Ir para conteúdo
AVISO IMPORTANTE  MUDANÇA DE FOCO DO SITE E FÓRUM DO BABOO

BABOO e KTS 2018 no YouTube Loja online do BABOO

nandorhenius

Participante
  • Postagens

    12
  • Desde

  • Última visita

Perfil

  • Escolaridade
    Superior cursando
  • Área Profissional
    Comunicação / Marketing
  • Nível Profissional
    Consultor
  • Estado
    Santa Catarina
  • Sexo
    masculino

Como me contatar

  • URL do site ou blog
    www.bongasat.com.br
  • Facebook
    https://www.facebook.com/frhenius
  • Twitter
    @nandorhenius
  1. Erro Distribute COM faz Windows 10 reiniciar sozinho

    Oi Paulo Fiz aquela instalação que o Windows volta aos padrões originais, mantendo os arquivos pessoais. Acredito que tenha que fazer uma do zero mesmo...
  2. Erro Distribute COM faz Windows 10 reiniciar sozinho

    Bom dia amigos Estou enfrentando problemas com a minha instalação do Windows 10. Ele está reiniciando sozinho. Tanto o SO quanto o Office são originais, e começaram a apresentar este erro de um tempo para cá. Abaixo seguem os eventos: Service Control Manager - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Service Control Manager" Guid="{555908d1-a6d7-4695-8e1e-26931d2012f4}" EventSourceName="Service Control Manager" /> <EventID Qualifiers="49152">7022</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2018-01-20T13:26:30.080342800Z" /> <EventRecordID>3823</EventRecordID> <Correlation /> <Execution ProcessID="776" ThreadID="1308" /> <Channel>System</Channel> <Computer>DESKTOP-H5IHIFA</Computer> <Security /> </System> - <EventData> <Data Name="param1">Windows Search</Data> <Binary>57005300650061007200630068000000</Binary> </EventData> </Event> DistributedCOM - 10016 - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" /> <EventID Qualifiers="0">10016</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2018-01-20T13:25:45.546868600Z" /> <EventRecordID>3822</EventRecordID> <Correlation /> <Execution ProcessID="876" ThreadID="3464" /> <Channel>System</Channel> <Computer>DESKTOP-H5IHIFA</Computer> <Security UserID="S-1-5-21-3995440502-2802546060-3844803309-1001" /> </System> - <EventData> <Data Name="param1">específico do aplicativo</Data> <Data Name="param2">Local</Data> <Data Name="param3">Ativação</Data> <Data Name="param4">{D63B10C5-BB46-4990-A94F-E40B9D520160}</Data> <Data Name="param5">{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}</Data> <Data Name="param6">DESKTOP-H5IHIFA</Data> <Data Name="param7">nando</Data> <Data Name="param8">S-1-5-21-3995440502-2802546060-3844803309-1001</Data> <Data Name="param9">LocalHost (Usando LRPC)</Data> <Data Name="param10">Não Disponível</Data> <Data Name="param11">Não Disponível</Data> </EventData> </Event> - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" /> <EventID Qualifiers="0">10016</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2018-01-20T13:23:52.226571600Z" /> <EventRecordID>3821</EventRecordID> <Correlation /> <Execution ProcessID="876" ThreadID="1616" /> <Channel>System</Channel> <Computer>DESKTOP-H5IHIFA</Computer> <Security UserID="S-1-5-19" /> </System> - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Microsoft-Windows-DistributedCOM" Guid="{1B562E86-B7AA-4131-BADC-B6F3A001407E}" EventSourceName="DCOM" /> <EventID Qualifiers="0">10016</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8080000000000000</Keywords> <TimeCreated SystemTime="2018-01-20T13:23:52.164070500Z" /> <EventRecordID>3820</EventRecordID> <Correlation /> <Execution ProcessID="876" ThreadID="1616" /> <Channel>System</Channel> <Computer>DESKTOP-H5IHIFA</Computer> <Security UserID="S-1-5-19" /> </System> - <EventData> <Data Name="param1">específico do aplicativo</Data> <Data Name="param2">Local</Data> <Data Name="param3">Ativação</Data> <Data Name="param4">{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</Data> <Data Name="param5">{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</Data> <Data Name="param6">AUTORIDADE NT</Data> <Data Name="param7">SERVIÇO LOCAL</Data> <Data Name="param8">S-1-5-19</Data> <Data Name="param9">LocalHost (Usando LRPC)</Data> <Data Name="param10">Não Disponível</Data> <Data Name="param11">Não Disponível</Data> </EventData> </Event> - <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event"> - <System> <Provider Name="Microsoft-Windows-WHEA-Logger" Guid="{C26C4F3C-3F66-4E99-8F8A-39405CFED220}" /> <EventID>20</EventID> <Version>0</Version> <Level>2</Level> <Task>0</Task> <Opcode>0</Opcode> <Keywords>0x8000000000000000</Keywords> <TimeCreated SystemTime="2018-01-20T13:20:51.645195700Z" /> <EventRecordID>3816</EventRecordID> <Correlation ActivityID="{F239FE56-8F4F-40A2-9D38-5BB0E912394F}" /> <Execution ProcessID="2932" ThreadID="3508" /> <Channel>System</Channel> <Computer>DESKTOP-H5IHIFA</Computer> <Security UserID="S-1-5-19" /> </System> - <EventData> <Data Name="ErrorSource">3</Data> <Data Name="ApicId">0</Data> <Data Name="MCABank">4</Data> <Data Name="MciStat">0xf2000010000b0c0f</Data> <Data Name="MciAddr">0x0</Data> <Data Name="MciMisc">0x0</Data> <Data Name="ErrorType">11</Data> <Data Name="Length">928</Data> <Data Name="RawData">435045521002FFFFFFFF03000100000002000000A003000007140D00140112140000000000000000000000000000000000000000000000000000000000000000BDC407CF89B7184EB3C41F732CB57131FE6FF5E89C91C54CBA8865ABE14913BBC7D4B55AF191D30102000000000000000000000000000000000000000000000058010000C00000000003000001000000ADCC7698B447DB4BB65E16F193C4F3DB0000000000000000000000000000000001000000000000000000000000000000000000000000000018020000800000000003000000000000B0A03EDC44A19747B95B53FA242B6E1D0000000000000000000000000000000001000000000000000000000000000000000000000000000098020000080100000003000000000000011D1E8AF94257459C33565E5CC3F7E8000000000000000000000000000000000100000000000000000000000000000000000000000000007F010000000000000002040000030000200F60000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000007000000000000000000000000000000200F6000000808000B32983EFFFB8B170000000000000000000000000000000000000000000000000000000000000000B3F8F31CB1C5A249AA595EEF92FFA63C01000000000000009E07C0A60600000000000000000000000000000000000000000000000000000000000000000000000100000002000000BE0C1564F191D3010000000000000000000000000000000000000000040000000F0C0B00100000F2000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000</Data> </EventData> </Event> - <EventData> <Data Name="param1">específico do aplicativo</Data> <Data Name="param2">Local</Data> <Data Name="param3">Ativação</Data> <Data Name="param4">{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}</Data> <Data Name="param5">{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}</Data> <Data Name="param6">AUTORIDADE NT</Data> <Data Name="param7">SERVIÇO LOCAL</Data> <Data Name="param8">S-1-5-19</Data> <Data Name="param9">LocalHost (Usando LRPC)</Data> <Data Name="param10">Não Disponível</Data> <Data Name="param11">Não Disponível</Data> </EventData> </Event>
  3. Reinicio sem motivo do Windows 10

    Olá amigos Fiz uma limpeza no PC, troquei a pasta térmica do processador, tirei toda a poeira, limpei os slots de memória e tudo mais. Formatei o Windows, instalação limpa, e novamente aconteceu o problema com bem menos frequência...Esse Memtest como funciona?
  4. Reinicio sem motivo do Windows 10

    Bom dia amigos Meu Windows 10 vem reiniciando sem motivo aparente. Pensei que era alta temperatura, cooler sujo, mas o erro só ocorre dentro do sistema, e não em jogos que demandam mais poder do sistema. O que poderia ser?
  5. Script direcionando Proxy

    Ponto de restauração criado. Mais uma vez obrigado pela ajuda.
  6. Script direcionando Proxy

    O PC aparentemente está normal. O proxy não se alterou mais sozinho. Abaixo o log. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:24:58, on 07/11/2016 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.14393.0000) Boot mode: Normal Running processes: C:\Users\Fernando\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Fernando\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=av O4 - HKCU\..\Run: [Google Update] "C:\Users\Fernando\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [uTorrent] "C:\Users\Fernando\AppData\Roaming\uTorrent\uTorrent.exe" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Fernando\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fernando\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O23 - Service: AdaptiveSleepService - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagenta.exe O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvca.exe O23 - Service: @C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_core.dll,-101 (chromoting) - Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @oem4.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9555 bytes
  7. Script direcionando Proxy

    Zoek.exe v5.0.0.1 Updated 19-September-2016 Tool run by Fernando on 07/11/2016 at 13:45:30,78. Microsoft Windows 10 Education 10.0.14393 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Fernando\Desktop\zoek.exe [Scan all users] [Script inserted] ==== Older Logs ====================== C:\zoek-results2016-11-07-145743.log 8800 bytes ==== System Restore Info ====================== 07/11/2016 13:47:02 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Chromium Look ====================== Chrome Media Router - Fernando\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm Mahjong Solitaire Epic - Fernando\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\bgomfkkjgdpajnhmecaghenjjekfembh Google News - Fernando\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\dllkocilcinkggkchnjgegijklcililc Conecte-se à sua conta do Skype - Fernando\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hnflpcncdjighkdcbnaegjehcdoojgpk Pixlr Editor - Fernando\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\icmaknaampgiegkcjlimdiidlhopknpk Fernando Rhenius (@fernandorhenius) •... - Fernando\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jkdmemppmkpekknlhkimkfddifipakoj Pixlr Touch Up - Fernando\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\jklljiahjgoglchglekebfljnmbaleig Google Play - Fernando\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi Mahjong Solitaire - Fernando\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\neojceinbonpjjcokpokpeobkhcpiloc Inbox - Fernando\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkclgpgponpjmpfokoepglboejdobkpl Chrome Media Router - Fernando\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm Chrome Media Router (Canary) - Fernando\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/pt-br/" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.msn.com/pt-br/" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== Reset Google Chrome ====================== C:\Users\Fernando\AppData\Local\Chromium\User Data\Default\Preferences was reset successfully C:\Users\Fernando\AppData\Local\Chromium\User Data\Default\Secure Preferences was reset successfully C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Profile 1\Preferences was reset successfully C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences was reset successfully C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Profile 2\Preferences was reset successfully C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Profile 2\Secure Preferences was reset successfully C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Profile 3\Preferences was reset successfully C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Profile 3\Secure Preferences was reset successfully C:\Users\Fernando\AppData\Local\Google\Chrome SxS\User Data\Default\Preferences was reset successfully C:\Users\Fernando\AppData\Local\Google\Chrome SxS\User Data\Default\Secure Preferences was reset successfully C:\Users\Fernando\AppData\Local\Vivaldi\User Data\Default\Preferences was reset successfully C:\Users\Fernando\AppData\Local\Vivaldi\User Data\Default\Secure Preferences was reset successfully C:\Users\Fernando\AppData\Local\Chromium\User Data\Default\Web Data was reset successfully C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Profile 1\Web Data was reset successfully C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Profile 2\Web Data was reset successfully C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Profile 3\Web Data was reset successfully C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Profile 3\Web Data-journal was reset successfully C:\Users\Fernando\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data was reset successfully C:\Users\Fernando\AppData\Local\Google\Chrome SxS\User Data\Default\Web Data-journal was reset successfully C:\Users\Fernando\AppData\Local\Vivaldi\User Data\Default\Web Data was reset successfully ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk - C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk - C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chromium.lnk - C:\Users\Fernando\AppData\Local\Chromium\Application\chrome.exe C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eurotrucks2.lnk - C:\Program Files (x86)\Steam\steamapps\common\Euro Truck Simulator 2\bin\win_x64\eurotrucks2.exe C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome Canary.lnk - C:\Users\Fernando\AppData\Local\Google\Chrome SxS\Application\chrome.exe C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\Fernando\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor.lnk - C:\rFactor\rFactor.exe C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\rFactor2.lnk - C:\Program Files (x86)\Steam\steamapps\common\rFactor 2\Bin32\rFactor2.exe C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vivaldi.lnk - C:\Users\Fernando\AppData\Local\Vivaldi\Application\vivaldi.exe C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú\Central de Diagnósticos.lnk - C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú\Desinstalador.lnk - C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú\Itaú.lnk - C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Google Keep - notas e listas.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Profile 3" --app-id=hmjkmjkepdijhoojdojkdfohbdgmmhki C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Google Play Música.lnk - C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Hangouts do Google.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Profile 3" --app-id=knipolnnllmklapflnccelgolnpehhpl C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Pixlr Touch Up.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Profile 3" --app-id=jklljiahjgoglchglekebfljnmbaleig C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Wicked Good Unarchiver.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Profile 3" --app-id=mljpablpddhocfbnokacjggdbmafjnon C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Área de trabalho remota do Google Chrome.lnk - C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Pro 3.4.7 Build 42330 by Seven7i\Ahmad Shah Massoud.lnk - C:\Users\Fernando\AppData\Roaming\uTorrent\Ahmad Shah Massoud.jpg C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Pro 3.4.7 Build 42330 by Seven7i\Seven7i on FB.lnk - C:\Users\Fernando\AppData\Roaming\uTorrent\Seven7i on FB.url C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\uTorrent Pro 3.4.7 Build 42330 by Seven7i\Seven7i on KAT.lnk - C:\Users\Fernando\AppData\Roaming\uTorrent\Seven7i on KAT.url C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WhatsApp\WhatsApp.lnk - C:\Users\Fernando\AppData\Local\WhatsApp\Update.exe --processStart WhatsApp.exe C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk - C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk - C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk - C:\Windows\syswow64\WindowsPowerShell\v1.0\powershell.exe C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\Windows\system32\WindowsPowerShell\v1.0\powershell.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC 2015.lnk - C:\Program Files\Adobe\Adobe Illustrator CC 2015\Support Files\Contents\Windows\Illustrator.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe InDesign CC 2015.lnk - C:\Program Files\Adobe\Adobe InDesign CC 2015\InDesign.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CC 2015.lnk - C:\Program Files\Adobe\Adobe Photoshop CC 2015\Photoshop.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Project 2016.lnk - C:\Program Files (x86)\Microsoft Office\Root\Office16\WINPROJ.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visio 2016.lnk - C:\Program Files (x86)\Microsoft Office\Root\Office16\VISIO.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE C:\ProgramData\Microsoft\Windows\Start Menu\Programs\4K Download\4K Video Downloader.lnk - C:\Program Files (x86)\4KDownload\4kvideodownloader\4kvideodownloader.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Radeon Settings\AMD Radeon Settings.lnk - C:\Program Files (x86)\AMD\CNext\CNext\RadeonSettings.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher\aTube Catcher.lnk - C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG Protection.lnk - C:\Program Files (x86)\AVG\Av\avgui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen\AVG.lnk - C:\Program Files (x86)\AVG\Framework\Common\avguix.exe /zen.open_ui C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016\Centro de Carregamento do Office 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016\Database Compare 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\DATABASECOMPARE.EXE" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016\Gerenciador de Gravação do Skype for Business.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016\Log de Telemetria do Office 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016\Painel de Telemetria do Office 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\msotd.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016\Preferências de Idioma do Office 2016.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016\Project Server 2016 Contas.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\WINPROJ.EXE -ProjectProfiles C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do Microsoft Office 2016\Spreadsheet Compare 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\SPREADSHEETCOMPARE.EXE" C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro\Start Google Earth Pro in DirectX mode.lnk - C:\Program Files (x86)\Google\Google Earth Pro\client\googleearth.exe -setDX C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro\Start Google Earth Pro in OpenGL mode.lnk - C:\Program Files (x86)\Google\Google Earth Pro\client\googleearth.exe -setOGL C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro\Start Google Earth Pro.lnk - C:\Program Files (x86)\Google\Google Earth Pro\client\googleearth.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro\Uninstall Google Earth Pro.lnk - C:\Windows\System32\msiexec.exe /x {62D24387-9F2A-4629-BC77-1FD23BD8663A} C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk - C:\Program Files (x86)\K-Lite Codec Pack\MPC-HC64\mpc-hc64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\DirectVobSub64\vsfilter.dll",DirectVobSub C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk - C:\Windows\syswow64\rundll32.exe "C:\Windows\SysWoW64\ff_vfw.dll",configureVFW C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Audio.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavaudio.ax",OpenConfiguration C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Splitter.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavsplitter.ax",OpenConfiguration C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\LAV Video.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV64\lavvideo.ax",OpenConfiguration C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madVR.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Filters\madVR\madHcCtrl.exe editLocalSettingsDontWait C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\x264 VFW (x64).lnk - C:\Windows\System32\rundll32.exe "C:\Windows\system32\x264vfw64.dll",Configure C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\x264 VFW (x86).lnk - C:\Windows\syswow64\rundll32.exe "C:\Windows\SysWoW64\x264vfw.dll",Configure C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid VFW.lnk - C:\Windows\System32\rundll32.exe "C:\Windows\system32\xvidvfw.dll",Configure C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext (x64).lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudioNext.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\GraphStudioNext.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech\Launch Gaming Software Profiler.lnk - C:\Windows\Installer\{1444D2EE-C7AD-44A8-844F-2634B49353D1}\NewShortcut1_7E69263C626D4C569CA13522D79FEB7F.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Desinstalar Winamp.lnk - C:\Program Files (x86)\Winamp\uninstwa.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\O Que há de Novo.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp (Modo de Segurança).lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Chromium.lnk - C:\Users\Fernando\AppData\Local\Chromium\Application\chrome.exe C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome Canary.lnk - C:\Users\Fernando\AppData\Local\Google\Chrome SxS\Application\chrome.exe C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Vivaldi.lnk - C:\Users\Fernando\AppData\Local\Vivaldi\Application\vivaldi.exe C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --profile-directory="Profile 3" C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Fernando\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Fernando\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Fernando\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Fernando\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Fernando\AppData\Local\Chromium\User Data\Default\Cache emptied successfully C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Profile 3\Cache emptied successfully C:\Users\Fernando\AppData\Local\Google\Chrome SxS\User Data\Default\Cache emptied successfully C:\Users\Fernando\AppData\Local\Vivaldi\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=1766 folders=317 489390332 bytes) ==== Empty Temp Folders ====================== C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied C:\Users\Fernando\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\Fernando\AppData\Roaming\WhatsApp\Cookies" not found "C:\Users\Fernando\AppData\Roaming\WhatsApp\lockfile" not found "C:\Users\Fernando\AppData\Roaming\WhatsApp\main-process.log" not found "C:\Users\Fernando\AppData\Roaming\WhatsApp\QuotaManager" not found "C:\Users\Fernando\AppData\Roaming\WhatsApp\QuotaManager-journal" not found "C:\Users\Fernando\AppData\Roaming\WhatsApp\databases\Databases.db" not found "C:\Users\Fernando\AppData\Roaming\WhatsApp\Local Storage\file__0.localstorage" not found "C:\Users\Fernando\AppData\Roaming\WhatsApp\Local Storage\file__0.localstorage-journal" not found "C:\Users\Fernando\AppData\Roaming\WhatsApp\File System\Origins\000003.log" not found "C:\Users\Fernando\AppData\Roaming\WhatsApp\File System\Origins\LOCK" not found "C:\Users\Fernando\AppData\Roaming\WhatsApp\File System\Origins\LOG" not found "C:\Users\Fernando\AppData\Roaming\WhatsApp\File System\Origins\MANIFEST-000001" not found "C:\Users\Fernando\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000281.log" not found "C:\Users\Fernando\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000283.ldb" not found "C:\Users\Fernando\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\000291.ldb" not found "C:\Users\Fernando\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\LOCK" not found "C:\Users\Fernando\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\LOG" not found "C:\Users\Fernando\AppData\Roaming\WhatsApp\IndexedDB\file__0.indexeddb.leveldb\MANIFEST-000001" not found "C:\Users\Fernando\AppData\Roaming\WhatsApp" not found ==== EOF on 07/11/2016 at 14:05:48,83 ======================
  8. Script direcionando Proxy

    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 13:16:38, on 07/11/2016 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.14393.0000) Boot mode: Normal Running processes: C:\Program Files (x86)\Winamp\winamp.exe C:\Users\Fernando\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files (x86)\AVG\Framework\Common\avguix.exe C:\Users\Fernando\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=av O4 - HKCU\..\Run: [Google Update] "C:\Users\Fernando\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [uTorrent] "C:\Users\Fernando\AppData\Roaming\uTorrent\uTorrent.exe" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Fernando\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fernando\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O23 - Service: AdaptiveSleepService - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagenta.exe O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvca.exe O23 - Service: @C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_core.dll,-101 (chromoting) - Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @oem4.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9653 bytes ------------------------------ Zoek.exe v5.0.0.1 Updated 19-September-2016 Tool run by Fernando on 07/11/2016 at 12:37:34,84. Microsoft Windows 10 Education 10.0.14393 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Fernando\Desktop\zoek.exe [Scan all users] [Script inserted] ===== Runcheck 12:42:48,60 ===== --- Create Environment Variables 12:42:49,42 --- Create System Restore Point 12:42:55,43 --- Checking Input 12:43:23,29 --- Reset Hosts File 12:44:13,28 --- AU AppData Check 12:44:13,78 --- Remove From Windows Installer 12:44:15,77 --- Empty Folders Check 12:45:04,16 --- Registry HKLM Software Check 12:45:04,25 --- Quick Launch Shortcut Check 12:45:21,66 --- IE Startpage Check 12:45:25,91 --- Program Files DB Check 12:45:35,34 --- C:\Users\Default\AppData DB Check 12:46:20,67 --- C:\Users\Fernando\AppData DB Check 12:46:20,67 --- C:\Windows\SysNative\config\systemprofile\AppData DB Check 12:46:20,67 --- C:\Windows\sysWoW64\config\systemprofile\AppData DB Check 12:46:20,67 --- C:\Windows\serviceprofiles\networkservice\AppData DB Check 12:46:20,67 --- C:\Windows\serviceprofiles\Localservice\AppData DB Check 12:46:20,67 --- C:\Users\Fernando DB Check 12:48:26,66 --- C:\PROGRA~3 DB Check 12:48:48,83 --- C:\Users\Default\AppData\Local DB Check 12:49:03,07 --- C:\Users\Fernando\AppData\Local DB Check 12:49:03,07 --- C:\Users\USURIO~1\AppData\Local DB Check 12:49:03,07 --- C:\Windows\SysNative\config\systemprofile\AppData\Local DB Check 12:49:03,07 --- C:\Windows\sysWoW64\config\systemprofile\AppData\Local DB Check 12:49:03,07 --- C:\Windows\serviceprofiles\networkservice\AppData\Local DB Check 12:49:03,07 --- C:\Windows\serviceprofiles\Localservice\AppData\Local DB Check 12:49:03,07 --- C:\ProgramData\Microsoft\Windows\Start Menu\Programs DB Check 12:50:48,59 --- C:\Users\Fernando\AppData\Roaming\Microsoft\Windows\Start Menu\Programs DB Check 12:51:00,85 --- Tasks DB Check 12:51:08,65 --- C:\Users\Fernando\AppData\LocalLow DB Check 12:51:14,30 --- C:\Windows\SysNative\config\systemprofile\AppData\LocalLow DB Check 12:51:14,30 --- C:\Windows\sysWoW64\config\systemprofile\AppData\LocalLow DB Check 12:51:14,30 --- C:\Windows\serviceprofiles\networkservice\AppData\LocalLow DB Check 12:51:14,30 --- C:\Windows\serviceprofiles\Localservice\AppData\LocalLow DB Check 12:51:14,30 --- Tasks2 DB Check 12:52:07,14 --- Documents DB Check 12:52:47,50 --- Documents2 DB Check 12:52:57,27 --- C:\Users\Public\Desktop DB Check 12:52:59,05 --- C:\Users\Fernando\Desktop DB Check 12:53:04,62 --- Services DB Check 12:53:15,14 --- FF prefs.js DB Check 12:53:46,19 --- Del by CLSID 12:53:47,41 --- Delete Services 12:54:15,45 --- Delete files\folders 12:54:26,27 --- Create Backups 12:54:26,40 --- Firefox Extensions 12:55:44,86 --- Chrome Look 12:55:47,11 --- Create Backups 12:57:21,30 --- Chrome Fix 12:57:38,60 --- IEdefaults 12:57:38,74
  9. Script direcionando Proxy

    # AdwCleaner v6.030 - Relatório criado 07/11/2016 às 11:37:10 # *Updated on 19/10/2016 by Malwarebytes # Banco de dados : 2016-11-07.1 [Servidor] # Sistema operacional : Windows 10 Education (X64) # Usuário : Fernando - DESKTOP-46EFEB5 # Executando de : C:\Users\Fernando\Desktop\adwcleaner_6.030.exe # Limpar # Apoio : hxxps://www.malwarebytes.com/support ***** [ Serviços ] ***** ***** [ Pastas ] ***** ***** [ Arquivos ] ***** ***** [ DLL ] ***** ***** [ WMI ] ***** ***** [ Atalhos ] ***** ***** [ Tarefas agendadas ] ***** ***** [ Registro ] ***** ***** [ Verificando navegadores ... ] ***** [-] [C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Profile 3] [extension] Excluídooadboiipflhobonjjffjbfekfjcgkhco ************************* :: Chaves "Tracing" excluídas :: Configurações Winsock restauradas ************************* C:\AdwCleaner\AdwCleaner[C0].txt - [1941 *Bytes] - [05/11/2016 21:48:38] C:\AdwCleaner\AdwCleaner[C2].txt - [1314 *Bytes] - [05/11/2016 22:21:19] C:\AdwCleaner\AdwCleaner[C3].txt - [1462 *Bytes] - [06/11/2016 10:20:51] C:\AdwCleaner\AdwCleaner[C4].txt - [1845 *Bytes] - [06/11/2016 14:07:41] C:\AdwCleaner\AdwCleaner[C5].txt - [1234 *Bytes] - [07/11/2016 11:37:10] C:\AdwCleaner\AdwCleaner[S0].txt - [1949 *Bytes] - [05/11/2016 21:48:10] C:\AdwCleaner\AdwCleaner[S1].txt - [1422 *Bytes] - [05/11/2016 22:18:14] C:\AdwCleaner\AdwCleaner[S2].txt - [1570 *Bytes] - [06/11/2016 10:19:14] C:\AdwCleaner\AdwCleaner[S3].txt - [1939 *Bytes] - [06/11/2016 14:05:27] C:\AdwCleaner\AdwCleaner[S4].txt - [1753 *Bytes] - [06/11/2016 14:10:42] C:\AdwCleaner\AdwCleaner[S5].txt - [1940 *Bytes] - [06/11/2016 21:10:06] C:\AdwCleaner\AdwCleaner[S6].txt - [2014 *Bytes] - [07/11/2016 11:31:31] ########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [1826 *Bytes] ########## -------------------------------------------------------- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.9 (09.30.2016) Operating System: Windows 10 Education x64 Ran by Fernando (Administrator) on 07/11/2016 at 11:50:15,87 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 07/11/2016 at 11:55:35,12 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  10. Script direcionando Proxy

    Malwarebytes Anti-Malware www.malwarebytes.org Data da verificação: 07/11/2016 Hora da verificação: 09:25 Arquivo de registro: log Malwarebytes.txt Administrador: Sim Versão: 2.2.1.1043 Banco de dados de malware: v2016.11.07.05 Banco de dados de rootkit: v2016.10.31.01 Licença: Gratuita Proteção contra malware: Desabilitado Proteção contra website malicioso: Desabilitado Autoproteção: Desabilitado Sistema operacional: Windows 10 CPU: x64 Sistema de arquivos: NTFS Usuário: Fernando Tipo de verificação: Verificação da ameaça Resultado: Concluído Objetos verificados: 310045 Tempo decorrido: 27 min, 3 seg Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Habilitado PUM: Habilitado Processos: 0 (Nenhum item malicioso detectado) Módulos: 0 (Nenhum item malicioso detectado) Chaves de registro: 2 Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{707C430E-81DD-4CA3-A85D-29958BFCCCB9}, , [036e7a43d2c841f5a24a4bb111f2e818], Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\InstallShield® Update Service Scheduler, , [dc954b720793aa8ccb229765f80bee12], Valores de registro: 6 Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{707C430E-81DD-4CA3-A85D-29958BFCCCB9}|Path, \InstallShield® Update Service Scheduler, , [036e7a43d2c841f5a24a4bb111f2e818] Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, http://xn--51haaa.ga/server.pac, , [650c3885faa074c244b1538c7292659b] Hijack.AutoConfigURL.PrxySvrRST, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|AutoConfigURL, http://xn--51haaa.ga/server.pac, , [3938249963370a2cf5004f9031d336ca] Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CONTROLSET001\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://xn--51haaa.ga/server.pac, , [0f620eafefabd26424d06f702adadf21] Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\IPHLPSVC\PARAMETERS\PROXYMGR\{756E0AAB-EFE0-4E78-9B23-8B286B290166}|AutoConfigUrl, http://xn--51haaa.ga/server.pac, , [571ab706c4d6e74f43b0ba253dc7f50b] Hijack.AutoConfigURL.PrxySvrRST, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, 0http://xn--51haaa.ga/server.pac, , [521ff6c75d3db97dfcf616c97d879a66] Dados de registro: 0 (Nenhum item malicioso detectado) Pastas: 0 (Nenhum item malicioso detectado) Arquivos: 1 Hijack.AutoConfigURL.PrxySvrRST, C:\Windows\System32\Tasks\InstallShield® Update Service Scheduler, , [e28f2697c6d4df571cce8f6d62a14db3], Setores físicos: 0 (Nenhum item malicioso detectado) (end) ----------------------------------------------------------------------------- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:34:57, on 07/11/2016 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.14393.0000) Boot mode: Normal Running processes: C:\Users\Fernando\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Fernando\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=av O4 - HKCU\..\Run: [Google Update] "C:\Users\Fernando\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [uTorrent] "C:\Users\Fernando\AppData\Roaming\uTorrent\uTorrent.exe" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Fernando\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fernando\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O23 - Service: AdaptiveSleepService - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagenta.exe O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvca.exe O23 - Service: @C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_core.dll,-101 (chromoting) - Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @oem4.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9555 bytes
  11. Script direcionando Proxy

    ogfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:20:12, on 06/11/2016 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.14393.0000) Boot mode: Normal Running processes: C:\Users\Fernando\Desktop\uTorrent.exe C:\Program Files (x86)\Winamp\winamp.exe C:\Windows\SysWoW64\ctfmon.exe C:\Users\Fernando\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL O4 - HKLM\..\Run: [AvgUi] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=fmw O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\Framework\Common\avguirna.exe" /lps=av O4 - HKCU\..\Run: [Google Update] "C:\Users\Fernando\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [uTorrent] "C:\Users\Fernando\Desktop\uTorrent.exe" O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Fernando\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Fernando\AppData\Local\Microsoft\OneDrive\17.3.6381.0405\amd64" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O23 - Service: AdaptiveSleepService - Unknown owner - C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AvgAMPS - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgamps.exe O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgidsagenta.exe O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Av\avgwdsvca.exe O23 - Service: @C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_core.dll,-101 (chromoting) - Google Inc. - C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @oem4.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9867 bytes
  12. Script direcionando Proxy

    Olá amigos. Estou enfrentando um problema com o meu Google Chrome. Faz dois dias que o um malware se instalou no navegador. Desde então, realizar buscas com Google ficaram complicadas, lentas. Em pesquisas na web, usei o Adwcleaner 6.030, porém sem sucesso. Ele identifica o problema, retira, pede para reiniciar o Windows e em questão de minutos o direcionamento de proxy volta. Abaixo a linha de comando infectada. Como posso resolver sem ter que formatar a máquina? Procurando por itens do registro *Chromium pref Found: [C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Profile 3\Secure Preferences ] - oadboiipflhobonjjffjbfekfjcgkhco AdwCleaner[S5].txt
×