViewer\\Version5\\TeamViewer.exe"=

    "C:\\Arquivos de programas\\Windows Live\\Messenger\\wlcsdk.exe"=

    "C:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

    "C:\\Arquivos de programas\\Arquivos comuns\\Adobe\\CS4ServiceManager\\CS4ServiceManager.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hposid01.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqcopy2.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpfcCopy.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgplgtupl.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqgpc01.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgm.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\bin\\hpqusgh.exe"=

    "C:\\Arquivos de programas\\HP\\HP Software Update\\HPWUCli.exe"=

    "C:\\Arquivos de programas\\HP\\Digital Imaging\\smart web printing\\SmartWebPrintExe.exe"=

    "C:\\Arquivos de programas\\NitroPC\\NitroPC.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

    "6613:TCP"= 6613:TCP:hxbrk

    "5353:TCP"= 5353:TCP:Adobe CSI CS4

    R0 GbpKm;Gbp KernelMode;C:\WINDOWS\system32\drivers\gbpkm.sys [25/3/2010 11:42:20 45472]

    S0 klbg;Kaspersky Lab Boot Guard Driver;C:\WINDOWS\system32\drivers\klbg.sys [29/1/2008 17:29:38 33808]

    S2 GbpSv;Gbp Service;C:\ARQUIV~1\GbPlugin\GbpSv.exe [25/3/2010 11:42:19 55072]

    S3 cpuz129;cpuz129;\??\C:\WINDOWS\TEMP\cpuz_x32.sys --> C:\WINDOWS\TEMP\cpuz_x32.sys [?]

    S3 klim5;Kaspersky Anti-Virus NDIS Filter;C:\WINDOWS\system32\drivers\klim5.sys [30/4/2008 17:06:48 24592]

    S3 NitroPCSrv;NitroPC Service;C:\Arquivos de programas\NitroPC\NitroPCService.exe [9/12/2009 22:44:28 848912]

    S3 PciCon;PciCon;\??\E:\PciCon.sys --> E:\PciCon.sys [?]

    [HKEY_LOCAL_MACHINE\software\Microsoft\windows nt\currentversion\svchost]

    HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

    hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

    getPlusHelper REG_MULTI_SZ getPlusHelper

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    2010-05-27 C:\WINDOWS\Tasks\RealUpgradeLogonTaskS-1-5-21-583907252-706699826-725345543-1003.job

    - C:\Arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09:42 . 2010-02-25 01:09:42]

    2010-05-26 C:\WINDOWS\Tasks\RealUpgradeScheduledTaskS-1-5-21-583907252-706699826-725345543-1003.job

    - C:\Arquivos de programas\Real\RealUpgrade\realupgrade.exe [2010-02-25 01:09:42 . 2010-02-25 01:09:42]

    2010-05-27 C:\WINDOWS\Tasks\User_Feed_Synchronization-{B2284ED5-FD6C-49DD-945E-518C028228B4}.job

    - C:\WINDOWS\system32\msfeedssync.exe [2009-03-08 07:31:54 . 2009-03-08 07:31:54]

    .

    .

    ------- Scan Suplementar -------

    .

    uStart Page = hxxp://www.google.com.br/

    IE: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

    IE: E&xportar para o Microsoft Excel - C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

    IE: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

    IE: {{FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

    Trusted Zone: bancobrasil.com.br\www

    Trusted Zone: bancobrasil.com.br\www14

    Trusted Zone: bancobrasil.com.br\www2

    Trusted Zone: bb.com.br\www

    DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} - hxxp://pontofrio.digipix.com.br/softwares/ImageUploader6.cab

    FF - ProfilePath - C:\Documents and Settings\Murillo\Dados de aplicativos\Mozilla\Firefox\Profiles\oggb3po3.default\

    FF - prefs.js: browser.startup.homepage - hxxp://www.google.com.br/

    FF - component: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBook.dll

    FF - component: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpClipBookDB.dll

    FF - component: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpNeoLogger.dll

    FF - component: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSaturn.dll

    FF - component: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSeymour.dll

    FF - component: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartSelect.dll

    FF - component: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSmartWebPrinting.dll

    FF - component: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpSWPOperation.dll

    FF - component: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPLogging.dll

    FF - component: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTC.dll

    FF - component: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXPMTL.dll

    FF - component: C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3\components\hpXREStub.dll

    FF - component: C:\Documents and Settings\Murillo\Dados de aplicativos\Mozilla\Firefox\Profiles\oggb3po3.default\extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C}\components\GbMzhBb.dll

    FF - component: C:\Documents and Settings\Murillo\Dados de aplicativos\Mozilla\Firefox\Profiles\oggb3po3.default\extensions\{BAEBEF65-9289-47c5-8524-C345CC5D860D}\components\nsNativeCaller.dll

    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- FIREFOX POLICIES ----

    C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

    C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

    C:\Arquivos de programas\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

    C:\Arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pr

    ef", true);

    C:\Arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

    C:\Arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

    C:\Arquivos de programas\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);

    C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

    C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

    C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

    C:\Arquivos de programas\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

    .

    **************************************************************************

    Procurando processos ocultos ...

    Procurando entradas auto inicializáveis ocultas ...

    Procurando ficheiros/arquivos ocultos ...

    Varredura completada com sucesso

    arquivos/ficheiros ocultos:

    **************************************************************************

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    [HKEY_USERS\S-1-5-21-583907252-706699826-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{359F6A5A-4A78-CB09-ECFD-293B01E21BF7}*]

    @Allowed: (Read) (RestrictedCode)

    @Allowed: (Read) (RestrictedCode)

    "oahcknakfnbkomnjgjpjgkajhbffdd"=hex:61,69,6a,67,6d,69,62,6a,6c,63,68,6d,6a,66,

    6f,6e,69,6c,6d,66,6d,6e,66,68,6f,6c,66,6b,6b,6b,61,6d,64,69,64,64,62,6e,68,\

    "iaipdnobdbjgkncpfp"=hex:6a,61,70,67,6e,70,61,63,6c,67,6c,70,62,66,68,6a,6f,64,

    6a,66,00,00

    "hakcenhnhchhmklo"=hex:6a,61,70,67,6e,70,61,63,6c,67,6c,70,62,66,68,6a,6f,64,

    6a,66,00,00

    .

    --------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

    - - - - - - - > 'winlogon.exe'(240)

    C:\Arquivos de programas\GbPlugin\gbieh.dll

    C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll

    - - - - - - - > 'explorer.exe'(1556)

    C:\WINDOWS\system32\WININET.dll

    C:\Arquivos de programas\GbPlugin\gbieh.dll

    C:\Arquivos de programas\Windows Desktop Search\deskbar.dll

    C:\Arquivos de programas\Windows Desktop Search\pt-br\dbres.dll.mui

    C:\Arquivos de programas\Windows Desktop Search\dbres.dll

    C:\Arquivos de programas\Windows Desktop Search\wordwheel.dll

    C:\Arquivos de programas\Windows Desktop Search\pt-br\msnlExtRes.dll.mui

    C:\Arquivos de programas\Windows Desktop Search\msnlExtRes.dll

    .

    Tempo para conclusão: 2010-05-27 17:14:12

    ComboFix-quarantined-files.txt 2010-05-27 20:14:10

    Pré-execução: 11 pasta(s) 59.636.756.480 bytes disponíveis

    Pós execução: 12 pasta(s) 59.627.196.416 bytes disponíveis

    - - End Of File - - 170D669A097800030C46C58FD9449E4A

    *********************************************

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 17:28:17, on 27/5/2010

    Platform: Windows XP SP2 (WinNT 5.01.2600)

    MSIE: Internet Explorer v8.00 (8.00.6001.18702)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\csrss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\nvsvc32.exe

    C:\ARQUIV~1\GbPlugin\GbpSv.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\SKDAEMON.EXE

    C:\WINDOWS\Mixer.exe

    C:\WINDOWS\system32\RUNDLL32.EXE

    C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

    C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe

    C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\SKSMAILD.EXE

    C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe

    C:\WINDOWS\system32\svchost.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSVC.EXE

    C:\WINDOWS\system32\SearchIndexer.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

    C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

    C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WLIDSvcM.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    C:\WINDOWS\system32\wbem\wmiapsrv.exe

    C:\WINDOWS\System32\alg.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqSTE08.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqbam08.exe

    C:\Arquivos de programas\HP\Digital Imaging\bin\hpqgpc01.exe

    C:\WINDOWS\system32\ctfmon.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\Arquivos de programas\Internet Explorer\iexplore.exe

    C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_clipbook.exe

    C:\WINDOWS\system32\SearchProtocolHost.exe

    C:\WINDOWS\system32\SearchFilterHost.exe

    C:\Arquivos de programas\Trend Micro\HiJackThis\HiJackThis.exe

    C:\WINDOWS\system32\SearchProtocolHost.exe

    C:\WINDOWS\system32\wbem\wmiprvse.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)

    O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll

    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

    O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\ievkbd.dll

    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll

    O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Mega Manager IE Click Monitor - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Arquivos de programas\Megaupload\Mega Manager\MegaIEMn.dll

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\ARQUIVOS DE PROGRAMAS\GBPLUGIN\gbieh.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

    O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

    O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    O4 - HKLM\..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe

    O4 - HKLM\..\Run: [36X Raid Configurer] C:\WINDOWS\system32\xRaidSetup.exe boot

    O4 - HKLM\..\Run: [Hot Key Kbd Daemon] SKDAEMON.EXE

    O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup

    O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet

    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit

    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup

    O4 - HKLM\..\Run: [HP Software Update] C:\Arquivos de programas\HP\HP Software Update\HPWuSchd2.exe

    O4 - HKLM\..\Run: [TkBellExe] "C:\Arquivos de programas\Arquivos comuns\Real\Update_OB\realsched.exe" -osboot

    O4 - HKLM\..\Run: [AVP] "C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe"

    O4 - HKCU\..\Run: [NitroPC] "C:\Arquivos de programas\NitroPC\NitroPC.exe" -minimized

    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

    O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Arquivos de programas\HP\Digital Imaging\bin\hpqtra08.exe

    O4 - Global Startup: Windows Search.lnk = C:\Arquivos de programas\Windows Desktop Search\WindowsSearch.exe

    O8 - Extra context menu item: Baixar Link Utiizando Gerenciador Mega... - C:\Arquivos de programas\Megaupload\Mega Manager\mm_file.htm

    O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\Office12\EXCEL.EXE/3000

    O8 - Extra context menu item: Sothink SWF Catcher - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

    O9 - Extra button: Estatísticas de proteção de tráfego da web - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\SCIEPlgn.dll

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll

    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL

    O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Arquivos de programas\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

    O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

    O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Arquivos de programas\Arquivos comuns\SourceTec\SWF Catcher\InternetExplorer.htm

    O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Arquivos de programas\PokerStars.NET\PokerStarsUpdate.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

    O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

    O15 - Trusted Zone: www.bancobrasil.com.br

    O15 - Trusted Zone: www14.bancobrasil.com.br

    O15 - Trusted Zone: www2.bancobrasil.com.br

    O15 - Trusted Zone: www.bb.com.br

    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.Microsoft.com/fwlink/?linkid=39204

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.Microsoft.com/windowsupdate/...b?1269517372484

    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.Microsoft.com/microsoftu...b?1269520015656

    O16 - DPF: {83A4D5A6-E2C1-4EDD-AD48-1A1C50BD06EF} (Image Uploader Control) - http://pontofrio.digipix.com.br/softwares/ImageUploader6.cab

    O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab

    O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll

    O20 - Winlogon Notify: GbPluginBb - C:\Arquivos de programas\GbPlugin\gbieh.dll

    O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

    O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

    O23 - Service: Kaspersky Anti-Virus (AVP) - Kaspersky Lab - C:\Arquivos de programas\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe

    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: Gbp Service (GbpSv) - - C:\ARQUIV~1\GbPlugin\GbpSv.exe

    O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

    O23 - Service: Nero BackItUp Scheduler 4.0 - Unknown owner - C:\Arquivos de programas\Arquivos comuns\Nero\Nero BackItUp 4\NBService.exe (file missing)

    O23 - Service: NMSAccess - Unknown owner - C:\Arquivos de programas\CDBurnerXP\NMSAccessU.exe

    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

    O23 - Service: ScsiAccess - Unknown owner - C:\Arquivos de programas\Photodex\ProShowProducer\ScsiAccess.exe

    O24 - Desktop Component 0: (no name) - file:///C:/DOCUME~1/Murillo/CONFIG~1/Temp/msohtmlclip1/01/clip_image001.jpg

    --

    End of file - 10282 bytes

×
×
  • Criar Novo...