Conteúdo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Fundo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Desenho: Liso Onda Linha Retalho Madeira Rocha Couro Colméia Vertical Triângulo
Bem-vindo ao Fórum do BABOO!

Desde 2000 o Fórum do BABOO tem ajudado milhões de internautas de Windows a resolverem seus problemas e dúvidas, além de ajudar na remoção de vírus e malwares de seus computadores. Somos o único fórum brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows, então se você tem uma dúvida ou problema que nenhum outro fórum resolve, poste-a aqui pois o MVP Babooadora desafios!
  

O Fórum do BABOO também conta com a participação exclusiva do administrador da área de Segurança MVP Mr.Million que tem reconhecimento internacional da Microsoft pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Se o seu computador está infectado por algum vírus, ele te ajudará a removê-lo!
  

Nosso time de especialistas também inclui Patropi  Osvaldomp  Caze  Ciro-Mota  XERLOUCO ROUMS  Tatha que responderão suas dúvidas sobre diversos assuntos.
 

Participe da nossa comunidade! 

 

Entre para seguir isso  
Seguidores 0
Murr

Note muito lento

9 posts neste tópico

Solicitação de Análise de Logs

Já fiz todos os procedimentos solicitados no Tópico Oficial...

Note esta muito lento. Led do HD nem apaga

Segue meu Log para exame: 

OBS.: Computador particular. Às vezes uso para acessar sistema da empresa que trabalho.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:47:33, on 21/04/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17568)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Microsoft Money\System\REMINDER.EXE
C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvMon.exe
C:\Users\Usuário\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Reminder] C:\Program Files (x86)\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Quick Starter] C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - Global Startup: Aplicativo de Download Automático do SOLIDWORKS.lnk = ?
O4 - Global Startup: Inicialização Rápida do SOLIDWORKS 2015.lnk = ?
O4 - Global Startup: Samsung Drive Manager Real-Time.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: www.santander.com.br
O15 - Trusted Zone: www.santanderempresarial.com.br
O15 - Trusted Zone: www.santandernet.com.br
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: wwws2.santandernet.com.br
O15 - Trusted Zone: www.santandernetibe.com.br
O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} (SlimClient Class) - https://vpn.usiminas.com/SNX/CSHELL/extender.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = usiminas.su.net,viacabocom.com.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = usiminas.su.net,viacabocom.com.br
O20 - Winlogon Notify:  GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DTSInterops (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corporation - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics Co., Ltd. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
O23 - Service: Samsung Drive Manager Service (SZDrvSvc) - Clarus, Inc. - C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 13493 bytes

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Malwarebytes Anti-Malware (MBAM) e salve ou imprima estas instruções:

1. Execute o MBAM e prossiga com a instalação até chegar na tela abaixo. Você deve desmarcar a opção Ativar trial gratuito do Malwarebytes Anti-Malware Pro 

desclicar-mbam.png

2. O programa de instalação será finalizado e o MBAM será executado e automaticamente atualizará o seu banco de dados. Enquanto ele faz isso, clique no menu Configurações > Detecção e proteção (à esquerda) e clique na opção Procurar rootkits. Verifique também se as duas opções mostradas abaixo estão ambas configuradas como Tratar detecções como malware:

tratar-deteccoes.png

3. Clique no menu Painel para voltar à tela principal e clique no botão Verificar. O MBAM iniciará a verificação de malwares no seu computador. Essa tarefa pode demorar bastante se houverem muitos arquivos. Aguarde a finalização de todos os processos. Se no final o MBAM detectou algum malware, inicialmente clique na opção Salvar resultados > escolha a opção Arquivo de texto (*.txt) > Salve o arquivo:

salvar-txt.png

Agora clique no botão Remover selecionados para as ameaças serem removidas. 

Se o MBAM encontrar arquivos que não podem ser removidos, ele solicitará a reinicialização do computador (talvez mais de uma vez). Se isso acontecer, reinicie o computador imediatamente.

4. Agora abra o arquivo que você salvou no item anterior.  Selecione todo o conteúdo desse log (tecle CTRL+A), copie-o (CTRL+C) e cole-o (CTRL+V) na sua próxima resposta juntamente com um novo Log do HiJackThis .


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seguem logs

MBAM

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 21/04/17
Hora da análise: 09:40
Arquivo de registro: mbam.txt
Administrador: Sim

-Informação do software-
Versão: 3.0.6.1469
Versão de componentes: 1.0.103
Versão do pacote de definições: 1.0.1775
Licença: Grátis

-Informação do sistema-
Sistema operacional: Windows 8
CPU: x64
Sistema de arquivos: NTFS
Usuário: Usu\u00c3\u00a1rio-PC\Usu\u00c3\u00a1rio

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Resultado: Concluído
Objetos verificados: 365384
Tempo decorrido: 29 min, 5 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 0
(Nenhum item malicioso detectado)

Arquivo: 0
(Nenhum item malicioso detectado)

Setor físico: 0
(Nenhum item malicioso detectado)


(end)

 

 

 

HiJackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:44:52, on 21/04/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17568)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files (x86)\Microsoft Money\System\REMINDER.EXE
C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvMon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Usuário\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Reminder] C:\Program Files (x86)\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Quick Starter] C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - HKUS\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04212017094021794\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User '?')
O4 - HKUS\S-1-5-21-3271408666-2195771696-1690613705-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04212017094026466\..\Run: [Reminder] C:\Program Files (x86)\Microsoft Money\System\reminder.exe (User '?')
O4 - HKUS\S-1-5-21-3271408666-2195771696-1690613705-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-04212017094026466\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User '?')
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - Global Startup: Aplicativo de Download Automático do SOLIDWORKS.lnk = ?
O4 - Global Startup: Inicialização Rápida do SOLIDWORKS 2015.lnk = ?
O4 - Global Startup: Samsung Drive Manager Real-Time.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: www.santander.com.br
O15 - Trusted Zone: www.santanderempresarial.com.br
O15 - Trusted Zone: www.santandernet.com.br
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: wwws2.santandernet.com.br
O15 - Trusted Zone: www.santandernetibe.com.br
O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} (SlimClient Class) - https://vpn.usiminas.com/SNX/CSHELL/extender.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = usiminas.su.net,viacabocom.com.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = usiminas.su.net,viacabocom.com.br
O20 - Winlogon Notify:  GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DTSInterops (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corporation - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics Co., Ltd. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
O23 - Service: Samsung Drive Manager Service (SZDrvSvc) - Clarus, Inc. - C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 14753 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

1. Desabilite o seu Antivírus e AntiSpyware para não haver conflitos e Mantenha-os desativados até terminar as instruções.

2. Faça download do AdwCleaner e salve-o na sua Área de Trabalho (desktop)

3. Execute o adwcleaner.exe

Usuários do Windows 7, 8.1 ou 10: clique com o botão direito do mouse no ícone do adwcleaner.exe e selecione  executar-como-administrador.png

adwcleaner.png

4. Clique no botão Verificar e depois em Limpar

5. Salve o Log criado

6. Faça download do JRT (Junkware Removal Tool) e salve-o na sua Área de Trabalho

7. Dê um duplo-clique no arquivo JRT para executá-lo

Usuários do Windows 7, 8.1 ou 10: clique com o botão direito do mouse no ícone do JRT.exe e selecione  executar-como-administrador.png

8. O JRT começará o exame do seu Sistema. Tenha paciência pois pode demorar alguns minutos dependendo da quantidades de itens examinados

9. No final um novo arquivo JRT.txt aparecerá na sua Área de Trabalho e uma janela se abrirá com o conteúdo deste arquivo (log do JRT)

10. Selecione todo o conteúdo desse log (tecle CTRL+A), copie-o (CTRL+C) e cole-o (CTRL+V) na sua próxima resposta juntamente com o Log do AdwCleaner (item 5 acima) e o novo log do HijackThis


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seguem logs:

ADW

# AdwCleaner v6.045 - Relatório criado 21/04/2017 às 11:35:58
# Atualizado em 28/03/2017 por Malwarebytes
# Banco de dados : 2017-04-21.1 [Servidor]
# Sistema operacional : Windows 8 Single Language  (X64)
# Usuário : Usuário - USUÁRIO-PC
# Executando de : C:\Users\Usuário\Desktop\AdwCleaner.exe
# Modo: Limpo
# Apoio : https://www.malwarebytes.com/support

***** [ Serviços ] *****

***** [ Pastas ] *****

[-] Pasta excluída:C:\Users\Usuário\AppData\Roaming\Zbshareware Lab


***** [ Arquivos ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Atalhos ] *****

***** [ Atividades agendadas ] *****

***** [ Registro ] *****

[-] Chave excluída:HKLM\SOFTWARE\Classes\BaiduSparkHTML
[#] Chave excluída na reinicialização:[x64] HKLM\SOFTWARE\Classes\BaiduSparkHTML


***** [ Verificando navegadores ... ] *****

[-] [C:\Users\Usuário\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Eliminado:br.ask.com


*************************

:: Chaves "Tracing" excluídas
:: Configurações Winsock restauradas

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [1146 Bytes] - [21/04/2017 11:35:58]
C:\AdwCleaner\AdwCleaner[S0].txt - [1474 Bytes] - [21/04/2017 11:29:42]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [1292 Bytes] ##########
 

 

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 8 Single Language x64 
Ran by Usu rio (Administrator) on 21/04/2017 at 11:45:16,09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 32 

Successfully deleted: C:\Users\Usu rio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0KI9V2TQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Usu rio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U18PT49 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Usu rio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADK1V53L (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Usu rio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMYK83U2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Usu rio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0FLDDH8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Usu rio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPACS9CE (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Usu rio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5O0WH8U (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Usu rio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUJGCF58 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Usu rio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2O4P4TU (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Usu rio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RHRG34IA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Usu rio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPCDNYW8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Usu rio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SK3Y0RZA (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Usu rio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFK8OT3F (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Usu rio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TUA5U1FT (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Usu rio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U83UN4RI (Temporary Internet Files Folder) 
Successfully deleted: C:\Users\Usu rio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRG5QSEZ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0KI9V2TQ (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9U18PT49 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ADK1V53L (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CMYK83U2 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F0FLDDH8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\LPACS9CE (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\M5O0WH8U (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MUJGCF58 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\P2O4P4TU (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RHRG34IA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RPCDNYW8 (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SK3Y0RZA (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFK8OT3F (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TUA5U1FT (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\U83UN4RI (Temporary Internet Files Folder) 
Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YRG5QSEZ (Temporary Internet Files Folder) 

Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 21/04/2017 at 12:56:14,27
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

HiJackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:18:54, on 21/04/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17568)
Boot mode: Normal

Running processes:
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Users\Usuário\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Reminder] C:\Program Files (x86)\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Quick Starter] C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - Global Startup: Aplicativo de Download Automático do SOLIDWORKS.lnk = ?
O4 - Global Startup: Inicialização Rápida do SOLIDWORKS 2015.lnk = ?
O4 - Global Startup: Samsung Drive Manager Real-Time.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O15 - Trusted Zone: www.santander.com.br
O15 - Trusted Zone: www.santanderempresarial.com.br
O15 - Trusted Zone: www.santandernet.com.br
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: wwws2.santandernet.com.br
O15 - Trusted Zone: www.santandernetibe.com.br
O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} (SlimClient Class) - https://vpn.usiminas.com/SNX/CSHELL/extender.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = usiminas.su.net,viacabocom.com.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = usiminas.su.net,viacabocom.com.br
O20 - Winlogon Notify:  GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DTSInterops (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corporation - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics Co., Ltd. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
O23 - Service: Samsung Drive Manager Service (SZDrvSvc) - Clarus, Inc. - C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 13285 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

1. Desabilite o seu Antivírus e AntiSpyware para não haver conflitos e Mantenha-os desativados até terminar as instruções.

2. Faça download do Zoek e execute-o.

3. Copie as linhas abaixo (selecione-as e tecle CTRL+C) e cole (CTRL+V) no espaço do Zoek:

createsrpoint;
autoclean;
resetieproxy;
resethosts;
iedefaults;
chrdefaults;
emptyCHRcache;
ffdefaults;
firefoxlook;
emptyalltemp;
shortcutfix;

4. Feche todos os navegadores e clique em Run Script:

zoek-run.png

Durante o Scan a mensagem abaixo será apresentada. Seja paciente e aguarde o término da execução do script pois a análise pode demorar alguns minutos..

zoek-executando.PNG

5. Caso seja solicitada a reinicialização do computador, faça isso clicando em OK

6.  O Zoek abrirá uma janela com o resultado da análise. Poste o conteúdo dessa janela e também um novo Log do HijackThis.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seguem logs

 

ZOEK


Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Usu rio on 21/04/2017 at 14:40:16,73.
Microsoft Windows 8 Single Language 6.2.9200  x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\USURIO~2\Desktop\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

21/04/2017 14:49:22 Zoek.exe System Restore Point Created Successfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp. 

# This is a sample HOSTS file used by Microsoft TCP/IP for Windows. 

# This file contains the mappings of IP addresses to host names. Each 
# entry should be kept on an individual line. The IP address should 
# be placed in the first column followed by the corresponding host name. 
# The IP address and the host name should be separated by at least one 
# space. 

# Additionally, comments (such as these) may be inserted on individual 
# lines or following the machine name denoted by a '#' symbol. 

# For example: 

#      102.54.94.97     rhino.acme.com          # source server 
#       38.25.63.10     x.acme.com              # x client host 
 
# localhost name resolution is handled within DNS itself. 
127.0.0.1       localhost 
::1             localhost 

==== Empty Folders Check ======================

C:\PROGRA~3\DassaultSystemes deleted successfully
C:\Users\USURIO~2\AppData\Local\CUSTPDF Writer deleted successfully
C:\Users\USURIO~2\AppData\Local\DassaultSystemes deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Windows\SysNative\Tasks\SUPatchForW10Up deleted
C:\PROGRA~2\GUM78D0.tmp deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\USURIO~2\AppData\Local\7B4B.tmp deleted
C:\Users\USURIO~2\AppData\Local\7B5B.tmp deleted
C:\Users\USURIO~2\AppData\Local\7BF8.tmp deleted
C:\Users\USURIO~2\AppData\Local\cache deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"e-webprint@epson.com"="C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on" [23/01/2016 20:56]

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - No path found[]
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbjllphbppobebmjpjcijfbakobcheof - No path found[]

Rapport - USURIO~2\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof
Chrome Media Router - USURIO~2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
{012E1000-F331-11DB-8314-0800200C9A66} Google  Url="http://www.google.com/search?q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\USURIO~2\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\USURIO~2\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\USURIO~2\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\USURIO~2\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\USURIO~2\Desktop\IrfanView.lnk - C:\Program Files (x86)\IrfanView\i_view32.exe 
C:\Users\USURIO~2\Desktop\IRPF2016 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -  
C:\Users\USURIO~2\Desktop\JULIANA - Atalho.lnk - C:\JULIANA 
C:\Users\USURIO~2\Desktop\Samsung Drive Manager.lnk - C:\Program Files (x86)\Clarus\Samsung Drive Manager\Drive Manager.exe 
C:\Users\USURIO~2\Desktop\Trabalho Doméstico.lnk -  

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\ Google Earth Pro.lnk - C:\Program Files (x86)\Google\Google Earth Pro\googleearth.exe 
C:\Users\Public\Desktop\Acrobat Reader DC.lnk - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\AutoCAD 2012 - English.lnk - C:\Program Files (x86)\Autodesk\AutoCAD 2012 - English\acad.exe 
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe 
C:\Users\Public\Desktop\DWG TrueView 2017 - English.lnk - C:\Program Files (x86)\Autodesk\DWG TrueView 2017 - English\dwgviewr.exe /language "en-US"
C:\Users\Public\Desktop\eDrawings 2015 x64 Edition.lnk - C:\Program Files (x86)\SOLIDWORKS Corp\eDrawings X64 Edition\EModelViewer.exe 
C:\Users\Public\Desktop\Epson Easy Photo Print.lnk - C:\Program Files (x86)\EPSON Software\Easy Photo Print\EPQuicker.exe 
C:\Users\Public\Desktop\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe 
C:\Users\Public\Desktop\Garmin Express.lnk - C:\Program Files (x86)\Garmin\Express\express.exe 
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Public\Desktop\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe 
C:\Users\Public\Desktop\Inventor Fusion 2012.lnk - C:\Program Files (x86)\Autodesk\Inventor Fusion 2012\Inventor Fusion.exe 
C:\Users\Public\Desktop\IRPF2017 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -  
C:\Users\Public\Desktop\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe 
C:\Users\Public\Desktop\Quick Starter.lnk - C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe 
C:\Users\Public\Desktop\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite
C:\Users\Public\Desktop\Samsung Kies 3.lnk - C:\Program Files (x86)\Samsung\Kies3\Kies3.exe 
C:\Users\Public\Desktop\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe 
C:\Users\Public\Desktop\Settings.lnk - C:\Program Files (x86)\Samsung\Settings\sSettings.exe 
C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe 
C:\Users\Public\Desktop\SOLIDWORKS 2015 x64 Edition.lnk - C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\i386_SldWorks.exe 
C:\Users\Public\Desktop\SOLIDWORKS Explorer 2015.lnk - C:\Windows\Installer\{EACE15FF-59ED-4CBE-B1EB-616F4908745F}\NewShortcut3_2723AB6ADE8640EEAA77EC7E47C4DF34.exe 

==== shortcuts in Users Start Menu ======================

C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices\Galaxy J5 METAL.lnk -  
C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2017.lnk -  
C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices\Galaxy J5 METAL.lnk -  
C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2017.lnk -  
C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices\Galaxy J5 METAL.lnk -  
C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2017.lnk -  
C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices\Galaxy J5 METAL.lnk -  
C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2017.lnk -  
C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices\Galaxy J5 METAL.lnk -  
C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2017.lnk -  
C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices\Galaxy J5 METAL.lnk -  
C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2017.lnk -  
C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices\Galaxy J5 METAL.lnk -  
C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2017.lnk -  
C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices\Galaxy J5 METAL.lnk -  
C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2017.lnk -  
C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices\Galaxy J5 METAL.lnk -  
C:\Users\Usuário\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2017.lnk -  

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Connect.lnk - C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe /showMiniGui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\antivírus\Ajuda do Avira antivírus.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\57\avwin.chm 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\antivírus\Avira na Internet.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\weblink.url 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\antivírus\Iniciar Avira antivírus.lnk - C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do SOLIDWORKS 2015\Agendador de Tarefas do SOLIDWORKS 2015.lnk - C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\i386_SwScheduler_5F527AA89BD74B82AA633F386F129FA3.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do SOLIDWORKS 2015\Assistente de cópia de configurações 2015.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do SOLIDWORKS 2015\Configurações do Toolbox 2015.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do SOLIDWORKS 2015\Editor de Templates do Costing 2015.lnk - C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\CostgTemplateEdito_137D8099937742FFB4518D04D5BEA705.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do SOLIDWORKS 2015\Gerador de Guias de Propriedades 2015.lnk - C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\PropertyTabBuilder_1F40E9F3993E4F02B14BAC3E685DC9D3.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do SOLIDWORKS 2015\Meus produtos.lnk - C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut10_09C97FE55E424E9E878903842FA26A35.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do SOLIDWORKS 2015\SolidNetWork License Manager 2015.lnk - C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\swlmwizard_6FEB7F8E7C4D4368B04FF4F6C1DAEF89.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do SOLIDWORKS 2015\SOLIDWORKS 2015 Routing Library Manager.lnk - C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut6_09A22F17AFFA435086E910433E69F955.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do SOLIDWORKS 2015\SOLIDWORKS Network Monitor 2015.lnk - C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\SolidWorksNetworkM_A6340B1E7C4A432C8947F93CD36D44D4.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do SOLIDWORKS 2015\SOLIDWORKS Rx 2015.lnk - C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\i386_SldRxexe_6FEB7F8E7C4D4368B04FF4F6C1DAEF89.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do SOLIDWORKS 2015\SOLIDWORKS Treehouse 2015.lnk - C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut2_9B0E37ED3B134323BADA48059EE62D25.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ferramentas do SOLIDWORKS 2015\Teste de desempenho do SOLIDWORKS 2015.lnk - C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\NewShortcut8_5A81956D53B84FDF978DC28E95329263.exe "-bm"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin\Garmin Express.lnk - C:\Program Files (x86)\Garmin\Express\express.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gerenciador de Instalação do SOLIDWORKS\Aplicativo de Download Automático do SOLIDWORKS.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gerenciador de Instalação do SOLIDWORKS\Verificar atualizações.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in DirectX mode.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe  -setDX
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth in OpenGL mode.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe  -setOGL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Start Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth\Uninstall Google Earth.lnk - C:\Windows\System32\msiexec.exe /x {F6430171-B86B-4639-839E-374913E7911D}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_131\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk - C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk - C:\Program Files (x86)\Malwarebytes\Anti-Malware\unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005\Visual Studio Tools\Visual Studio 2005 Remote Debugger (x64).lnk - C:\Program Files (x86)\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x64\msvsmon.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Ajuda do IRPF2017.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\IRPF2017 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Programas RFB2017\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Leia-me do IRPF2017.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer\Console do Trusteer Endpoint Protection.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer\Encerrar Trusteer Endpoint Protection.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer\Iniciar Trusteer Endpoint Protection.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung\Samsung Update.lnk - C:\Program Files (x86)\Samsung\SW Update\sManager.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015\eDrawings 2015 x64 Edition.lnk - C:\Program Files (x86)\SOLIDWORKS Corp\eDrawings X64 Edition\EModelViewer.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015\SOLIDWORKS 2015 x64 Edition.lnk - C:\Windows\Installer\{F8093877-4F2C-40ED-9BA7-2F9F48F5176F}\i386_SldWorks.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SOLIDWORKS 2015\SOLIDWORKS Explorer 2015.lnk - C:\Windows\Installer\{EACE15FF-59ED-4CBE-B1EB-616F4908745F}\NewShortcut1.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Aplicativo de Download Automático do SOLIDWORKS.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Inicialização Rápida do SOLIDWORKS 2015.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\USURIO~2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\USURIO~2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\USURIO~2\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=175 folders=38 110668049 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~2\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\USURIO~2\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 22/04/2017 at  6:17:42,96 ======================
 

 

HiJackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:08:29, on 22/04/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.17568)
Boot mode: Normal

Running processes:
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Microsoft Money\System\REMINDER.EXE
C:\Program Files (x86)\Clarus\Samsung Drive Manager\ABRTMon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
C:\Users\Usuário\Desktop\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_131\bin\jp2ssv.dll
O2 - BHO: Adblock Plus for IE Browser Helper Object - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll
O3 - Toolbar: E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Reminder] C:\Program Files (x86)\Microsoft Money\System\reminder.exe
O4 - HKCU\..\Run: [Quick Starter] C:\Program Files (x86)\Samsung\Quick Starter\Quick Starter.exe
O4 - HKCU\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe"
O4 - HKLM\..\Policies\Explorer\Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - HKUS\S-1-5-18\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [GarminExpressTrayApp] "C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe" (User 'Default user')
O4 - Global Startup: Aplicativo de Download Automático do SOLIDWORKS.lnk = ?
O4 - Global Startup: Inicialização Rápida do SOLIDWORKS 2015.lnk = ?
O4 - Global Startup: Samsung Drive Manager Real-Time.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O15 - Trusted Zone: www.santander.com.br
O15 - Trusted Zone: www.santanderempresarial.com.br
O15 - Trusted Zone: www.santandernet.com.br
O15 - Trusted Zone: wwws.santandernet.com.br
O15 - Trusted Zone: wwws2.santandernet.com.br
O15 - Trusted Zone: www.santandernetibe.com.br
O16 - DPF: {414FB93D-DEDD-4FEF-AD7F-167992EBDB52} (SlimClient Class) - https://vpn.usiminas.com/SNX/CSHELL/extender.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = usiminas.su.net,viacabocom.com.br
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = usiminas.su.net,viacabocom.com.br
O20 - Winlogon Notify:  GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DTSInterops (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corporation - C:\Program Files\SOLIDWORKS Corp\SOLIDWORKS\swScheduler\DTSCoordinatorService.exe
O23 - Service: Check Point SSL Network Extender (cpextender) - Check Point Software Technologies - C:\Program Files (x86)\CheckPoint\SSL Network Extender\slimsvc.exe
O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EpsonCustomerParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service - Flexera Software LLC - C:\Program Files (x86)\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Garmin Device Interaction Service - Garmin Ltd. or its subsidiaries - C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: FF Install Filter Service (InstallFilterService) - Unknown owner - C:\Program Files (x86)\STMicroelectronics\Accelerometer\InstallFilterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics Co., Ltd. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
O23 - Service: Samsung Drive Manager Service (SZDrvSvc) - Clarus, Inc. - C:\Program Files (x86)\Clarus\Samsung Drive Manager\SZDrvSvc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe

--
End of file - 13692 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Entre para seguir isso  
Seguidores 0

  • Vídeos do BABOO no YouTube

  • Posts

    • Sim, desde que começou a dar erro nesse modo acumulativo eu tento todas versões possíveis porem não atualiza...
      Agora estou tentando pelo Media Creation Tool que no caso e a que resolve né?
    • Tentou instalar manualmente ?  http://www.catalog.update.microsoft.com/Search.aspx?q=KB4022715    
    • Já faz algum tempo que meu Windows 10 Não atualiza direito...
      Com as fotos a seguir da pra ter uma noção bem do que se passa, desde do ano passado ele não faz as atualizações CUMULATIVAS....
      As poucas coisas que ele atualiza e o Office, Atualização de segurança do Adobe Flash Player, Ferramenta de Remoção de Software Mal-Intencionado é Atualização do Windows 10 Version 1607 para sistemas baseados em x64 como aparece nas imagens que mandei....
      Queria ajuda pra atualizar a BUILD do W10 que já está bem avançada e que não volte a dar esses tipos de problemas de novo....
      Agradeço desde de já a atenção!
    • Qual seu tipo de internet ? A cabo, wifi...etc? Verificou com o provedor de serviços e tudo lá está ok? Pode ainda começar conferindo este artigo e tentando passo a passo os procedimentos indicados https://support.microsoft.com/pt-br/help/10741/windows-10-fix-network-connection-issues   Ainda... No prompt como administrador digite ou cole cada linha abaixo , uma de cada vez e tecle enter.. Reinicie e veja se o adaptador aparece... regsvr32 netshell.dll
      regsvr32 netcfgx.dll
      regsvr32 netman.dll  
    • Sua versão é a mais atual... Quanto ao problema do menu iniciar confira este artigo do Baboo e veja se as dicas resolvem, do contrário retorne para mais opções https://www.baboo.com.br/tutorial/tutorial-windows-10/menu-iniciar-nao-abre-no-windows-10/
    • Uso o Windows 10 Pro 64 bits e ontem do nada eu fiquei sem internet, fui no "Painel de Controle >> Rede e Internet >> Central de Rede e Compartilhamento >> Configurações do Adaptador" mas não aparece nada, diz"Esta pasta está vazia". Quando vou no "Gerenciador de Dispositivos >> Adaptadores de Rede" ele aparece lá, estranho isso. Eu já tentei reinstalar o driver de rede, ele dá sucesso mas nada muda em meu computador. Entrando em minha BIOS, lá está ativado.
    • Tente
      Antes de clicar com o botão direito do mouse no  Windows Explorer, clique com o botão direito em qualquer ícone da área de trabalho e clique (com o botão esquerdo fora)
      Veja se agora consegue clicar normalmente com o botão direito  nas pastas do  explorer...   Pode ainda se a dica não resolver fazer uma  verificação utilizando a ferramenta ShellExView da Nirsoft. Organize pela coluna "Company" e desabilte as extensões que não são originais Microsoft.
      http://www.nirsoft.net/utils/shexview.html  
    • tecla Windows + R para abrir o executar...digite winver e tecle enter Poste a build do 10 Pro instalada. Baixe ainda o programa deste link, execute-o e poste resultados http://aka.ms/diag_StartMenu
    • Olá, Estou utilizando Windows 10 Pro, e o mesmo ao efetuar busca no menu iniciar de algum programa, ao localizar e clicar sobre programa escolhido o mesmo não é aberto. Isso ocorre em qualquer programa na qual desejo acesso pelo iniciar, mas se efetuar busca manual o programa acessado sem nenhum problema. Alguém poderia ajudar. Att,
      Edinei
O site BABOO está no ar para informar e ajudar o internauta de Windows. Este site foi publicado em 1999 por Aurélio "Baboo", engenheiro e um dos maiores especialistas brasileiros em Windows, que trabalha profissionalmente com esse sistema operacional desde 1987. Desde 2004 ele é premiado anualmente pela Microsoft como MVP (Most Valuable Professional) pela sua contribuição e ajuda à comunidade de usuários de Windows.

Em 2001 foi criado o
Fórum do BABOO para ajudar o internauta brasileiro a solucionar problemas e dúvidas sobre Windows, Segurança, Office, Hardware e outros temas. Desde 2010 a Microsoft também tem premiado o Mr.Million, administrador da área de Segurança do Fórum do BABOO, pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Atualmente ele é o único MVP brasileiro de Segurança em desktop.

O BABOO é o único site brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows e que participa diariamente e ativamente nos comentários e discussões do site e fórum BABOO.