Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

Ir para conteúdo

jardaon2

Participante
  • Postagens

    24
  • Desde

  • Última visita

Posts postados por jardaon2


  1. Encontrou 10 ameaças: 

    C:\Downloads Torrent\drivers impressora.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
    C:\Downloads Torrent\uTorrent.exe    a variant of MSIL/WebCompanion.A potentially unwanted application    cleaned by deleting
    C:\Downloads Torrent\winrar_64_bit_4137866686.exe    Win32/InstallCore.Gen.A potentially unwanted application    cleaned by deleting
    C:\Program Files\KMSpico\scripts\AddExceptionsWD.reg    Win32/HackKMS.AZ potentially unsafe application    cleaned by deleting
    C:\Program Files\KMSpico\scripts\Silent.cmd    Win32/HackKMS.AZ potentially unsafe application    cleaned by deleting
    C:\Users\Guilherme\AppData\Local\Temp\nsvBE5A.tmp\EzmnXDjVSLc.dll    a variant of Win32/Adware.Zdengo.CDY application    cleaned by deleting
    C:\Users\Guilherme\AppData\Local\Temp\wjm653D.tmp\update.exe    multiple threats    cleaned by deleting
    C:\Users\Guilherme\Downloads\FFSetup296.exe    multiple threats    cleaned by deleting
    C:\Windows\kpadcohrsmvqoes.bpad    a variant of Win32/Adware.Zdengo.CDX application    cleaned by deleting
    C:\Windows\Temp\nsi1D91.tmp\EzmnXDjVSLc.dll    a variant of Win32/Adware.Zdengo.CDY application    cleaned by deleting
     

    ===================

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23:15:29, on 03/12/2018
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.17763.0001)
    Boot mode: Normal

    Running processes:
    C:\Users\Guilherme\AppData\Local\FluxSoftware\Flux\flux.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10477_756_181126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-b2017702190a9a47
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll
    O4 - HKCU\..\Run: [f.lux] "C:\Users\Guilherme\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
    O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
    O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://*.webcompanion.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2ff41a84-8e76-400d-a201-5918d65ccc02}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\..\{42ef69d4-1394-4acd-8f2a-707a32319128}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5e408d0b-ffd4-4266-8cb6-ee275fecf209}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5f1297f9-1f8d-47db-9255-21c09c38724b}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9db0df7d-85b8-4f72-9737-19b904cf801d}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\..\{cd576b97-ed0c-11e8-8536-806e6f6e6963}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\..\{d254fb69-c176-491e-b9e6-52f2ccc80ac1}: NameServer = 8.8.8.8
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2ff41a84-8e76-400d-a201-5918d65ccc02}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8
    O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
    O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
    O23 - Service: CDB Service (CDBService) - Unknown owner - C:\Program Files (x86)\Cdb 1.0\srvcdb.exe
    O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
    O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NGUwOWQ2M - Unknown owner - C:\Program Files\NGUwOWQ2M\M2JlZjcy.exe
    O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
    O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @oem2.inf,%WirelessKB850NotificationSvcDisplayName%;Wireless Keyboard 850 Notification Service (WirelessKB850NotificationService) - Unknown owner - C:\Windows\system32\WirelessKB850NotificationService.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10766 bytes
     

     


  2. Redefini o Chrome sim. O Mbam achou uma porrada de problemas e corrigiu. Seguem os logs. 

     

    Malwarebytes
    www.malwarebytes.com

    -Detalhes de registro-
    Data da análise: 03/12/2018
    Hora da análise: 17:38
    Arquivo de registro: f7d68a2e-f732-11e8-8350-6c3be591043a.json

    -Informação do software-
    Versão: 3.6.1.2711
    Versão de componentes: 1.0.482
    Versão do pacote de definições: 1.0.8145
    Licença: Gratuita

    -Informação do sistema-
    Sistema operacional: Windows 10 (Build 17763.134)
    CPU: x64
    Sistema de arquivos: NTFS
    Usuário: DESKTOP-2EUF7CF\Guilherme

    -Resumo da análise-
    Tipo de análise: Análise de Ameaças
    Análise Iniciada Por: Manual
    Resultado: Concluído
    Objetos verificados: 287122
    Ameaças detectadas: 198
    Ameaças em quarentena: 0
    Tempo decorrido: 19 min, 53 seg

    -Opções da análise-
    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de arquivos: Habilitado
    Arquivos compactados: Habilitado
    Rootkits: Habilitado
    Heurística: Habilitado
    PUP: Detectar
    PUM: Detectar

    -Detalhes da análise-
    Processo: 4
    Trojan.Egguard, C:\USERS\GUILHERME\APPDATA\LOCAL\NTVHOST\SYSSVC.EXE, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    RiskWare.EventSvc, C:\PROGRAMDATA\MICROSOFT\Windows\EVENTSVC\EVENTSVC.EXE, Nenhuma ação do usuário, [4096], [561520],1.0.8145
    Adware.Wajam, C:\Program Files\NGUwOWQ2M\M2JlZjcy.exe, Nenhuma ação do usuário, [474], [556539],1.0.8145
    Trojan.Agent, C:\PROGRAMDATA\MICROSOFT\Windows\EVENTSVC\WORK0.EXE, Nenhuma ação do usuário, [403], [579533],1.0.8145

    Módulo: 4
    Trojan.Egguard, C:\USERS\GUILHERME\APPDATA\LOCAL\NTVHOST\SYSSVC.EXE, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    RiskWare.EventSvc, C:\PROGRAMDATA\MICROSOFT\Windows\EVENTSVC\EVENTSVC.EXE, Nenhuma ação do usuário, [4096], [561520],1.0.8145
    Adware.Wajam, C:\Program Files\NGUwOWQ2M\M2JlZjcy.exe, Nenhuma ação do usuário, [474], [556539],1.0.8145
    Trojan.Agent, C:\PROGRAMDATA\MICROSOFT\Windows\EVENTSVC\WORK0.EXE, Nenhuma ação do usuário, [403], [579533],1.0.8145

    Chave de registro: 40
    Adware.OnlineIO, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Updater_Online_Application, Nenhuma ação do usuário, [1166], [399420],1.0.8145
    Adware.OnlineIO, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{89AF62F3-5DF1-435A-9B0A-8D58A2C5BA13}, Nenhuma ação do usuário, [1166], [399420],1.0.8145
    Adware.OnlineIO, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{89AF62F3-5DF1-435A-9B0A-8D58A2C5BA13}, Nenhuma ação do usuário, [1166], [399420],1.0.8145
    Adware.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CRMSvc, Nenhuma ação do usuário, [101], [403162],1.0.8145
    Trojan.Egguard, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SysSvc, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    RiskWare.EventSvc, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EventSvc, Nenhuma ação do usuário, [4096], [561520],1.0.8145
    Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Nenhuma ação do usuário, [474], [-1],0.0.0
    Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NGUwOWQ2M, Nenhuma ação do usuário, [474], [556539],1.0.8145
    PUP.Optional.Wajam, HKU\S-1-5-21-3430502845-4032608720-2987334402-1001\SOFTWARE\WajIEnhance, Nenhuma ação do usuário, [204], [244670],1.0.8145
    Spyware.Socelars, HKU\S-1-5-21-3430502845-4032608720-2987334402-1001\SOFTWARE\{6D187CC8-35BD-47F6-8760-D406AA1927B1}, Nenhuma ação do usuário, [5017], [584328],1.0.8145
    Adware.SearchAwesome, HKLM\SOFTWARE\WOW6432NODE\SrcAAAesom Browser Enhancer, Nenhuma ação do usuário, [7205], [509886],1.0.8145
    Trojan.Agent, HKLM\SOFTWARE\CRMSvc, Nenhuma ação do usuário, [403], [533736],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\AUSLOGICS\Disk Defrag Prof, Nenhuma ação do usuário, [3588], [383224],1.0.8145
    Adware.SearchAwesome, HKLM\SOFTWARE\SrcAAAesom Browser Enhancer, Nenhuma ação do usuário, [7205], [509886],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Auslogics\Disk Defrag Prof\Task {00000001-0E25-49B8-A1C9-BBFA20F44839} for Guilherme, Nenhuma ação do usuário, [3588], [383212],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E8EF6753-0769-4A6D-AC1D-6780A065BC9F}, Nenhuma ação do usuário, [3588], [383212],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{E8EF6753-0769-4A6D-AC1D-6780A065BC9F}, Nenhuma ação do usuário, [3588], [383212],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Auslogics\Disk Defrag Prof\Task {00000001-ABED-406F-AE89-B030A049F77C} for Guilherme, Nenhuma ação do usuário, [3588], [383212],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{50D27391-C57A-41D2-8E45-11C4C347482C}, Nenhuma ação do usuário, [3588], [383212],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{50D27391-C57A-41D2-8E45-11C4C347482C}, Nenhuma ação do usuário, [3588], [383212],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Auslogics\Disk Defrag Prof\Task {00000001-ED2A-438D-8CF9-2C6BD86E9A4D} for Guilherme, Nenhuma ação do usuário, [3588], [383212],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{28093655-F82B-490C-AE16-D3346668DB3D}, Nenhuma ação do usuário, [3588], [383212],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{28093655-F82B-490C-AE16-D3346668DB3D}, Nenhuma ação do usuário, [3588], [383212],1.0.8145
    PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCSUSpeedTest_RASAPI32, Nenhuma ação do usuário, [593], [246229],1.0.8145
    Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\bestavicampaign563, Nenhuma ação do usuário, [432], [584322],1.0.8145
    Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Nenhuma ação do usuário, [432], [518478],1.0.8145
    Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Nenhuma ação do usuário, [432], [518476],1.0.8145
    Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\Speedycar, Nenhuma ação do usuário, [432], [518473],1.0.8145
    Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\TechnologyDesktopnew, Nenhuma ação do usuário, [432], [518479],1.0.8145
    PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Nenhuma ação do usuário, [2887], [260247],1.0.8145
    Adware.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online Application, Nenhuma ação do usuário, [1166], [527822],1.0.8145
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online.io Application, Nenhuma ação do usuário, [3666], [317312],1.0.8145
    PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Nenhuma ação do usuário, [2887], [260247],1.0.8145
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Nenhuma ação do usuário, [3666], [339688],1.0.8145
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Windows\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Nenhuma ação do usuário, [3666], [398592],1.0.8145
    PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, Nenhuma ação do usuário, [593], [241622],1.0.8145
    PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Windows\CURRENTVERSION\UNINSTALL\{2CE2C422-7C62-15A2-CDE2-65221D62B6A2}, Nenhuma ação do usuário, [717], [542290],1.0.8145
    PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Nenhuma ação do usuário, [204], [170024],1.0.8145
    PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Nenhuma ação do usuário, [204], [170024],1.0.8145
    PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Nenhuma ação do usuário, [204], [170024],1.0.8145

    Valor de registro: 15
    Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Nenhuma ação do usuário, [474], [-1],0.0.0
    Adware.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Nenhuma ação do usuário, [474], [-1],0.0.0
    Adware.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Nenhuma ação do usuário, [474], [-1],0.0.0
    Adware.Wajam, HKU\S-1-5-21-3430502845-4032608720-2987334402-1001\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Nenhuma ação do usuário, [474], [-1],0.0.0
    Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Nenhuma ação do usuário, [474], [-1],0.0.0
    Adware.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CRMSVC|IMAGEPATH, Nenhuma ação do usuário, [101], [403160],1.0.8145
    Trojan.Egguard, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSSVC|IMAGEPATH, Nenhuma ação do usuário, [5040], [550056],1.0.8145
    RiskWare.EventSvc, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTSVC|IMAGEPATH, Nenhuma ação do usuário, [4096], [561519],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{28093655-F82B-490C-AE16-D3346668DB3D}|PATH, Nenhuma ação do usuário, [3588], [383225],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{50D27391-C57A-41D2-8E45-11C4C347482C}|PATH, Nenhuma ação do usuário, [3588], [383225],1.0.8145
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{89AF62F3-5DF1-435A-9B0A-8D58A2C5BA13}|PATH, Nenhuma ação do usuário, [3666], [391427],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E8EF6753-0769-4A6D-AC1D-6780A065BC9F}|PATH, Nenhuma ação do usuário, [3588], [383225],1.0.8145
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Windows\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|CONTACT, Nenhuma ação do usuário, [3666], [333852],1.0.8145
    PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Windows\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|URLINFOABOUT, Nenhuma ação do usuário, [3666], [321304],1.0.8145
    Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{d254fb69-c176-491e-b9e6-52f2ccc80ac1}|NAMESERVER, Nenhuma ação do usuário, [7480], [260227],1.0.8145

    Dados de registro: 10
    PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0
    PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0
    PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{2ff41a84-8e76-400d-a201-5918d65ccc02}|NameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0
    PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{42ef69d4-1394-4acd-8f2a-707a32319128}|NameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0
    PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5e408d0b-ffd4-4266-8cb6-ee275fecf209}|NameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0
    PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5f1297f9-1f8d-47db-9255-21c09c38724b}|NameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0
    PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9db0df7d-85b8-4f72-9737-19b904cf801d}|NameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0
    PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9db0df7d-85b8-4f72-9737-19b904cf801d}|DhcpNameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0
    PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{d254fb69-c176-491e-b9e6-52f2ccc80ac1}|NameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0
    PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{d254fb69-c176-491e-b9e6-52f2ccc80ac1}|DhcpNameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0

    Fluxo de dados: 0
    (Nenhum item malicioso detectado)

    Pasta: 29
    PUP.Optional.APNToolBar.Gen, C:\PROGRAMDATA\APN\APN-STUB, Nenhuma ação do usuário, [774], [175062],1.0.8145
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0, Nenhuma ação do usuário, [1166], [399420],1.0.8145
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application, Nenhuma ação do usuário, [1166], [399420],1.0.8145
    Adware.OnlineIO, C:\PROGRAM FILES (X86)\MICROLEAVES, Nenhuma ação do usuário, [1166], [399420],1.0.8145
    Adware.Agent, C:\USERS\GUILHERME\APPDATA\ROAMING\CRMSVC, Nenhuma ação do usuário, [101], [403162],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\_locales\en_US, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\_locales\en, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\_locales, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\ico, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\_locales\en_US, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\_locales\en, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\_locales, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\ico, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\USERS\GUILHERME\APPDATA\LOCAL\NTVHOST, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Adware.Wajam, C:\Windows\SYSWOW64\SSL, Nenhuma ação do usuário, [474], [533889],1.0.8145
    Adware.Wajam, C:\PROGRAM FILES\NGUwOWQ2M, Nenhuma ação do usuário, [474], [556539],1.0.8145
    PUP.Optional.ASK.Gen, C:\USERS\GUILHERME\APPDATA\LOCAL\TEMP\APN-STUB, Nenhuma ação do usuário, [3594], [181296],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, C:\Windows\SYSTEM32\TASKS\AUSLOGICS\Disk Defrag Prof, Nenhuma ação do usuário, [3588], [383212],1.0.8145
    PUP.Optional.OnlineIO, C:\Windows\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Nenhuma ação do usuário, [3666], [391425],1.0.8145
    Adware.OnlineIO, C:\Users\Guilherme\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1, Nenhuma ação do usuário, [1166], [399763],1.0.8145
    Adware.OnlineIO, C:\Users\Guilherme\AppData\Roaming\Microleaves\Online Application 2.7.0\install, Nenhuma ação do usuário, [1166], [399763],1.0.8145
    Adware.OnlineIO, C:\Users\Guilherme\AppData\Roaming\Microleaves\Online Application 2.7.0, Nenhuma ação do usuário, [1166], [399763],1.0.8145
    Adware.OnlineIO, C:\USERS\GUILHERME\APPDATA\ROAMING\MICROLEAVES, Nenhuma ação do usuário, [1166], [399763],1.0.8145
    Adware.Agent, C:\Windows\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\CRMSVC, Nenhuma ação do usuário, [101], [597937],1.0.8145
    Adware.Neoreklami, C:\PROGRAM FILES (X86)\FVGEDVJZKGFU2, Nenhuma ação do usuário, [908], [602645],1.0.8145
    PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove, Nenhuma ação do usuário, [717], [542290],1.0.8145
    PUP.Optional.WinYahoo.TskLnk, C:\USERS\GUILHERME\APPDATA\LOCAL\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}, Nenhuma ação do usuário, [717], [542290],1.0.8145

    Arquivo: 96
    Adware.Wajam, C:\Windows\System32\drivers\M2JiZTg1, Nenhuma ação do usuário, [474], [488914],0.0.0
    PUP.Optional.WinBing, C:\Windows\TASKS\Search Provided by Bing nanef.job, Nenhuma ação do usuário, [5366], [336088],1.0.8145
    PUP.Optional.OnlineIO, C:\Windows\TASKS\UPDATER_ONLINE_APPLICATION.JOB, Nenhuma ação do usuário, [3666], [391430],1.0.8145
    Adware.OnlineIO, C:\Windows\SYSTEM32\TASKS\Updater_Online_Application, Nenhuma ação do usuário, [1166], [399420],1.0.8145
    Adware.OnlineIO, C:\PROGRAM FILES (X86)\MICROLEAVES\Online Application\Online Application Updater.exe, Nenhuma ação do usuário, [1166], [399420],1.0.8145
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io EULA.url, Nenhuma ação do usuário, [1166], [399420],1.0.8145
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io Privacy.url, Nenhuma ação do usuário, [1166], [399420],1.0.8145
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Uninstall Online Application.lnk, Nenhuma ação do usuário, [1166], [399420],1.0.8145
    Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.ini, Nenhuma ação do usuário, [1166], [399420],1.0.8145
    Adware.Agent, C:\USERS\GUILHERME\APPDATA\ROAMING\CRMSVC\CRMSvc.exe, Nenhuma ação do usuário, [101], [403162],1.0.8145
    PUP.Optional.OnlineIO, C:\Windows\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Nenhuma ação do usuário, [3666], [391431],1.0.8145
    Adware.Linkury.Generic, C:\USERS\GUILHERME\APPDATA\LOCAL\SHAM.DB, Nenhuma ação do usuário, [3725], [516191],1.0.8145
    Trojan.Egguard, C:\USERS\GUILHERME\APPDATA\LOCAL\NTVHOST\SYSSVC.EXE, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\ico\128.png, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\ico\16.png, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\ico\32.png, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\ico\48.png, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\_locales\en\messages.json, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\_locales\en_US\messages.json, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\background.html, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\background.js, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\manifest.json, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\ico\128.png, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\ico\16.png, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\ico\32.png, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\ico\48.png, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\_locales\en\messages.json, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\_locales\en_US\messages.json, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\background.html, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\background.js, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\jquery-3.2.1.min.js, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\main.js, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\manifest.json, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\C.dll, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\data.cfg, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\h5host.json, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\host.json, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\InC.exe, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\syssvc.exe.config, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\syssvc.wrapper.log, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\syssvc.xml, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\U.dll, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\x64.dll, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\x86.dll, Nenhuma ação do usuário, [5040], [550057],1.0.8145
    PUP.Optional.FFHijacker.Generic, C:\PROGRAM FILES\MOZILLA FIREFOX\DEFAULTS\PREF\SECURE_CERT.JS, Nenhuma ação do usuário, [5347], [505085],1.0.8145
    RiskWare.EventSvc, C:\PROGRAMDATA\MICROSOFT\Windows\EVENTSVC\EVENTSVC.EXE, Nenhuma ação do usuário, [4096], [561520],1.0.8145
    Adware.Wajam, C:\Windows\SYSWOW64\SSL\CERT.DB, Nenhuma ação do usuário, [474], [533889],1.0.8145
    Adware.Wajam, C:\Windows\SysWOW64\SSL\MGVmM 2.cer, Nenhuma ação do usuário, [474], [533889],1.0.8145
    Adware.Wajam, C:\Windows\SysWOW64\SSL\x.db, Nenhuma ação do usuário, [474], [533889],1.0.8145
    Adware.Wajam, C:\Windows\SysWOW64\SSL\xtls.db, Nenhuma ação do usuário, [474], [533889],1.0.8145
    Adware.Wajam, C:\PROGRAM FILES\NGUwOWQ2M\WBE_uninstall.dat, Nenhuma ação do usuário, [474], [556539],1.0.8145
    Adware.Wajam, C:\Program Files\NGUwOWQ2M\M2JlZjcy.exe, Nenhuma ação do usuário, [474], [556539],1.0.8145
    Adware.Wajam, C:\Program Files\NGUwOWQ2M\mozcrt19.dll, Nenhuma ação do usuário, [474], [556539],1.0.8145
    Adware.Wajam, C:\Program Files\NGUwOWQ2M\MTU5ND, Nenhuma ação do usuário, [474], [556539],1.0.8145
    Adware.Wajam, C:\Program Files\NGUwOWQ2M\nspr4.dll, Nenhuma ação do usuário, [474], [556539],1.0.8145
    Adware.Wajam, C:\Program Files\NGUwOWQ2M\nss3.dll, Nenhuma ação do usuário, [474], [556539],1.0.8145
    Adware.Wajam, C:\Program Files\NGUwOWQ2M\plc4.dll, Nenhuma ação do usuário, [474], [556539],1.0.8145
    Adware.Wajam, C:\Program Files\NGUwOWQ2M\plds4.dll, Nenhuma ação do usuário, [474], [556539],1.0.8145
    Adware.Wajam, C:\Program Files\NGUwOWQ2M\service.dat, Nenhuma ação do usuário, [474], [556539],1.0.8145
    Adware.Wajam, C:\Program Files\NGUwOWQ2M\service_64.dat, Nenhuma ação do usuário, [474], [556539],1.0.8145
    Adware.Wajam, C:\Program Files\NGUwOWQ2M\softokn3.dll, Nenhuma ação do usuário, [474], [556539],1.0.8145
    Adware.Wajam, C:\Program Files\NGUwOWQ2M\ZjA5NDQ1NTY2OTE1MjJh.ico, Nenhuma ação do usuário, [474], [556539],1.0.8145
    Adware.Wajam, C:\Program Files\NGUwOWQ2M\ZmJlYWFhMTAyMWM1NGE4.exe, Nenhuma ação do usuário, [474], [556539],1.0.8145
    Trojan.Agent, C:\PROGRAMDATA\MICROSOFT\Windows\EVENTSVC\WORK0.EXE, Nenhuma ação do usuário, [403], [579533],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, C:\Windows\System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-0E25-49B8-A1C9-BBFA20F44839} for Guilherme, Nenhuma ação do usuário, [3588], [383212],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, C:\Windows\System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-ABED-406F-AE89-B030A049F77C} for Guilherme, Nenhuma ação do usuário, [3588], [383212],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, C:\Windows\System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-ED2A-438D-8CF9-2C6BD86E9A4D} for Guilherme, Nenhuma ação do usuário, [3588], [383212],1.0.8145
    PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Nenhuma ação do usuário, [3666], [391425],1.0.8145
    PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Nenhuma ação do usuário, [3666], [391425],1.0.8145
    Adware.OnlineIO, C:\Users\Guilherme\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1\Basic Installer with memory detection.msi, Nenhuma ação do usuário, [1166], [399763],1.0.8145
    RiskWare.DontStealOurSoftware, C:\Windows\SYSTEM32\DRIVERS\ETC\HOSTS, Nenhuma ação do usuário, [5323], [353142],0.0.0
    PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk, Nenhuma ação do usuário, [717], [542290],1.0.8145
    PUP.Optional.WinYahoo.TskLnk, C:\USERS\GUILHERME\APPDATA\LOCAL\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HOWTOREMOVE\HOWTOREMOVE.HTML, Nenhuma ação do usuário, [717], [542290],1.0.8145
    PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\chromium-min.jpg, Nenhuma ação do usuário, [717], [542290],1.0.8145
    PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\control panel-min-min.JPG, Nenhuma ação do usuário, [717], [542290],1.0.8145
    PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\down.png, Nenhuma ação do usuário, [717], [542290],1.0.8145
    PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\ff menu.JPG, Nenhuma ação do usuário, [717], [542290],1.0.8145
    PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\ff search engine-min.png, Nenhuma ação do usuário, [717], [542290],1.0.8145
    PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\hp-min ff.png, Nenhuma ação do usuário, [717], [542290],1.0.8145
    PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\hp-min ie.png, Nenhuma ação do usuário, [717], [542290],1.0.8145
    PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\search engine.gif, Nenhuma ação do usuário, [717], [542290],1.0.8145
    PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\setup pages.gif, Nenhuma ação do usuário, [717], [542290],1.0.8145
    PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\sp-min.png, Nenhuma ação do usuário, [717], [542290],1.0.8145
    PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\start-min.jpg, Nenhuma ação do usuário, [717], [542290],1.0.8145
    PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\up.png, Nenhuma ação do usuário, [717], [542290],1.0.8145
    PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\cosicide, Nenhuma ação do usuário, [717], [542290],1.0.8145
    PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\uninst.exe, Nenhuma ação do usuário, [717], [542290],1.0.8145
    Adware.Linkury.TskLnk, C:\USERS\GUILHERME\APPDATA\LOCAL\INSTALLATIONCONFIGURATION.XML, Nenhuma ação do usuário, [14226], [444923],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, C:\USERS\GUILHERME\DESKTOP\Auslogics Disk Defrag Professional.lnk, Nenhuma ação do usuário, [3588], [380631],1.0.8145
    PUP.Optional.AuslogicsDiskDefrag, C:\PROGRAM FILES (X86)\AUSLOGICS\DISK DEFRAG PROFESSIONAL\DISKDEFRAGPRO.EXE, Nenhuma ação do usuário, [3588], [380631],1.0.8145
    Adware.Agent, C:\USERS\GUILHERME\APPDATA\ROAMING\Microsoft\Windows\Recent\DAEMON.Tools.Lite.10.5.1.230.lnk, Nenhuma ação do usuário, [101], [552648],1.0.8145
    Adware.Agent, C:\USERS\GUILHERME\DOWNLOADS\DAEMON.TOOLS.LITE.10.5.1.230.RAR, Nenhuma ação do usuário, [101], [552648],1.0.8145
    Adware.Agent, C:\PROGRAM FILES\DAEMON TOOLS LITE\PATCH-URET.RAR, Nenhuma ação do usuário, [101], [552648],1.0.8145
    Adware.Agent, C:\PROGRAM FILES\DAEMON TOOLS LITE\URET NFO V2.2.EXE, Nenhuma ação do usuário, [101], [552648],1.0.8145
    RiskWare.DontStealOurSoftware, C:\Windows\SYSTEM32\DRIVERS\ETC\HOSTS, Nenhuma ação do usuário, [5323], [353142],1.0.8145
    Generic.Malware/Suspicious, C:\USERS\GUILHERME\APPDATA\LOCAL\NTVHOST\INC.EXE, Nenhuma ação do usuário, [0], [392686],1.0.8145

    Setor físico: 0
    (Nenhum item malicioso detectado)

    Instrumentação do Windows (WMI): 0
    (Nenhum item malicioso detectado)


    (end)

     

     

    ====================

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:14:03, on 03/12/2018
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.17763.0001)
    Boot mode: Normal

    Running processes:
    C:\Users\Guilherme\AppData\Local\FluxSoftware\Flux\flux.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\IObit\Driver Booster\6.1.0\Scheduler.exe
    C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
    C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
    C:\Program Files (x86)\IObit\Driver Booster\6.1.0\Pub\PubMonitor.exe
    C:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10477_756_181126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-b2017702190a9a47
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll
    O4 - HKCU\..\Run: [f.lux] "C:\Users\Guilherme\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
    O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12032018180343528\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
    O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
    O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12032018180343856\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
    O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
    O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://*.webcompanion.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{2ff41a84-8e76-400d-a201-5918d65ccc02}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\..\{42ef69d4-1394-4acd-8f2a-707a32319128}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5e408d0b-ffd4-4266-8cb6-ee275fecf209}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\..\{5f1297f9-1f8d-47db-9255-21c09c38724b}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\..\{9db0df7d-85b8-4f72-9737-19b904cf801d}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\..\{cd576b97-ed0c-11e8-8536-806e6f6e6963}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\..\{d254fb69-c176-491e-b9e6-52f2ccc80ac1}: NameServer = 8.8.8.8
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8
    O17 - HKLM\System\CS1\Services\Tcpip\..\{2ff41a84-8e76-400d-a201-5918d65ccc02}: NameServer = 8.8.8.8
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8
    O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
    O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
    O23 - Service: CDB Service (CDBService) - Unknown owner - C:\Program Files (x86)\Cdb 1.0\srvcdb.exe
    O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
    O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NGUwOWQ2M - Unknown owner - C:\Program Files\NGUwOWQ2M\M2JlZjcy.exe
    O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
    O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @oem2.inf,%WirelessKB850NotificationSvcDisplayName%;Wireless Keyboard 850 Notification Service (WirelessKB850NotificationService) - Unknown owner - C:\Windows\system32\WirelessKB850NotificationService.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: YmFiZTYzYjIwODZl - Unknown owner - rundll32.exe (file missing)

    --
    End of file - 11605 bytes
     


  3. O ZHPCleaner infelizmente não encontrou nada. Seguem abaixo os LOGS

    ZHPCleaner Report

    ~ ZHPCleaner v2018.11.30.201 by Nicolas Coolman (2018/11/30)
    ~ Run by Guilherme (Administrator)  (03/12/2018 09:00:29)
    ~ Web: https://www.nicolascoolman.com
    ~ Blog: https://nicolascoolman.eu/
    ~ Facebook : https://www.facebook.com/nicolascoolman1
    ~ State version : Version OK
    ~ Certificate ZHPCleaner: Legal
    ~ Type : Scan
    ~ Report : C:\Users\Guilherme\Desktop\ZHPCleaner.txt
    ~ Quarantine : C:\Users\Guilherme\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
    ~ UAC : Activate
    ~ Boot Mode : Normal (Normal boot)
    Windows 10 Pro, 64-bit  (Build 17763)
    
    ---\  Alternate Data Stream (ADS). (0)
    ~ No malicious or unnecessary items found. (ADS)
    
    ---\  Services (0)
    ~ No malicious or unnecessary items found. (Service)
    
    ---\  Browser internet (0)
    ~ No malicious or unnecessary items found. (Browser)
    
    ---\  Hosts file (0)
    ~ No malicious or unnecessary items found. (Hosts)
    
    ---\  Scheduled automatic tasks. (0)
    ~ No malicious or unnecessary items found. (Task)
    
    ---\  Explorer ( File, Folder) (0)
    ~ No malicious or unnecessary items found. (Explorer)
    
    ---\  Registry ( Key, Value, Data) (0)
    ~ No malicious or unnecessary items found. (Register)
    
    ---\  Other deletions. (23)
    ~ Registry Keys Tracing deleted (23)
    ~ Remove the old reports ZHPCleaner. (0)
    
    ---\ Result of repair
    ~ Any repair made
    ~ Browser not found (Mozilla Firefox)
    ~ Browser not found (Internet Explorer)
    ~ Browser not found (Opera Software)
    
    ---\ Statistics
    ~ Items scanned : 25
    ~ Items found : 0
    ~ Items cancelled : 0
    ~ Items options : 12/12
    ~ Space saving (bytes) : 0
    ~ End of search in 00h00mn01s
    
    ---\  Reports (2)
    ZHPCleaner-[S]-03122018-08_59_09.txt
    ZHPCleaner-[S]-03122018-09_00_30.txt

     

    ========================

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 09:08:52, on 03/12/2018
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.17763.0001)
    Boot mode: Normal

    Running processes:
    C:\Users\Guilherme\AppData\Local\FluxSoftware\Flux\flux.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Glary Utilities 5\Integrator.exe
    C:\Users\Guilherme\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
    C:\Users\Guilherme\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe
    C:\Program Files (x86)\IObit\Driver Booster\6.1.0\Pub\PubMonitor.exe
    C:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10477_756_181126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-b2017702190a9a47
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll
    O4 - HKCU\..\Run: [f.lux] "C:\Users\Guilherme\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
    O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
    O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
    O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://*.webcompanion.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{d254fb69-c176-491e-b9e6-52f2ccc80ac1}: NameServer = 82.163.143.146,82.163.142.148
    O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
    O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
    O23 - Service: CDB Service (CDBService) - Unknown owner - C:\Program Files (x86)\Cdb 1.0\srvcdb.exe
    O23 - Service: CRMSvc - Unknown owner - C:\Users\Guilherme\AppData\Roaming\CRMSvc\CRMSvc.exe
    O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
    O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: COM+ Event Manager (EventSvc) - CloudBees, Inc. - C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NGUwOWQ2M - Unknown owner - C:\Program Files\NGUwOWQ2M\M2JlZjcy.exe
    O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
    O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    O23 - Service: System Manager (SysSvc) - CloudBees, Inc. - C:\Users\Guilherme\AppData\Local\NtvHost\syssvc.exe
    O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @oem2.inf,%WirelessKB850NotificationSvcDisplayName%;Wireless Keyboard 850 Notification Service (WirelessKB850NotificationService) - Unknown owner - C:\Windows\system32\WirelessKB850NotificationService.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10620 bytes
     

     


  4. OI pessoal, boa noite. Recentemente formatei o computador, instalei todos os programas essenciais e, nessas, peguei um vírus que o Avast indica, mas não consegue remover.

    O Google Chrome também está apresentando um monte de links de propagandas nos resultados de busca, antes mesmo dos anúncios patrocinados, e eu gostaria de poder tirar isso.

    Segui às instruções do post fixo e abaixo está o log para análise. 

    Citar

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 22:46:19, on 02/12/2018
    Platform: Unknown Windows (WinNT 6.02.1008)
    MSIE: Internet Explorer v11.0 (11.00.17763.0001)
    Boot mode: Normal

    Running processes:
    C:\Users\Guilherme\AppData\Local\FluxSoftware\Flux\flux.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10477_756_181126
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-b2017702190a9a47
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll
    O4 - HKCU\..\Run: [f.lux] "C:\Users\Guilherme\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
    O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
    O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun
    O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
    O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
    O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe
    O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
    O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: http://*.webcompanion.com
    O17 - HKLM\System\CCS\Services\Tcpip\..\{d254fb69-c176-491e-b9e6-52f2ccc80ac1}: NameServer = 82.163.143.146,82.163.142.148
    O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
    O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
    O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
    O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
    O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe
    O23 - Service: CDB Service (CDBService) - Unknown owner - C:\Program Files (x86)\Cdb 1.0\srvcdb.exe
    O23 - Service: CRMSvc - Unknown owner - C:\Users\Guilherme\AppData\Roaming\CRMSvc\CRMSvc.exe
    O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
    O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: COM+ Event Manager (EventSvc) - CloudBees, Inc. - C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: NGUwOWQ2M - Unknown owner - C:\Program Files\NGUwOWQ2M\M2JlZjcy.exe
    O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
    O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    O23 - Service: System Manager (SysSvc) - CloudBees, Inc. - C:\Users\Guilherme\AppData\Local\NtvHost\syssvc.exe
    O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @oem2.inf,%WirelessKB850NotificationSvcDisplayName%;Wireless Keyboard 850 Notification Service (WirelessKB850NotificationService) - Unknown owner - C:\Windows\system32\WirelessKB850NotificationService.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 10315 bytes

     

    Agradeço a gentileza de me auxiliarem. 

    Um bom domingo a todos.

    Atenciosamente


  5.  

    Zoek.exe v5.0.0.1 Updated 12-October-2015

    Tool run by JARDA on 13/10/2015 at 13:07:05,97.

    Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\JARDA\Desktop\zoek.exe    [scan all users] [script inserted] 

     

    ==== System Restore Info ======================

     

    13/10/2015 13:08:53 Zoek.exe System Restore Point Created Successfully.

     

    ==== Reset Hosts File ======================

     

    # Copyright © 1993-2006 Microsoft Corp. 


    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 


    # This file contains the mappings of IP addresses to host names. Each 

    # entry should be kept on an individual line. The IP address should 

    # be placed in the first column followed by the corresponding host name. 

    # The IP address and the host name should be separated by at least one 

    # space. 


    # Additionally, comments (such as these) may be inserted on individual 

    # lines or following the machine name denoted by a '#' symbol. 


    # For example: 


    #      102.54.94.97     rhino.acme.com          # source server 

    #       38.25.63.10     x.acme.com              # x client host 

     

    # localhost name resolution is handled within DNS itself. 

    127.0.0.1       localhost 

    ::1             localhost 

     

    ==== Empty Folders Check ======================

     

    C:\PROGRA~2\Hueber deleted successfully

    C:\PROGRA~2\Sony Mobile deleted successfully

    C:\Program Files\VideoLAN deleted successfully

    C:\Program Files\Common Files\AV deleted successfully

    C:\PROGRA~3\FLEXnet deleted successfully

    C:\PROGRA~3\Sony Mobile deleted successfully

    C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} deleted successfully

    C:\Users\HP\AppData\Roaming\Apple Computer deleted successfully

    C:\Users\JARDA\AppData\Roaming\hpqLog deleted successfully

    C:\Users\HP\AppData\Local\VirtualStore deleted successfully

    C:\Users\JARDA\AppData\Local\calibre-cache deleted successfully

    C:\Users\JARDA\AppData\Local\Downloaded Installations deleted successfully

    C:\Users\JARDA\AppData\Local\EmieBrowserModeList deleted successfully

    C:\Users\JARDA\AppData\Local\EmieSiteList deleted successfully

    C:\Users\JARDA\AppData\Local\EmieUserList deleted successfully

    C:\Users\Pri\AppData\Local\calibre-cache deleted successfully

    C:\Users\Pri\AppData\Local\EmieBrowserModeList deleted successfully

    C:\Users\Pri\AppData\Local\EmieSiteList deleted successfully

    C:\Users\Pri\AppData\Local\EmieUserList deleted successfully

     

    ==== Deleting CLSID Registry Keys ======================

     

    HKEY_USERS\S-1-5-21-3934306144-1224154063-1079240014-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{15B851AF-A4B9-43EF-97D3-28E1B4A5DB9B} deleted successfully

    HKEY_USERS\S-1-5-21-3934306144-1224154063-1079240014-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1902485B-CE75-42C1-BA2D-57E660793D9A} deleted successfully

    HKEY_USERS\S-1-5-21-3934306144-1224154063-1079240014-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0DACC63-037F-46EE-AC02-E4C7B0FBFEB4} deleted successfully

     

    ==== Deleting CLSID Registry Values ======================

     

     

    ==== Deleting Services ======================

     

     

    ==== Deleting Files \ Folders ======================

     

    C:\PROGRA~2\Hueber not found

    C:\PROGRA~2\Sony Mobile not found

    C:\PROGRA~3\{01BD4FC9-2F86-4706-A62E-774BB7E9D308} not found

    C:\PROGRA~2\Raptr deleted

    C:\Users\JARDA\AppData\Roaming\calibre deleted

    C:\uTorrent.exe deleted

    C:\windows\SysNative\Tasks\avastBCLRestartS-1-5-21-3934306144-1224154063-1079240014-1000 deleted

    C:\Windows\SysNative\config\systemprofile\Searches deleted

    C:\windows\SysNative\GroupPolicy\Machine deleted

    C:\windows\SysNative\GroupPolicy\User deleted

    C:\windows\SysNative\GroupPolicy\gpt.ini deleted

    C:\Users\Pri\AppData\Roaming\unins000.exe deleted

     

    ==== Firefox Extensions Registry ======================

     

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

    "wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [17/09/2015 16:32]

     

    ==== Chromium Look ======================

     

    Google Chrome Version: 45.0.2454.101

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

    efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[21/12/2013 03:04]

    eofcbnmajmjmplflapaojjnihcjkigck - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx[17/09/2015 16:32]

    gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[17/09/2015 16:32]

     

    Avast SafePrice - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

    Avast Online Security - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

    Chrome Hotword Shared Module - HP\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

    Readium - JARDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl

    Avast Online Security - JARDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki

    GBBD Guardião - Itaú 30 horas - JARDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg

    Chrome Hotword Shared Module - JARDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

    Avast SafePrice - Pri\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck

    Chrome Hotword Shared Module - Pri\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

     

    ==== Chromium Fix ======================

     

    C:\Users\Pri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully

    C:\Users\Pri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully

    C:\Users\Pri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully

    C:\Users\Pri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal deleted successfully

    C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully

    C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully

    C:\Users\JARDA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully

    C:\Users\JARDA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully

    C:\Users\JARDA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully

    C:\Users\JARDA\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully

    C:\Users\Pri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully

    C:\Users\Pri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully

    C:\Users\Pri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully

    C:\Users\Pri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully

    C:\Users\Pri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d1uwhu0fkvi771.cloudfront.net_0.localstorage deleted successfully

    C:\Users\Pri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d1uwhu0fkvi771.cloudfront.net_0.localstorage-journal deleted successfully

    C:\Users\Pri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage deleted successfully

    C:\Users\Pri\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_dsms0mj1bbhn4.cloudfront.net_0.localstorage-journal deleted successfully

     

    ==== Set IE to Default ======================

     

    Old Values:

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]

    "SearchAssistant"="http://www.google.com"

     

    New Values:

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]


     

    ==== All HKCU SearchScopes ======================

     

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

    "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

    {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

    {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"

     

    ==== Reset Google Chrome ======================

     

    C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

    C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully

    C:\Users\JARDA\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

    C:\Users\JARDA\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully

    C:\Users\Pri\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

    C:\Users\Pri\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully

    C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

    C:\Users\JARDA\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

    C:\Users\JARDA\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

    C:\Users\JARDA\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal.protect was reset successfully

    C:\Users\JARDA\AppData\Local\Google\Chrome\User Data\Default\Web Data.protect was reset successfully

    C:\Users\Pri\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

     

    ==== shortcuts on Users Desktops ======================

     

    C:\Users\HP\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\JARDA\Desktop\SGV.lnk - C:\SGV\INICIO.exe 

    C:\Users\JARDA\Desktop\SGV_agenda.lnk - C:\SGV\SGV_agenda.exe 

    C:\Users\JARDA\Desktop\SGV_internacao.lnk - C:\SGV\SGV_internacao.exe 

    C:\Users\Pri\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\Pri\Desktop\Navegador web em uma caixa.lnk - C:\Program Files (x86)\Sandboxie\Start.exe default_browser

     

    ==== shortcuts on All Users Desktop ======================

     

    C:\Users\Public\Desktop\Black & White 2.lnk - C:\Program Files (x86)\Lionhead Studios\Black & White 2\white.exe 

    C:\Users\Public\Desktop\HP Officejet Pro 8610.lnk - C:\Program Files (x86)\HP\HP Officejet Pro 8610\Bin\HP Officejet Pro 8610.exe -Start UDCDevicePage

     

    ==== shortcuts in Users Start Menu ======================

     

    C:\Users\JARDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\JARDA\AppData\Roaming\Dropbox\bin\Dropbox.exe /home

    C:\Users\JARDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Black & White 2™.lnk -  

    C:\Users\JARDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled\Dropbox.lnk - C:\Users\JARDA\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

    C:\Users\JARDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled\MEGAsync.lnk - C:\Users\JARDA\AppData\Local\MEGAsync\MEGAsync.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup-Disabled\Monitorar alertas de tinta - HP 8610.lnk - C:\Windows\system32\RunDll32.exe "C:\Program Files\HP\HP Officejet Pro 8610\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=CN474CW3N3;CONNECTION=USB;MONITOR=1;

     

    ==== shortcuts in All Users Start Menu ======================

     

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software\Avast Free antivírus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black & White 2\Black & White® 2.lnk -  

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black & White 2\Readme v1.1.lnk - C:\Program Files (x86)\Lionhead Studios\Black & White 2\readme_v1_1.txt 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black & White 2\Readme v1.2.lnk - C:\Program Files (x86)\Lionhead Studios\Black & White 2\readme_v1_2.txt 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black & White 2\Readme.lnk - C:\Program Files (x86)\Lionhead Studios\Black & White 2\readme.txt 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black & White 2\Register with EA.lnk - C:\Program Files (x86)\Lionhead Studios\Black & White 2\Support\EReg.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Black & White 2\Uninstall.lnk - C:\Program Files (x86)\InstallShield Installation Information\{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}\setup.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -  

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_60\bin\javacpl.exe -tab about

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -  

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -  

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins001.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\Silverlight.Configuration.exe 

     

    ==== shortcuts in Quick Launch ======================

     

    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

    C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

    C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

    C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

    C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

    C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

    C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 

    C:\Users\HP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Advanced PDF Editor.lnk - C:\Program Files (x86)\Foxit Software\Foxit Advanced PDF Editor\Foxit Advanced PDF Editor.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk - C:\Program Files (x86)\Glary Utilities 4\Integrator.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\70f62c6a7f1739bd\pinned.lnk - C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,Options_RunDLL 1

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\DAEMON Tools Lite.lnk - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome - Atalho.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -  

    C:\Users\Pri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\Pri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

    C:\Users\Pri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Navegador web em uma caixa.lnk - C:\Program Files\Sandboxie\Start.exe default_browser

    C:\Users\Pri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

    C:\Users\Pri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

    C:\Users\Pri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe 

    C:\Users\Pri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\Pri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe 

    C:\Users\Pri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 

    C:\Users\Pri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

    C:\Users\Pri\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -  

     

    ==== Reset IE Proxy ======================

     

    Value(s) before fix:

    "ProxyOverride"="*.local"

    "ProxyEnable"=dword:00000000

     

    Value(s) after fix:

    "ProxyEnable"=dword:00000000

     

    ==== Empty IE Cache ======================

     

    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\HP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\JARDA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\JARDA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    C:\Users\Pri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Pri\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

     

    ==== Empty FireFox Cache ======================

     

    No FireFox Profiles found

     

    ==== Empty Chrome Cache ======================

     

    C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

    C:\Users\JARDA\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

    C:\Users\Pri\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

     

    ==== Empty All Flash Cache ======================

     

    Flash Cache Emptied Successfully

     

    ==== Empty All Java Cache ======================

     

    Java Cache cleared successfully

     

    ==== C:\zoek_backup content ======================

     

    C:\zoek_backup (files=55 folders=9 3773729 bytes)

     

    ==== Empty Temp Folders ======================

     

    C:\Users\Default\AppData\Local\temp emptied successfully

    C:\Users\Default User\AppData\Local\temp emptied successfully

    C:\Users\HP\AppData\Local\temp emptied successfully

    C:\Users\JARDA\AppData\Local\Temp will be emptied at reboot

    C:\Users\Pri\AppData\Local\temp will be emptied at reboot

    C:\Users\Public\AppData\Local\temp emptied successfully

    C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

    C:\Windows\Temp will be emptied at reboot

     

    ==== After Reboot ======================

     

    ==== Empty Temp Folders ======================

     

    C:\Windows\Temp successfully emptied

    C:\Users\JARDA\AppData\Local\Temp successfully emptied

     

    ==== Empty Recycle Bin ======================

     

    C:\$RECYCLE.BIN successfully emptied

     

    ==== Deleting Files / Folders ======================

     

    "C:\Users\Pri\AppData\Local\temp\avastBCLTMP" deleted

     

    ==== EOF on 13/10/2015 at 13:42:09,95 ======================

     

     

     

     


    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 13:49:50, on 13/10/2015

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v11.0 (11.00.9600.18015)

    Boot mode: Normal

     

    Running processes:

    C:\Users\JARDA\Desktop\HijackThis.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

    O1 - Hosts: ::1 localhost

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll

    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll

    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

    O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

    O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html

    O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    O8 - Extra context menu item: Converter destino do link em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

    O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

    O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

    O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

    O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (file missing)

    O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (file missing)

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O15 - Trusted Zone: www.bancobrasil.com.br

    O15 - Trusted Zone: www14.bancobrasil.com.br

    O15 - Trusted Zone: www2.bancobrasil.com.br

    O15 - Trusted Zone: www.bb.com.br

    O15 - Trusted Zone: http://www.bb.com.br

    O15 - Trusted Zone: bankline.itau.com.br

    O15 - Trusted Zone: clickbanking.itau.com.br

    O15 - Trusted Zone: guardiao.itau.com.br

    O15 - Trusted Zone: www.itau.com.br

    O15 - Trusted Zone: http://www.itau.com.br

    O15 - Trusted Zone: *.itau.com.br

    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll (file missing)

    O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll (file missing)

    O23 - Service: ABBYY FineReader 12 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.12.0) - ABBYY Production LLC - C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe

    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

     

    --

    End of file - 10869 bytes

     


  6. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Malwarebytes

    Version: 7.6.4 (09.28.2015:1)

    OS: Windows 7 Ultimate x64

    Ran by JARDA on 13/10/2015 at 12:19:33,71

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

     

     

    ~~~ Services

     

    Successfully deleted: [service] bprotectex [Reboot required]

    Successfully deleted: [service] pcfapiutil [Reboot required]

     

     

     

    ~~~ Tasks

     

     

     

    ~~~ Registry Values

     

    Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant

     

     

     

    ~~~ Registry Keys

     

    Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer

     

     

     

    ~~~ Files

     

     

     

    ~~~ Folders

     

    Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers

     

     

     

    ~~~ Chrome

     

     

    [C:\Users\JARDA\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

     

    [C:\Users\JARDA\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

     

    [C:\Users\JARDA\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

     

    [C:\Users\JARDA\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

    []

     

     

     

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on 13/10/2015 at 12:26:38,73

    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

    # AdwCleaner v5.013 - Relatório criado 13/10/2015 às 12:11:58

    # Atualizado 09/10/2015 por Xplode

    # Banco de dados : 2015-10-09.3 [servidor]

    # Sistema operacional : Windows 7 Ultimate Service Pack 1 (x64)

    # Usuário : JARDA - JARDA-PC

    # Executando de : C:\Users\JARDA\Desktop\AdwCleaner.exe

    # Opção : Limpar


     

    ***** [ Serviços ] *****

     

    [-] Serviço Excluído : swdumon

     

    ***** [ Pastas ] *****

     

    [-] Pasta Excluído : C:\_acestream_cache_

    [-] Pasta Excluído : C:\ProgramData\AVG Security Toolbar

    [-] Pasta Excluído : C:\Users\JARDA\AppData\Local\slimware utilities inc

    [-] Pasta Excluído : C:\Users\JARDA\AppData\LocalLow\.acestream

    [-] Pasta Excluído : C:\Users\JARDA\AppData\Roaming\acestream

    [-] Pasta Excluído : C:\Users\JARDA\AppData\Roaming\.acestream

     

    ***** [ Arquivos ] *****

     

    [-] Arquivo Excluído : C:\Windows\SysNative\drivers\swdumon.sys

     

    ***** [ DLLs ] *****

     

     

    ***** [ Atalhos ] *****

     

     

    ***** [ Tarefas agendadas ] *****

     

     

    ***** [ Registro ] *****

     

    [-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending

    [-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced

    [-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing

    [-] Chave Excluída : HKCU\SOFTWARE\Classes\.acestream

    [-] Chave Excluída : HKCU\SOFTWARE\Classes\acestream

    [-] Chave Excluída : HKCU\SOFTWARE\Classes\MIME\Database\Content Type\application/x-acestream-plugin

    [-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}

    [-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}

    [-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}

    [-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

    [-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

    [-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

    [-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\CLSID\{056D528D-CE28-4194-9BA3-BA2E9197FF8C}

    [-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\CLSID\{05B38830-F4E9-4329-978B-1DD28605D202}

    [-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\CLSID\{0596C850-7BDD-4C9D-AFDF-873BE6890637}

    [-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}

    [-] Chave Excluída : HKU\.DEFAULT\Software\Avg Secure Update

    [-] Chave Excluída : HKCU\Software\Avg Secure Update

    [-] Chave Excluída : HKCU\Software\SlimWare Utilities Inc

    [-] Chave Excluída : HKLM\SOFTWARE\SlimWare Utilities Inc

    [!] Chave Não Excluída : [x64] HKCU\Software\Avg Secure Update

    [!] Chave Não Excluída : [x64] HKCU\Software\SlimWare Utilities Inc

     

    ***** [ Navegadores ] *****

     

    [-] [C:\Users\Pri\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Excluído : aol.com

    [-] [C:\Users\Pri\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Excluído : ask.com

    [-] [C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Excluído : aol.com

    [-] [C:\Users\HP\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Excluído : ask.com

     

    *************************

     

    :: Configurações Winsock restauradas

     

    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3574 bytes] ##########

     

     

     

    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 12:32:34, on 13/10/2015

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v11.0 (11.00.9600.18015)

    Boot mode: Normal

     

    Running processes:

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Users\JARDA\Desktop\HijackThis.exe

     

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

    O1 - Hosts: ::1 localhost

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll

    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll

    O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll

    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

    O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

    O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html

    O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    O8 - Extra context menu item: Converter destino do link em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

    O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

    O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

    O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

    O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (file missing)

    O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (file missing)

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O15 - Trusted Zone: www.bancobrasil.com.br

    O15 - Trusted Zone: www14.bancobrasil.com.br

    O15 - Trusted Zone: www2.bancobrasil.com.br

    O15 - Trusted Zone: www.bb.com.br

    O15 - Trusted Zone: http://www.bb.com.br

    O15 - Trusted Zone: bankline.itau.com.br

    O15 - Trusted Zone: clickbanking.itau.com.br

    O15 - Trusted Zone: guardiao.itau.com.br

    O15 - Trusted Zone: www.itau.com.br

    O15 - Trusted Zone: http://www.itau.com.br

    O15 - Trusted Zone: *.itau.com.br

    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll (file missing)

    O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll (file missing)

    O23 - Service: ABBYY FineReader 12 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.12.0) - ABBYY Production LLC - C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe

    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

     

    --

    End of file - 11297 bytes

  7. Log do Hijack

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:53:30, on 13/10/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.18015)
    Boot mode: Normal
     
    Running processes:
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\JARDA\Desktop\HijackThis.exe
     
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O1 - Hosts: ::1 localhost
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Converter destino do link em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (file missing)
    O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (file missing)
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: http://www.bb.com.br
    O15 - Trusted Zone: bankline.itau.com.br
    O15 - Trusted Zone: clickbanking.itau.com.br
    O15 - Trusted Zone: guardiao.itau.com.br
    O15 - Trusted Zone: www.itau.com.br
    O15 - Trusted Zone: http://www.itau.com.br
    O15 - Trusted Zone: *.itau.com.br
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll (file missing)
    O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll (file missing)
    O23 - Service: ABBYY FineReader 12 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.12.0) - ABBYY Production LLC - C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
     
    --
    End of file - 11263 bytes
     

     

     

     

     

     

    Log do Mbam

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Data da verificação: 13/10/2015
    Hora da verificação: 11:07
    Arquivo de registro: mbam.txt
    Administrador: Sim
     
    Versão: 2.2.0.1024
    Banco de dados de malware: v2015.10.13.04
    Banco de dados de rootkit: v2015.10.06.01
    Licença: Gratuita
    Proteção contra malware: Desabilitado
    Proteção contra website malicioso: Desabilitado
    Autoproteção: Desabilitado
     
    Sistema operacional: Windows 7 Service Pack 1
    CPU: x64
    Sistema de arquivos: NTFS
    Usuário: JARDA
     
    Tipo de verificação: Verificação da ameaça
    Resultado: Concluído
    Objetos verificados: 483060
    Tempo decorrido: 43 min, 38 seg
     
    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de arquivos: Habilitado
    Arquivos compactados: Habilitado
    Rootkits: Habilitado
    Verificação detalhada de rootkit: Habilitado
    Heurística: Habilitado
    PUP: Habilitado
    PUM: Habilitado
     
    Processos: 0
    (Nenhum item malicioso detectado)
     
    Módulos: 0
    (Nenhum item malicioso detectado)
     
    Chaves de registro: 0
    (Nenhum item malicioso detectado)
     
    Valores de registro: 0
    (Nenhum item malicioso detectado)
     
    Dados de registro: 0
    (Nenhum item malicioso detectado)
     
    Pastas: 0
    (Nenhum item malicioso detectado)
     
    Arquivos: 0
    (Nenhum item malicioso detectado)
     
    Setores físicos: 0
    (Nenhum item malicioso detectado)
     
     
    (end)

  8. Salve nação!

     

    Comprei meu notebook há 2 anos e era uma maravilha. Agora ele esta extremamente lento, seja no iniciar ou na operação mesmo de programas. Sem falar que sempre ficam rodando vários processos que não sei o que são. 

     

    Estou limpando ele todo, desinstalando tudo e deixando apenas os programas essenciais para mim. 

     

    Segue LOG.

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:14:49, on 13/10/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.18015)
    Boot mode: Normal
     
    Running processes:
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\JARDA\Desktop\HijackThis.exe
     
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O1 - Hosts: ::1 localhost
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
    O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Converter destino do link em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (file missing)
    O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe (file missing)
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: http://www.bb.com.br
    O15 - Trusted Zone: bankline.itau.com.br
    O15 - Trusted Zone: clickbanking.itau.com.br
    O15 - Trusted Zone: guardiao.itau.com.br
    O15 - Trusted Zone: www.itau.com.br
    O15 - Trusted Zone: http://www.itau.com.br
    O15 - Trusted Zone: *.itau.com.br
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll (file missing)
    O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll (file missing)
    O23 - Service: ABBYY FineReader 12 PE Licensing Service (ABBYY.Licensing.FineReader.Professional.12.0) - ABBYY Production LLC - C:\Program Files (x86)\ABBYY FineReader 12\NetworkLicenseServer.exe
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
     
    --
    End of file - 11383 bytes
     

  9.  

    Zoek.exe v5.0.0.0 Updated 04-May-2015

    Tool run by SGV on 22/05/2015 at 10:20:42,84.

    Microsoft Windows 7 Home Basic  6.1.7601 Service Pack 1 x64

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\SGV\Downloads\zoek.exe [scan all users] [script inserted] 

     

    ==== System Restore Info ======================

     

    22/05/2015 10:21:25 Zoek.exe System Restore Point Created Successfully.

     

    ==== Reset Hosts File ======================

     

    # Copyright © 1993-2006 Microsoft Corp. 


    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 


    # This file contains the mappings of IP addresses to host names. Each 

    # entry should be kept on an individual line. The IP address should 

    # be placed in the first column followed by the corresponding host name. 

    # The IP address and the host name should be separated by at least one 

    # space. 


    # Additionally, comments (such as these) may be inserted on individual 

    # lines or following the machine name denoted by a '#' symbol. 


    # For example: 


    #      102.54.94.97     rhino.acme.com          # source server 

    #       38.25.63.10     x.acme.com              # x client host 

     

    # localhost name resolution is handled within DNS itself. 

    127.0.0.1       localhost 

    ::1             localhost 

     

    ==== Empty Folders Check ======================

     

    C:\PROGRA~2\AdobVViewEr deleted successfully

    C:\PROGRA~2\Foxit Software deleted successfully

    C:\PROGRA~2\FreeTime deleted successfully

    C:\PROGRA~2\MSXML 4.0 deleted successfully

    C:\PROGRA~2\Programas RFB deleted successfully

    C:\PROGRA~2\VideoLAN deleted successfully

    C:\PROGRA~2\COMMON~1\Symantec Shared deleted successfully

    C:\Program Files\003 deleted successfully

    C:\PROGRA~3\AdobVViewEr deleted successfully

    C:\PROGRA~3\Oracle deleted successfully

    C:\Users\Administrador\AppData\Roaming\HpUpdate deleted successfully

    C:\Users\SGV\AppData\Roaming\Dev-Cpp deleted successfully

    C:\Users\SGV\AppData\Roaming\Positivo deleted successfully

    C:\Users\SGV\AppData\Roaming\TP deleted successfully

    C:\Users\ProjetoRH\AppData\Local\VirtualStore deleted successfully

    C:\Users\SGV\AppData\Local\CrashDumps deleted successfully

    C:\Users\SGV\AppData\Local\WinAVI deleted successfully

     

    ==== Deleting CLSID Registry Keys ======================

     

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1066BECF-355B-427D-8EF2-C88B3EE7F4} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DCA2209-7BA1-49EB-8A39-20563AB2058} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{20D8057C-31B5-49D7-A3B0-CFB646CF6B7} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{254B6B64-C78F-43B4-991-ADDCCD1E8ED2} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2BD23E16-FFE-4C57-8BE5-5694CBFAB870} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{55FC8246-19C9-41A8-A0CE-971B31314CD0} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{661E0E97-3FF8-4641-BD43-F44A1720468D} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{69C46835-2837-42F2-A8E8-82BEBFEE5E7} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6EE18387-2B43-4815-8A43-21E05DADE237} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7D40B895-175F-4289-A419-649D3957933} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7DE3A3AF-2C25-4B01-ABD-FE8762CC888} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{84CFD3A6-2B7B-4BCF-80EA-5F83D327B64B} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86246C92-4BF6-4A7B-823E-4081A06BD819} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{86F926CD-F56C-4840-BAEC-6381E0825CD} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C1FFB713-CCC9-4C9C-BFD2-5BC1894AF04E} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D44C8C0F-1691-42E2-A5DE-682943CDFDD} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{D709D446-2EC6-41F7-A79F-3F83CD71F76D} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E25EA518-7546-4B0B-9780-3B7561392F4} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E262280C-2BE4-482C-8742-DA2EC2C49FCA} deleted successfully

    HKEY_USERS\S-1-5-21-990849809-1293060789-3432954062-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EBBF4E6F-6499-486E-B444-C556620C0AF} deleted successfully

     

    ==== Deleting CLSID Registry Values ======================

     

     

    ==== Deleting Services ======================

     

     

    ==== Deleting Files \ Folders ======================

     

    C:\PROGRA~2\AdobVViewEr not found

    C:\PROGRA~2\Foxit Software not found

    C:\PROGRA~2\FreeTime not found

    C:\PROGRA~2\Programas RFB not found

    C:\PROGRA~2\VideoLAN not found

    C:\Users\SGV\AppData\Local\Packages\windows_ie_ac_001\AC\{98535A44-C4B4-BB89-EE9F-9E5171F01953} deleted

    C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{81473382-278D-BAB9-2F0E-C6AD8FAE9431} deleted

    C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{98903B68-E457-0861-8F23-E4DA7701645E} deleted

    C:\Windows\SysNative\config\systemprofile\AppData\Local\Packages\windows_ie_ac_001\AC\{F1E02F3C-2C92-4ACD-DB6D-BA559129EFCD} deleted

    C:\Users\SGV\.android deleted

    C:\PROGRA~2\74B569D3-F7FC-4C64-ABA2-63D320FCA1C5 deleted

    C:\PROGRA~2\COMMON~1\Wondershare deleted

    C:\ccsetup505_slim.exe deleted

    C:\Users\Administrador\AppData\Roaming\WB.CFG deleted

    C:\Users\SGV\AppData\Roaming\WB.CFG deleted

    C:\Users\SGV\AppData\Roaming\GoldenGate deleted

    C:\PROGRA~3\FileSplitUpLoad.dll deleted

    C:\PROGRA~3\Package Cache deleted

    C:\Users\Administrador\AppData\Local\Wondershare deleted

    C:\Users\SGV\AppData\Local\dPdf.dll deleted

    C:\Users\SGV\AppData\Local\MLT.dll deleted

    C:\Users\SGV\AppData\Local\Wondershare deleted

    C:\Users\SGV\AppData\Local\cache deleted

    C:\Users\SGV\AppData\Local\CrashRpt deleted

    C:\Users\SGV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

    C:\Users\SGV\AppData\LocalLow\Company deleted

    C:\Windows\SysNative\config\systemprofile\Searches deleted

    C:\windows\SysNative\GroupPolicy\Machine deleted

    C:\windows\SysNative\GroupPolicy\User deleted

    C:\windows\SysNative\GroupPolicy\GPT.INI deleted

    C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted

    C:\Windows\Syswow64\InstallUtil.InstallLog deleted

    C:\Users\SGV\AppData\Roaming\unins000.exe deleted

    C:\Users\SGV\AppData\Local\ctfmo.exe deleted

    "C:\PROGRA~3\mbbfmjolflkfhdlemckngckadbiengpc\mbbfmjolflkfhdlemckngckadbiengpc.crx" deleted

    "C:\PROGRA~3\mbbfmjolflkfhdlemckngckadbiengpc\update.xml" deleted

    "C:\PROGRA~3\mbbfmjolflkfhdlemckngckadbiengpc" deleted

     

    ==== Chromium Look ======================

     

    Google Chrome Version: 32.0.1700.102

     

     

    GBBD Guardi\u00E3o - Ita\u00FA 30 horas - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg

    GBBD Guardi\u00E3o - Ita\u00FA 30 horas - SGV\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg

    Funmoods - SGV\AppData\Local\Spark\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

    DealPly - SGV\AppData\Local\Spark\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje

    Wajam - SGV\AppData\Local\Spark\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

    GBBD Banco do Brasil - SGV\AppData\Local\Spark\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh

    dealpueAk - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaahpabodffkeoojbhljkihbdiaaecm

    Movies Toolbar - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic

    Funmoods - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh

    DealPly - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje

    Wajam - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp

    monarimo - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddnmiapnebnigndlhckmlnkojnmcjdj

    AdobVViewEr - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbbfmjolflkfhdlemckngckadbiengpc

    Plus-HD-V1.6 - SGV\AppData\Roaming\Opera Software\Opera Stable\Extensions\jgielablfighaafogapfgpnlieaajbgk

     

    ==== Chromium Startpages ======================

     

    C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Preferences

    "homepage": "

     

     

    ==== Chromium Fix ======================

     

    C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage deleted successfully

    C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_www.superfish.com_0.localstorage-journal deleted successfully

    C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully

    C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully

    C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_banners.adultfriendfinder.com_0.localstorage deleted successfully

    C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_banners.adultfriendfinder.com_0.localstorage-journal deleted successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\mbbfmjolflkfhdlemckngckadbiengpc deleted successfully

    C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mbbfmjolflkfhdlemckngckadbiengpc_0.localstorage deleted successfully

    C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mbbfmjolflkfhdlemckngckadbiengpc_0.localstorage-journal deleted successfully

    C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mbbfmjolflkfhdlemckngckadbiengpc_0.localstorage deleted successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mbbfmjolflkfhdlemckngckadbiengpc_0.localstorage deleted successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mbbfmjolflkfhdlemckngckadbiengpc_0.localstorage-journal deleted successfully

    C:\Users\SGV\AppData\Local\Spark\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp deleted successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp deleted successfully

    C:\Users\SGV\AppData\Local\Spark\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh deleted successfully

    C:\Users\SGV\AppData\Roaming\Opera Software\Opera Stable\Extensions\jgielablfighaafogapfgpnlieaajbgk deleted successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaimdcedbpbcjjbbnfcbbjcngmomic deleted successfully

    C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aaaaimdcedbpbcjjbbnfcbbjcngmomic deleted successfully

    C:\Users\SGV\AppData\Local\Spark\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje deleted successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaahpabodffkeoojbhljkihbdiaaecm deleted successfully

    C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaahpabodffkeoojbhljkihbdiaaecm_0.localstorage deleted successfully

    C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaahpabodffkeoojbhljkihbdiaaecm_0.localstorage-journal deleted successfully

    C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aaaahpabodffkeoojbhljkihbdiaaecm_0.localstorage deleted successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\lddnmiapnebnigndlhckmlnkojnmcjdj deleted successfully

     

    ==== Set IE to Default ======================

     

    Old Values:

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]


    "Start Default_Page_URL"="http://www.google.com"

    "Default_Search_URL"="http://www.google.com"

    "Use Search Asst"="yes"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]






    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]






    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

    "Default_Search_URL"="http://www.google.com"


    "Search Page"="http://www.google.com"

    "Start Default_Page_URL"="http://www.google.com"


    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

    "Default_Search_URL"="http://www.google.com"


    "Search Page"="http://www.google.com"

    "Start Default_Page_URL"="http://www.google.com"


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]


    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]

    "Default"="www.google.com"

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]

    "Default"="www.google.com"

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]

    "(Default)"="www.google.com"

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]

    "(Default)"="www.google.com/"

    "Default"="www.google.com"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]






    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]






    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]


    "Start Default_Page_URL"="http://www.google.com/"

    "Default_Search_URL"="http://www.google.com/"





    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]


    "Start Default_Page_URL"="http://www.google.com/"

    "Default_Search_URL"="http://www.google.com/"





    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]


    "Start Default_Page_URL"="http://www.google.com/"



     

    New Values:

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]




    "Use Search Asst"="no"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Main]






    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Main]






    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]






    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]






    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchUrl]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\SearchURI]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchUrl]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\SearchURI]


    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]


    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]


    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURI]


    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]


    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]

    "Tabs"="about:newtab"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]

    "Tabs"="about:newtab"

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Software\Microsoft\Internet Explorer\Search]






    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Software\Microsoft\Internet Explorer\Search]






    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]








    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]








    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]





     

    ==== All HKCU SearchScopes ======================

     

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

    "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

    {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

    {DE25899A-4172-48FC-B542-786B12ED4D2B} Google  Url="https://www.google.com/search?q={searchTerms}"

     

    ==== Reset Google Chrome ======================

     

    C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

    C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Preferences.bad was reset successfully

    C:\Users\SGV\AppData\Local\Spark\User Data\Default\Preferences was reset successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

    C:\Users\SGV\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully

    C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

    C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

    C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

    C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal.protect was reset successfully

    C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Web Data.protect was reset successfully

    C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Web Data.temp was reset successfully

    C:\Users\SGV\AppData\Local\Spark\User Data\Default\Web Data was reset successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal.protect was reset successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Web Data.protect was reset successfully

    C:\Users\SGV\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully

     

    ==== shortcuts on Users Desktops ======================

     

    C:\Users\ProjetoRH\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\SGV\Desktop\INICIO imprimir certo - Atalho.lnk - \\Sgv-PC\sgv\INICIO imprimir certo.exe 

    C:\Users\SGV\Desktop\VETERINARIOS_VITORIA - Atalho.lnk -  

     

    ==== shortcuts on All Users Desktop ======================

     

    C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 

    C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 

     

    ==== shortcuts in All Users Start Menu ======================

     

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe 

     

    ==== shortcuts in Quick Launch ======================

     

    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

    C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

    C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

    C:\Users\ProjetoRH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\ProjetoRH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

    C:\Users\ProjetoRH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

    C:\Users\ProjetoRH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

    C:\Users\ProjetoRH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\ProjetoRH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

    C:\Users\ProjetoRH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 

    C:\Users\ProjetoRH\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

    C:\Users\SGV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Program Files (x86)\BitTorrent\BitTorrent.exe 

    C:\Users\SGV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\SGV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

    C:\Users\SGV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle

    C:\Users\SGV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MP3 Rocket 6.4.6.lnk - C:\Users\SGV\Desktop\gisele\MP3 Rocket\MP3Rocket.exe 

    C:\Users\SGV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

    C:\Users\SGV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

    C:\Users\SGV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe 

    C:\Users\SGV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\Windows\system32\calc.exe 

    C:\Users\SGV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Word 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-0000-0000000FF1CE}\wordicon.exe 

    C:\Users\SGV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe 

    C:\Users\SGV\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

    C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

     

    ==== Reset IE Proxy ======================

     

    Value(s) before fix:

    "ProxyEnable"=dword:00000000

     

    Value(s) after fix:

    "ProxyEnable"=dword:00000000

     

    ==== Deleting Registry Keys ======================

     

    HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

    HKEY_CURRENT_USER\Software\Policies\Google deleted successfully

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HotKeysCmds deleted successfully

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray deleted successfully

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence deleted successfully

     

    ==== Empty IE Cache ======================

     

    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\ProjetoRH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\ProjetoRH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    C:\Users\SGV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\SGV\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

     

    ==== Empty FireFox Cache ======================

     

    No FireFox Profiles found

     

    ==== Empty Chrome Cache ======================

     

    C:\Users\SGV\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully

    C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

    C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

    C:\Users\SGV\AppData\Local\Spark\User Data\Default\Cache emptied successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

     

    ==== Empty All Flash Cache ======================

     

    Flash Cache Emptied Successfully

     

    ==== Empty All Java Cache ======================

     

    Java Cache cleared successfully

     

    ==== C:\zoek_backup content ======================

     

    C:\zoek_backup (files=531 folders=162 122168029 bytes)

     

    ==== Empty Temp Folders ======================

     

    C:\Users\Administrador\AppData\Local\temp emptied successfully

    C:\Users\Default\AppData\Local\temp emptied successfully

    C:\Users\Default User\AppData\Local\temp emptied successfully

    C:\Users\ProjetoRH\AppData\Local\temp emptied successfully

    C:\Users\Public\AppData\Local\temp emptied successfully

    C:\Users\SGV\AppData\Local\Temp will be emptied at reboot

    C:\Users\USURIO~1\AppData\Local\temp emptied successfully

    C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

    C:\Windows\Temp will be emptied at reboot

     

    ==== After Reboot ======================

     

    ==== Empty Temp Folders ======================

     

    C:\Windows\Temp successfully emptied

    C:\Users\SGV\AppData\Local\Temp successfully emptied

     

    ==== Empty Recycle Bin ======================

     

    C:\$RECYCLE.BIN successfully emptied

     

    ==== EOF on 22/05/2015 at 10:38:22,79 ======================

     

     

     

     


    Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 10:48:30, on 22/05/2015

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v11.0 (11.00.9600.17801)

    Boot mode: Normal

     

    Running processes:

    C:\PROGRA~2\GbPlugin\GbpSv.exe

    C:\Program Files\AVAST Software\Avast\AvastUI.exe

    C:\Users\SGV\Desktop\HijackThis.exe

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

    O1 - Hosts: ::1 localhost

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

    O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll' missing

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O15 - Trusted Zone: www.bancobrasil.com.br

    O15 - Trusted Zone: www14.bancobrasil.com.br

    O15 - Trusted Zone: www2.bancobrasil.com.br

    O15 - Trusted Zone: www.bb.com.br

    O15 - Trusted Zone: bankline.itau.com.br

    O15 - Trusted Zone: clickbanking.itau.com.br

    O15 - Trusted Zone: guardiao.itau.com.br

    O15 - Trusted Zone: www.itau.com.br

    O15 - Trusted Zone: *.itau.com.br

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

    O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

     

    --

    End of file - 8058 bytes

     


     


  10. ComboFix 15-05-19.01 - SGV 20/05/2015  15:48:36.2.4 - x64
    Microsoft Windows 7 Home Basic   6.1.7601.1.1252.55.1046.18.3831.2175 [GMT -3:00]
    Executando de: c:\users\SGV\Desktop\ComboFix.exe
    Comandos utilizados :: c:\users\SGV\Desktop\CFScript.txt
    AV: avast! antivírus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    SP: avast! antivírus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    FILE ::
    "c:\arquivos de programas\Baidu Security\Baidu antivírus\BavShx.dll"
    "c:\arquivos de programas\Baidu Security\Baidu antivírus\BavTray.exe"
    "c:\arquivos de programas\Baidu Security\Baidu antivírus\BdCameraProtect.sys"
    "c:\program files (x86)\Baidu-Security-2014-4.4.4.73687\Baidu antivíru\BdCameraProtect64.sys"
    "c:\program files (x86)\Baidu Security\Baidu antivírus\BdApiUtil64.sys"
    "c:\program files (x86)\Baidu Security\Baidu antivírus\BdCameraProtect64.sys"
    "c:\program files (x86)\Baidu Security\Baidu antivírus\Spring64.sys"
    "c:\program files (x86)\Baidu Security\MoboMarket\1.2.8.3611\badbclt.dll"
    "c:\program files (x86)\Baidu Security\MoboMarket\1.2.8.3611\bas_helper.exe"
    "c:\program files (x86)\Baidu Security\MoboMarket\1.2.8.3611\bas_helper_log.txt"
    "c:\program files (x86)\Baidu Security\MoboMarket\1.2.8.3611\bassvc.exe"
    "c:\program files (x86)\Baidu Security\MoboMarket\1.2.8.3611\bdevconn.dll"
    "c:\program files (x86)\Baidu Security\MoboMarket\1.2.8.3611\Data\biapkup.dat.tmp"
    "c:\program files (x86)\Baidu Security\MoboMarket\1.2.8.3611\Data\DevConn.ini"
    "c:\program files (x86)\Baidu Security\MoboMarket\1.2.8.3611\DataReport.dll"
    "c:\program files (x86)\Baidu Security\MoboMarket\1.2.8.3611\DirectUI.dll"
    "c:\program files (x86)\Baidu Security\MoboMarket\1.2.8.3611\log.dll"
    "c:\program files (x86)\Baidu Security\MoboMarket\1.2.8.3611\skiax.dll"
    "c:\program files (x86)\Baidu Security\MoboMarket\1.2.8.3611\zlib1.dll"
    "c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys"
    "c:\program files (x86)\baidu\Spark\sparkservice.exe"
    "c:\program files (x86)\Baidu\SparkUpdate\Sparkupdate.exe"
    "c:\program files (x86)\PC Faster\5.1.0.0\PCFasterSvc.exe"
    "c:\program files (x86)\PSafe\PSafeCategoryFinder.exe"
    "c:\program files (x86)\PSafe\PSafesvc.exe"
    "c:\program files (x86)\PSafe\PSafeWD.exe"
    "c:\program files\Baidu-Security-2014-4.4.4.82804\Baidu antivírus\BAVSvc.exe"
    "c:\program files\Baidu-Security-2014-4.4.4.82804\Baidu antivírus\BHipsSvc.exe"
    "c:\program files\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil.sys"
    "c:\program files\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe"
    "c:\windows\system32\drivers\bnbasex64.sys"
    "c:\windows\system32\drivers\BprotectEx.sys"
    "c:\windows\System32\drivers\Bfilter.sys"
    "c:\windows\System32\drivers\Bfmon.sys"
    "c:\windows\System32\drivers\Bhbase.sys"
    "c:\windows\System32\drivers\BHipsEx.sys"
    "c:\windows\system32\drivers\bnbasex64.sys"
    "c:\windows\System32\drivers\bndef.sys"
    "c:\windows\System32\drivers\bndef64.sys"
    "c:\windows\System32\drivers\Bprotect.sys"
    "c:\windows\System32\drivers\BprotectEx.sys"
    "c:\windows\System32\drivers\BprotectEx.sys;c:\windows\system32\drivers\BprotectEx.sys"
    "c:\windows\system32\DRIVERS\mvavpd.sys"
    .
    .
    (((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Drivers/Serviços   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_BAIDU_PC_FASTER_FILESHREDDER
    -------\Legacy_BDAPIUTIL
    -------\Legacy_BFILTER
    -------\Legacy_BFMON
    -------\Legacy_BNBASE
    -------\Legacy_BNDEF
    -------\Legacy_BPROTECT
    -------\Legacy_BPROTECTEX
    -------\Legacy_PCFAPIUTIL
    -------\Legacy_SPRING
    -------\Service_Baidu PC Faster FileShredder
    -------\Service_Bfilter
    -------\Service_Bfmon
    -------\Service_Bnbase
    -------\Service_Bndef
    -------\Service_Bprotect
    -------\Service_BprotectEx
    -------\Service_PCFApiUtil
    .
    .
    ((((((((((((((((   Arquivos/Ficheiros criados de 2015-04-22 to 2015-05-22  ))))))))))))))))))))))))))))
    .
    .
    2015-05-21 03:44 . 2015-05-21 03:44 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E74D8CE-93F0-485C-A19B-54C474710B53}\offreg.2300.dll
    2015-05-20 19:06 . 2015-05-20 19:06 -------- d-----w- c:\users\ProjetoRH\AppData\Local\temp
    2015-05-20 19:06 . 2015-05-20 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp
    2015-05-20 19:06 . 2015-05-20 19:06 -------- d-----w- c:\users\Administrador\AppData\Local\temp
    2015-05-20 19:02 . 2015-05-20 19:02 0 ----a-w- c:\windows\SysWow64\drivers\tcpv6srv.sys
    2015-05-20 17:04 . 2015-05-20 17:04 -------- d-----w- C:\RegBackup
    2015-05-20 16:58 . 2015-05-20 17:01 -------- d-----w- C:\AdwCleaner
    2015-05-20 14:42 . 2015-05-20 14:44 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2015-05-20 14:41 . 2015-05-20 14:41 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2015-05-20 14:41 . 2015-04-14 12:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2015-05-20 14:41 . 2015-04-14 12:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2015-05-20 14:41 . 2015-04-14 12:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2015-05-20 14:40 . 2015-05-20 14:40 -------- d-----w- c:\programdata\Malwarebytes
    2015-05-20 13:55 . 2015-05-20 13:55 323290 ----a-w- C:\cc_20150520_105534.reg
    2015-05-20 13:52 . 2015-05-20 13:53 -------- d-----w- c:\program files\CCleaner
    2015-05-20 13:51 . 2015-05-20 13:51 5248848 ----a-w- C:\ccsetup505_slim.exe
    2015-05-19 08:42 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E74D8CE-93F0-485C-A19B-54C474710B53}\mpengine.dll
    2015-05-18 18:29 . 2015-05-18 18:29 38104 ----a-w- c:\windows\system32\WinDivert64.sys
    2015-05-18 18:29 . 2015-05-18 18:29 34104 ----a-w- c:\windows\system32\WinDivert.dll
    2015-05-18 18:17 . 2015-05-18 18:17 -------- d--h--w- c:\program files (x86)\GAS Tecnologia
    2015-05-18 18:17 . 2015-05-18 18:17 -------- d--h--w- c:\program files (x86)\Diebold
    2015-05-18 15:37 . 2015-05-18 15:37 -------- d-----w- c:\program files\Diebold
    2015-05-13 13:03 . 2015-04-22 01:48 235208 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
    2015-05-13 13:02 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll
    2015-05-13 12:56 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-05-13 12:56 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
    2015-05-06 14:54 . 2015-05-21 06:00 -------- d-s---w- c:\windows\SysWow64\GWX
    2015-05-06 14:54 . 2015-05-21 06:00 -------- d-s---w- c:\windows\system32\GWX
    2015-04-27 15:56 . 2015-04-27 15:56 -------- d-----w- c:\program files (x86)\Common Files\Skype
    2015-04-27 15:56 . 2015-04-27 15:56 -------- d-----r- c:\program files (x86)\Skype
    2015-04-27 15:12 . 2015-03-10 03:25 1882624 ----a-w- c:\windows\system32\msxml3.dll
    2015-04-27 15:12 . 2015-03-10 03:21 2048 ----a-w- c:\windows\system32\msxml3r.dll
    2015-04-27 15:12 . 2015-03-10 03:08 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
    2015-04-27 15:12 . 2015-03-10 03:05 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
    2015-04-27 15:12 . 2015-02-25 03:18 754688 ----a-w- c:\windows\system32\drivers\http.sys
    2015-04-27 15:05 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
    2015-04-27 15:05 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
    2015-04-27 15:05 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2015-05-13 13:04 . 2013-01-07 16:39 140425016 ----a-w- c:\windows\system32\MRT.exe
    2015-04-27 19:04 . 2015-05-13 13:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2015-04-27 15:34 . 2013-02-26 12:34 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2015-04-27 15:34 . 2013-02-26 12:34 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2015-04-13 21:33 . 2015-05-18 18:18 1864 ----a-w- c:\windows\Fonts\dbldwrsw.ttf
    2015-03-04 04:41 . 2015-05-13 13:02 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
    2015-03-04 04:41 . 2015-05-13 13:02 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
    2015-03-04 04:10 . 2015-05-13 13:02 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
    2015-03-04 04:10 . 2015-05-13 13:02 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
    2015-03-04 04:06 . 2015-05-13 13:02 2560 ----a-w- c:\windows\apppatch\AcRes.dll
    2015-02-24 07:17 . 2012-06-04 13:00 295552 ------w- c:\windows\system32\MpSigStub.exe
    .
    .
    ((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))
    .
    .
    *Nota* entradas vazias e legítimas por padrão não são apresentadas. 
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-15 4086432]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files (x86)\GBPLUGIN\gbiehuni.dll" [2014-05-05 1586744]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]
    2014-06-26 20:21 1746984 ------w- c:\program files (x86)\GbPlugin\gbieh.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]
    2014-05-05 11:39 1586744 ------w- c:\program files (x86)\GbPlugin\gbiehuni.dll
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=1 (0x1)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AutoUpdateDisableNotify"=dword:00000001
    .
    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys;c:\windows\SYSNATIVE\drivers\GbpKm.sys [x]
    R1 badriver;badriver;c:\windows\system32\drivers\badriver.sys;c:\windows\SYSNATIVE\drivers\badriver.sys [x]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
    R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]
    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]
    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]
    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    S0 aswRvrt;avast! Revert; [x]
    S0 aswVmm;avast! VM Monitor; [x]
    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
    S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
    S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
    S2 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe;c:\program files\Diebold\Warsaw\core.exe [x]
    S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]
    S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
    S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
    S4 WinDivert1.1;WinDivert1.1;c:\program files\Diebold\Warsaw\WinDivert64.sys;c:\program files\Diebold\Warsaw\WinDivert64.sys [x]
    .
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
    2014-01-30 20:59 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe
    .
    Conteúdo da pasta 'Tarefas Agendadas'
    .
    2015-05-21 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 15:34]
    .
    2015-05-22 c:\windows\Tasks\GlaryInitialize.job
    - c:\program files (x86)\Glary Utilities\initialize.exe [2013-01-10 15:10]
    .
    2015-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-30 20:58]
    .
    2015-05-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-30 20:58]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2014-09-15 18:25 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
    .
    ------- Scan Suplementar -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com.br/
    uDefault_Search_URL = hxxp://www.google.com
    mDefault_Search_URL = hxxp://www.google.com
    mDefault_Page_URL = about:blank
    mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
    mLocal Page = c:\windows\SysWOW64\blank.htm
    mSearch Page = hxxp://www.google.com
    mSearch Bar = hxxp://www.google.com
    uSearchAssistant = www.google.com
    mCustomizeSearch = hxxp://www.bing.com/search?q={searchTerms}
    mSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}
    Trusted Zone: bancobrasil.com.br\www
    Trusted Zone: bancobrasil.com.br\www14
    Trusted Zone: bancobrasil.com.br\www2
    Trusted Zone: bb.com.br\www
    Trusted Zone: itau.com.br
    Trusted Zone: itau.com.br\bankline
    Trusted Zone: itau.com.br\clickbanking
    Trusted Zone: itau.com.br\guardiao
    Trusted Zone: itau.com.br\www
    TCP: DhcpNameServer = 192.168.8.1
    .
    - - - - ORFÃOS REMOVIDOS - - - -
    .
    Toolbar-Locked - (no file)
    Toolbar-10 - (no file)
    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
    .
    .
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]
    "ImagePath"="\"c:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files (x86)\MySQL\MySQL Server 5.1\my.ini\" MySQL"
    .
    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,2b,63,16,3c,ae,17,46,97,ae,69,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,2b,63,16,3c,ae,17,46,97,ae,69,\
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
    @Denied: (2) (LocalSystem)
    "Progid"="ChromeHTML"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.17"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
    @Denied: (A) (Everyone)
    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
    @Denied: (A) (Everyone)
    .
    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
    "Key"="ActionsPane3"
    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
    @Denied: (A) (Users)
    @Denied: (A) (Everyone)
    @Allowed: (B 1 2 3 4 5) (S-1-5-20)
    "BlindDial"=dword:00000000
    .
    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    ------------------------ Outros Processos em Execução ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    c:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld.exe
    .
    **************************************************************************
    .
    Tempo para conclusão: 2015-05-22  09:59:12 - Máquina reiniciou
    ComboFix-quarantined-files.txt  2015-05-22 12:59
    ComboFix2.txt  2015-05-20 18:24
    .
    Pré-execução: 511.201.554.432 bytes disponíveis
    Pós execução: 510.054.977.536 bytes disponíveis
    .
    - - End Of File - - D8D946312053AC6464439285344E99F8
    A36C5E4F47E84449FF07ED3517B43A31
     
     
     
     
     
     
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:00:03, on 22/05/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17801)
    Boot mode: Normal
     
    Running processes:
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Users\SGV\Desktop\HijackThis.exe
     
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bing.com/search?q={searchTerms}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll
    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll' missing
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: bankline.itau.com.br
    O15 - Trusted Zone: clickbanking.itau.com.br
    O15 - Trusted Zone: guardiao.itau.com.br
    O15 - Trusted Zone: www.itau.com.br
    O15 - Trusted Zone: *.itau.com.br
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
     
    --
    End of file - 7670 bytes
     

     


  11. Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 15:31:26, on 20/05/2015

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v11.0 (11.00.9600.17801)

    Boot mode: Normal

     

    Running processes:

    C:\PROGRA~2\GbPlugin\GbpSv.exe

    C:\Program Files\AVAST Software\Avast\AvastUI.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Users\SGV\Desktop\HijackThis.exe

     

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bing.com/search?q={searchTerms}

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

    O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll' missing

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O15 - Trusted Zone: www.bancobrasil.com.br

    O15 - Trusted Zone: www14.bancobrasil.com.br

    O15 - Trusted Zone: www2.bancobrasil.com.br

    O15 - Trusted Zone: www.bb.com.br

    O15 - Trusted Zone: bankline.itau.com.br

    O15 - Trusted Zone: clickbanking.itau.com.br

    O15 - Trusted Zone: guardiao.itau.com.br

    O15 - Trusted Zone: www.itau.com.br

    O15 - Trusted Zone: *.itau.com.br

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

    O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

     

    --

    End of file - 8087 bytes

     

     

     

     

     

     


    ComboFix 15-05-19.01 - SGV 20/05/2015  15:15:58.1.4 - x64

    Microsoft Windows 7 Home Basic   6.1.7601.1.1252.55.1046.18.3831.2209 [GMT -3:00]

    Executando de: c:\users\SGV\Desktop\ComboFix.exe

    AV: avast! antivírus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}

    SP: avast! antivírus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    .

    .

    (((((((((((((((((((((((((((((((((((((   Outras Exclusões   )))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    C:\LILC41D.tmp

    C:\LILC48A.tmp

    C:\LILC4D8.tmp

    C:\LILC526.tmp

    C:\LILC545.tmp

    c:\users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2631C983-04D4-463C-90E5-2672721AAABD}.xps

    c:\users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\{27D0EDF3-F430-4E8F-9CC4-FF366AF84FC6}.xps

    c:\users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3F7B7EC0-1A3F-4699-8B43-8A48DBD842F4}.xps

    c:\users\Administrador\AppData\Local\Microsoft\Windows\Temporary Internet Files\{5C64CDAE-F5B1-4EAA-93E6-31A771CFA7BE}.xps

    c:\users\SGV\AppData\Local\2.6.cfg

    c:\users\SGV\AppData\Local\DebenuPDFLibraryDLL1014.dll

    c:\windows\msdownld.tmp

    .

    .

    ((((((((((((((((   Arquivos/Ficheiros criados de 2015-04-20 to 2015-05-20  ))))))))))))))))))))))))))))

    .

    .

    2015-05-20 17:04 . 2015-05-20 17:04 -------- d-----w- C:\RegBackup

    2015-05-20 16:58 . 2015-05-20 17:01 -------- d-----w- C:\AdwCleaner

    2015-05-20 14:42 . 2015-05-20 14:44 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys

    2015-05-20 14:41 . 2015-05-20 14:41 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware

    2015-05-20 14:41 . 2015-04-14 12:37 63704 ----a-w- c:\windows\system32\drivers\mwac.sys

    2015-05-20 14:41 . 2015-04-14 12:37 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys

    2015-05-20 14:41 . 2015-04-14 12:37 25816 ----a-w- c:\windows\system32\drivers\mbam.sys

    2015-05-20 14:40 . 2015-05-20 14:40 -------- d-----w- c:\programdata\Malwarebytes

    2015-05-20 13:55 . 2015-05-20 13:55 323290 ----a-w- C:\cc_20150520_105534.reg

    2015-05-20 13:52 . 2015-05-20 13:53 -------- d-----w- c:\program files\CCleaner

    2015-05-20 13:51 . 2015-05-20 13:51 5248848 ----a-w- C:\ccsetup505_slim.exe

    2015-05-19 08:42 . 2015-05-03 03:16 12214312 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8E74D8CE-93F0-485C-A19B-54C474710B53}\mpengine.dll

    2015-05-18 18:29 . 2015-05-18 18:29 38104 ----a-w- c:\windows\system32\WinDivert64.sys

    2015-05-18 18:29 . 2015-05-18 18:29 34104 ----a-w- c:\windows\system32\WinDivert.dll

    2015-05-18 18:17 . 2015-05-18 18:17 -------- d--h--w- c:\program files (x86)\GAS Tecnologia

    2015-05-18 18:17 . 2015-05-18 18:17 -------- d--h--w- c:\program files (x86)\Diebold

    2015-05-18 15:37 . 2015-05-18 15:37 -------- d-----w- c:\program files\Diebold

    2015-05-13 13:03 . 2015-04-22 01:48 235208 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll

    2015-05-13 13:02 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll

    2015-05-13 12:56 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll

    2015-05-13 12:56 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll

    2015-05-06 14:54 . 2015-05-06 14:56 -------- d-s---w- c:\windows\system32\GWX

    2015-05-06 14:54 . 2015-05-06 14:54 -------- d-s---w- c:\windows\SysWow64\GWX

    2015-04-27 15:56 . 2015-04-27 15:56 -------- d-----w- c:\program files (x86)\Common Files\Skype

    2015-04-27 15:56 . 2015-04-27 15:56 -------- d-----r- c:\program files (x86)\Skype

    2015-04-27 15:12 . 2015-03-10 03:25 1882624 ----a-w- c:\windows\system32\msxml3.dll

    2015-04-27 15:12 . 2015-03-10 03:21 2048 ----a-w- c:\windows\system32\msxml3r.dll

    2015-04-27 15:12 . 2015-03-10 03:08 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll

    2015-04-27 15:12 . 2015-03-10 03:05 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll

    2015-04-27 15:12 . 2015-02-25 03:18 754688 ----a-w- c:\windows\system32\drivers\http.sys

    2015-04-27 15:05 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys

    2015-04-27 15:05 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll

    2015-04-27 15:05 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll

    .

    .

    .

    (((((((((((((((((((((((((((((((((((((   Relatório Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2015-05-13 13:04 . 2013-01-07 16:39 140425016 ----a-w- c:\windows\system32\MRT.exe

    2015-04-27 19:04 . 2015-05-13 13:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll

    2015-04-27 15:34 . 2013-02-26 12:34 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe

    2015-04-27 15:34 . 2013-02-26 12:34 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl

    2015-04-13 21:33 . 2015-05-18 18:18 1864 ----a-w- c:\windows\Fonts\dbldwrsw.ttf

    2015-03-04 04:41 . 2015-05-13 13:02 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

    2015-03-04 04:41 . 2015-05-13 13:02 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

    2015-03-04 04:10 . 2015-05-13 13:02 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll

    2015-03-04 04:10 . 2015-05-13 13:02 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll

    2015-03-04 04:06 . 2015-05-13 13:02 2560 ----a-w- c:\windows\apppatch\AcRes.dll

    2015-02-24 07:17 . 2012-06-04 13:00 295552 ------w- c:\windows\system32\MpSigStub.exe

    2015-02-20 04:41 . 2015-03-16 16:29 41984 ----a-w- c:\windows\system32\lpk.dll

    2015-02-20 04:40 . 2015-03-16 16:29 100864 ----a-w- c:\windows\system32\fontsub.dll

    2015-02-20 04:40 . 2015-03-16 16:29 14336 ----a-w- c:\windows\system32\dciman32.dll

    2015-02-20 04:40 . 2015-03-16 16:29 46080 ----a-w- c:\windows\system32\atmlib.dll

    2015-02-20 04:13 . 2015-03-16 16:29 70656 ----a-w- c:\windows\SysWow64\fontsub.dll

    2015-02-20 04:13 . 2015-03-16 16:29 10240 ----a-w- c:\windows\SysWow64\dciman32.dll

    2015-02-20 04:13 . 2015-03-16 16:29 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

    2015-02-20 04:12 . 2015-03-16 16:29 25600 ----a-w- c:\windows\SysWow64\lpk.dll

    2015-02-20 03:29 . 2015-03-16 16:29 372224 ----a-w- c:\windows\system32\atmfd.dll

    2015-02-20 03:09 . 2015-03-16 16:29 299008 ----a-w- c:\windows\SysWow64\atmfd.dll

    .

    .

    ((((((((((((((((((((((((((   Pontos de Carregamento do Registro   )))))))))))))))))))))))))))))))))))))))

    .

    .

    *Nota* entradas vazias e legítimas por padrão não são apresentadas. 

    REGEDIT4

    .

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

    "AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-09-15 4086432]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

    "ConsentPromptBehaviorAdmin"= 5 (0x5)

    "ConsentPromptBehaviorUser"= 3 (0x3)

    "EnableUIADesktopToggle"= 0 (0x0)

    .

    [hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{E37CB5F0-51F5-4395-A808-5FA49E399008}"= "c:\program files (x86)\GBPLUGIN\gbiehuni.dll" [2014-05-05 1586744]

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginBb]

    2014-06-26 20:21 1746984 ------w- c:\program files (x86)\GbPlugin\gbieh.dll

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ GbPluginUni]

    2014-05-05 11:39 1586744 ------w- c:\program files (x86)\GbPlugin\gbiehuni.dll

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

    "LoadAppInit_DLLs"=1 (0x1)

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]

    "aux1"=wdmaud.drv

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]

    "AutoUpdateDisableNotify"=dword:00000001

    .

    R0 GbpKm;Gbp KernelMode;c:\windows\system32\drivers\GbpKm.sys;c:\windows\SYSNATIVE\drivers\GbpKm.sys [x]

    R1 badriver;badriver;c:\windows\system32\drivers\badriver.sys;c:\windows\SYSNATIVE\drivers\badriver.sys [x]

    R1 Bfilter;Baidu antivírus Minifilter Driver;c:\windows\System32\drivers\Bfilter.sys;c:\windows\SYSNATIVE\drivers\Bfilter.sys [x]

    R1 Bfmon;Baidu FS Monitor Driver;c:\windows\System32\drivers\Bfmon.sys;c:\windows\SYSNATIVE\drivers\Bfmon.sys [x]

    R1 Bnbase;Bnbase;c:\windows\system32\drivers\bnbasex64.sys;c:\windows\SYSNATIVE\drivers\bnbasex64.sys [x]

    R1 Bndef;Baidu NetDefense;c:\windows\System32\drivers\bndef64.sys;c:\windows\SYSNATIVE\drivers\bndef64.sys [x]

    R1 Bprotect;Baidu Protect;c:\windows\System32\drivers\Bprotect.sys;c:\windows\SYSNATIVE\drivers\Bprotect.sys [x]

    R2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]

    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]

    R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]

    R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]

    R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]

    R2 Warsaw Technology;Warsaw Technology;c:\program files\Diebold\Warsaw\core.exe;c:\program files\Diebold\Warsaw\core.exe [x]

    R3 Baidu PC Faster FileShredder;Baidu PC Faster FileShredder;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\FileKill_x64.sys;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\FileKill_x64.sys [x]

    R3 BprotectEx;Baidu ProtectEx;c:\windows\System32\drivers\BprotectEx.sys;c:\windows\SYSNATIVE\drivers\BprotectEx.sys [x]

    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]

    R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]

    R3 PCFApiUtil;PCFApiUtil;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys;c:\program files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys [x]

    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]

    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]

    R3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]

    R3 SrvHsfPCI;SrvHsfPCI;c:\windows\system32\DRIVERS\VSTBS26.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTBS26.SYS [x]

    R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTDPV6.SYS [x]

    R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS;c:\windows\SYSNATIVE\DRIVERS\VSTCNXT6.SYS [x]

    R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]

    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]

    S0 aswRvrt;avast! Revert; [x]

    S0 aswVmm;avast! VM Monitor; [x]

    S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]

    S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]

    S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]

    S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]

    S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]

    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]

    S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]

    S2 GbpSv;Gbp Service;c:\progra~2\GbPlugin\GbpSv.exe;c:\progra~2\GbPlugin\GbpSv.exe [x]

    S3 e1kexpress;Intel® PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1k62x64.sys [x]

    S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]

    S3 IntcDAud;Áudio do vídeo Intel®;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]

    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]

    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]

    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]

    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]

    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]

    S4 WinDivert1.1;WinDivert1.1;c:\program files\Diebold\Warsaw\WinDivert64.sys;c:\program files\Diebold\Warsaw\WinDivert64.sys [x]

    .

    .

    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]

    2014-01-30 20:59 1211672 ----a-w- c:\program files (x86)\Google\Chrome\Application\32.0.1700.102\Installer\chrmstp.exe

    .

    Conteúdo da pasta 'Tarefas Agendadas'

    .

    2015-05-20 c:\windows\Tasks\Adobe Flash Player Updater.job

    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-26 15:34]

    .

    2015-05-20 c:\windows\Tasks\GlaryInitialize.job

    - c:\program files (x86)\Glary Utilities\initialize.exe [2013-01-10 15:10]

    .

    2015-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-30 20:58]

    .

    2015-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

    - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-01-30 20:58]

    .

    .

    --------- X64 Entries -----------

    .

    .

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]

    @="{472083B0-C522-11CF-8763-00608CC02F24}"

    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]

    2014-09-15 18:25 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll

    .

    ------- Scan Suplementar -------

    .

    uLocal Page = c:\windows\system32\blank.htm

    uStart Page = hxxp://www.google.com.br/

    uDefault_Search_URL = hxxp://www.google.com

    mDefault_Search_URL = hxxp://www.google.com

    mDefault_Page_URL = about:blank

    mStart Page = hxxp://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

    mLocal Page = c:\windows\SysWOW64\blank.htm

    mSearch Page = hxxp://www.google.com

    mSearch Bar = hxxp://www.google.com

    uSearchAssistant = www.google.com

    mCustomizeSearch = hxxp://www.bing.com/search?q={searchTerms}

    mSearchAssistant = hxxp://www.bing.com/search?q={searchTerms}

    Trusted Zone: bancobrasil.com.br\www

    Trusted Zone: bancobrasil.com.br\www14

    Trusted Zone: bancobrasil.com.br\www2

    Trusted Zone: bb.com.br\www

    Trusted Zone: itau.com.br

    Trusted Zone: itau.com.br\bankline

    Trusted Zone: itau.com.br\clickbanking

    Trusted Zone: itau.com.br\guardiao

    Trusted Zone: itau.com.br\www

    TCP: DhcpNameServer = 192.168.8.1

    .

    - - - - ORFÃOS REMOVIDOS - - - -

    .

    Toolbar-Locked - (no file)

    Toolbar-10 - (no file)

    Toolbar-Locked - (no file)

    Toolbar-10 - (no file)

    ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)

    ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)

    ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)

    ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)

    .

    .

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\services\MySQL]

    "ImagePath"="\"c:\program files (x86)\MySQL\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\program files (x86)\MySQL\MySQL Server 5.1\my.ini\" MySQL"

    .

    --------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

    .

    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]

    @Denied: (2) (LocalSystem)

    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,

       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,2b,63,16,3c,ae,17,46,97,ae,69,\

    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,

       d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,ba,2b,63,16,3c,ae,17,46,97,ae,69,\

    .

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]

    @Denied: (2) (LocalSystem)

    "Progid"="ChromeHTML"

    .

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]

    @Denied: (2) (LocalSystem)

    "Progid"="ChromeHTML"

    .

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]

    @Denied: (2) (LocalSystem)

    "Progid"="ChromeHTML"

    .

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]

    @Denied: (2) (LocalSystem)

    "Progid"="ChromeHTML"

    .

    [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]

    @Denied: (2) (LocalSystem)

    "Progid"="ChromeHTML"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker6"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]

    @Denied: (A 2) (Everyone)

    @="FlashBroker"

    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]

    "Enabled"=dword:00000001

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Shockwave Flash Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

    @="0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

    @="ShockwaveFlash.ShockwaveFlash.17"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="ShockwaveFlash.ShockwaveFlash"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

    @Denied: (A 2) (Everyone)

    @="Macromedia Flash Factory Object"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"

    "ThreadingModel"="Apartment"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

    @="FlashFactory.FlashFactory.1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

    @="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

    @="FlashFactory.FlashFactory"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]

    @Denied: (A 2) (Everyone)

    @="IFlashBroker6"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]

    @="{00020424-0000-0000-C000-000000000046}"

    .

    [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]

    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    "Version"="1.0"

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

    @Denied: (A) (Everyone)

    "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

    @Denied: (A) (Everyone)

    .

    [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

    "Key"="ActionsPane3"

    "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

    @Denied: (A) (Users)

    @Denied: (A) (Everyone)

    @Allowed: (B 1 2 3 4 5) (S-1-5-20)

    "BlindDial"=dword:00000000

    .

    [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

    @Denied: (Full) (Everyone)

    .

    Tempo para conclusão: 2015-05-20  15:24:46

    ComboFix-quarantined-files.txt  2015-05-20 18:24

    .

    Pré-execução: 511.339.438.080 bytes disponíveis

    Pós execução: 511.126.814.720 bytes disponíveis

    .

    - - End Of File - - 2A8C49DA9445410CB46E7735F3A21D32

    A36C5E4F47E84449FF07ED3517B43A31

     


  12. Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 14:09:02, on 20/05/2015

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v11.0 (11.00.9600.17801)

    Boot mode: Normal

     

    Running processes:

    C:\Program Files\AVAST Software\Avast\AvastUI.exe

    C:\PROGRA~2\GbPlugin\GbpSv.exe

    C:\Users\SGV\Desktop\HijackThis.exe

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bing.com/search?q={searchTerms}

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

    F2 - REG:system.ini: UserInit=userinit.exe,

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

    O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui

    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll' missing

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O15 - Trusted Zone: www.bancobrasil.com.br

    O15 - Trusted Zone: www14.bancobrasil.com.br

    O15 - Trusted Zone: www2.bancobrasil.com.br

    O15 - Trusted Zone: www.bb.com.br

    O15 - Trusted Zone: bankline.itau.com.br

    O15 - Trusted Zone: clickbanking.itau.com.br

    O15 - Trusted Zone: guardiao.itau.com.br

    O15 - Trusted Zone: www.itau.com.br

    O15 - Trusted Zone: *.itau.com.br

    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

    O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

     

    --

    End of file - 8013 bytes

     

     

     


    # AdwCleaner v4.204 - Relatório criado 20/05/2015 às 14:00:30

    # Atualizado 12/05/2015 por Xplode

    # Base de dados : 2015-05-20.1 [servidor]

    # Sistema operacional : Windows 7 Home Basic Service Pack 1 (x64)

    # Usuário : SGV - SGV-PC

    # Executando de : C:\Users\SGV\Desktop\AdwCleaner.exe

    # Opção : Limpar

     

    ***** [ Serviços ] *****

     

    [#] Serviço Excluído : netfilter64

     

    ***** [ Arquivos / Pastas ] *****

     

    Pasta Excluído : C:\ProgramData\Ask

    Pasta Excluído : C:\ProgramData\baidu

    Pasta Excluído : C:\ProgramData\BitGuard

    Pasta Excluído : C:\ProgramData\Browser Manager

    Pasta Excluído : C:\ProgramData\BrowserProtect

    Pasta Excluído : C:\ProgramData\eSafe

    Pasta Excluído : C:\ProgramData\SafetyNut

    Pasta Excluído : C:\ProgramData\WPM

    Pasta Excluído : C:\ProgramData\Allmyapps

    Pasta Excluído : C:\ProgramData\dealpueAk

    Pasta Excluído : C:\ProgramData\easYtosaHop

    Pasta Excluído : C:\ProgramData\1c05542806130235

    Pasta Excluído : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Optimizer Elite Max

    Pasta Excluído : C:\Program Files (x86)\baidu

    Pasta Excluído : C:\Program Files (x86)\BearShare Applications

    Pasta Excluído : C:\Program Files (x86)\globalUpdate

    Pasta Excluído : C:\Program Files (x86)\Movies Toolbar

    Pasta Excluído : C:\Program Files (x86)\PC Cleaner

    Pasta Excluído : C:\Program Files (x86)\predm

    Pasta Excluído : C:\Program Files (x86)\RegClean Pro

    Pasta Excluído : C:\Program Files (x86)\Systweak Support Dock

    Pasta Excluído : C:\Program Files (x86)\RBM

    Pasta Excluído : C:\Program Files (x86)\dealpueAk

    Pasta Excluído : C:\Program Files (x86)\easYtosaHop

    Pasta Excluído : C:\Program Files (x86)\Common Files\337

    Pasta Excluído : C:\Users\Administrador\AppData\Roaming\Funmoods

    Pasta Excluído : C:\Users\Administrador\AppData\Roaming\Systweak

    Pasta Excluído : C:\Users\SGV\Funmoods

    Pasta Excluído : C:\Users\SGV\AppData\Local\apn

    Pasta Excluído : C:\Users\SGV\AppData\Local\genienext

    Pasta Excluído : C:\Users\SGV\AppData\Local\globalUpdate

    Pasta Excluído : C:\Users\SGV\AppData\Local\Mobogenie

    Pasta Excluído : C:\Users\SGV\AppData\Local\torch

    Pasta Excluído : C:\Users\SGV\AppData\Local\webplayer

    Pasta Excluído : C:\Users\SGV\AppData\Roaming\Activeris

    Pasta Excluído : C:\Users\SGV\AppData\Roaming\baidu

    Pasta Excluído : C:\Users\SGV\AppData\Roaming\eIntaller

    Pasta Excluído : C:\Users\SGV\AppData\Roaming\Funmoods

    Pasta Excluído : C:\Users\SGV\AppData\Roaming\Gameo

    Pasta Excluído : C:\Users\SGV\AppData\Roaming\iSafe

    Pasta Excluído : C:\Users\SGV\AppData\Roaming\Optimizer Elite Max

    Pasta Excluído : C:\Users\SGV\AppData\Roaming\qone8

    Pasta Excluído : C:\Users\SGV\AppData\Roaming\Systweak

    Pasta Excluído : C:\Users\SGV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mobogenie

    Pasta Excluído : C:\Users\SGV\Documents\Mobogenie

    Arquivo Excluído : C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\aaaaimdcedbpbcjjbbnfcbbjcngmomic

    Arquivo Excluído : C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_debipekfdkglkmbbilkejdacgofbpkjj_0.localstorage

    Arquivo Excluído : C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ejnmnhkgiphcaeefbaooconkceehicfi_0.localstorage

    Arquivo Excluído : C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_fmfnfnpmhcllokmkepffndflpnadjmma_0.localstorage

    Arquivo Excluído : C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_khcceooakamlehbimaepcldnnlnkcmfk_0.localstorage

    Arquivo Excluído : C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mphpbdjcljebbcnfopfngmfdackbbdgf_0.localstorage

    Arquivo Excluído : C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_ojcgaoafcmbadjkfdippkdddgkeaipbn_0.localstorage

    Arquivo Excluído : C:\END

    Arquivo Excluído : C:\Windows\System32\log\iSafeKrnlCall.log

    Arquivo Excluído : C:\Windows\System32\roboot64.exe

    Arquivo Excluído : C:\Users\SGV\daemonprocess.txt

    Arquivo Excluído : C:\Users\SGV\AppData\Roaming\aps.uninstall.scan.results

    Arquivo Excluído : C:\Users\SGV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Play Games Online.url

    Arquivo Excluído : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.certified-toolbar.com_0.localstorage

    Arquivo Excluído : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.certified-toolbar.com_0.localstorage-journal

    Arquivo Excluído : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.surfcanyon.com_0.localstorage

    Arquivo Excluído : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.surfcanyon.com_0.localstorage-journal

    Arquivo Excluído : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sr.searchfunmoods.com_0.localstorage

    Arquivo Excluído : C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_sr.searchfunmoods.com_0.localstorage-journal

     

    ***** [ Tarefas agendadas ] *****

     

    Tarefa Apagado : Dealply

    Tarefa Apagado : Desk 365 RunAsStdUser

    Tarefa Apagado : pricemeterdownloader

    Tarefa Apagado : pricemetertask

    Tarefa Apagado : pricemeterwatcher

    Tarefa Apagado : SaveSense

     

    ***** [ Atalhos ] *****

     

    Atalho Desinfectado : C:\Users\SGV\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

     

    ***** [ Registro ] *****

     

    Chave Apagado : HKCU\Software\Classes\iLivid.torrent

    Chave Apagado : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL

    Chave Apagado : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL

    Chave Apagado : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL

    Chave Apagado : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc

    Chave Apagado : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1

    Chave Apagado : HKLM\SOFTWARE\Classes\f

    Chave Apagado : HKLM\SOFTWARE\Classes\funmoods.dskBnd

    Chave Apagado : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1

    Chave Apagado : HKLM\SOFTWARE\Classes\funmoodsApp.appCore

    Chave Apagado : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1

    Chave Apagado : HKLM\SOFTWARE\Classes\iLivid.torrent

    Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd

    Valor Apagado : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x64]

    Valor Apagado : HKLM\SYSTEM\ControlSet001\Control\Session Manager\AppCertDlls [x86]

    Valor Apagado : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x64]

    Valor Apagado : HKLM\SYSTEM\ControlSet002\Control\Session Manager\AppCertDlls [x86]

    Chave Apagado : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc

    Chave Apagado : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\Wpm

    Chave Apagado : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}

    Chave Apagado : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}

    Chave Apagado : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}

    Chave Apagado : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}

    Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}

    Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

    Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

    Chave Apagado : HKLM\SOFTWARE\Classes\CLSID\{6EC77D09-02CB-4E1F-E3C4-FB141B2610B3}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

    Chave Apagado : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

    Chave Apagado : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}

    Chave Apagado : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}

    Chave Apagado : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}

    Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}

    Chave Apagado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{C66F0B7A-BD67-4982-AF71-C6CA6E7F016F}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}

    Chave Apagado : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}

    Chave Apagado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2002}

    Chave Apagado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

    Chave Apagado : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7}

    Chave Apagado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7}

    Chave Apagado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2448}

    Chave Apagado : HKCU\Software\Adorika

    Chave Apagado : HKCU\Software\AnyProtect

    Chave Apagado : HKCU\Software\APN DTX

    Chave Apagado : HKCU\Software\GlobalUpdate

    Chave Apagado : HKCU\Software\ilivid

    Chave Apagado : HKCU\Software\Optimizer Elite Max

    Chave Apagado : HKCU\Software\powerpack

    Chave Apagado : HKCU\Software\SafetyNut

    Chave Apagado : HKCU\Software\simplytech

    Chave Apagado : HKCU\Software\Softonic

    Chave Apagado : HKCU\Software\systweak

    Chave Apagado : HKCU\Software\torch

    Chave Apagado : HKCU\Software\Baidu

    Chave Apagado : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

    Chave Apagado : HKCU\Software\AppDataLow\Software\simplytech

    Chave Apagado : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

    Chave Apagado : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

    Chave Apagado : HKLM\SOFTWARE\Conduit

    Chave Apagado : HKLM\SOFTWARE\Desksvc

    Chave Apagado : HKLM\SOFTWARE\dt soft\daemon tools toolbar

    Chave Apagado : HKLM\SOFTWARE\hdcode

    Chave Apagado : HKLM\SOFTWARE\InstallCore

    Chave Apagado : HKLM\SOFTWARE\portaldositesSoftware

    Chave Apagado : HKLM\SOFTWARE\systweak

    Chave Apagado : HKLM\SOFTWARE\torch

    Chave Apagado : HKLM\SOFTWARE\Baidu

    Chave Apagado : HKLM\SOFTWARE\Taronja

    Chave Apagado : HKU\.DEFAULT\Software\Baidu

    Dados Apagado : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~3\wincert\win64c~1.dll

    Chave Apagado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

    Chave Apagado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375

    Chave Apagado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3152E1F19977892449DC968802CE8964

    Chave Apagado : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

    Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe

    Dados Apagado : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:50655;hxxps=127.0.0.1:50655

    Dados Apagado : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

    Dados Apagado : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

     

    ***** [ Navegadores ] *****

     

    -\\ Internet Explorer v11.0.9600.17801

     

    Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

    Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

    Configuração Restaurado : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

    Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]

    Configuração Restaurado : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [search Page]

     

    -\\ Mozilla Firefox v

     

     

    -\\ Google Chrome v32.0.1700.102

     

    [C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [search Provider] : hxxp://br.ask.com/web?q={searchTerms}

    [C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [search Provider] : hxxp://searchfunmoods.com/results.php?f=4&q={searchTerms}&a=pc0102&cd=2XzuyEtN2Y1L1QzuyBtDyBtC0B0CzyzytB0AyD0B0EzyyCtAtN0D0Tzu0SzztDtDtN1L2XzutBtFtCyCtFzztFtDtN1L1Czu1E1RtDtCtDtBtN1L1G1B1V1N2Y1L1Qzu2StC0AyEyCyDtD0EtDtG0AtDtB0EtG0CzztB0EtGtCzy0ByEtGyB0BtAtDzzzzyCyD0C0A0FyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyBzz0CtA0BtDyByCtG0F0DtD0EtGtC0ByE0CtGyEzz0E0BtGyB0DzzyB0A0E0DyEtCtD0Ezz2Q&cr=660187475&ir=

    [C:\Users\Administrador\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [search Provider] : hxxp://search.certified-toolbar.com?si=77324&st=bs&tid=18194&ver=5.7&ts=1397098800000.000009&tguid=77324-18194-1397148801530-F2C90C9C84B9BC8E57ACA0F86D322F58&q={searchTerms}

    [C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [search Provider] : hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}

    [C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [search Provider] : hxxp://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_installcore_01&type=p&p={searchTerms}

    [C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Apagado [search Provider] : hxxp://br.ask.com/web?q={searchTerms}

    [C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Apagado [Extension] : booedmolknjekdopkepjjeckmjkdpfgl

    [C:\Users\SGV\AppData\Local\Google\Chrome\User Data\Default\Preferences] - Apagado [Extension] : flpcjncodpafbgdpnkljologafpionhb

     

    -\\ Opera v0.0.0.0

     

     

    *************************

     

    AdwCleaner[R0].txt - [24937 bytes] - [20/05/2015 13:58:53]

    AdwCleaner[s0].txt - [21787 bytes] - [20/05/2015 14:00:30]

     

    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [21847  bytes] ##########

     

     

     


    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Junkware Removal Tool (JRT) by Thisisu

    Version: 6.7.5 (05.20.2015:1)

    OS: Windows 7 Home Basic x64

    Ran by SGV on 20/05/2015 at 14:04:36,13

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     

     

     

     

    ~~~ Services

     

     

     

    ~~~ Tasks

     

     

     

    ~~~ Registry Values

     

     

     

    ~~~ Registry Keys

     

     

     

    ~~~ Files

     

    Successfully deleted: [File] C:\Users\SGV\appdata\local\google\chrome\user data\default\local storage\chrome-extension_hggpkhijoeadmdfmlbdepfbngmhaldci_0.localstorage

     

     

     

    ~~~ Folders

     

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{033CE843-5AC7-4625-A371-2A97FE43E2CC}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{1A4DBA0C-5770-45DD-AB72-2CB2B2E3922C}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{1B4FDB4E-60AF-47A5-AD20-78E5DC104931}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{25D57BBC-FBAC-4E85-A274-583A619B2419}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{35E61144-2854-46A6-8422-928D52F99B42}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{364C87CC-ADBA-48A2-9497-346713C59420}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{3BC59F19-10B7-483B-8FF9-89FF8DF81CBE}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{43E9F0E5-B3A3-4BBB-BECA-A712AFBC57E2}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{491DCF39-448D-4F5C-99AB-B689F20FF0F3}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{4BD10275-2A76-4A96-BB7D-9FF9ACE7199B}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{4E3BADC8-BD02-4962-BD0E-D5B41F7E4CA1}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{569B1AE8-107B-4179-8B63-DDC3ABC085A8}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{5DD7D50C-17A9-40BC-BB15-3787221996C3}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{5EA15BE7-D827-4CE2-B99F-D23EFD365F83}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{60FD2C62-6815-43E0-84C5-CE23BF7615B7}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{61A0F1B9-9994-45B1-ABC2-4D801AD3824A}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{710BBBC1-9594-4090-8054-1AD828F86488}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{74870759-6621-477F-91CF-2B7D43AD18A5}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{79F3EC87-A663-4F5D-B9F8-444E94E03A5B}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{8E12173A-7FCC-4082-97FA-46A963C3F097}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{93E36163-B55A-49A0-88AB-7186C761FD93}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{9A466B16-343E-47FD-8988-C002C9153B9D}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{AF1EE5A5-EF2C-4489-96DE-6750470B4C84}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{B1E4D88E-1CF3-4941-90AA-F4004027AD4E}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{B24B51CD-8531-438E-93DF-FCA385FC67AF}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{B45B1C77-CC7D-4067-AFB2-22D9F9E01C2B}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{B908182F-8B47-4678-A706-39232E580CF3}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{BF24309A-00E5-45D2-8CEE-4470D37EF4CE}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{C40EF575-3D42-4B53-A4DE-6FE9B4ABA3AA}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{CD5500B7-D00E-47AF-A0F4-CEC015ADF1E3}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{D0D977CF-8EFB-43E6-9CF5-C5845327FCA7}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{D2ACCE87-6454-4BD3-BC8C-4C3F9AA7890B}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{D2C3DDE3-66F9-496F-B824-816D80B63D09}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{DFE5ECB1-3B46-4803-958B-5AC311BBF7CB}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{FCC3741E-D94E-4E1A-81EC-FCE370ED70CB}

    Successfully deleted: [Empty Folder] C:\Users\SGV\appdata\local\{FF595DEC-ED87-4CA1-A527-4A6F6F688ADC}

    Successfully deleted: [Folder] C:\Program Files (x86)\baidu security

    Successfully deleted: [Folder] C:\Program Files (x86)\monarimo

    Successfully deleted: [Folder] C:\ProgramData\baidu security

    Successfully deleted: [Folder] C:\Users\SGV\appdata\local\com

    Successfully deleted: [Folder] C:\Users\SGV\AppData\Roaming\baidu security

    Successfully deleted: [Folder] C:\Users\SGV\AppData\Roaming\getrighttogo

    Successfully deleted: [Folder] C:\Users\SGV\documents\optimizer pro

    Successfully deleted: [Folder] C:\ProgramData\eaesYtoshop

     

     

     

     

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Scan was completed on 20/05/2015 at 14:07:55,01

    End of JRT log

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

     



  13. Não tinha opção no MBAM para mandar para quarentena, então mandei excluir os arquivos (mais de 1000 infectados)

     

    Por isso, também não tive LOG do MBAM.

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:34:46, on 20/05/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17801)
    Boot mode: Normal
     
    Running processes:
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\SGV\Desktop\HijackThis.exe
     
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bing.com/search?q={searchTerms}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll
    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKLM\..\RunOnce: [Malwarebytes Anti-Malware (cleanup)] "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\mbamdor.exe" "C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware"
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll' missing
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: bankline.itau.com.br
    O15 - Trusted Zone: clickbanking.itau.com.br
    O15 - Trusted Zone: guardiao.itau.com.br
    O15 - Trusted Zone: www.itau.com.br
    O15 - Trusted Zone: *.itau.com.br
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
     
    --
    End of file - 8945 bytes

  14. Oi Pessoal,

     

    passei o avast e encontrou 3 vírus que não conseguiu curar.

     

    Segue Log

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 11:00:19, on 20/05/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17801)
    Boot mode: Normal
     
    Running processes:
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files\AVAST Software\Avast\AvastUI.exe
    C:\HijackThis.exe
     
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.bing.com/search?q={searchTerms}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.bing.com/search?q={searchTerms}
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    O2 - BHO: (no name) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - (no file)
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbiehuni.dll
    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
    O3 - Toolbar: (no name) - {3444c3c5-6c56-4a16-a453-832b05bf6ea4} - (no file)
    O3 - Toolbar: (no name) - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - (no file)
    O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
    O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Broken Internet access because of LSP provider 'c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll' missing
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: bankline.itau.com.br
    O15 - Trusted Zone: clickbanking.itau.com.br
    O15 - Trusted Zone: guardiao.itau.com.br
    O15 - Trusted Zone: www.itau.com.br
    O15 - Trusted Zone: *.itau.com.br
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
     
    --
    End of file - 10470 bytes
     
     
    Obrigado!!

  15. Logfile of Trend Micro HijackThis v2.0.4

    Scan saved at 12:56:30, on 16/02/2015

    Platform: Windows 7 SP1 (WinNT 6.00.3505)

    MSIE: Internet Explorer v11.0 (11.00.9600.17631)

    Boot mode: Normal

     

    Running processes:

    C:\Program Files\Alwil Software\Avast5\AvastUI.exe

    C:\PROGRA~2\GbPlugin\GbpSv.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    C:\Users\JARDA\Desktop\HijackThis.exe

     

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com

    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 

    F2 - REG:system.ini: UserInit=userinit.exe,

    O1 - Hosts: ::1 localhost

    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL

    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll

    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll

    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

    O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL

    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

    O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehUni.dll

    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll

    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

    O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll

    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui

    O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915"/build:7601 (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915"/build:7601 (User 'Default user')

    O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html

    O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

    O8 - Extra context menu item: Converter destino do link em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

    O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html

    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000

    O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm

    O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm

    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105

    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll

    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

    O15 - Trusted Zone: www.bancobrasil.com.br

    O15 - Trusted Zone: www14.bancobrasil.com.br

    O15 - Trusted Zone: www2.bancobrasil.com.br

    O15 - Trusted Zone: www.bb.com.br

    O15 - Trusted Zone: http://www.bb.com.br

    O15 - Trusted Zone: bankline.itau.com.br

    O15 - Trusted Zone: clickbanking.itau.com.br

    O15 - Trusted Zone: guardiao.itau.com.br

    O15 - Trusted Zone: www.itau.com.br

    O15 - Trusted Zone: *.itau.com.br

    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll

    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

    O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll

    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)

    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

    O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe

    O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe

    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

    O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe

    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)

    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe

    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

    O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe

    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

     

    --

    End of file - 11863 bytes

     

     

    ==============================================

     


     

    Zoek.exe v5.0.0.0 Updated 15-February-2015

    Tool run by JARDA on 16/02/2015 at 11:57:25,71.

    Microsoft Windows 7 Ultimate  6.1.7601 Service Pack 1 x64

    Running in: Normal Mode Internet Access Detected

    Launched: C:\Users\JARDA\Desktop\zoek.exe [scan all users] [script inserted] 

     

    ==== System Restore Info ======================

     

    16/02/2015 11:58:34 Zoek.exe System Restore Point Created Succesfully.

     

    ==== Reset Hosts File ======================

     

    # Copyright © 1993-2006 Microsoft Corp. 


    # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 


    # This file contains the mappings of IP addresses to host names. Each 

    # entry should be kept on an individual line. The IP address should 

    # be placed in the first column followed by the corresponding host name. 

    # The IP address and the host name should be separated by at least one 

    # space. 


    # Additionally, comments (such as these) may be inserted on individual 

    # lines or following the machine name denoted by a '#' symbol. 


    # For example: 


    #      102.54.94.97     rhino.acme.com          # source server 

    #       38.25.63.10     x.acme.com              # x client host 

     

    # localhost name resolution is handle within DNS itself. 

    127.0.0.1       localhost 

    ::1             localhost 

     

    ==== Empty Folders Check ======================

     

    C:\PROGRA~2\Intel deleted successfully

    C:\PROGRA~2\SlimDrivers deleted successfully

    C:\PROGRA~2\Sony Mobile deleted successfully

    C:\PROGRA~3\IDM deleted successfully

    C:\PROGRA~3\Sony Mobile deleted successfully

    C:\Users\JARDA\AppData\Roaming\Hewlett-Packard deleted successfully

     

    ==== Deleting CLSID Registry Keys ======================

     

     

    ==== Deleting CLSID Registry Values ======================

     

     

    ==== Deleting Services ======================

     

     

    ==== Deleting Files \ Folders ======================

     

    C:\PROGRA~3\boost_interprocess deleted

    C:\PROGRA~3\Package Cache deleted

    C:\Users\JARDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager deleted

    C:\Users\JARDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted

    C:\Windows\SysNative\config\systemprofile\Searches deleted

    C:\windows\SysNative\GroupPolicy\Machine deleted

    C:\windows\SysNative\GroupPolicy\User deleted

    C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted

    C:\Users\JARDA\AppData\Roaming\unins000.exe deleted

    C:\Users\JARDA\AppData\Roaming\unins001.exe deleted

    "C:\PROGRA~2\Internet Download Manager\IDMNetMon64.dll" deleted

    "C:\PROGRA~2\Internet Download Manager\IDMShellExt64.dll" deleted

    "C:\PROGRA~2\Internet Download Manager" not deleted

     

    ==== Firefox Extensions Registry ======================

     

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]

    "wrc@avast.com"="C:\Program Files\Alwil Software\Avast5\WebRep\FF" [07/08/2014 00:11]

     

    ==== Chromium Look ======================

     

    Google Chrome Version: 40.0.2214.111 (Up to date, latest Stable version: 40.0.2214.111)

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions

    efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[21/12/2013 04:04]

    gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\Alwil Software\Avast5\WebRep\Chrome\aswWebRepChrome.crx[07/08/2014 00:10]

     

    PDF Mergy - JARDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgecghmkcdefnknohcimkoemhaofpoha

     

    ==== Set IE to Default ======================

     

    Old Values:

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]



    "Use Search Asst"="yes"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]


    "Default_Page_URL"="http://www.google.com"

    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]


    "Default_Page_URL"="http://www.google.com"

     

    New Values:

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]



    "Use Search Asst"="no"

    [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]



    [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]



     

    ==== All HKCU SearchScopes ======================

     

    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

    "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

    {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

    {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

    {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} Microsoft (Bing) Url="http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01"

     

    ==== Reset Google Chrome ======================

     

    C:\Users\JARDA\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully

    C:\Users\JARDA\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

     

    ==== shortcuts on Users Desktops ======================

     

    C:\Users\JARDA\Desktop\chrome - Atalho.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\JARDA\Desktop\SGV.lnk - C:\SGV\INICIO.exe 

    C:\Users\JARDA\Desktop\SGV_agenda.lnk - C:\SGV\SGV_agenda.exe 

    C:\Users\JARDA\Desktop\SGV_internacao.lnk - C:\SGV\SGV_internacao.exe 

     

    ==== shortcuts on All Users Desktop ======================

     

    C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 

    C:\Users\Public\Desktop\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 

    C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 

    C:\Users\Public\Desktop\TeamViewer 10.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe 

     

    ==== shortcuts in Users Start Menu ======================

     

    C:\Users\JARDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop\Subtitle Workshop.lnk - C:\Program Files (x86)\Subtitle Workshop\SubtitleWorkshop.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Subtitle Workshop\Uninstall Subtitle Workshop.lnk - C:\Program Files (x86)\Subtitle Workshop\uninstall.exe 

     

    ==== shortcuts in All Users Start Menu ======================

     

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk - C:\Windows\Installer\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}\AppleSoftwareUpdateIco.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk - C:\Program Files (x86)\TeamViewer\TeamViewer.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\Sobre o iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.Resources\pt.lproj\About iTunes.rtf 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk -  

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe -tab about

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -  

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk -  

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm 

    C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\Silverlight.Configuration.exe 

     

    ==== shortcuts in Quick Launch ======================

     

    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

    C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

    C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

    C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Advanced PDF Editor.lnk - C:\Program Files (x86)\Foxit Software\Foxit Advanced PDF Editor\Foxit Advanced PDF Editor.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk - C:\Program Files (x86)\Glary Utilities 4\Integrator.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Subtitle Workshop.lnk - C:\Program Files (x86)\Subtitle Workshop\SubtitleWorkshop.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -  

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\70f62c6a7f1739bd\pinned.lnk - C:\Windows\system32\rundll32.exe C:\Windows\system32\shell32.dll,Options_RunDLL 1

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\chrome - Atalho.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 

    C:\Users\JARDA\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk -  

     

    ==== Reset IE Proxy ======================

     

    Value(s) before fix:

    "ProxyEnable"=dword:00000000

     

    Value(s) after fix:

    "ProxyEnable"=dword:00000000

     

    ==== Deleting Registry Keys ======================

     

    HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully

    HKEY_CURRENT_USER\Software\Policies\Google deleted successfully

     

    ==== Empty IE Cache ======================

     

    C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\JARDA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Users\JARDA\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

    C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

    C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

     

    ==== Empty FireFox Cache ======================

     

    No FireFox Profiles found

     

    ==== Empty Chrome Cache ======================

     

    C:\Users\JARDA\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

     

    ==== Empty All Flash Cache ======================

     

    Flash Cache Emptied Successfully

     

    ==== Empty All Java Cache ======================

     

    Java Cache cleared successfully

     

    ==== C:\zoek_backup content ======================

     

    C:\zoek_backup (files=134 folders=31 38316495 bytes)

     

    ==== Empty Temp Folders ======================

     

    C:\Users\Default\AppData\Local\Temp emptied successfully

    C:\Users\Default User\AppData\Local\Temp emptied successfully

    C:\Users\JARDA\AppData\Local\Temp will be emptied at reboot

    C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

    C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

    C:\Windows\Temp will be emptied at reboot

     

    ==== After Reboot ======================

     

    ==== Empty Temp Folders ======================

     

    C:\Windows\Temp successfully emptied

    C:\Users\JARDA\AppData\Local\Temp successfully emptied

     

    ==== Empty Recycle Bin ======================

     

    C:\$RECYCLE.BIN successfully emptied

     

    ==== Deleting Files / Folders ======================

     

    "C:\PROGRA~2\Internet Download Manager"  not found

     

    ==== EOF on 16/02/2015 at 12:52:32,19 ======================

     


  16. Segue os novos logs. Obrigado e bom feriado. 

     

    ================================================

     

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.4.2 (02.02.2015:1)
    OS: Windows 7 Ultimate x64
    Ran by JARDA on 16/02/2015 at 10:10:09,89
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
     
     
    ~~~ Services
     
     
     
    ~~~ Registry Values
     
    Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
     
     
     
    ~~~ Registry Keys
     
    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}
    Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}
    Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{6C680BAE-655C-4E3D-8FC4-E6A520C3D928}
     
     
     
    ~~~ Files
     
    Successfully deleted: [File] C:\Windows\Tasks\GlaryOneClickOptimizer 4.job
     
     
     
    ~~~ Folders
     
    Successfully deleted: [Folder] "C:\ProgramData\baidu security"
    Successfully deleted: [Folder] "C:\Users\JARDA\AppData\Roaming\baidu security"
     
     
     
    ~~~ Event Viewer Logs were cleared
     
     
     
     
     
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on 16/02/2015 at 10:23:03,94
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
     
    ===========================================================
     
    # AdwCleaner v4.110 - Logfile created 16/02/2015 at 10:05:53
    # Updated 05/02/2015 by Xplode
    # Database : 2015-02-14.2 [server]
    # Operating system : Windows 7 Ultimate Service Pack 1 (x64)
    # Username : JARDA - JARDA-PC
    # Running from : C:\Users\JARDA\Desktop\AdwCleaner.exe
    # Option : Cleaning
     
    ***** [ Services ] *****
     
    Service Deleted : iSafeKrnlMon
     
    ***** [ Files / Folders ] *****
     
    Folder Deleted : C:\ProgramData\baidu
    Folder Deleted : C:\ProgramData\Browser
    Folder Deleted : C:\ProgramData\MailUpdate
    Folder Deleted : C:\ProgramData\drivergenius
    Folder Deleted : C:\Program Files (x86)\driver-soft
    Folder Deleted : C:\Program Files (x86)\WinZipper
    Folder Deleted : C:\Program Files (x86)\Elex-tech
    Folder Deleted : C:\Program Files (x86)\XTab
    Folder Deleted : C:\Users\JARDA\AppData\Local\NativeMessaging
    Folder Deleted : C:\Users\JARDA\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\JARDA\AppData\Roaming\baidu
    Folder Deleted : C:\Users\JARDA\AppData\Roaming\MailUpdate
    File Deleted : C:\END
    File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
     
    ***** [ Scheduled tasks ] *****
     
     
    ***** [ Shortcuts ] *****
     
     
    ***** [ Registry ] *****
     
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bitguard.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bprotect.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserdefender.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browserprotect.exe
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8}
    Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
    Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428A-92C9-0CFC28B9D1BF}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2023ECEC-E06A-4372-A1C7-0B49F9E0FFF0}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{E733165D-CBCF-4FDA-883E-ADEF965B476C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{425ED333-6083-428a-92C9-0CFC28B9D1BF}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ABCD0123-1234-5678-ABCD-0123456789AB}
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2488}
    Key Deleted : HKCU\Software\SafetyNut
    Key Deleted : HKCU\Software\Baidu
    Key Deleted : HKLM\SOFTWARE\dt soft\daemon tools toolbar
    Key Deleted : HKLM\SOFTWARE\hdcode
    Key Deleted : HKLM\SOFTWARE\SupDp
    Key Deleted : HKLM\SOFTWARE\winzipersvc
    Key Deleted : HKLM\SOFTWARE\Baidu
    Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\bpsvc.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\browsersafeguard.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dprotectsvc.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\jumpflip
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\protectedsearch.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchinstaller.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotection.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchprotector.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\searchsettings64.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\snapdo.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst32.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\stinst64.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\umbrella.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\utiljumpflip.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\volaro
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\vonteera
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroids.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\websteroidsservice.exe
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
    Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8080
     
    ***** [ Web browsers ] *****
     
    -\\ Internet Explorer v11.0.9600.17631
     
     
    -\\ Google Chrome v40.0.2214.111
     
     
    *************************
     
    AdwCleaner[R0].txt - [7094 bytes] - [16/02/2015 10:01:28]
    AdwCleaner[s0].txt - [6045 bytes] - [16/02/2015 10:05:53]
     
    ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [6104  bytes] ##########
     
     
    ==============================================================
     
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 10:24:25, on 16/02/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17631)
    Boot mode: Normal
     
    Running processes:
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files (x86)\Glary Utilities 4\CheckUpdate.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
    C:\Windows\SysWOW64\notepad.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Users\JARDA\Desktop\HijackThis.exe
     
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
    O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915"/build:7601 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915"/build:7601 (User 'Default user')
    O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Converter destino do link em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: http://www.bb.com.br
    O15 - Trusted Zone: bankline.itau.com.br
    O15 - Trusted Zone: clickbanking.itau.com.br
    O15 - Trusted Zone: guardiao.itau.com.br
    O15 - Trusted Zone: www.itau.com.br
    O15 - Trusted Zone: *.itau.com.br
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
     
    --
    End of file - 12331 bytes
     

  17. Obrigado pela ajuda. Segue 2 logs do Mbam e 1 do Hijackthis

     

    ===========================================

     

    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
     
    Update, 13/02/2015 17:53:01, SYSTEM, JARDA-PC, Manual, Rootkit Database, 2014.11.18.1, 2015.2.3.1, 
    Update, 13/02/2015 17:53:01, SYSTEM, JARDA-PC, Manual, Remediation Database, 2013.10.16.1, 2014.12.6.1, 
    Update, 13/02/2015 17:53:25, SYSTEM, JARDA-PC, Manual, Malware Database, 2014.11.20.6, 2015.2.13.6, 
    Scan, 13/02/2015 18:10:20, SYSTEM, JARDA-PC, Manual, Start:13/02/2015 17:54:57, Duration:14 min 12 sec, Verificar Ameaça, Terminado, 0 Malware Detections, 80 Non-Malware Detections, 
     
    (end)
     
    ============================================================
     
    Malwarebytes Anti-Malware
    www.malwarebytes.org
     
    Data da Verificação: 13/02/2015
    Hora da Verificação: 17:54:57
    Arquivo de Log: logMAM2.txt
    Administrador: Sim
     
    Versão: 2.00.4.1028
    Base de Dados de Malware: v2015.02.13.06
    Base de Dados de Rootkit: v2015.02.03.01
    Licença: Grátis
    Proteção de Malware: Desabilitado
    Proteção de Site Malicioso: Desabilitado
    Auto-Proteção: Desabilitado
     
    SO: Windows 7 Service Pack 1
    Processador: x64
    Sistema de Arquivos: NTFS
    Usuário: JARDA
     
    Tipo da Verificação: Verificar Ameaça
    Resultado: Terminado
    Objetos Verificados: 345310
    Tempo Decorrido: 14 min, 12 seg
     
    Memória: Habilitado
    Inicialização: Habilitado
    Sistema de Arquivos: Habilitado
    Arquivos Compactados: Habilitado
    Rootkits: Habilitado
    Rootkit Profundo: Habilitado
    Heurística: Habilitado
    PUP: Habilitado
    PUM: Habilitado
     
    Processos: 1
    PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, 1860, Apagar ao Reiniciar, [c84a4fcb44464ee874534e1824dc05fb]
     
    Módulos: 0
    (Nenhum item malicioso detectado)
     
    Chaves de Registro: 31
    PUP.Optional.WindowsProtectManger.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\WindowsMangerProtect, Quarentena, [c84a4fcb44464ee874534e1824dc05fb], 
    PUP.Optional.Datamngr.A, HKLM\SOFTWARE\CLASSES\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}, Quarentena, [91817b9f32583600f57d43fd7093be42], 
    PUP.Optional.DynConIE.A, HKLM\SOFTWARE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarentena, [5eb44cce6822a78f2814ea21df245aa6], 
    PUP.Optional.DynConIE.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}, Quarentena, [5eb44cce6822a78f2814ea21df245aa6], 
    PUP.Optional.Snapdo.T, HKU\S-1-5-21-3934306144-1224154063-1079240014-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{006ee092-9658-4fd6-bd8e-a21a348e59f5}, Quarentena, [eb27e238d5b52e08d740370cf112be42], 
    PUP.Optional.Snapdo.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{006EE092-9658-4FD6-BD8E-A21A348E59F5}, Quarentena, [eb27e238d5b52e08d740370cf112be42], 
    PUP.Optional.QuickShare.A, HKU\S-1-5-21-3934306144-1224154063-1079240014-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarentena, [0a089e7cdcaea393e63960df62a18f71], 
    PUP.Optional.QuickShare.A, HKU\S-1-5-21-3934306144-1224154063-1079240014-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}, Quarentena, [0a089e7cdcaea393e63960df62a18f71], 
    PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarentena, [d04258c219710333bcebc743ff041fe1], 
    PUP.Optional.SearchQu, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard, Quarentena, [22f08f8b8901fd39113a836714f0df21], 
    PUP.Optional.SearchQu, HKLM\SOFTWARE\CLASSES\SearchQUIEHelper.DNSGuard.1, Quarentena, [040e15054347db5b91ba935727dd0cf4], 
    PUP.Optional.SecurityProtection.A, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\noajmlkipclmeolfcnflkjhijkigpfjh, Quarentena, [987a7aa06f1bfb3b2f407e18b1522dd3], 
    PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarentena, [888a42d856348da9f4b95d9b26de09f7], 
    PUP.Optional.Delta.A, HKLM\SOFTWARE\WOW6432NODE\delta-homesSoftware, Quarentena, [d63c49d1f39746f08608f3ba9c6711ef], 
    PUP.Optional.IHProtect.A, HKLM\SOFTWARE\WOW6432NODE\IHProtect, Quarentena, [47cb71a94b3f5fd79d1bd6bc42c1bc44], 
    PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, Quarentena, [b26064b666245ed8fd3abcee16ed24dc], 
    PUP.Optional.ISearch.A, HKLM\SOFTWARE\WOW6432NODE\omiga-plusSoftware, Quarentena, [3fd38b8fdeaca78ffa070ef79f66f10f], 
    PUP.Optional.WPM.A, HKLM\SOFTWARE\WOW6432NODE\supWindowsMangerProtect, Quarentena, [1af873a7b8d259dd1acda567b64f936d], 
    PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SearchQUIEHelper.DNSGuard, Quarentena, [5eb46dad6624fc3a4dfeedfdcb3957a9], 
    PUP.Optional.SearchQu, HKLM\SOFTWARE\WOW6432NODE\CLASSES\SearchQUIEHelper.DNSGuard.1, Quarentena, [db371dfdc8c2b97ddb70628841c33bc5], 
    PUP.Optional.SecurityProtection.A, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\noajmlkipclmeolfcnflkjhijkigpfjh, Quarentena, [fe14a87290fa02346906fd9917ece818], 
    PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarentena, [f02242d85b2f96a0d4d917e1ea1ab14f], 
    PUP.Optional.SafetyNut.A, HKLM\SOFTWARE\WOW6432NODE\SAFETYNUT, Quarentena, [878b3cde44460d29355dd51da460d12f], 
    PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB, Quarentena, [a1716eac1179ac8ac0c22088c83ba060], 
    PUP.Optional.IEPluginServices.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\IePluginServices, Quarentena, [8b879684ee9c2b0b0aad514c7291847c], 
    PUP.Optional.WindowsMangerProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WindowsMangerProtect, Quarentena, [b35fc258dfab93a37a3e138ae41f25db], 
    PUP.Optional.WebSearches.A, HKU\S-1-5-21-3934306144-1224154063-1079240014-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupHpUISoft, Quarentena, [769ca6740d7d0d29d45d2882c241aa56], 
    PUP.Optional.MultiIE.A, HKU\S-1-5-21-3934306144-1224154063-1079240014-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\DynConIE, Quarentena, [23ef72a8b9d1a5919cc4f4163ec741bf], 
    PUP.Optional.Qone8, HKU\S-1-5-21-3934306144-1224154063-1079240014-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarentena, [0c06fa20c3c71422812b1cdcfd07da26], 
    PUP.Optional.SnapDo.A, HKU\S-1-5-21-3934306144-1224154063-1079240014-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR, Quarentena, [0d0559c1fb8f142250d19b3cd82b24dc], 
    PUP.Optional.Ask.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\F06DEFF2-5B9C-490D-910F-35D3A9119622, Quarentena, [ac66e6344743a591df68244a7390cb35], 
     
    Valores de Registro: 5
    PUP.Optional.SmartBar, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarentena, [49c99c7e385287af62c62285fa09ba46]
    PUP.Optional.SmartBar, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\TOOLBAR|{ae07101b-46d4-4a98-af68-0333ea26e113}, Smartbar, Quarentena, [759d1901eaa084b2b7712a7dba49d52b]
    PUP.Optional.SafetyNut.A, HKLM\SOFTWARE\WOW6432NODE\SAFETYNUT|browser,  cr, Quarentena, [878b3cde44460d29355dd51da460d12f]
    PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\SUPTAB|ptid, smt, Quarentena, [a1716eac1179ac8ac0c22088c83ba060]
    PUP.Optional.SnapDo.A, HKU\S-1-5-21-3934306144-1224154063-1079240014-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SMARTBAR|publisher, SnapdoOCYB, Quarentena, [0d0559c1fb8f142250d19b3cd82b24dc]
     
    Dados de Registro: 7
    PUP.Optional.OmigaPlus.A, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|Start Page, http://isearch.omiga-plus.com/?type=hppp&ts=1422307784&from=obw&uid=ST750LM022XHN-M750MBB_S2YDJ9BD605013, Bom: (www.google.com), Ruim: (http://isearch.omiga-plus.com/?type=hppp&ts=1422307784&from=obw&uid=ST750LM022XHN-M750MBB_S2YDJ9BD605013),Substituído,[050db367cfbb0d29e7e810b0d431bb45]
    PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bom: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Ruim: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Substituído,[33df59c16f1b41f546b7e9d58580b050]
     
    Pastas: 12
    PUP.Optional.SafetyNut.A, C:\ProgramData\SafetyNut, Quarentena, [c64c57c3246657df3160718131d3e51b], 
    PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices, Quarentena, [58ba03176c1eae8807acb1b76c97fb05], 
    PUP.Optional.IePluginServices.A, C:\ProgramData\IePluginServices\update, Quarentena, [58ba03176c1eae8807acb1b76c97fb05], 
    PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect, Apagar ao Reiniciar, [8e846fab890167cf2fb04c1e8f743bc5], 
    PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log, Quarentena, [8e846fab890167cf2fb04c1e8f743bc5], 
    PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update, Quarentena, [8e846fab890167cf2fb04c1e8f743bc5], 
    PUP.Optional.Ask.A, C:\Program Files (x86)\Browser Tab Search by Ask, Quarentena, [ac66e6344743a591df68244a7390cb35], 
    PUP.Optional.Ask.A, C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut, Quarentena, [ac66e6344743a591df68244a7390cb35], 
    PUP.Optional.Ask.A, C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch, Quarentena, [ac66e6344743a591df68244a7390cb35], 
    PUP.Optional.Ask.A, C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\x64, Quarentena, [ac66e6344743a591df68244a7390cb35], 
    PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate, Quarentena, [c052a179692194a225597710f50ec937], 
    PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update, Quarentena, [c052a179692194a225597710f50ec937], 
     
    Arquivos: 24
    PUP.Optional.WindowsProtectManger.A, C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe, Apagar ao Reiniciar, [c84a4fcb44464ee874534e1824dc05fb], 
    PUP.Optional.Datamngr.A, C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\x64\safetynut_ie.dll, Quarentena, [91817b9f32583600f57d43fd7093be42], 
    PUP.Optional.OutBrowse.gen, C:\Users\JARDA\Desktop\epubreaderfree_setup.exe, Quarentena, [c74b2feb63272b0bc7e268add72b659b], 
    PUP.Optional.SecurityProtection.A, C:\Users\JARDA\AppData\Local\Google\Chrome\User Data\Default\Extensions\noajmlkipclmeolfcnflkjhijkigpfjh.crx, Quarentena, [6fa31ffb4c3ea88eec8281158b782bd5], 
    PUP.Optional.SafetyNut.A, C:\ProgramData\SafetyNut\coordinator.cfg, Quarentena, [c64c57c3246657df3160718131d3e51b], 
    PUP.Optional.SafetyNut.A, C:\ProgramData\SafetyNut\general.cfg, Quarentena, [c64c57c3246657df3160718131d3e51b], 
    PUP.Optional.SafetyNut.A, C:\ProgramData\SafetyNut\S-1-5-21-3934306144-1224154063-1079240014-1000.cfg, Quarentena, [c64c57c3246657df3160718131d3e51b], 
    PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\log\ProtectWindowsManager_2014-09-12[21-50-43-974].log, Quarentena, [8e846fab890167cf2fb04c1e8f743bc5], 
    PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\conf, Quarentena, [8e846fab890167cf2fb04c1e8f743bc5], 
    PUP.Optional.WPM.A, C:\ProgramData\WindowsMangerProtect\update\update.exe, Quarentena, [8e846fab890167cf2fb04c1e8f743bc5], 
    PUP.Optional.Ask.A, C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\configmgrc2.cfg, Quarentena, [ac66e6344743a591df68244a7390cb35], 
    PUP.Optional.Ask.A, C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\favicon.ico, Quarentena, [ac66e6344743a591df68244a7390cb35], 
    PUP.Optional.Ask.A, C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\Helper.dll, Quarentena, [ac66e6344743a591df68244a7390cb35], 
    PUP.Optional.Ask.A, C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\Internet Explorer Settings.exe, Quarentena, [ac66e6344743a591df68244a7390cb35], 
    PUP.Optional.Ask.A, C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\safetynut.exe, Quarentena, [ac66e6344743a591df68244a7390cb35], 
    PUP.Optional.Ask.A, C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\BrowserTabSearchUninstall.exe, Quarentena, [ac66e6344743a591df68244a7390cb35], 
    PUP.Optional.Ask.A, C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msb.dll, Quarentena, [ac66e6344743a591df68244a7390cb35], 
    PUP.Optional.Ask.A, C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msb64.dll, Quarentena, [ac66e6344743a591df68244a7390cb35], 
    PUP.Optional.Ask.A, C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader.exe, Quarentena, [ac66e6344743a591df68244a7390cb35], 
    PUP.Optional.Ask.A, C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\BrowserTabSearch\msbloader64.exe, Quarentena, [ac66e6344743a591df68244a7390cb35], 
    PUP.Optional.Ask.A, C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\x64\configmgrc2.cfg, Quarentena, [ac66e6344743a591df68244a7390cb35], 
    PUP.Optional.Ask.A, C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\x64\Internet Explorer Settings.exe, Quarentena, [ac66e6344743a591df68244a7390cb35], 
    PUP.Optional.Ask.A, C:\Program Files (x86)\Browser Tab Search by Ask\SafetyNut\x64\safetycrt.dll, Quarentena, [ac66e6344743a591df68244a7390cb35], 
    PUP.Optional.IHProtectUpDate.A, C:\ProgramData\IHProtectUpDate\update\conf, Quarentena, [c052a179692194a225597710f50ec937], 
     
    Setores Físicos: 0
    (Nenhum item malicioso detectado)
     
     
    (end)
     
     
    ==========================================================
     
     
    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 18:21:40, on 13/02/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17631)
    Boot mode: Normal
     
    Running processes:
    C:\PROGRA~2\GbPlugin\GbpSv.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\HijackThis.exe
     
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = www.google.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe,
    O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
    O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915"/build:7601 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915"/build:7601 (User 'Default user')
    O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Converter destino do link em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: http://www.bb.com.br
    O15 - Trusted Zone: bankline.itau.com.br
    O15 - Trusted Zone: clickbanking.itau.com.br
    O15 - Trusted Zone: guardiao.itau.com.br
    O15 - Trusted Zone: www.itau.com.br
    O15 - Trusted Zone: *.itau.com.br
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
     
    --
    End of file - 12680 bytes
     
     
  18. Editado por jardaon2

    ''


    Olá Pessoal, boa noite.

     

    Ultimamente tenho notado meu PC muito lento, o Chrome travando direito e até a internet está lenta. Pra finalizar, sempre entra um mecanismo de busca chamado V9 no Chrome, e não consigo tirá-lo. Também desinstalei alguns programas suspeitos que estavam na máquina.

     

    Segui os procedimentos do site e conto com a ajuda de vocês. 

     

    Segue o Log:

     

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 23:57:52, on 06/02/2015
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v11.0 (11.00.9600.17496)
    Boot mode: Normal
     
    Running processes:
    C:\Program Files (x86)\Glary Utilities 4\CheckUpdate.exe
    C:\Program Files\Alwil Software\Avast5\AvastUI.exe
    C:\Program Files (x86)\iTunes\iTunesHelper.exe
    C:\Users\JARDA\AppData\Roaming\uTorrent\uTorrent.exe
    C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
    C:\Program Files (x86)\Glary Utilities 4\MemfilesService.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    C:\HijackThis.exe
     
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - (no file)
    O2 - BHO: AMD SteadyVideo BHO - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - (no file)
    O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
    O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
    O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
    O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
    O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
    O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
    O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
    O3 - Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - (no file)
    O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
    O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915"/build:7601 (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915"/build:7601 (User 'Default user')
    O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Converter destino do link em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
    O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
    O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
    O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
    O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
    O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O15 - Trusted Zone: www.bancobrasil.com.br
    O15 - Trusted Zone: www14.bancobrasil.com.br
    O15 - Trusted Zone: www2.bancobrasil.com.br
    O15 - Trusted Zone: www.bb.com.br
    O15 - Trusted Zone: http://www.bb.com.br
    O15 - Trusted Zone: bankline.itau.com.br
    O15 - Trusted Zone: clickbanking.itau.com.br
    O15 - Trusted Zone: guardiao.itau.com.br
    O15 - Trusted Zone: www.itau.com.br
    O15 - Trusted Zone: *.itau.com.br
    O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
    O18 - Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O18 - Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll
    O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
    O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
    O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
    O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: avast! antivírus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
    O23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
    O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
    O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: MySQL - Unknown owner - C:\Program.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
    O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - SysTool PasSame LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
     
    --
    End of file - 13501 bytes

  19. Fala Galera, estou com um problemão no meu PC e conto com a ajuda de vocês.

    A máquina já tem alguns anos, mas ontem mesmo formatei meu HD e instalei o Windows 7 ultimate 64bits (já tive ele antes). Até aí tudo certo. Depois que a instalação foi concluída decidi ligar, também, o meu outro HD (para já fechar o PC). Acontece que, quando fiz isso, comecei a sentir o seguinte erro:

    AWARD BOOT BLOCK BIOS V10

    COPYRIGHT © 2000,AWARD SOFTWARE ,INC

    BIOS ROM CHECKSUM ERROR

    DETECTING IDE ATAPI DEVICE

    FOUND CDROM, TRU TO BOOT FROM IT...FAIL

    DETECTING FLOPPY DRIVE A MEDIA ...

    DRIVE A ERROR - SYSTEM HALT

    E isso ocorre sem nem me da a possibilidade de chegar na BIOS, ou seja, é logo que liga a máquina mesmo.

    Fiz uma pesquisa na net e descobri que esse erro rola quando a BIOS vai pro espaço (só não sei porque a minha ficou assim). Vi tb que tem que preparar um disket de boot pra reescrever uma nova BIOS. Como a minha placa-mãe é uma Asus M2N4 - SLI tentei colocar o cd da placa-mãe.

    O sistema deu o Boot no Cd e começou a atualizar a BIOS, imagino que da mesma maneira caso tivesse usado um disket de boot. O problema é que mesmo após a atualização, com sucesso, da BIOS, pelo CD, o problema persiste. Teve só uma mudança:

    KEYBOARD ERROR OR NO KEYBOARD PRESENT

    Isso começou a aparecer depois do update da BIOS, pelo cd da placa-mãe. Meu teclado está funcionando (testei em outro PC) e, usando outro teclado, o problema volta ao início.

    Limpei a Cmos e fiquei com a bateria fora do PC a noite inteira e nada.

    O que eu faço? tento o esquema de Boot por disket? O problema é que eu não tenho drive Floppy! Será que da pra fazer o mesmo esquema com CD/DVD?

    Resumindo o que eu fiz:

    1) update da BIOS pelo cd da placa-mãe - SUCESSO

    2) erro persistiu, mas agora com a observação "KEYBOARD ERROR OR NO KEYBOARD PRESENT"

    3) troquei o teclado e o erro acima sumiu, mas continuou o problea do BIOS Rom Checksum Error

    4) fiz mais updates de BIOS com o Cd da placa-mãe, todos com sucesso, mas nenhum resolveu meu problema. Fiz vários mesmo, uns 20 fácil.

    Hj mesmo vou comprar uma nova bateria pra placa-mãe mas e aí, o que eu faço? To desesperado já...

×
×
  • Criar Novo...