Ir para conteúdo
AVISO IMPORTANTE  MUDANÇA DE FOCO DO SITE E FÓRUM DO BABOO

BABOO e KTS 2018 no YouTube Loja online do BABOO

oceanodrs

Participante
  • Postagens

    179
  • Desde

  • Última visita

Perfil

  • Estado
    Santa Catarina
  • Sexo
    masculino
  1. Note lento e Windows não atualiza

    Ok seguem os logs. ~ ZHPCleaner v2018.1.19.13 by Nicolas Coolman (2018/01/19) ~ Run by User (Administrator) (21/01/2018 17:45:59) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : C:\Users\User\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Professional, 64-bit Service Pack 1 (Build 7601) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (2) REPLACED Google Chrome Preferences: "https://drah7iczdw1tu.cloudfront.net/" =>.SUP.CloudfrontNet FOUND PARAMS: ProxyServer [proxy.asselvi.local:3128] (User.Validation) ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (18) MOVED file: C:\Users\User\AppData\Roaming\unins000.exe [ - Setup/Uninstall] =>Adware.Pirrit MOVED file: C:\Windows\Temp\{4F638242-7909-4CEC-B9CD-FD90CD68777A}-60.0.3112.90_chrome_installer.exe =>Heuristic.Suspect MOVED file: C:\Users\User\Downloads\Office_2010_Pt.Br_x64\Microsoft Toolkit.exe [CODYQX4 - Microsoft Toolkit] =>HackTool.WinActivator MOVED file: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_winrar-unlock.softonic.com.br_0.localstorage =>.SUP.Softonic MOVED file: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_winrar-unlock.softonic.com.br_0.localstorage-journal =>.SUP.Softonic MOVED file: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pt.socialnewpages.com_0.localstorage =>.SUP.SocialNewPages MOVED file: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pt.socialnewpages.com_0.localstorage-journal =>.SUP.SocialNewPages MOVED file: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.socialnewpagessearch.com_0.localstorage =>.SUP.SocialNewPages MOVED file: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_search.socialnewpagessearch.com_0.localstorage-journal =>.SUP.SocialNewPages MOVED file: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS] =>HackTool.AutoKMS MOVED file: C:\Windows\AutoKMS\AutoKMS.log =>HackTool.AutoKMS MOVED folder*: C:\ProgramData\APN =>Toolbar.Ask MOVED folder*: C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS MOVED folder*: C:\Windows\AutoKMS =>HackTool.AutoKMS MOVED folder*: C:\Users\User\AppData\Local\Lollipop =>PUP.Optional.Lollipop MOVED folder*: C:\ProgramData\Ask =>Toolbar.Ask MOVED folder*: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\008 =>PUP.Optional.DomaIQ MOVED folder*: C:\Users\User\AppData\Local\APN =>Toolbar.AskTBar ---\\ Registry ( Key, Value, Data) (7) DELETED key*: HKEY_USERS\S-1-5-21-53288348-844085585-1600082757-1000\SOFTWARE\APN PIP [] =>.SUP.Conduit DELETED key: HKCU\Software\APN PIP [] =>.SUP.Conduit DELETED key*: [X64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] =>Toolbar.Ask DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\PIP [] =>Toolbar.Ask DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASAPI32 [] =>Toolbar.Ask DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\ApnStub_RASMANCS [] =>Toolbar.Ask DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5] =>PUP.Optional.MyBrowser ---\\ Summary of the elements found (13) https://nicolascoolman.eu/2017/02/02/superfluous-cloudfrontnet/ =>.SUP.CloudfrontNet https://nicolascoolman.eu/2017/02/25/adware-pirrit/ =>Adware.Pirrit https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =>HackTool.WinActivator https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Softonic https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.SocialNewPages https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS https://nicolascoolman.eu/2017/02/28/toolbar-ask/ =>Toolbar.Ask https://www.nicolascoolman.com/fr/adware-lollipop/ =>PUP.Optional.Lollipop https://nicolascoolman.eu/2017/10/04/adware-domaiq/ =>PUP.Optional.DomaIQ https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>Toolbar.AskTBar https://nicolascoolman.eu/2017/02/06/superfluous-conduit/ =>.SUP.Conduit https://nicolascoolman.eu/2017/11/01/adware-mybrowser/ =>PUP.Optional.MyBrowser ---\\ Other deletions. (38) ~ Registry Keys Tracing deleted (38) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 617 ~ Items found : 1 ~ Items cancelled : 0 ~ Items options : 0/7 ~ Space saving (bytes) : 0 ~ End of clean in 00h00mn28s ~==================== ZHPCleaner-[R]-21012018-17_46_27.txt ZHPCleaner--21012018-17_25_16.txt Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:26:32, on 21/01/2018 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18838) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.asselvi.local:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [SBrowserCheck] "%ALLUSERSPROFILE%\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe" /s /run_source=av_update /runonce /cgid 101 O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\Windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\Windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: gbbd.e-unicred.com.br O15 - Trusted Zone: ibdesenv.e-unicred.com.br O15 - Trusted Zone: unicrednet.e-unicred.com.br O15 - Trusted Zone: unicrednetp.e-unicred.com.br O15 - Trusted Zone: www.santander.com.br O15 - Trusted Zone: www.santanderempresarial.com.br O15 - Trusted Zone: www.santandernet.com.br O15 - Trusted Zone: wwws.santandernet.com.br O15 - Trusted Zone: wwws2.santandernet.com.br O15 - Trusted Zone: www.santandernetibe.com.br O15 - Trusted Zone: www.unicred-poa.com.br O15 - Trusted Zone: http://www.unicred.com.br O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10342 bytes
  2. Note lento e Windows não atualiza

    Solicito análise de logs. Já realizei todos os procedimentos. Meu note tem se apresentado muito lento, principalmente na inicialização do Windows. O Avast sempre apresenta que o "Módulo comportamento está desativado" (anexo). Eu ativo e quando reinicio o note isso ocorre novamente. Também não consigo atualizar o Windows, sendo que aparece a mensagem que o serviço do Windows Update não está em execução (anexo). Segue meu log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:30:15, on 21/01/2018 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18838) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Launch Manager\LMworker.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.asselvi.local:3128 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\RunOnce: [SBrowserCheck] "%ALLUSERSPROFILE%\Avast Software\Avast\SecureBrowser\avast_browser_setup_checker.exe" /s /run_source=av_update /runonce /cgid 101 O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office14\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\Windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\Windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: gbbd.e-unicred.com.br O15 - Trusted Zone: ibdesenv.e-unicred.com.br O15 - Trusted Zone: unicrednet.e-unicred.com.br O15 - Trusted Zone: unicrednetp.e-unicred.com.br O15 - Trusted Zone: www.santander.com.br O15 - Trusted Zone: www.santanderempresarial.com.br O15 - Trusted Zone: www.santandernet.com.br O15 - Trusted Zone: wwws.santandernet.com.br O15 - Trusted Zone: wwws2.santandernet.com.br O15 - Trusted Zone: www.santandernetibe.com.br O15 - Trusted Zone: www.unicred-poa.com.br O15 - Trusted Zone: http://www.unicred.com.br O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files (x86)\WinPcap\rpcapd.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10574 bytes
  3. Note infectado e chrome abre guias

    O navegado agora parece estar ok. O Chrome está solicitando para ativar complementos (Nova extensão adicionada) do AVira e Avast. Devo aceitar? Posso atualizar o Windows? obrigado
  4. Note infectado e chrome abre guias

    Ok seguem os logs. Zoek.exe v5.0.0.1 Updated 27-09-2015 Tool run by usuario on 13/03/2017 at 19:32:39,52. Microsoft Windows 8.1 Single Language 6.3.9600 x64 Running in: Normal Mode No Internet Access Detected Launched: C:\Users\usuario\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 13/03/2017 19:36:42 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ==== Empty Folders Check ====================== C:\PROGRA~3\KMSAuto deleted successfully C:\PROGRA~3\OEM deleted successfully C:\Users\usuario\AppData\Roaming\Malwarebytes deleted successfully C:\Users\usuario\AppData\Local\CrashDumps deleted successfully C:\Users\usuario\AppData\Local\MusicPlayer deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\Users\usuario\AppData\Local\Software deleted C:\Users\usuario\AppData\Local\cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\Windows\SysNative\config\systemprofile\Searches deleted ==== Chromium Look ====================== Google Chrome Version: 46.0.2490.86 HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions eofcbnmajmjmplflapaojjnihcjkigck - No path found[] flliilndjeohchalpbbcdekjklbdgfkk - No path found[] gomekmidlodglbbmalcneegieacbdmki - No path found[] HARDNESS SISTEMAS - MOBILE - usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\edmponlgcoepgcpmbbnhofnhbgpadjga Click & Clean - usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\ekgcbgkdhhgdjgbaabiblaggbenjpiah Avast SafePrice - usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck GBBD Caixa Economica Federal - usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi Chrome Media Router - usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.user-red.com_0.localstorage deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.user-red.com_0.localstorage-journal deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.cmptch.com_0.localstorage deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.cmptch.com_0.localstorage-journal deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.user-red.com_0.localstorage deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.user-red.com_0.localstorage-journal deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2iliv5zepvohe.cloudfront.net_0.localstorage deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2iliv5zepvohe.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2m2qi4nazgyt5.cloudfront.net_0.localstorage deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2m2qi4nazgyt5.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2p6nxd2qrbju3.cloudfront.net_0.localstorage deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d2p6nxd2qrbju3.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3fyp46t0wdf45.cloudfront.net_0.localstorage deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3fyp46t0wdf45.cloudfront.net_0.localstorage-journal deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.davebestdeals.com_0.localstorage deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_pstatic.davebestdeals.com_0.localstorage-journal deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.davebestdeals.com_0.localstorage deleted successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.davebestdeals.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://vnt-afseguranca.dvrdyn.org:8082/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://vnt-afseguranca.dvrdyn.org:8082/" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes "DefaultScope"="{C90F42CC-33D1-42A5-9060-EF113F3B2264}" {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" {C90F42CC-33D1-42A5-9060-EF113F3B2264} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Reset Google Chrome ====================== C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\usuario\Desktop\Documentos.lnk - C:\Users\usuario\Documents C:\Users\usuario\Desktop\DVD Shrink 3.2.lnk - C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe C:\Users\usuario\Desktop\FOTOS.lnk - C:\Users\usuario\Pictures\FOTOS C:\Users\usuario\Desktop\músicas.lnk - ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe C:\Users\Public\Desktop\Avast Free antivírus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Public\Desktop\Central de Soluções HP.lnk - C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Public\Desktop\Nero 12.lnk - C:\Windows\Installer\{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}\NeroLauncher.ex_06255901E67449719980557FAA5EC1C6.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk - C:\Program Files\AVAST Software\SZBrowser\launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free antivírus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in DirectX mode.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setDX C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe -setOGL C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth.lnk - C:\Windows\System32\msiexec.exe /x {F6430171-B86B-4639-839E-374913E7911D} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk - C:\Program Files (x86)\Malwarebytes\Anti-Malware\unins000.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE /recycle C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Media Player Classic (x64).lnk - C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Media Player Classic.lnk - C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Outlook 2013.lnk - C:\Windows\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe C:\Users\usuario\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\usuario\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\usuario\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\usuario\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\usuario\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=62 folders=23 1542299 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\Temp emptied successfully C:\Users\Default User\AppData\Local\Temp emptied successfully C:\Users\Public\AppData\Local\temp emptied successfully C:\Users\usuario\AppData\Local\Temp will be emptied at reboot C:\Users\USURIO~1\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\usuario\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 13/03/2017 at 20:07:55,21 ====================== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:26:40, on 13/03/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.17416) Boot mode: Normal Running processes: C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\usuario\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vnt-afseguranca.dvrdyn.org:8082/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O4 - HKLM\..\Run: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - Global Startup: Acer Backup Manager Tray.lnk = C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted IP range: http://192.168.25.25 O16 - DPF: {4B984331-7314-4BC1-86BF-6AB0FA93F523} (NetDvrV3 Control) - http://192.168.25.25:8082/NetDvrV3.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{17E9203B-8C3C-40F9-B816-3E112FB21FC6}: NameServer = 200.204.135.200,200.204.135.202 O17 - HKLM\System\CCS\Services\Tcpip\..\{441B083C-EAF2-421F-BFB1-594943458EFB}: NameServer = 200.204.135.200,200.204.135.202 O17 - HKLM\System\CCS\Services\Tcpip\..\{9AD6A19E-5B62-44F8-BDAF-67C0A6B94C75}: NameServer = 200.204.135.200,200.204.135.202 O17 - HKLM\System\CS1\Services\Tcpip\..\{17E9203B-8C3C-40F9-B816-3E112FB21FC6}: NameServer = 200.204.135.200,200.204.135.202 O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe O23 - Service: AutoRun_MBIM - Unknown owner - C:\Windows\SysWOW64\WIN8_MBIM.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NO-IP DUC v4.1.1 (NoIPDUCService4) - Unknown owner - C:\Program Files (x86)\No-IP\ducservice.exe O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10812 bytes
  5. Note infectado e chrome abre guias

    Ok seguem os logs. # AdwCleaner v6.044 - Relatório criado 12/03/2017 às 15:51:38 # Atualizado em 28/02/2017 por Malwarebytes # Banco de dados : 2017-03-12.1 [Servidor] # Sistema operacional : Windows 8.1 Single Language (X64) # Usuário : usuario - PC # Executando de : C:\Users\usuario\Desktop\AdwCleaner.exe # Modo: Limpo # Apoio : https://www.malwarebytes.com/support ***** [ Serviços ] ***** ***** [ Pastas ] ***** [-] Pasta excluída:C:\ProgramData\Avg_Update_0914av ***** [ Arquivos ] ***** [-] Arquivo excluído:C:\Users\usuario\daemonprocess.txt [-] Arquivo excluído:C:\Windows\Reimage.ini [-] Arquivo excluído:C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_kohoehgoafblafjinhplmhcbphgaaobc_0.localstorage ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Atalhos ] ***** ***** [ Atividades agendadas ] ***** ***** [ Registro ] ***** [-] Chave excluída:HKU\S-1-5-21-1878006353-1374687071-1010682394-1001\Software\Reimage [#] Chave excluída na reinicialização:HKCU\Software\Reimage [#] Chave excluída na reinicialização:[x64] HKCU\Software\Reimage [-] Chave excluída:[x64] HKLM\SOFTWARE\Reimage [-] Valor apagado:[x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run32 [mobilegeni daemon] ***** [ Verificando navegadores ... ] ***** [-] [C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default] [extension] Eliminado:kohoehgoafblafjinhplmhcbphgaaobc ************************* :: Chaves "Tracing" excluídas :: Configurações Winsock restauradas ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1639 Bytes] - [12/03/2017 15:51:38] C:\AdwCleaner\AdwCleaner[S0].txt - [1932 Bytes] - [12/03/2017 15:50:29] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1785 Bytes] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.1 (02.11.2017) Operating System: Windows 8.1 Single Language x64 Ran by usuario (Administrator) on 12/03/2017 at 15:56:15,38 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 12/03/2017 at 16:00:33,71 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:04:08, on 12/03/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.17416) Boot mode: Normal Running processes: C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\usuario\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vnt-afseguranca.dvrdyn.org:8082/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O4 - HKLM\..\Run: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - Global Startup: Acer Backup Manager Tray.lnk = C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted IP range: http://192.168.25.25 O16 - DPF: {4B984331-7314-4BC1-86BF-6AB0FA93F523} (NetDvrV3 Control) - http://192.168.25.25:8082/NetDvrV3.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{17E9203B-8C3C-40F9-B816-3E112FB21FC6}: NameServer = 200.204.135.200,200.204.135.202 O17 - HKLM\System\CCS\Services\Tcpip\..\{441B083C-EAF2-421F-BFB1-594943458EFB}: NameServer = 200.204.135.200,200.204.135.202 O17 - HKLM\System\CCS\Services\Tcpip\..\{9AD6A19E-5B62-44F8-BDAF-67C0A6B94C75}: NameServer = 200.204.135.200,200.204.135.202 O17 - HKLM\System\CS1\Services\Tcpip\..\{17E9203B-8C3C-40F9-B816-3E112FB21FC6}: NameServer = 200.204.135.200,200.204.135.202 O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe O23 - Service: AutoRun_MBIM - Unknown owner - C:\Windows\SysWOW64\WIN8_MBIM.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NO-IP DUC v4.1.1 (NoIPDUCService4) - Unknown owner - C:\Program Files (x86)\No-IP\ducservice.exe O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10612 bytes
  6. Note infectado e chrome abre guias

    Ok, fiz como falou. Resetei e o Windows reiniciou. Seguem os logs. Malwarebytes www.malwarebytes.com -Detalhes de registro- Datada análise: 11/03/17 Hora da análise: 19:30 Arquivo de registro: mbam.txt Administrador: Sim -Informação do software- Versão: 3.0.6.1469 Versão de componentes: 1.0.75 Versão do pacote de definições: 1.0.1478 Licença: Grátis -Informação do sistema- Sistema operacional: Windows 8.1 CPU: x64 Sistema de arquivos: NTFS Usuário: PC\usuario -Resumo da análise- Tipo de análise: Análise de Ameaças Resultado: Concluído Objetos verificados: 354495 Tempo decorrido: 15 min, 18 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Habilitado PUM: Habilitado -Detalhes da análise- Processo: 2 PUP.Optional.Reimage, C:\PROGRAM FILES\REIMAGE\REIMAGE PROTECTOR\REISYSTEM.EXE, Quarentena, [1324], [327181],1.0.1478 PUP.Optional.Reimage, C:\PROGRAM FILES\REIMAGE\REIMAGE PROTECTOR\REIGUARD.EXE, Quarentena, [1324], [327181],1.0.1478 Módulo: 2 PUP.Optional.Reimage, C:\PROGRAM FILES\REIMAGE\REIMAGE PROTECTOR\REISYSTEM.EXE, Quarentena, [1324], [327181],1.0.1478 PUP.Optional.Reimage, C:\PROGRAM FILES\REIMAGE\REIMAGE PROTECTOR\REIGUARD.EXE, Quarentena, [1324], [327181],1.0.1478 Chave de registro: 33 PUP.Optional.Reimage, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ReimageRealTimeProtector, Excluir ao reiniciar, [1324], [327181],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Excluir ao reiniciar, [1324], [327206],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine, Excluir ao reiniciar, [1324], [327206],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\REI_AxControl.ReiEngine.1, Excluir ao reiniciar, [1324], [327206],1.0.1478 PUP.Optional.Reimage, HKU\S-1-5-21-1878006353-1374687071-1010682394-1001\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\EXT\SETTINGS\{10ECCE17-29B5-4880-A8F5-EAD298611484}, Excluir ao reiniciar, [1324], [327206],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Excluir ao reiniciar, [1324], [327206],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Excluir ao reiniciar, [1324], [327206],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Excluir ao reiniciar, [1324], [327206],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Excluir ao reiniciar, [1324], [327206],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Excluir ao reiniciar, [1324], [327206],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}, Excluir ao reiniciar, [1324], [327206],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{BD51A48E-EB5F-4454-8774-EF962DF64546}, Excluir ao reiniciar, [1324], [327206],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Excluir ao reiniciar, [1324], [327206],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}, Excluir ao reiniciar, [1324], [327206],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{10ECCE17-29B5-4880-A8F5-EAD298611484}\InprocServer32, Excluir ao reiniciar, [1324], [327206],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}\InprocServer32, Excluir ao reiniciar, [1324], [327206],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\CLSID\{801B440B-1EE3-49B0-B05D-2AB076D4E8CB}, Excluir ao reiniciar, [1324], [327206],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Excluir ao reiniciar, [1324], [332494],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Excluir ao reiniciar, [1324], [332494],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}, Excluir ao reiniciar, [1324], [332494],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\UNINSTALL\Reimage Repair, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\CLASSES\APPID\REI_AxControl.DLL, Quarentena, [1324], [327193],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{44800FCD-EB8F-431D-847C-8E1BD5060302}, Quarentena, [1324], [332363],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6460EF63-11CC-475C-A833-C3C5645A33A9}, Quarentena, [1324], [332365],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\Reimage Repair, Quarentena, [1324], [336077],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Reimage Reminder, Quarentena, [1324], [332362],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\REI_AxControl.DLL, Quarentena, [1324], [327193],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\ReimageUpdater, Quarentena, [1324], [332364],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Windows\CURRENTVERSION\APP PATHS\REIMAGE.EXE, Quarentena, [1324], [327200],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\APP PATHS\REIMAGE.EXE, Quarentena, [1324], [327200],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\REIMAGE PROTECTOR, Quarentena, [1324], [332504],1.0.1478 PUP.Optional.Reimage, HKU\S-1-5-21-1878006353-1374687071-1010682394-1001\SOFTWARE\LOCAL APPWIZARD-GENERATED APPLICATIONS\Reimage - Windows Problem Relief., Quarentena, [1324], [327203],1.0.1478 PUP.Optional.Reimage, HKU\S-1-5-21-1878006353-1374687071-1010682394-1001\SOFTWARE\REIMAGE\PC REPAIR, Quarentena, [1324], [327204],1.0.1478 Valor de registro: 4 PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{44800FCD-EB8F-431D-847C-8E1BD5060302}|PATH, Quarentena, [1324], [332363],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{6460EF63-11CC-475C-A833-C3C5645A33A9}|PATH, Quarentena, [1324], [332365],1.0.1478 PUP.Optional.Reimage, HKLM\SOFTWARE\REIMAGE\REIMAGE PROTECTOR|CFLPATH, Quarentena, [1324], [332504],1.0.1478 PUP.Optional.Reimage, HKU\S-1-5-21-1878006353-1374687071-1010682394-1001\SOFTWARE\REIMAGE\PC REPAIR|QUITMESSAGE, Quarentena, [1324], [327204],1.0.1478 Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 123 PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results, Excluir ao reiniciar, [1324], [327186],1.0.1478 PUP.Optional.Reimage, C:\PROGRAMDATA\REIMAGE PROTECTOR, Excluir ao reiniciar, [1324], [327186],1.0.1478 Adware.MoboGenie, C:\PROGRAM FILES (X86)\Mobogenie, Quarentena, [1269], [350428],1.0.1478 PUP.Optional.MoboGenie, C:\Users\usuario\AppData\Local\Mobogenie\Download\Picture, Quarentena, [1112], [322690],1.0.1478 PUP.Optional.MoboGenie, C:\Users\usuario\AppData\Local\Mobogenie\Download\Music, Quarentena, [1112], [322690],1.0.1478 PUP.Optional.MoboGenie, C:\Users\usuario\AppData\Local\Mobogenie\Download\Video, Quarentena, [1112], [322690],1.0.1478 PUP.Optional.MoboGenie, C:\Users\usuario\AppData\Local\Mobogenie\Download\Apk, Quarentena, [1112], [322690],1.0.1478 PUP.Optional.MoboGenie, C:\Users\usuario\AppData\Local\Mobogenie\Download, Quarentena, [1112], [322690],1.0.1478 PUP.Optional.MoboGenie, C:\Users\usuario\AppData\Local\Mobogenie\backup, Quarentena, [1112], [322690],1.0.1478 PUP.Optional.MoboGenie, C:\Users\usuario\AppData\Local\Mobogenie\device, Quarentena, [1112], [322690],1.0.1478 PUP.Optional.MoboGenie, C:\Users\usuario\AppData\Local\Mobogenie\driver, Quarentena, [1112], [322690],1.0.1478 PUP.Optional.MoboGenie, C:\Users\usuario\AppData\Local\Mobogenie\Data, Quarentena, [1112], [322690],1.0.1478 PUP.Optional.MoboGenie, C:\USERS\USUARIO\APPDATA\LOCAL\Mobogenie, Quarentena, [1112], [322690],1.0.1478 PUP.Optional.Reimage, C:\PROGRAMDATA\MICROSOFT\Windows\START MENU\PROGRAMS\REIMAGE REPAIR, Quarentena, [1324], [327185],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\Microsoft.VC90.CRT, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Protector, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\PROGRAM FILES\REIMAGE, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.4.9\RUN20170301_0859, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\Temp\20170301_0859\DownloaderTemp, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\AV\Microsoft.VC90.CRT, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.4.9, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\Temp\20170301_0859, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\Results, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\Temp, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\AV, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\REI, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\settings\partner, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\settings\common, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\content_script, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\_metadata, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\settings, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\common, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\newtab, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\revert, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\logo, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CPFKBBIKAFOOLGIBLPBMDBAJLNEHICEM, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\abstractbutton\background, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\embedscript\background, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\thirdparty\background, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\uninstall\background, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\embedhtml\background, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\weather\css, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\topapps\css, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\weather\js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\weather\background, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\topapps\js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\generic\background, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\radio\css, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\defaultSearch\foreground, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\defaultSearch\background, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\embedscript\html, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\alert\background, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\flare\background, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\radio\js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\moviereviews\background, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\menu\background, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\topapps, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\link\background, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\weather, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\abstractbutton, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\embedhtml\html, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\embedscript\js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\common, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\rss\js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\rss\background, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\radio, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\test, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\embedhtml\js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\embedscript, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\flare\icons, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\menu\images, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\rss, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\radio\radioWrapper, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\search\background, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\thirdparty, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\moviereviews\html, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\embedhtml, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\menu\html, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\radio\foreground, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\uninstall, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\radio\background, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\moviereviews\css, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\menu\css, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\moviereviews\js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\generic, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\menu\js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\weather, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\api\background, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\defaultSearch, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\supertab\html, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\alert, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\flare, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\moviereviews, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\supertab\css, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\search\html, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\menu, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\link, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\supertab\js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\rss, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\api\window, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\radio\css, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\supertab, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\search, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\radio, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\adapter, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\api, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\native\libs, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\_metadata, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\images, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\native, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\icons, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KOHOEHGOAFBLAFJINHPLMHCBPHGAAOBC, Quarentena, [341], [301932],1.0.1478 Arquivo: 324 PUP.Optional.Reimage, C:\PROGRAM FILES\REIMAGE\REIMAGE PROTECTOR\REISYSTEM.EXE, Excluir ao reiniciar, [1324], [327181],1.0.1478 PUP.Optional.Reimage, C:\PROGRAM FILES\REIMAGE\REIMAGE PROTECTOR\REIGUARD.EXE, Excluir ao reiniciar, [1324], [327181],1.0.1478 PUP.Optional.Reimage, C:\PROGRAM FILES\REIMAGE\REIMAGE REPAIR\REI_AXCONTROL.DLL, Excluir ao reiniciar, [1324], [327206],1.0.1478 PUP.Optional.Reimage, C:\PROGRAMDATA\REIMAGE PROTECTOR\CFL.REI, Excluir ao reiniciar, [1324], [327186],1.0.1478 PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\ProtectorPackage.log, Excluir ao reiniciar, [1324], [327186],1.0.1478 PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\ProtectorUpdater.log, Excluir ao reiniciar, [1324], [327186],1.0.1478 PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\ScanAgent.log, Excluir ao reiniciar, [1324], [327186],1.0.1478 PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\ScanAgentDebugRepair.log, Excluir ao reiniciar, [1324], [327186],1.0.1478 PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\scan_agent_result_log.txt, Excluir ao reiniciar, [1324], [327186],1.0.1478 PUP.Optional.Reimage, C:\ProgramData\Reimage Protector\Results\url_setting_definitions.txt, Excluir ao reiniciar, [1324], [327186],1.0.1478 Adware.MoboGenie, C:\Program Files (x86)\Mobogenie\AndroidClient.apk, Quarentena, [1269], [350428],1.0.1478 Adware.MoboGenie, C:\Program Files (x86)\Mobogenie\mobogenie.apk, Quarentena, [1269], [350428],1.0.1478 Adware.MoboGenie, C:\Program Files (x86)\Mobogenie\ok.htm, Quarentena, [1269], [350428],1.0.1478 PUP.Optional.Reimage, C:\USERS\USUARIO\APPDATA\LOCAL\TEMP\REIMAGEPACKAGE.EXE, Excluir ao reiniciar, [1324], [331559],1.0.1478 PUP.Optional.ASK, C:\USERS\USUARIO\DOWNLOADS\ATUBE_CATCHER.EXE, Excluir ao reiniciar, [647], [368600],1.0.1478 Trojan.Banker.MSIL, C:\USERS\USUARIO\DOWNLOADS\ADOBE FLASH PLAYER 2015 .EXE, Excluir ao reiniciar, [1445], [84348],1.0.1478 PUP.Optional.MoboGenie, C:\Users\usuario\AppData\Local\Mobogenie\Data\mobogenie_u_user_dl.mg, Quarentena, [1112], [322690],1.0.1478 PUP.Optional.MoboGenie, C:\Users\usuario\AppData\Local\Mobogenie\client.time, Quarentena, [1112], [322690],1.0.1478 PUP.Optional.MoboGenie, C:\Users\usuario\AppData\Local\Mobogenie\DayAdded, Quarentena, [1112], [322690],1.0.1478 PUP.Optional.MoboGenie, C:\Users\usuario\AppData\Local\Mobogenie\failed.devices, Quarentena, [1112], [322690],1.0.1478 PUP.Optional.MoboGenie, C:\Users\usuario\AppData\Local\Mobogenie\mobo.uuid, Quarentena, [1112], [322690],1.0.1478 PUP.Optional.MoboGenie, C:\Users\usuario\AppData\Local\Mobogenie\Source.mu, Quarentena, [1112], [322690],1.0.1478 PUP.Optional.Reimage, C:\Windows\SYSTEM32\TASKS\REIMAGE REMINDER, Quarentena, [1324], [327188],1.0.1478 PUP.Optional.Reimage, C:\Windows\SYSTEM32\TASKS\REIMAGEUPDATER, Quarentena, [1324], [327190],1.0.1478 PUP.Optional.Reimage, C:\PROGRAMDATA\MICROSOFT\Windows\START MENU\PROGRAMS\REIMAGE REPAIR\REIMAGE REPAIR.LNK, Quarentena, [1324], [327185],1.0.1478 PUP.Optional.Reimage, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair\Help & Support.lnk, Quarentena, [1324], [327185],1.0.1478 PUP.Optional.Reimage, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Reimage Repair\Run in safe mode.lnk, Quarentena, [1324], [327185],1.0.1478 PUP.Optional.SeenOnScreen, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\LOCAL STORAGE\chrome-extension_cpfkbbikafoolgiblpbmdbajlnehicem_0.localstorage, Quarentena, [684], [321298],1.0.1478 PUP.Optional.Reimage, C:\PROGRAM FILES\REIMAGE\REIMAGE REPAIR\REIMAGEICON.ICO, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Protector\ProtectorUpdater.exe, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Protector\ReiProtectorM.exe, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Protector\ReiScanner.exe, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\Microsoft.VC90.CRT\msvcr90.dll, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\LZMA.EXE, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\Reimage Repair.url, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\Reimage.exe, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\ReimageRepair.exe, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\ReimageSafeMode.exe, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\Reimage_SafeMode.ico, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\Reimage_uninstall.ico, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\Reimage_website.ico, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\REI_AVIRA.exe, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\REI_AxControl.inf, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\REI_Axcontrol.lza, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\REI_Engine.dll, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\REI_Engine.lza, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\REI_SupportInfoTool.exe, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\savapi3.dll, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\uninst.exe, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Program Files\Reimage\Reimage Repair\version.rei, Quarentena, [1324], [327184],1.0.1478 PUP.Optional.Reimage, C:\Windows\TEMP\REIMAGE.LOG, Quarentena, [1324], [334717],1.0.1478 PUP.Optional.Reimage, C:\REI\AV\HBEDV.KEY, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\AV\Microsoft.VC90.CRT\Microsoft.VC90.CRT.manifest, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\AV\Microsoft.VC90.CRT\msvcr90.dll, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\AV\avupdate.conf, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\AV\avupdate.exe, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\AV\avupdate_msg.avr, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\AV\savapi3_restart.exe, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\AV\savapi3_start.exe, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\AV\savapi3_stop.exe, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.4.9\RUN20170301_0859\debug-repair-2.log, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.4.9\RUN20170301_0859\debug-repair.log, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.4.9\RUN20170301_0859\Info_EnvironmentVars.res, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.4.9\RUN20170301_0859\Info_Installed.rec, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.4.9\RUN20170301_0859\JunkScanRes.xml, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.4.9\RUN20170301_0859\out.log, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\Results\EXE1.8.4.9\RUN20170301_0859\RegistryScanRes.xml, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\Temp\20170301_0859\ApplicationList.ini, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\About.txt, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\cfl.rei, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\rei1849nvt.ini, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\reimage.qsr, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.Reimage, C:\rei\SupportInfoTool.ini, Quarentena, [1324], [327187],1.0.1478 PUP.Optional.MySearch, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\CPFKBBIKAFOOLGIBLPBMDBAJLNEHICEM\29.14_0\MANIFEST.JSON, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\common\browseraction.js, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\common\config.js, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\common\feed.js, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\common\utils.js, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\common\winner.js, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\content_script\overlayer.js, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\logo\logo_128x.png, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\logo\logo_16x.png, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\logo\logo_19x.png, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\logo\logo_48x.png, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\newtab\newtab.html, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\revert\index.css, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\revert\index.html, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\revert\index.js, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\settings\common\redirect.js, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\settings\partner\Reporting.js, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MySearch, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\cpfkbbikafoolgiblpbmdbajlnehicem\29.14_0\_metadata\verified_contents.json, Quarentena, [640], [302503],1.0.1478 PUP.Optional.MindSpark, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\KOHOEHGOAFBLAFJINHPLMHCBPHGAAOBC\12.202.10.29833_0\MANIFEST.JSON, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\adapter\adapterUtil.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\adapter\widget-adapter.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\abstractbutton\background\abstractButton.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\alert\background\alertButton.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\embedhtml\background\embedHtmlWidget.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\embedhtml\html\embedHtmlTemplate.html, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\embedhtml\html\innerEmbedHtmlTemplate.html, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\embedhtml\js\embedHtmlUI.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\embedscript\background\embedScriptWidget.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\embedscript\html\embedScriptTemplate.html, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\embedscript\html\innerEmbedScriptTemplate.html, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\embedscript\js\embedScriptUI.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\flare\background\FlareWidget.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\flare\icons\Icon_Flare_blue.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\flare\icons\Icon_Flare_pink.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\flare\icons\Thumbs.db, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\generic\background\GenericWidget.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\link\background\linkButton.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\menu\background\menuButton.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\menu\css\menuframe.css, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\menu\html\menuframe.html, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\menu\images\right_arrow.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\menu\images\right_arrow_white.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\menu\js\jquery-1.7.1.min.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\menu\js\menuframe.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\menu\js\query-string.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\menu\js\underscore-1.3.1.min.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\menu\README.txt, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\rss\background\RssWidget.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\thirdparty\background\thirdPartyWidget.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\uninstall\background\uninstallButton.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\components\weather\background\weatherButton.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\js\bs.30.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\js\common.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\js\dynamic.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\js\enableDetect.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\js\eventListening.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\js\global.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\js\jquery-1.7.1.min.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\js\list-interaction.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\js\messageEventListener.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\js\navRedirector.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\js\paramReplacer.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\js\PartnerId.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\js\set.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\js\underscore-1.3.1.min.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\js\underscore-1.5.2.min.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\js\unifiedLogging.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\common\common.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\common\eventListening.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\common\jquery-1.7.1.min.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\common\list-interaction.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\common\set.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\common\underscore-1.3.1.min.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\radio\css\radio-widget.css, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\radio\js\radio-custom.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\radio\js\radio-parser.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\radio\js\radio-widget-ui.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\radio\js\radio-widget.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\radio\radio-widget.html, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\rss\js\rss-widget-custom.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\rss\js\rss-widget-parse.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\rss\js\rss-widget.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\rss\rssWidget.html, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\test\invalid.json, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\test\jquery.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\test\qunit.css, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\test\qunit.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\test\resource.json, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\test\resource.xml, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\test\testWidget.html, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\test\testWidget.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\topapps\css\widget.css, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\topapps\js\nanigans-topapps-feed.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\topapps\js\topapps-config.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\topapps\js\widget.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\topapps\widget.html, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\weather\css\weatherButton.css, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\weather\js\weather.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widgets\weather\weatherButton.html, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\common\widget-api\widget-context-1.0.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\api\background\ApiBasedWidget.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\api\background\widget-api-impl.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\api\window\hiddenWidgetWindow.html, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\api\window\hiddenWidgetWindow.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\api\window\hiddenWidgetWindowInit.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\api\window\widgetWindow.html, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\api\window\widgetWindow.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\defaultSearch\background\updateSearch.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\defaultSearch\background\updateSearchPromptBg.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\defaultSearch\foreground\07_buttons2.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\defaultSearch\foreground\08_buttons2.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\defaultSearch\foreground\defaultSearchModal.html, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\defaultSearch\foreground\defaultSearchModalInjector.css, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\defaultSearch\foreground\defaultSearchModalInjector.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\defaultSearch\foreground\tvf_btn_ok.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\defaultSearch\foreground\tvf_btn_ok2.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\defaultSearch\foreground\tvf_restart_alert_icon.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\defaultSearch\foreground\tvf_restart_icon.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\defaultSearch\foreground\updateSearchPromptFg.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\moviereviews\background\MovieReviewsWidget.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\moviereviews\css\movieReviews.css, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\moviereviews\html\movieReviews.html, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\moviereviews\js\movieReviews.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\radio\background\RadioWidget.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\radio\css\toolbar-item.css, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\radio\foreground\button.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\radio\radioWrapper\radioWrapper.html, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\radio\radioWrapper\radioWrapper.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\search\background\searchBox.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\search\html\searchSuggestions.css, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\search\html\searchSuggestions.html, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\search\html\searchSuggestions.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\search\html\searchSuggestionsInit.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\supertab\css\supertab.css, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\supertab\html\supertab.html, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\supertab\js\newtabfork.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\supertab\js\reporting.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\supertab\js\srchsugg.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\supertab\js\supertab.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\supertab\js\unifiedLogging.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\components\supertab\js\__utm.js, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\icons\arrowSprite.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\icons\icon128.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\icons\icon16.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\icons\icon19disabled.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\icons\icon19on.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\icons\icon48.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\icons\tb_icon_search_disappearing_ask.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\images\223755463.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\images\223755467.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\images\223755489.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\images\down_arrow.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\images\IDR_PRODUCT_LOGO_16.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\images\IDR_WEBSTORE_ICON.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\images\magnifying_glass.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\images\RadioPlayerSprite.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\images\search_button.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\images\tvf_icon_guide.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\images\tvf_logo.png, Quarentena, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\images\wrench.png, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\newTabInitialize.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\chromeStorage.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\chromeUtils.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\companionSWUtils.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\exeManager.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\exeManagerNMD.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\exePackageManager.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\focusManager.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\globalBlacklistManager.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\messaging.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\mutation_summary-min.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\mutation_summary.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\nativeMessagingDispatcher.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\newTabInfo.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\options.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\readLocalStorage.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\reservespacefortoolbar.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\reservespaceifenabled.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\scriptInjector.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\searchContext.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\settingsOverrides.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\toolbarCookieParser.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\toolbarPreinit.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\underscore-1.3.1.min.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\URILoaderContentScript.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\webTooltabAPI.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\Widget.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\widgetContentScriptInjectee.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\widgetFactory.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\js\widgetWindowManager.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\native\libs\jquery-1.7.1.min.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\native\libs\jquery-1.9.1.min.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\native\libs\underscore-1.5.2.min.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\native\cache.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\native\ce.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\native\debug.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\native\ss.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\activePing.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\buttonLogger.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\competitorDnsList.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\console.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\FFPreferencesPersister.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\httpTransport.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\HttpURL.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\internationalSearch.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\LocalStoragePersister.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\MindsparkGlobal.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\MindsparkGlobal.unitTest.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\MindsparkGlobalNotes.txt, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\rsvp-latest.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\searchSuggestLocale.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\testHttpTransport.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\unifiedLogger.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\unifiedLogging.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\universalConsole.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\shared\utils.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\_metadata\verified_contents.json, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\spent.css, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\bg.html, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\buildVars, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\buildVars.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\companionSW.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\config.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\contentScript.css, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\contentScript.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\debug.html, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\debug.jade, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\extension_toolbar_api.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\initWidgetWindow.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\newTabContentScript.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\options.html, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\spent.html, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\spent.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\spent2.css, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\spent2.html, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\spentJ.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\spentK.html, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\spentK.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\startup.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\stub.html, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\stubby.html, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\superFrame.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\toolbar.html, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\toolbar.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\toolbarUI.css, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\toolbarUI.html, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\toolbarUI.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\url.js, Excluir ao reiniciar, [341], [301932],1.0.1478 PUP.Optional.MindSpark, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Default\Extensions\kohoehgoafblafjinhplmhcbphgaaobc\12.202.10.29833_0\webtooltab.cs.js, Excluir ao reiniciar, [341], [301932],1.0.1478 Setor físico: 0 (Nenhum item malicioso detectado) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 01:39:38, on 12/03/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.17416) Boot mode: Normal Running processes: C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\usuario\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vnt-afseguranca.dvrdyn.org:8082/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O4 - HKLM\..\Run: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - Global Startup: Acer Backup Manager Tray.lnk = C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted IP range: http://192.168.25.25 O16 - DPF: {4B984331-7314-4BC1-86BF-6AB0FA93F523} (NetDvrV3 Control) - http://192.168.25.25:8082/NetDvrV3.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{17E9203B-8C3C-40F9-B816-3E112FB21FC6}: NameServer = 200.204.135.200,200.204.135.202 O17 - HKLM\System\CCS\Services\Tcpip\..\{441B083C-EAF2-421F-BFB1-594943458EFB}: NameServer = 200.204.135.200,200.204.135.202 O17 - HKLM\System\CCS\Services\Tcpip\..\{9AD6A19E-5B62-44F8-BDAF-67C0A6B94C75}: NameServer = 200.204.135.200,200.204.135.202 O17 - HKLM\System\CS1\Services\Tcpip\..\{17E9203B-8C3C-40F9-B816-3E112FB21FC6}: NameServer = 200.204.135.200,200.204.135.202 O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe O23 - Service: AutoRun_MBIM - Unknown owner - C:\Windows\SysWOW64\WIN8_MBIM.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NO-IP DUC v4.1.1 (NoIPDUCService4) - Unknown owner - C:\Program Files (x86)\No-IP\ducservice.exe O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11113 bytes
  7. Note infectado e chrome abre guias

    Acho que ocorreu um problema. Fiz o procedimento de scan com o MBAM, ele encontrou itens e pediu para reiniciar e elimina-los. Acontece que o Windows não reiniciou mais, está a mais de 3h com a tela de reinicialização travada (anexo). Qual procedimento? Obrigado
  8. Note infectado e chrome abre guias

    Solicito análise de log. Realizados todos os procedimentos. A navegação no Chrome está maluca, abrindo e fechando paginas de propaganda. Não consigo atualizar o Windows. Fico no aguardo. Segue log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:33:25, on 11/03/2017 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.9600.17416) Boot mode: Normal Running processes: C:\Program Files (x86)\Launch Manager\LManager.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\usuario\Desktop\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://vnt-afseguranca.dvrdyn.org:8082/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O4 - HKLM\..\Run: [RadioController] "C:\Program Files (x86)\RadioController\RfBtnHelper.exe" Start_Run O4 - HKLM\..\Run: [Dolby Advanced Audio v2] "C:\Dolby PCEE4\pcee4.exe" -autostart O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - Global Startup: Acer Backup Manager Tray.lnk = C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted IP range: http://192.168.25.25 O16 - DPF: {4B984331-7314-4BC1-86BF-6AB0FA93F523} (NetDvrV3 Control) - http://192.168.25.25:8082/NetDvrV3.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{17E9203B-8C3C-40F9-B816-3E112FB21FC6}: NameServer = 200.204.135.200,200.204.135.202 O17 - HKLM\System\CCS\Services\Tcpip\..\{441B083C-EAF2-421F-BFB1-594943458EFB}: NameServer = 200.204.135.200,200.204.135.202 O17 - HKLM\System\CCS\Services\Tcpip\..\{9AD6A19E-5B62-44F8-BDAF-67C0A6B94C75}: NameServer = 200.204.135.200,200.204.135.202 O17 - HKLM\System\CS1\Services\Tcpip\..\{17E9203B-8C3C-40F9-B816-3E112FB21FC6}: NameServer = 200.204.135.200,200.204.135.202 O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe O23 - Service: AutoRun_MBIM - Unknown owner - C:\Windows\SysWOW64\WIN8_MBIM.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: CCDMonitorService - Acer Incorporated - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Nero Update (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NO-IP DUC v4.1.1 (NoIPDUCService4) - Unknown owner - C:\Program Files (x86)\No-IP\ducservice.exe O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe O23 - Service: Reimage Real Time Protector (ReimageRealTimeProtector) - Reimage® - C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe O23 - Service: Dritek RF Button Command Service (RfButtonDriverService) - Dritek System INC. - C:\Windows\RfBtnSvc64.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11074 bytes
  9. Note HP com navegação do Chrome lenta

    Já realizei todos os procedimentos. O note HP apresenta navegação na internet muito lenta (seja Chrome ou IE), as páginas demoram a abrir. Segue log: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 18:20:00, on 12/12/2015Platform: Unknown Windows (WinNT 6.02.1008)MSIE: Internet Explorer v11.0 (11.00.9600.17840)Boot mode: Normal Running processes:C:\PROGRA~2\GbPlugin\GbpSv.exeC:\Program Files (x86)\CyberLink\YouCam\YouCamService.exeC:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPNOT14/1R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exeO2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllO2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dllO2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dllO2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLLO2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dllO4 - HKLM\..\Run: [YouCam Service] "C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe" /sO4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRunO4 - HKLM\..\Run: [HPMessageService] C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exeO4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguiO4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITORO8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeO9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dllO9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllO9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dllO9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: imagem.caixa.gov.brO15 - Trusted Zone: internetbanking.caixa.gov.brO15 - Trusted Zone: internetbankingpf.caixa.gov.brO15 - Trusted Zone: www.caixa.gov.brO15 - Trusted Zone: http://www.caixa.gov.brO15 - Trusted Zone: bankline.itau.com.brO15 - Trusted Zone: clickbanking.itau.com.brO15 - Trusted Zone: guardiao.itau.com.brO15 - Trusted Zone: www.itau.com.brO15 - Trusted Zone: http://www.itau.com.brO15 - Trusted Zone: *.itau.com.brO15 - Trusted Zone: http://www.itaupersonnalite.com.brO18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLO20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dllO20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dllO23 - Service: AdaptiveSleepService - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exeO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeO23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: HP SimplePass Cachedrv Service (Cachedrv server) - Unknown owner - C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: HEU_KMS_Renewal - Unknown owner - C:\Windows\srvany.exeO23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeO23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exeO23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: HEU_KMS_Service (KMS) - hgm - C:\Windows\kmsonboot\HEU_KMS_Service.exeO23 - Service: KMS Server Service (KMSEmulator) - Unknown owner - C:\ProgramData\KMSAuto\KMSES.exeO23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: HP SimplePass Service (omniserv) - Softex Inc. - C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exeO23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exeO23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exeO23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 11940 bytes
  10. PC e internet lentos

    Ok, procedimento realizado. Houve uma boa melhora no uso do CPU. Também houve pequena melhora na velocidade de navegação. Entretanto, ao anexar um arquivo para email, por exemplo, a janela para selecionar o arquivo demora a abrir e a aparecer os arquivos contidos em uma pasta. Alguma solução? obrigado
  11. PC e internet lentos

    Ok, mas ele ainda apresenta lentidão ao carregar uma página da internet ou navegar, o que não ocorria antes. A minha net é GVT 15mb. E o uso do CPU ainda está acima de 70 %... E quanto as ferramentas instaladas: Zoek, AdwCleaner... deixo assim ou removo? Obrigado
  12. PC e internet lentos

    Ok, fiz o procedimento, mas após a reinicialização, apareceu a tela azul do Windows. Resetei o PC e na inicialização, salvei o log do erro, como seguem: Assinatura do problema: Nome do Evento de Problema: BlueScreen Versão do sistema operacional: 6.1.7601.2.1.0.256.1 Identificação da Localidade: 1046 Informações adicionais sobre o problema: BCCode: 7f BCP1: 0000000000000008 BCP2: 0000000080050031 BCP3: 00000000000406F8 BCP4: FFFFF80002ED702F OS Version: 6_1_7601 Service Pack: 1_0 Product: 256_1 Arquivos que ajudam a descrever o problema: C:\Windows\Minidump\120615-20906-01.dmp C:\Users\Denis\AppData\Local\Temp\WER-108890-0.sysdata.xml Leia nossa declaração de privacidade online: http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0416 Se a declaração de privacidade online não estiver disponível, leia nossa declaração de privacidade offline: C:\Windows\system32\pt-BR\erofflps.txt Zoek.exe v5.0.0.1 Updated 05-December-2015Tool run by Denis on 06/12/2015 at 21:34:03,36.Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Denis\Desktop\zoek.com [scan all users] [script inserted] ==== System Restore Info ====================== 06/12/2015 21:36:18 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright © 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\PROGRA~2\MSXML 4.0 deleted successfullyC:\PROGRA~2\v9Soft deleted successfullyC:\Program Files\Common Files\Autodesk Shared deleted successfullyC:\PROGRA~3\Oracle deleted successfullyC:\Users\Denis\AppData\Roaming\Malwarebytes deleted successfullyC:\Users\Denis\AppData\Roaming\Publish Providers deleted successfullyC:\Users\Denis\AppData\Local\EmieBrowserModeList deleted successfullyC:\Users\Denis\AppData\Local\EmieSiteList deleted successfullyC:\Users\Denis\AppData\Local\EmieUserList deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\v9Soft not foundC:\PROGRA~2\COMMON~1\Wondershare deletedC:\HijackThis.exe deletedC:\PROGRA~3\Cabela's Outdoor Adventures Saves deletedC:\PROGRA~3\Elcomsoft Password Recovery deletedC:\PROGRA~3\InstallMate deletedC:\Users\Denis\AppData\Local\Wondershare deletedC:\Windows\SysNative\config\systemprofile\Searches deletedC:\Users\Denis\AppData\Roaming\unins000.exe deletedC:\Users\Denis\AppData\Roaming\unins001.exe deletedC:\Users\Denis\AppData\Roaming\unins002.exe deletedC:\Users\Denis\AppData\Roaming\unins003.exe deleted"C:\Users\Denis\AppData\Local\{94ACAF0D-E73B-44E8-8C92-D2503BAC954D}" deleted"C:\Users\Denis\AppData\Local\{ADAE94EF-D923-48A3-BC33-7B8F3A3C7E37}" deleted"C:\Users\Denis\AppData\Local\{D5342A3F-637A-4798-86B4-34A19930EAE5}" deleted"C:\PROGRA~3\Package Cache" deleted ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [02/12/2015 21:43] ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsbpeeepmahhfjiediknjejcmcfmjcjdck - C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\serach.crx[]dkdkpmmkgdbglmfmmmmehbkmnkopingb - C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\v9-toolbar.crx[]eoccbpoodnckjdnackiffhjfkogfhnhh - C:\Program Files (x86)\VDownloader\Addons\Chrome.crx[]gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[02/12/2015 21:25] HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensionsnnjbodopomfddehlalfilheomcahbpei - C:\Users\Denis\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[26/07/2014 00:23] Modulo de Proteção Internet Banking - Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplfafmalddbmimkngiaboknlicmlabhAvast Online Security - Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmkiGBBD Banco Santander (Brasil) S.A. - Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\idnljhnpjegfbcohjhdnhjlnfnffmbnfGBBD Guardião - Itaú 30 horas - Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipgGBBD Caixa Economica Federal - Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpeiGBBD Caixa Economica Federal - Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi ==== Chromium Fix ====================== C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_fbpn-a.akamaihd.net_0.localstorage deleted successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_fbpn-a.akamaihd.net_0.localstorage-journal deleted successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.mlstatic.com_0.localstorage deleted successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.mlstatic.com_0.localstorage-journal deleted successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage deleted successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage-journal deleted successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage deleted successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage-journal deleted successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.powerreviews.com_0.localstorage deleted successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_services.powerreviews.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCHKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRCHKCU\SearchScopes "DefaultScope"="{C90BFE8E-BF1F-426A-BA2D-A7F6EF2E7FAC}"HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRCHKCU\SearchScopes\{C90BFE8E-BF1F-426A-BA2D-A7F6EF2E7FAC} - http://www.google.com/search?hl=en&q={searchTerms} ==== Reset Google Chrome ====================== C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF5c2ca.TMP was reset successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfullyC:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\support@vdownloader.com deleted successfully ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\ Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe C:\Users\Public\Desktop\Age of Mythology - The Titans Expansion.lnk - C:\Jogos\Microsoft Games\Age of Mythology\aomx.exe C:\Users\Public\Desktop\Avast Free antivírus.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe C:\Users\Public\Desktop\Cabela's Outdoor Adventures.lnk - C:\Activision Value\Cabela's Outdoor Adventures\Launcher.exe C:\Users\Public\Desktop\Fraps.lnk - C:\Program Files (x86)\Fraps\fraps.exe C:\Users\Public\Desktop\Jimbo.lnk - C:\Program Files (x86)\Meu Bolso em Dia\Jimbo\Jimbo.exe C:\Users\Public\Desktop\Mortal Kombat Arcade Kollection.lnk - C:\Jogos\WB Games\Mortal Kombat Arcade Kollection\BINARIES\WIN32\MKHDGame.exe C:\Users\Public\Desktop\NASCAR Racing 2003 Season.lnk - C:\Jogos\Papyrus\NASCAR Racing 2003 Season\NR2003.exe C:\Users\Public\Desktop\NHL® 09.lnk - C:\Users\Public\Desktop\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe C:\Users\Public\Desktop\WRC 4 FIA World Rally Championship.lnk - C:\Jogos\BlackBeanGames\WRC 4 FIA World Rally Championship\WRC4.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WRC 4 FIA World Rally Championship.lnk - C:\Jogos\BlackBeanGames\WRC 4 FIA World Rally Championship\WRC4.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free antivírus.lnk - C:\Program Files\AVAST Software\Avast\avastui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Manual.lnk - C:\Program Files (x86)\VirtualCloneDrive\HelpLauncher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Uninstall.lnk - C:\Program Files (x86)\VirtualCloneDrive\vcd-uninst.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Virtual CloneDrive Revision History.lnk - C:\Program Files (x86)\VirtualCloneDrive\manual\changes_vcd.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes\VirtualCloneDrive\Virtual CloneDrive.lnk - C:\Program Files (x86)\VirtualCloneDrive\VCDPrefs.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Reset IE Proxy ====================== Value(s) before fix:"ProxyEnable"=dword:00000000 Value(s) after fix:"ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{EC979E92-D799-0C6E-4D49-78141F01DBB7} deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\bpeeepmahhfjiediknjejcmcfmjcjdck deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\dkdkpmmkgdbglmfmmmmehbkmnkopingb deleted successfullyHKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\eoccbpoodnckjdnackiffhjfkogfhnhh deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nvtmru deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wondershare Helper Compact.exe deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Denis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Denis\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=94 folders=48 28673704 bytes) ==== Empty Temp Folders ====================== C:\Users\Default\AppData\Local\temp emptied successfullyC:\Users\Default User\AppData\Local\temp emptied successfullyC:\Users\Denis\AppData\Local\Temp will be emptied at rebootC:\Users\Public\AppData\Local\temp emptied successfullyC:\Users\USURIO~1\AppData\Local\temp emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptiedC:\Users\Denis\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 06/12/2015 at 23:04:29,46 ====================== Logfile of Trend Micro HijackThis v2.0.4Scan saved at 23:33:43, on 06/12/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17840)Boot mode: Normal Running processes:C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\PROGRA~2\GbPlugin\GbpSv.exeC:\Program Files (x86)\uTorrent\uTorrent.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\HijackThis.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLLO2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dllO2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dllO2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dllO2 - BHO: G-Buster Browser Defense Tecnocred - {C41A1C0E-EA6C-11D4-B1B8-444553540024} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehtec.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguiO4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /sO4 - HKCU\..\Run: [Google Update] "C:\Users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZEDO4 - Startup: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk = ?O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: www.bancoreal.com.brO15 - Trusted Zone: http://www.caixa.gov.brO15 - Trusted Zone: gbbd.e-unicred.com.brO15 - Trusted Zone: ibdesenv.e-unicred.com.brO15 - Trusted Zone: unicrednet.e-unicred.com.brO15 - Trusted Zone: unicrednetp.e-unicred.com.brO15 - Trusted Zone: bankline.itau.com.brO15 - Trusted Zone: clickbanking.itau.com.brO15 - Trusted Zone: guardiao.itau.com.brO15 - Trusted Zone: www.itau.com.brO15 - Trusted Zone: http://www.itau.com.brO15 - Trusted Zone: *.itau.com.brO15 - Trusted Zone: http://www.itaupersonnalite.com.brO15 - Trusted Zone: www.realsecureweb.com.brO15 - Trusted Zone: www2.realsecureweb.com.brO15 - Trusted Zone: wwws.realsecureweb.com.brO15 - Trusted Zone: www.santander.com.brO15 - Trusted Zone: www.santandernet.com.brO15 - Trusted Zone: wwws.santandernet.com.brO15 - Trusted Zone: www.secureweb.com.brO15 - Trusted Zone: www.unicred-poa.com.brO15 - Trusted Zone: http://www.unicred.com.brO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dllO20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dllO20 - Winlogon Notify: GbPluginTec - C:\Program Files (x86)\GbPlugin\gbiehTec.dllO20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exeO23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exeO23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeO23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exeO23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 12083 bytes
  13. PC e internet lentos

    Seguem os logs: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 8.0.1 (11.24.2015)Operating System: Windows 7 Ultimate x64 Ran by Denis (Administrator) on 06/12/2015 at 20:06:35,61~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 2 Successfully deleted: C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage-journal (File) Successfully deleted: C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_static.audienceinsights.net_0.localstorage (File) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 06/12/2015 at 20:11:31,23End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v5.023 - Relatório criado 06/12/2015 às 19:56:52# Atualizado 30/11/2015 por Xplode# Banco de dados : 2015-12-06.2 [servidor]# Sistema operacional : Windows 7 Ultimate Service Pack 1 (x64)# Usuário : Denis - DENIS-PC# Executando de : C:\Users\Denis\Desktop\AdwCleaner.exe# Opção : Limpar# Apoio : http://toolslib.net/forum ***** [ Serviços ] ***** ***** [ Pastas ] ***** [-] Pasta Excluído : C:\ProgramData\Trymedia[-] Pasta Excluído : C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp[-] Pasta Excluído : C:\Users\Denis\AppData\Roaming\ProgSense ***** [ Arquivos ] ***** [-] Arquivo Excluído : C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage[-] Arquivo Excluído : C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lfmhcpmkbdkbgbmkjoiopeeegenkdikp_0.localstorage-journal[-] Arquivo Excluído : C:\Windows\SysNative\WinDivert64.sys ***** [ DLLs ] ***** ***** [ Atalhos ] ***** ***** [ Tarefas agendadas ] ***** ***** [ Registro ] ***** [-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}[-] Chave Excluída : HKCU\Software\ProgSense ***** [ Navegadores ] ***** [-] [C:\Users\Denis\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Excluído : lfmhcpmkbdkbgbmkjoiopeeegenkdikp ************************* :: Chaves "Tracing" excluídas:: Configurações Winsock restauradas ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1804 bytes] ########## Logfile of Trend Micro HijackThis v2.0.4Scan saved at 20:19:20, on 06/12/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17840)Boot mode: Normal Running processes:C:\Program Files\AVAST Software\Avast\AvastUI.exeC:\PROGRA~2\GbPlugin\GbpSv.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLLO2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dllO2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dllO2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dllO2 - BHO: G-Buster Browser Defense Tecnocred - {C41A1C0E-EA6C-11D4-B1B8-444553540024} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehtec.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguiO4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /sO4 - HKCU\..\Run: [Google Update] "C:\Users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZEDO4 - Startup: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk = ?O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: www.bancoreal.com.brO15 - Trusted Zone: http://www.caixa.gov.brO15 - Trusted Zone: gbbd.e-unicred.com.brO15 - Trusted Zone: ibdesenv.e-unicred.com.brO15 - Trusted Zone: unicrednet.e-unicred.com.brO15 - Trusted Zone: unicrednetp.e-unicred.com.brO15 - Trusted Zone: bankline.itau.com.brO15 - Trusted Zone: clickbanking.itau.com.brO15 - Trusted Zone: guardiao.itau.com.brO15 - Trusted Zone: www.itau.com.brO15 - Trusted Zone: http://www.itau.com.brO15 - Trusted Zone: *.itau.com.brO15 - Trusted Zone: http://www.itaupersonnalite.com.brO15 - Trusted Zone: www.realsecureweb.com.brO15 - Trusted Zone: www2.realsecureweb.com.brO15 - Trusted Zone: wwws.realsecureweb.com.brO15 - Trusted Zone: www.santander.com.brO15 - Trusted Zone: www.santandernet.com.brO15 - Trusted Zone: wwws.santandernet.com.brO15 - Trusted Zone: www.secureweb.com.brO15 - Trusted Zone: www.unicred-poa.com.brO15 - Trusted Zone: http://www.unicred.com.brO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dllO20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dllO20 - Winlogon Notify: GbPluginTec - C:\Program Files (x86)\GbPlugin\gbiehTec.dllO20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exeO23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exeO23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeO23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exeO23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 12060 bytes
  14. PC e internet lentos

    Seguem os logs: Malwarebytes Anti-Malwarewww.malwarebytes.org Data da verificação: 06/12/2015Hora da verificação: 00:59Arquivo de registro: 1.txtAdministrador: Sim Versão: 2.2.0.1024Banco de dados de malware: v2015.12.05.06Banco de dados de rootkit: v2015.11.26.01Licença: GratuitaProteção contra malware: DesabilitadoProteção contra website malicioso: DesabilitadoAutoproteção: Desabilitado Sistema operacional: Windows 7 Service Pack 1CPU: x64Sistema de arquivos: NTFSUsuário: Denis Tipo de verificação: Verificação da ameaçaResultado: ConcluídoObjetos verificados: 368877Tempo decorrido: 38 min, 55 seg Memória: HabilitadoInicialização: HabilitadoSistema de arquivos: HabilitadoArquivos compactados: HabilitadoRootkits: HabilitadoHeurística: HabilitadoPUP: HabilitadoPUM: Habilitado Processos: 0(Nenhum item malicioso detectado) Módulos: 0(Nenhum item malicioso detectado) Chaves de registro: 0(Nenhum item malicioso detectado) Valores de registro: 0(Nenhum item malicioso detectado) Dados de registro: 0(Nenhum item malicioso detectado) Pastas: 0(Nenhum item malicioso detectado) Arquivos: 0(Nenhum item malicioso detectado) Setores físicos: 0(Nenhum item malicioso detectado) (end) ***Logfile of Trend Micro HijackThis v2.0.4Scan saved at 13:57:52, on 06/12/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17840)Boot mode: Normal Running processes:C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Program Files (x86)\uTorrent\uTorrent.exeC:\PROGRA~2\GbPlugin\GbpSv.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLLO2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dllO2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dllO2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dllO2 - BHO: G-Buster Browser Defense Tecnocred - {C41A1C0E-EA6C-11D4-B1B8-444553540024} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehtec.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguiO4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /sO4 - HKCU\..\Run: [Google Update] "C:\Users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZEDO4 - Startup: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk = ?O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: www.bancoreal.com.brO15 - Trusted Zone: http://www.caixa.gov.brO15 - Trusted Zone: gbbd.e-unicred.com.brO15 - Trusted Zone: ibdesenv.e-unicred.com.brO15 - Trusted Zone: unicrednet.e-unicred.com.brO15 - Trusted Zone: unicrednetp.e-unicred.com.brO15 - Trusted Zone: bankline.itau.com.brO15 - Trusted Zone: clickbanking.itau.com.brO15 - Trusted Zone: guardiao.itau.com.brO15 - Trusted Zone: www.itau.com.brO15 - Trusted Zone: http://www.itau.com.brO15 - Trusted Zone: *.itau.com.brO15 - Trusted Zone: http://www.itaupersonnalite.com.brO15 - Trusted Zone: www.realsecureweb.com.brO15 - Trusted Zone: www2.realsecureweb.com.brO15 - Trusted Zone: wwws.realsecureweb.com.brO15 - Trusted Zone: www.santander.com.brO15 - Trusted Zone: www.santandernet.com.brO15 - Trusted Zone: wwws.santandernet.com.brO15 - Trusted Zone: www.secureweb.com.brO15 - Trusted Zone: www.unicred-poa.com.brO15 - Trusted Zone: http://www.unicred.com.brO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dllO20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dllO20 - Winlogon Notify: GbPluginTec - C:\Program Files (x86)\GbPlugin\gbiehTec.dllO20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exeO23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exeO23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeO23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exeO23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 12291 bytes
  15. PC e internet lentos

    Solicitação de Análise de Logs Já fiz todos os procedimentos solicitados no Tópico Oficial... O PC tem ficado lento, principalmente no carregamento e execução de alguns aplicativos, apresenta constantemente 100% de uso do processador, além da navegação pelo Chrome também estar lenta. Segue o log: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 16:08:32, on 05/12/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17840)Boot mode: Normal Running processes:C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\PROGRA~2\GbPlugin\GbpSv.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exeC:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Denis\AppData\Local\Google\Chrome\Application\chrome.exeC:\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: IEExtension.VDownloaderBHO - {7b523e7c-f096-4e36-a0cb-7efeb5c675c1} - mscoree.dll (file missing)O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dllO2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLLO2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dllO2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dllO2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dllO2 - BHO: G-Buster Browser Defense Tecnocred - {C41A1C0E-EA6C-11D4-B1B8-444553540024} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehtec.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /noguiO4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exeO4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files (x86)\VirtualCloneDrive\VCDDaemon.exe" /sO4 - HKCU\..\Run: [Google Update] "C:\Users\Denis\AppData\Local\Google\Update\GoogleUpdate.exe" /cO4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZEDO4 - Startup: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk = ?O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO15 - Trusted Zone: www.bancoreal.com.brO15 - Trusted Zone: http://www.caixa.gov.brO15 - Trusted Zone: gbbd.e-unicred.com.brO15 - Trusted Zone: ibdesenv.e-unicred.com.brO15 - Trusted Zone: unicrednet.e-unicred.com.brO15 - Trusted Zone: unicrednetp.e-unicred.com.brO15 - Trusted Zone: bankline.itau.com.brO15 - Trusted Zone: clickbanking.itau.com.brO15 - Trusted Zone: guardiao.itau.com.brO15 - Trusted Zone: www.itau.com.brO15 - Trusted Zone: http://www.itau.com.brO15 - Trusted Zone: *.itau.com.brO15 - Trusted Zone: http://www.itaupersonnalite.com.brO15 - Trusted Zone: www.realsecureweb.com.brO15 - Trusted Zone: www2.realsecureweb.com.brO15 - Trusted Zone: wwws.realsecureweb.com.brO15 - Trusted Zone: www.santander.com.brO15 - Trusted Zone: www.santandernet.com.brO15 - Trusted Zone: wwws.santandernet.com.brO15 - Trusted Zone: www.secureweb.com.brO15 - Trusted Zone: www.unicred-poa.com.brO15 - Trusted Zone: http://www.unicred.com.brO16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cabO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dllO20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dllO20 - Winlogon Notify: GbPluginTec - C:\Program Files (x86)\GbPlugin\gbiehTec.dllO20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exeO23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exeO23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeO23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exeO23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exeO23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exeO23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exeO23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exeO23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 12312 bytes
×