Conteúdo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Fundo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Desenho: Liso Onda Linha Retalho Madeira Rocha Couro Colméia Vertical Triângulo
Bem-vindo ao Fórum do BABOO!

Desde 2000 o Fórum do BABOO tem ajudado milhões de internautas de Windows a resolverem seus problemas e dúvidas, além de ajudar na remoção de vírus e malwares de seus computadores. Somos o único fórum brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows, então se você tem uma dúvida ou problema que nenhum outro fórum resolve, poste-a aqui pois o MVP Babooadora desafios!
  

O Fórum do BABOO também conta com a participação exclusiva do administrador da área de Segurança MVP Mr.Million que tem reconhecimento internacional da Microsoft pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Se o seu computador está infectado por algum vírus, ele te ajudará a removê-lo!
  

Nosso time de especialistas também inclui Patropi  Osvaldomp  Caze  Ciro-Mota  XERLOUCO ROUMS  Tatha que responderão suas dúvidas sobre diversos assuntos.
 

Participe da nossa comunidade! 

 

Entre para seguir isso  
Seguidores 0
josias2304

PC continua lento e travando...

7 posts neste tópico

Bom dia, apesar de ter feito os procedimentos todos pedidos no tópico anterior para remoção de malwares, o PC melhorou significativamente, porém ainda continua muito lento ao carregar o Windows, chegando a travar durante a passagem da barrinha azul, depois de iniciado, fica travando diversas vezes (a seta do mouse fica parada) e quando vou abrir um programa demora cerca de 5 minutos para abri-lo e diversas vezes trava durante o uso do mesmo, como por exemplo o Word, em que enquanto eu digito não aprece nada no monitor só depois de algum tempo aparece tudo q eu digitei, fato ocorrido enquanto descrevo este tópico também.

Segue abaixo um log do HijackThis:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 10:29:33, on 16/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Alterdata\servidor\nxServer.Exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe

C:\ARQUIV~1\Borland\INTERB~1\Bin\ibguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\ARQUIV~1\Borland\INTERB~1\Bin\ibserver.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Cliente\CONFIG~1\Temp\Rar$EX00.094\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Arquivos de programas\Copernic Desktop Search 2\DesktopSearchBand203000030.dll

O4 - HKLM\..\Run: [Cobian Backup 9] "C:\Arquivos de programas\Cobian Backup 9\Cobian.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: nxServer.lnk = C:\Arquivos de programas\Alterdata\servidor\nxServer.Exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O16 - DPF: PrivateWire - http://cmt.caixa.gov.br/jpw.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u1...=javadl.sun.com

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E3D93117-FB3F-4C21-A87F-5C12267A068F}: NameServer = 192.168.55.1

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\ARQUIV~1\Borland\INTERB~1\Bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\ARQUIV~1\Borland\INTERB~1\Bin\ibserver.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

--

End of file - 6543 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Malwarebytes' Anti-Malware (MBAM) ou aqui.

Salve ou imprima estas instruções:

Dê um duplo-clique no mbam-setup.exe, escolha a linguagem e na instalação, aceite todas as opções padrão.

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas e clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Ao final da atualização, com o programa aberto, marque Verificação Rápida e clique no botão Verificar.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, clique em OK, depois no botão Mostrar Resultados para ver o relatório.

Se houver ítens encontrados, certifique-se de que, estão todos marcados e clique no botão Remover.

Ao final da desinfecção, abrirá o Bloco de notas com um Log e poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo)

O Log é automaticamente salvo pelo MBAM e para vê-lo, clique na aba Logs na janela principal do Programa.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar

Selecione, copie e cole o conteúdo do Log do MBAM na sua próxima resposta + um novo Log do HijackThis .


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Feito o q foi pedido segue os logs abaixo:

Malwarebytes' Anti-Malware 1.37

Versão do banco de dados: 2182

Windows 5.1.2600 Service Pack 3

17/06/2009 14:16:41

mbam-log-2009-06-17 (14-16-41).txt

Tipo de Verificação: Rápida

Objetos verificados: 82186

Tempo decorrido: 18 minute(s), 29 second(s)

Processos da Memória infectados: 0

Módulos de Memória Infectados: 0

Chaves do Registro infectadas: 0

Valores do Registro infectados: 0

Ítens do Registro infectados: 0

Pastas infectadas: 0

Arquivos infectados: 0

Processos da Memória infectados:

(Nenhum ítem malicioso foi detectado)

Módulos de Memória Infectados:

(Nenhum ítem malicioso foi detectado)

Chaves do Registro infectadas:

(Nenhum ítem malicioso foi detectado)

Valores do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Ítens do Registro infectados:

(Nenhum ítem malicioso foi detectado)

Pastas infectadas:

(Nenhum ítem malicioso foi detectado)

Arquivos infectados:

(Nenhum ítem malicioso foi detectado)

...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 14:19:26, on 17/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Alterdata\servidor\nxServer.Exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe

C:\ARQUIV~1\Borland\INTERB~1\Bin\ibguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\ARQUIV~1\Borland\INTERB~1\Bin\ibserver.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\Microsoft Office\OFFICE11\OUTLOOK.EXE

C:\Arquivos de programas\Microsoft Office\OFFICE11\WINWORD.EXE

C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Cliente\CONFIG~1\Temp\Rar$EX00.562\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Arquivos de programas\Copernic Desktop Search 2\DesktopSearchBand203000030.dll

O4 - HKLM\..\Run: [Cobian Backup 9] "C:\Arquivos de programas\Cobian Backup 9\Cobian.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: nxServer.lnk = C:\Arquivos de programas\Alterdata\servidor\nxServer.Exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O16 - DPF: PrivateWire - http://cmt.caixa.gov.br/jpw.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u1...=javadl.sun.com

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E3D93117-FB3F-4C21-A87F-5C12267A068F}: NameServer = 192.168.55.1

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\ARQUIV~1\Borland\INTERB~1\Bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\ARQUIV~1\Borland\INTERB~1\Bin\ibserver.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

--

End of file - 6638 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Continuando.....

Desabilite o seu Antivírus, AntiSpyware e Firewall para não haver conflitos. Mantenha-os desativados até terminar as instruções.

Faça o download do ComboFix

Salve no seu Desktop ( Para que a Ferramenta seja executada corretamente é necessário que esteja no Desktop (Área de trabalho)

Feche todas as janelas e programas.

Dê um duplo-clique no combofix.exe e em seguida clique em Executar para prosseguir o Fix. Aguarde, pois é um pouco demorado.

OBS: Caso não queira que seja instalado o Console de Recuperação do Windows, clique em "Não" e depois concorde para que a verificação prossiga.

Ao ser instalado o Console, na Inicialização do Sistema será apresentada a tela para Seleção dos Sistemas Operacionais.

Mais informações sobre o Console: http://support.Microsoft.com/kb/307654/pt-br

O ComboFix reiniciará o PC automaticamente para completar o processo de remoção. Caso isso não aconteça, reinicie manualmente.

Quando acabar, será gerado um Log, que estará em C:\ComboFix.txt.

Selecione, copie e cole o conteúdo do ComboFix.txt na sua próxima resposta + um novo Log do HijackThis .

IMPORTANTE: Não use o mouse nem o teclado quando o ComboFix estiver rodando. Para parar ou sair do ComboFix, tecle "N".

OBS 2: Não execute o ComboFix mais do que uma vez. Isso irá sobreescrever o Log e dificultará a remoção do(s) malware(s)

Caso ocorra algum erro, reinicie o computador em Modo Seguro (pressione a tecla F8 intermitentemente, ou F5 em alguns casos, durante a inicialização) e repita o procedimento.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Hoje quando iniciei a máquina mostrou a mensagem: "ERRO DE DISCO" tive q apertar Ctrl + Alt + Del para reiniciar a máquina e´so então carregou o windows. Segue os logs abaixo:

ComboFix 09-06-17.04 - Cliente 18/06/2009 12:21.3 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.55.1046.18.447.163 [GMT -3:00]

Executando de: c:\documents and settings\Cliente\Desktop\ComboFix.exe

AV: ESET NOD32 antivírus 4.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}

ATENÇAO - ESTA MAQUINA não tem O CONSOLE DE RECUPERAÇÃO INSTALADA !!

.

(((((((((((((((( Arquivos/Ficheiros criados de 2009-05-18 to 2009-06-18 ))))))))))))))))))))))))))))

.

2009-06-16 14:01 . 2009-06-16 14:20 -------- d-----w- c:\arquivos de programas\HDD Regenerator

2009-06-15 13:03 . 2009-06-15 13:03 -------- d-sh--w- c:\documents and settings\Cliente\IECompatCache

2009-06-15 13:02 . 2009-06-15 13:02 -------- d-sh--w- c:\documents and settings\Cliente\PrivacIE

2009-06-15 13:00 . 2009-06-15 13:00 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache

2009-06-15 12:59 . 2009-06-15 12:59 -------- d-sh--w- c:\documents and settings\Cliente\IETldCache

2009-06-15 12:48 . 2009-04-30 21:14 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll

2009-06-15 12:47 . 2009-04-30 21:14 246272 -c----w- c:\windows\system32\dllcache\ieproxy.dll

2009-06-15 12:46 . 2009-06-15 12:46 -------- d-----w- c:\windows\ie8updates

2009-06-15 12:45 . 2009-05-12 05:11 102912 -c----w- c:\windows\system32\dllcache\iecompat.dll

2009-06-15 12:41 . 2009-06-15 12:45 -------- dc-h--w- c:\windows\ie8

2009-06-08 15:37 . 2009-06-08 15:37 3371383 ----a-w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe

2009-06-08 15:33 . 2009-05-26 16:19 19096 ----a-w- c:\windows\system32\drivers\mbam.sys

2009-06-08 15:33 . 2009-05-26 16:20 40160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-06-08 15:33 . 2009-06-08 15:37 -------- d-----w- c:\arquivos de programas\Malwarebytes' Anti-Malware

2009-06-05 14:26 . 2009-06-05 14:26 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Auslogics

2009-06-05 14:22 . 2009-06-08 15:41 40534048 --sha-w- c:\windows\system32\drivers\fidbox.dat

2009-06-04 12:19 . 2009-06-04 12:19 577536 ----a-w- c:\windows\system32\CriticasCalculo.dll

2009-05-28 16:39 . 2009-05-28 16:39 322560 ----a-w- c:\windows\system32\MSDBRPTR.DLL

2009-05-28 16:39 . 2009-05-28 16:39 119808 ----a-w- c:\windows\system32\MSSTDFMT.DLL

2009-05-27 17:22 . 2009-06-01 14:26 -------- d-----w- c:\arquivos de programas\ESET

2009-05-27 17:22 . 2009-05-27 17:22 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\ESET

2009-05-22 18:16 . 2009-06-16 14:02 -------- d---a-w- c:\documents and settings\All Users\Dados de aplicativos\TEMP

2009-05-20 14:30 . 2009-05-20 14:30 -------- d-----w- c:\arquivos de programas\Java

2009-05-20 13:11 . 2009-05-20 13:11 -------- d-----w- c:\documents and settings\Cliente\Dados de aplicativos\Malwarebytes

2009-05-20 13:10 . 2009-05-20 13:10 -------- d-----w- c:\documents and settings\All Users\Dados de aplicativos\Malwarebytes

.

((((((((((((((((((((((((((((((((((((( Relatório Find3M ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-06-17 20:08 . 2008-05-07 18:11 -------- d-----w- c:\arquivos de programas\Sim AQUARIUM 2

2009-06-15 19:45 . 2008-05-07 16:31 -------- d-----w- c:\arquivos de programas\Programas RFB

2009-06-12 13:26 . 2001-10-28 15:07 49804 ----a-w- c:\windows\system32\perfc016.dat

2009-06-12 13:26 . 2001-10-28 15:07 347648 ----a-w- c:\windows\system32\perfh016.dat

2009-06-08 13:00 . 2009-06-05 14:22 129932 --sha-w- c:\windows\system32\drivers\fidbox.idx

2009-05-28 12:47 . 2009-02-16 17:42 -------- d-----w- C:\Arquivos de Programas RFB

2009-05-20 14:30 . 2009-02-17 12:16 410984 ----a-w- c:\windows\system32\deploytk.dll

2009-05-20 14:30 . 2009-04-02 12:16 152576 ----a-w- c:\documents and settings\Cliente\Dados de aplicativos\Sun\Java\jre1.6.0_13\lzma.dll

2009-05-20 13:51 . 2009-05-20 13:51 0 ----a-w- c:\windows\system32\REN4E.tmp

2009-05-20 13:51 . 2009-05-20 13:51 0 ----a-w- c:\windows\system32\REN4D.tmp

2009-05-20 13:51 . 2009-05-20 13:51 0 ----a-w- c:\windows\system32\REN4C.tmp

2009-05-13 05:03 . 2004-08-04 03:45 915456 ----a-w- c:\windows\system32\wininet.dll

2009-05-12 12:47 . 2009-05-12 12:47 -------- d-----w- c:\arquivos de programas\CCleaner

2009-05-07 15:33 . 2004-08-04 03:45 347136 ----a-w- c:\windows\system32\localspl.dll

2009-04-27 12:52 . 2009-04-27 12:52 2678 ----a-w- c:\windows\java\Packages\Data\5NV7ZR1Z.DAT

2009-04-27 12:52 . 2009-04-27 12:52 2678 ----a-w- c:\windows\java\Packages\Data\O7NTNJLV.DAT

2009-04-27 12:52 . 2009-04-27 12:52 2678 ----a-w- c:\windows\java\Packages\Data\ZN3NZT7V.DAT

2009-04-27 12:52 . 2009-04-27 12:52 2678 ----a-w- c:\windows\java\Packages\Data\MOF3BTVZ.DAT

2009-04-27 12:52 . 2009-04-27 12:52 2678 ----a-w- c:\windows\java\Packages\Data\F1V79F1Z.DAT

2009-04-24 12:57 . 2008-05-07 16:37 -------- d-----w- c:\arquivos de programas\CAIXA

2009-04-19 19:50 . 2004-08-04 03:38 1847296 ----a-w- c:\windows\system32\win32k.sys

2009-04-15 14:53 . 2004-08-04 03:45 585216 ----a-w- c:\windows\system32\rpcrt4.dll

.

(((((((((((((((((((((((((( Pontos de Carregamento do Registro )))))))))))))))))))))))))))))))))))))))

.

.

*Nota* entradas vazias e legítimas por defeito não são mostradas.

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Cobian Backup 9"="c:\arquivos de programas\Cobian Backup 9\Cobian.exe" [2008-04-22 579072]

"NeroFilterCheck"="c:\arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]

"Adobe Reader Speed Launcher"="c:\arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-15 39792]

"SunJavaUpdateSched"="c:\arquivos de programas\Java\jre6\bin\jusched.exe" [2009-05-20 148888]

"egui"="c:\arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe" [2009-02-06 2021400]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Cliente\Menu Iniciar\Programas\Inicializar\

nxServer.lnk - c:\arquivos de programas\Alterdata\servidor\nxServer.Exe [2008-8-1 4202496]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\Arquivos de programas\\Alterdata\\Pack\\Phd\\wphd.exe"=

"c:\\Arquivos de programas\\Messenger\\msmsgs.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Arquivos de programas\\Alterdata\\Servidor\\nxServer.Exe"=

"c:\\Arquivos de programas\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [06/02/2009 14:23 106208]

R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [06/02/2009 14:24 93336]

R2 ekrn;ESET Service;c:\arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe [06/02/2009 14:23 727720]

[HKEY_LOCAL_MACHINE\software\Microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]

"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP

.

.

------- Scan Suplementar -------

.

uStart Page = hxxp://www.google.com.br/

IE: E&xportar para o Microsoft Excel - c:\arquiv~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

TCP: {E3D93117-FB3F-4C21-A87F-5C12267A068F} = 192.168.55.1

DPF: Microsoft XML Parser for Java - file:///C:/WINDOWS/Java/classes/xmldso.cab

DPF: PrivateWire - hxxp://cmt.caixa.gov.br/jpw.cab

FF - ProfilePath -

---- FIREFOX POLICIES ----

c:\arquivos de programas\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".com.br");

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-06-18 12:32

Windows 5.1.2600 Service Pack 3 NTFS

Procurando processos ocultos ...

Procurando entradas auto inicializáveis ocultas ...

Procurando ficheiros/arquivos ocultos ...

Varredura completada com sucesso

arquivos/ficheiros ocultos: 0

**************************************************************************

.

--------------------- CHAVES DO REGISTRO BLOQUEADAS ---------------------

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•6~*]

"6140110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL"

.

--------------------- DLLs Carregadas Sob os Processos em Execução ---------------------

- - - - - - - > 'explorer.exe'(3336)

c:\windows\system32\WININET.dll

c:\windows\system32\webcheck.dll

.

Tempo para conclusão: 2009-06-18 12:37

ComboFix-quarantined-files.txt 2009-06-18 15:37

ComboFix2.txt 2009-06-10 13:07

Pré-execução: 20 pasta(s) 62.808.547.328 bytes disponíveis

Pós execução: 20 pasta(s) 62.889.553.920 bytes disponíveis

129 --- E O F --- 2009-06-15 12:52

...

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 13:16:55, on 18/06/2009

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Arquivos de programas\Java\jre6\bin\jusched.exe

C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe

C:\Arquivos de programas\Alterdata\servidor\nxServer.Exe

C:\WINDOWS\System32\svchost.exe

C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe

C:\ARQUIV~1\Borland\INTERB~1\Bin\ibguard.exe

C:\Arquivos de programas\Java\jre6\bin\jqs.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexStoreSvr.exe

C:\ARQUIV~1\Borland\INTERB~1\Bin\ibserver.exe

C:\WINDOWS\system32\wbem\wmiapsrv.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\system32\notepad.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\Internet Explorer\iexplore.exe

C:\Arquivos de programas\WinRAR\WinRAR.exe

C:\DOCUME~1\Cliente\CONFIG~1\Temp\Rar$EX00.937\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.Microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.Microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.Microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.Microsoft.com/fwlink/?LinkId=69157

O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Click-to-Call BHO - {5C255C8A-E604-49b4-9D64-90988571CECB} - C:\Arquivos de programas\Windows Live\Messenger\wlchtc.dll

O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: Copernic Desktop Search 2 - {968631B6-4729-440D-9BF4-251F5593EC9A} - C:\Arquivos de programas\Copernic Desktop Search 2\DesktopSearchBand203000030.dll

O4 - HKLM\..\Run: [Cobian Backup 9] "C:\Arquivos de programas\Cobian Backup 9\Cobian.exe"

O4 - HKLM\..\Run: [NeroFilterCheck] C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NeroCheck.exe

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Arquivos de programas\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Arquivos de programas\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [egui] "C:\Arquivos de programas\ESET\ESET NOD32 antivírus\egui.exe" /hide /waitservice

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMBgMonitor.exe"

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: nxServer.lnk = C:\Arquivos de programas\Alterdata\servidor\nxServer.Exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\ARQUIV~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O9 - Extra button: Pesquisar - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe

O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.Microsoft.com/intl/br/access/allinone.asp

O16 - DPF: PrivateWire - http://cmt.caixa.gov.br/jpw.cab

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://sdlc-esd.sun.com/ESD7/JSCDL/jdk/6u1...=javadl.sun.com

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineS...er.cab56986.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{E3D93117-FB3F-4C21-A87F-5C12267A068F}: NameServer = 192.168.55.1

O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\EHttpSrv.exe

O23 - Service: ESET Service (ekrn) - ESET - C:\Arquivos de programas\ESET\ESET NOD32 antivírus\ekrn.exe

O23 - Service: InterBase Guardian (InterBaseGuardian) - Inprise Corporation - C:\ARQUIV~1\Borland\INTERB~1\Bin\ibguard.exe

O23 - Service: InterBase Server (InterBaseServer) - Inprise Corporation - C:\ARQUIV~1\Borland\INTERB~1\Bin\ibserver.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Arquivos de programas\Java\jre6\bin\jqs.exe

O23 - Service: NBService - Nero AG - C:\Arquivos de programas\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NMIndexingService - Nero AG - C:\Arquivos de programas\Arquivos comuns\Ahead\Lib\NMIndexingService.exe

--

End of file - 6481 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Crie uma conta ou entre para comentar

Você precisar ser um membro para fazer um comentário

Criar uma conta

Quer postar a sua dúvida? Cadastre-se pois é rápido e fácil!


Crie uma nova conta

Entrar

Já tem uma conta? Faça o login.


Entrar Agora
Esse tópico é útil para você?
Então compartilhe e ajude outros internautas!
Entre para seguir isso  
Seguidores 0

  • Vídeos do BABOO no YouTube

  • Posts

    • Obrigado pelo comentário,também sanou a minha dúvida da melhor maneira possivel.  Obrigado pelo comentário,também sanou a minha dúvida da melhor maneira.
    • Boa noite galera, comprei um razer kraken 7.1 chroma na Kabum o fone ainda não chegou , saiu a promo na kabum dos Hyperx , queria saber se eu fico com razer ou se pego um hyperx fico entre estes dois fones https://www.kabum.com.br/cgi-local/site/produtos/descricao_ofertas.cgi?codigo=69279 ou https://www.kabum.com.br/cgi-local/site/produtos/descricao_ofertas.cgi?codigo=81132 !!

    • Zoek.exe v5.0.0.1 Updated 27-09-2015
      Tool run by P‚rcio on 29/05/2017 at 18:36:50,46.
      Microsoft Windows 10 Enterprise 10.0.14393  x64
      Running in: Normal Mode No Internet Access Detected
      Launched: C:\Users\PRCIO~1\Documents\Meus Downloads\zoek.exe [Scan all users] [Script inserted]  ==== Older Logs ====================== C:\zoek-results2017-05-29-172506.log    1219 bytes ==== System Restore Info ====================== 29/05/2017 18:42:32 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. 

      # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 

      # This file contains the mappings of IP addresses to host names. Each 
      # entry should be kept on an individual line. The IP address should 
      # be placed in the first column followed by the corresponding host name. 
      # The IP address and the host name should be separated by at least one 
      # space. 

      # Additionally, comments (such as these) may be inserted on individual 
      # lines or following the machine name denoted by a '#' symbol. 

      # For example: 

      #      102.54.94.97     rhino.acme.com          # source server 
      #       38.25.63.10     x.acme.com              # x client host 
       
      127.0.0.1       localhost  ==== Empty Folders Check ====================== C:\PROGRA~2\AlphaGo deleted successfully
      C:\PROGRA~2\MPC-HC deleted successfully
      C:\PROGRA~3\SoftwareDistribution deleted successfully
      C:\Windows\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
      C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
      C:\Windows\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully ==== Deleting CLSID Registry Keys ======================
      ==== Deleting CLSID Registry Values ======================
      ==== Deleting Services ======================
      ==== FireFox Fix ====================== Deleted from C:\Users\PRCIO~1\AppData\Roaming\Profiles\Wogeph.default\prefs.js:
      user_pref("browser.startup.homepage", "https://news.google.com.br/"); Added to C:\Users\PRCIO~1\AppData\Roaming\Profiles\Wogeph.default\prefs.js:
      user_pref("browser.startup.homepage", "about:home");
      user_pref("browser.newtab.url", "about:newtab"); ==== Deleting Files \ Folders ====================== C:\PROGRA~2\AlphaGo not found
      C:\PROGRA~2\MPC-HC not found
      C:\PROGRA~3\DivX deleted
      C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
      C:\PROGRA~2\TextAloud deleted
      C:\PROGRA~3\Package Cache deleted
      C:\Windows\SysWow64\extensions deleted
      C:\Users\PRCIO~1\AppData\Roaming\Profiles\Wogeph.default\jetpack deleted
      "C:\Windows\Installer\fc6d52c.msi" deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\PRCIO~1\AppData\Roaming\Profiles\Wogeph.default
      user_pref("browser.startup.homepage", "about:home");
      user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\PRCIO~1\AppData\Roaming\Profiles\Wogeph.default
      - United States English Spellchecker - %ProfilePath%\extensions\en-US@dictionaries.addons.mozilla.org ==== Firefox Plugins ======================
      ==== Chromium Look ======================
      HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
      efaidnbmnnnibpcajpcglclefindmkaj - No path found[] ==== Set IE to Default ====================== Old Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found New Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
      {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
      {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Reset Google Chrome ====================== Nothing found to reset ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-1533292296-4279883253-1430645996-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{F053C368-5458-45B2-9B4D-D8914BDDDBFF} deleted successfully
      HKEY_USERS\S-1-5-21-1533292296-4279883253-1430645996-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{F053C368-5458-45B2-9B4D-D8914BDDDBFF} deleted successfully
      HKEY_USERS\S-1-5-21-1533292296-4279883253-1430645996-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
      HKEY_USERS\S-1-5-21-1533292296-4279883253-1430645996-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
      HKEY_USERS\S-1-5-21-1533292296-4279883253-1430645996-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
      HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F053C368-5458-45B2-9B4D-D8914BDDDBFF} deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extensions\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
      HKEY_CLASSES_ROOT\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
      HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA} deleted successfully
      HKEY_CLASSES_ROOT\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
      HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} deleted successfully ==== Deleting CLSID Registry Values ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{F053C368-5458-45B2-9B4D-D8914BDDDBFF} deleted successfully ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
      C:\Users\Public\Desktop\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe  ==== shortcuts in Users Start Menu ====================== C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\TextAloud.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Declaração de residência.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFileSync.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Logos Bible Software.lnk -  
      C:\Users\Pércio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive - Missão Novas Tribos do Brasil.lnk -   ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}\SC_Reader.ico 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Footjane\Application\chrome.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Firefox\Firefox.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe -tab about
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk - C:\Program Files (x86)\Malwarebytes\Anti-Malware\unins000.exe  ==== Reset IE Proxy ====================== Value(s) before fix:
      "ProxyOverride"="*.local"
      "ProxyEnable"=dword:00000000 Value(s) after fix:
      "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\D816BDC920F4DAC47B349876F77EDA9E deleted successfully
      HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2C652C0A-EC71-4797-8077-F67649177AB0} deleted successfully
      HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{97D2FBF4-72CF-4DD6-8DA8-26710BC7BE71} deleted successfully
      HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{9CDB618D-4F02-4CAD-B743-89677FE7ADE9} deleted successfully
      HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\D816BDC920F4DAC47B349876F77EDA9E deleted successfully
      HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\4FBF2D79FC276DD4D88A6217B07CEB17 deleted successfully
      HKEY_CURRENT_USER\Software\Microsoft\Installer\Products\A0C256C217CE797408776F679471A70B deleted successfully ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\Administrador\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Users\Default User\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Users\USURIO~1\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== No Chrome User Data found ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=106 folders=48 50496894 bytes) ==== Empty Temp Folders ====================== C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied
      C:\Users\PRCIO~1\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 29/05/2017 at 23:26:46,22 ======================
        Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 23:35:20, on 29/05/2017
      Platform: Unknown Windows (WinNT 6.02.1008)
      MSIE: Internet Explorer v11.0 (11.00.14393.0953)
      Boot mode: Normal Running processes:
      C:\PROGRA~2\GbPlugin\GbpSv.exe
      C:\Users\Pércio\AppData\Local\Microsoft\OneDrive\OneDrive.exe
      C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Program Files (x86)\LG Software\LG Smart Share\Update\SmartShareTray.exe
      C:\Users\Pércio\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
      O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [wdbraz_certm] C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      O4 - HKCU\..\Run: [OneDrive] "C:\Users\Pércio\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
      O4 - HKUS\S-1-5-18\..\Run: []  (User 'SISTEMA')
      O4 - HKUS\.DEFAULT\..\Run: []  (User 'Default user')
      O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files\Microsoft Office\Office16\ONBttnIE.dll/105
      O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files\Microsoft Office\Office16\EXCEL.EXE/3000
      O9 - Extra button: (no name) - {2670000A-7350-4f3c-8081-5663EE0C6C49} - (no file)
      O9 - Extra button: (no name) - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - (no file)
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: www.bancobrasil.com.br
      O15 - Trusted Zone: www14.bancobrasil.com.br
      O15 - Trusted Zone: www2.bancobrasil.com.br
      O15 - Trusted Zone: aapj.bb.com.br
      O15 - Trusted Zone: seg.bb.com.br
      O15 - Trusted Zone: www.bb.com.br
      O15 - Trusted Zone: http://www.bb.com.br
      O15 - Trusted Zone: http://www.caixa.gov.br
      O15 - Trusted Zone: cloud.gastecnologia.com.br
      O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
      O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL
      O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL
      O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
      O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
      O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
      O23 - Service: Digital Wave Update Service (DigitalWave.Update.Service) - Digital Wave Ltd. - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\app_updater.exe
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: Energy Server Service WILLAMETTE (ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
      O23 - Service: Intel(R) System Usage Report Service SystemUsageReportSvc_WILLAMETTE (SystemUsageReportSvc_WILLAMETTE) - Unknown owner - C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe
      O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: User Energy Server Service WILLAMETTE (USER_ESRV_SVC_WILLAMETTE) - Unknown owner - C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: Watchdata CCID Moniter v3.4 (WDBrazMonitor34) - Beijing WatchData System Co., Ltd. - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --
      End of file - 9818 bytes
       
    • Pessoal,  O que voces acham do Chromebook? e do ChromeOS? vale a pena mesmo? da para substituir um notebook com Windows? ja vi videos no YouTube sobre o sistema e o Chromebook, falando bem dele, pela questao de ser leve, pequeno, e pratico. O unico porem e que ele não trabalha offline, ou seja uma boa parte dos apps do ChromeOS ainda depende de conexao a internet, e não da para colocar Modem 3G nele. Vi também que recentemente a Google Liberou uma Atualizacao que torna o Chromebook compativel com os Apps do Android. Sao todos os modelos, ou so alguns? e aqueles da Samsung? pelo que eu vi ate agora no Brasil so vende dele. Eu tenho uma colega de trabalho que quer um notebook novo, mas barato, ate indiquei o Chromebook, por ser mais barato do que os com o Windows. Sera que um usuario que sempre usou Windows, consegue se acostumar? usei Linux, mas acabei voltando ao Windows por ser acostumado com ele. Mas um dia poderia voltar a usar.. Sera que também um Universitario consegue usar um Chromebook? ao inves de carregar notebook pesado na mochila?     
    • ok, concluido... Seguem logs
      Zoek.exe v5.0.0.1 Updated 27-09-2015
      Tool run by MIG on 29/05/2017 at 19:35:59,75.
      Microsoft Windows 10 Home Single Language 10.0.14393  x64
      Running in: Normal Mode No Internet Access Detected
      Launched: C:\Users\MIG\Desktop\zoek.exe [Scan all users] [Script inserted]  ==== System Restore Info ====================== 29/05/2017 19:38:24 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright (c) 1993-2006 Microsoft Corp. 

      # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 

      # This file contains the mappings of IP addresses to host names. Each 
      # entry should be kept on an individual line. The IP address should 
      # be placed in the first column followed by the corresponding host name. 
      # The IP address and the host name should be separated by at least one 
      # space. 

      # Additionally, comments (such as these) may be inserted on individual 
      # lines or following the machine name denoted by a '#' symbol. 

      # For example: 

      #      102.54.94.97     rhino.acme.com          # source server 
      #       38.25.63.10     x.acme.com              # x client host 
       
      127.0.0.1       localhost  ==== Empty Folders Check ====================== C:\PROGRA~2\Cisco deleted successfully
      C:\PROGRA~2\IObit deleted successfully
      C:\PROGRA~2\COMMON~1\SWF Studio deleted successfully
      C:\Program Files\Common Files\Intel deleted successfully
      C:\PROGRA~3\Comms deleted successfully
      C:\PROGRA~3\FreePDF deleted successfully
      C:\PROGRA~3\HPSSUPPLY deleted successfully
      C:\PROGRA~3\SoftwareDistribution deleted successfully
      C:\Users\MIG\AppData\Local\ActiveSync deleted successfully
      C:\Users\MIG\AppData\Local\CrashDumps deleted successfully
      C:\Users\MIG\AppData\Local\EmieSiteList deleted successfully
      C:\Users\MIG\AppData\Local\EmieUserList deleted successfully
      C:\Users\MIG\AppData\Local\FreePDF_XP deleted successfully
      C:\Users\MIG\AppData\Local\softthinks deleted successfully
      C:\Windows\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully ==== Deleting CLSID Registry Keys ======================
      ==== Deleting CLSID Registry Values ======================
      ==== Deleting Services ======================
      ==== FireFox Fix ====================== Deleted from C:\Users\MIG\AppData\Roaming\Mozilla\Firefox\Profiles\s49zti2m.default\prefs.js:
      user_pref("browser.startup.homepage", "https://esaj.tjsc.jus.br");
      user_pref("browser.search.defaultenginename", "Pesquisa segura");
      user_pref("browser.search.selectedEngine", "Pesquisa segura");
      user_pref("browser.search.order.1", "Pesquisa segura"); Added to C:\Users\MIG\AppData\Roaming\Mozilla\Firefox\Profiles\s49zti2m.default\prefs.js:
      user_pref("browser.startup.homepage", "about:home");
      user_pref("browser.newtab.url", "about:newtab"); ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Cisco not found
      C:\PROGRA~2\IObit not found
      C:\Users\MIG\AppData\Roaming\CertiPlugin deleted
      C:\HijackThis.exe deleted
      C:\PROGRA~3\{05EE3202-A879-4F9D-895C-AC535855E0A9} deleted
      C:\PROGRA~3\Package Cache deleted
      C:\Users\MIG\AppData\Roaming\Mozilla\Firefox\Profiles\s49zti2m.default\jetpack deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\MIG\AppData\Roaming\Mozilla\Firefox\Profiles\s49zti2m.default
      user_pref("browser.startup.homepage", "about:home");
      user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions ====================== ProfilePath: C:\Users\MIG\AppData\Roaming\Mozilla\Firefox\Profiles\s49zti2m.default
      - Undetermined - %ProfilePath%\extensions\jid1-7c0u85jo0esrpQ@jetpack.xpi AppDir: C:\Program Files\Mozilla Firefox
      - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} AppDir: C:\Program Files (x86)\Mozilla Firefox
      - Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ==== Firefox Plugins ====================== Profilepath: C:\Users\MIG\AppData\Roaming\Mozilla\Firefox\Profiles\s49zti2m.default
      E3B4EA121F7BDEB0F6366E2BA9608CB5    - C:\Users\MIG\AppData\Local\Citrix\Plugins\104\npappdetector.dll -    Citrix Online Web Deployment Plugin 1.0.0.104
      ==== Chromium Look ======================
      HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
      efaidnbmnnnibpcajpcglclefindmkaj - No path found[] Video Downloader - MIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc
      Invite All Friends on Facebook - MIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\inmmhkeajgflmokoaaoadgkhhmibjbpj
      Certisign - MIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjoehgfmpefldljiipnmgnfmcbfjkaad
      videospeed - MIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffaoalbilbmmfgbnbgppjihopabppdk
      Chrome Media Router - MIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Chromium Fix ====================== C:\Users\MIG\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc deleted successfully
      C:\Users\MIG\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_aiimdkdngfcipjohbjenkahhlhccpdbc_0.localstorage deleted successfully ==== Set IE to Default ====================== Old Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://dell15.msn.com/?PC=DCTE"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"="{7C30465E-24AA-4D3F-A6B3-11659B28C8B4}"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7C30465E-24AA-4D3F-A6B3-11659B28C8B4}] not found New Values:
      [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
      "Start Page"="http://dell15.msn.com/?PC=DCTE"
      [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
      "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
      {012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"
      {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Reset Google Chrome ====================== C:\Users\MIG\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
      C:\Users\MIG\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
      C:\Users\MIG\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
      C:\Users\MIG\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\MIG\Desktop\Dropbox.lnk - C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /home
      C:\Users\MIG\Desktop\FLV-Media-Player.lnk - C:\Users\MIG\AppData\Roaming\Microsoft\Installer\{AB7A5DBA-BC45-489A-B4D2-2E8F8CABB9EA}\DesktopIcon.exe 
      C:\Users\MIG\Desktop\Google Chrome.lnk - C:\Users\MIG\AppData\Local\Google\Chrome\Application\chrome.exe 
      C:\Users\MIG\Desktop\Manual do PROJEF.lnk - C:\EXCEL\Juizado Cível\Manual\Manual do PROJEF.doc 
      C:\Users\MIG\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe 
      C:\Users\MIG\Desktop\PROJEF Programa Cálculos Judiciais.lnk -  
      C:\Users\MIG\Desktop\x64\x64\Setup - Atalho.lnk - C:\Users\MIG\Desktop\x64\x64\Setup.exe  ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Acrobat Reader DC.lnk - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 
      C:\Users\Public\Desktop\Avast Free antivírus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe 
      C:\Users\Public\Desktop\Avast SafeZone Browser.lnk - C:\Program Files\AVAST Software\SZBrowser\launcher.exe 
      C:\Users\Public\Desktop\Camtasia Studio 8.lnk - C:\Program Files (x86)\TechSmith\Camtasia Studio 8\CamtasiaStudio.exe 
      C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
      C:\Users\Public\Desktop\Corel CAPTURE X8 (64-Bit).lnk - c:\Windows\Installer\{1253ED86-69FD-4A7B-BDF2-96A522583A88}\NewShortcut8_65BCA6E0337A452DA55C0654EAAD7A0B.exe 
      C:\Users\Public\Desktop\Corel CONNECT X8 (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X8\Connect64\Connect.exe 
      C:\Users\Public\Desktop\Corel Font Manager X8 (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X8\Programs64\FontManager.exe 
      C:\Users\Public\Desktop\Corel PHOTO-PAINT X8 (64-Bit).lnk - c:\Windows\Installer\{04D8C47E-C0FE-4CA5-8878-91ECD9552109}\NewShortcut2_EBB51BFEE10948A888CB7ADF96E8EC80.exe 
      C:\Users\Public\Desktop\CorelDRAW X8 (64-Bit).lnk - c:\Windows\Installer\{A66E09BB-9892-421D-9EB9-311D12AA5244}\NewShortcut1_68427AB8B2C044C58AA777A4C3F75634.exe 
      C:\Users\Public\Desktop\HP Support Assistant.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe /p 2
      C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk - C:\Windows\system32\GfxUIEx.exe 
      C:\Users\Public\Desktop\IRPF2017 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -  
      C:\Users\Public\Desktop\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe 
      C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe 
      C:\Users\Public\Desktop\Shop for HP Supplies.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe 
      C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{3B7E914A-93D5-4A29-92BB-AF8C3F66C431}\SkypeIcon.exe 
      C:\Users\Public\Desktop\VLC media player.lnk - C:\Program Files\VideoLAN\VLC\vlc.exe  ==== shortcuts in Users Start Menu ====================== C:\Users\MIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Users\MIG\AppData\Local\Google\Chrome\Application\chrome.exe 
      C:\Users\MIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\MIG\AppData\Local\Microsoft\OneDrive\OneDrive.exe 
      C:\Users\MIG\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2017.lnk -   ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free antivírus.lnk - C:\Program Files\AVAST Software\Avast\AvastUI.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk - C:\Program Files\AVAST Software\SZBrowser\launcher.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 8\doPDF 8 Getting Started.lnk - C:\Program Files (x86)\Softland\novaPDF 8\Driver\StartupDo.exe /oem=doPdf8_Softland
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 8\doPDF 8 Help.lnk - C:\ProgramData\Softland\novaPDF 8\doPdf8_Softland\doPdf8_Softland.chm 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Program Files (x86)\Dropbox\Client\Dropbox.exe /home
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF\FreePDF Assistant.lnk - C:\Program Files (x86)\FreePDF_XP\fpassist.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF\FreePDF Config.lnk - C:\Program Files (x86)\FreePDF_XP\fpucnfg.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF\FreePDF Handbuch (de).lnk - C:\Program Files (x86)\FreePDF_XP\FreePDFde.pdf 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF\FreePDF Join.lnk - C:\Program Files (x86)\FreePDF_XP\fpjoin.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF\FreePDF Manual (en).lnk - C:\Program Files (x86)\FreePDF_XP\FreePDFen.pdf 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreePDF\FreePDF.lnk - C:\Program Files (x86)\FreePDF_XP\freepdf.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\Shop for HP Supplies.lnk - C:\Program Files (x86)\HP\HPSSUPPLY\hpqSSupply.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Configuração sem fio.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Desinstalar.lnk - C:\Program Files (x86)\HP\HP LaserJet P1100 Series\Uninstall.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Guia da HP LaserJet.lnk - C:\Program Files (x86)\HP\HP LaserJet P1100 Series\C_help\Help.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\HP ePrint.lnk - C:\Program Files (x86)\HP\HP LaserJet P1100 Series\HP ePrint.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP\HP LaserJet Professional P1100 Series\Notas de instalação.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk - C:\Program Files (x86)\Malwarebytes\Anti-Malware\unins000.exe 
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Ajuda do IRPF2017.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\IRPF2017 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Leia-me do IRPF2017.lnk -  
      C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe  ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
      C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
      C:\Users\MIG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Users\MIG\AppData\Local\Google\Chrome\Application\chrome.exe 
      C:\Users\MIG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
      C:\Users\MIG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\MIG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
      C:\Users\MIG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Excel 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE 
      C:\Users\MIG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -  
      C:\Users\MIG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\MIG\AppData\Local\Google\Chrome\Application\chrome.exe 
      C:\Users\MIG\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Word 2016.lnk - C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE 
      C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
      C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -   ==== Reset IE Proxy ====================== Value(s) before fix:
      "ProxyEnable"=dword:00000000 Value(s) after fix:
      "ProxyEnable"=dword:00000000 ==== Empty IE Cache ====================== C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
      C:\Users\MIG\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\MIG\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
      C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
      C:\Users\MIG\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Users\MIG\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
      C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
      C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\MIG\AppData\Local\Mozilla\Firefox\Profiles\s49zti2m.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\MIG\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=193 folders=49 178549058 bytes) ==== Empty Temp Folders ====================== C:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptied
      C:\Users\MIG\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 29/05/2017 at 22:06:22,31 ======================
          _________________________________________________________________________________ Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 22:11:48, on 29/05/2017
      Platform: Unknown Windows (WinNT 6.02.1008)
      MSIE: Internet Explorer v11.0 (11.00.14393.0953)
      Boot mode: Normal Running processes:
      C:\PROGRA~2\GbPlugin\GbpSv.exe
      C:\Program Files (x86)\Common Files\Microsoft Shared\Ink\TabTip32.exe
      C:\Windows\SysWOW64\notepad.exe
      C:\Program Files\TrueColor\TrueColorUI.exe
      C:\Program Files\AVAST Software\Avast\AvastUI.exe
      C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
      C:\Program Files (x86)\FreePDF_XP\fpassist.exe
      C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
      C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
      C:\Program Files (x86)\Dell Update\DellUpTray.exe
      C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
      C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell13.msn.com/?PC=DCJB
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://dell15.msn.com/?PC=DCTE
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
      F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
      O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [DropboxOEM] "C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe" auto
      O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKLM\..\Run: [FreePDF Assistant] "C:\Program Files (x86)\FreePDF_XP\fpassist.exe"
      O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
      O4 - HKCU\..\Run: [Google Update] C:\Users\MIG\AppData\Local\Google\Update\1.3.33.5\GoogleUpdateCore.exe
      O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
      O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
      O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
      O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files\Microsoft Office\Root\Office16\EXCEL.EXE/3000
      O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
      O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files\Microsoft Office\Root\Office16\ONBttnIE.dll/105
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
      O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
      O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: http://www.bb.com.br
      O15 - Trusted Zone: http://www.caixa.gov.br
      O15 - Trusted Zone: *.dell.com
      O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
      O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
      O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
      O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
      O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
      O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
      O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe
      O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
      O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
      O23 - Service: Serviço Atualização do Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      O23 - Service: Serviço Atualização do Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
      O23 - Service: Dell Customer Connect - Dell Inc. - C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
      O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
      O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
      O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
      O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
      O23 - Service: Dell Product Registration Manager (DellProdRegManager) - Aviata, Inc. - C:\Program Files (x86)\Dell Product Registration\regmgrsvc.exe
      O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
      O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
      O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
      O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
      O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
      O23 - Service: Intel(R) Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
      O23 - Service: @oem196.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\Windows\system32\ibtsiva (file missing)
      O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
      O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\HeciServer.exe
      O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
      O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
      O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
      O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell Backup and Recovery\sftservice.exe
      O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
      O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
      O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
      O23 - Service: TrueColorALS - Unknown owner - C:\Program Files\TrueColor\TrueColorALS.exe
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
      O23 - Service: Wyse PocketCloud (WysePocketCloud) - Unknown owner - C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
      O23 - Service: Wyse RemoteAccess (WyseRemoteAccess) - DELL Inc. - C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe --
      End of file - 14365 bytes
       
    • Teste o seu sistema operacional colocar em Português, pode ser em Inglês, por isso não levá-lo. Ele também verifica o idioma do teclado.
    • Oi...Meu tablet continua com mesmo problemas... Preciso remover o root e atualizar o android.. Penso que com o android atualizado ele pode funcionar melhor.. Se souber algum metodo para remover o root me passa ok?
    • Boa noite,   Tenho um Roteador D Link DIR-868L e um Repetidor TP Link RE450. O TP Link conecta sem problemas no Wifi 2.4GHz, mas não reconhece a rede Wifi 5GHz do D Link. O interessante e que o repetidor TP Link reconhece a rede Wifi 5GHz de um outro repetidor D Link que eu tenho. alguém tem alguma dica de como proceder?   Obrigado
    • No meu computador também não consigo mudar esta chave, parece que é realmente bloqueado. Então tive a ideia de iniciar no modo segurança o notebook da minha mãe e consegui alterar o Tipo de inicialização pelo registro. Agora voltou a funcionar. Abraços
O site BABOO está no ar para informar e ajudar o internauta de Windows. Este site foi publicado em 1999 por Aurélio "Baboo", engenheiro e um dos maiores especialistas brasileiros em Windows, que trabalha profissionalmente com esse sistema operacional desde 1987. Desde 2004 ele é premiado anualmente pela Microsoft como MVP (Most Valuable Professional) pela sua contribuição e ajuda à comunidade de usuários de Windows.

Em 2001 foi criado o
Fórum do BABOO para ajudar o internauta brasileiro a solucionar problemas e dúvidas sobre Windows, Segurança, Office, Hardware e outros temas. Desde 2010 a Microsoft também tem premiado o Mr.Million, administrador da área de Segurança do Fórum do BABOO, pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Atualmente ele é o único MVP brasileiro de Segurança em desktop.

O BABOO é o único site brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows e que participa diariamente e ativamente nos comentários e discussões do site e fórum BABOO.