osousa

Membro
  • Content count

    70
  • Joined

  • Last visited

Community Reputation

0 Neutral

About osousa

  • Rank
    Membro

Contact Methods

  • ICQ
    0
  1. Sim, ficou ate mais facil o banco criou um tipo um aplicativo que abre direto, antes eu não conseguia instalar ele, agora depois que você me instruiu e limpamos a maquina esta funcionando certinho. obrigado pela ajuda, abs Osni.
  2. Boa Noite, eu tentei, mas nao consegui. entao procurando no site do itau, encontrei uma versão que voce instala direto na maquina. instalei esta versão. att Osni
  3. Oi boa noite, então, meu banco é o itau, eu não consigo instalar o programa de segurança no chrome, já desisntalou o antigo e não instala o novo, dá umas mensagens de erro, que vou anexar para você e quem sabe você já viu e pode me dar uma idéia de como corrigir. obrigado. Osni.
  4. OI boa noite, Então fiz os testes, embora nao tenha conseguido colocar aquela regra percebi que a maquinha nao abre mais a pagina falsa, pelo internet explorer ela abre com o programa de segurança instalado, no chrome diz que o programa nao esta instalado, mas tem o "S" no https:/, e no edge nem tentei foi de lá que arrumei toda essa dor de cabeça. Se pelas suas analises me disser que a maquina esta limpa podemos dar por finalizado. obrigado por tudo, fico no aguardo Osni.
  5. Oi, boa noite, desculpa não sei fazer isso não, pode me explicar Osni.
  6. Boa Noite, depois que voce começou a me orientar, nunca mais tentei acessar a pagina do banco. hoje eu tentei abrir o site, pelo chrome abriu mas nao instala o programa de segurança. Pelo internet explorer tambem abriu e instalou o programa de segurança. O edge nem abre mais para qualquer coisa abre uma pagina azul e depois fecha sozinho, sem dar tempo de digitar qualquer coisa. Amanhã vou ligar no banco e pedir para liberar o acesso, informando que a maquina ta limpa. Ah percebi que o AVIRA da uma mensagem toda vez que entro no banco de bloqueio, apareceu com o chrome e como internet explorer. vou anexar, o que voce me diz a maquina ta limpa? Osni
  7. Boa Noite, foi necessário, desativar o avira e o windows defender, ambos acusaram o programa como vírus e removeram para a lixeira. segue log SecurityCheck by glax24 & Severnyj v.1.4.0.34 [18.01.16] WebSite: www.safezone.cc DateLog: 18.01.2016 19:40:53 Path starting: C:\Users\OSNI\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe Log directory: C:\SecurityCheck\ IsAdmin: True User: OSNI VersionXML: 2.30i-18.01.2016 ___________________________________________________________________________ Windows 10(6.3.10586) (x86) Professional Lang: Portuguese(0416) Installation date OS: 15.12.2015 06:35:06 LicenseStatus: Windows®, Professional edition The machine is permanently activated. Boot Mode: Normal Default Browser: C:\WINDOWS\system32\LaunchWinApp.exe SystemDrive: C: FS: [NTFS] Capacity: [74 Gb] Used: [38.2 Gb] Free: [35.8 Gb] ------------------------------- [ Windows ] ------------------------------- Internet Explorer 11.63.10586.0 [+] User Account Control enabled Automatic download and scheduled installation Windows Update (wuauserv) - The service is running Central de Segurança (wscsvc) - The service is running Registro remoto (RemoteRegistry) - The service has stopped ---------------------------- [ Antivirus_WMI ] ---------------------------- Avira Antivirus (disabled and up to date) Windows Defender (disabled) --------------------------- [ FirewallWindows ] --------------------------- Firewall do Windows (MpsSvc) - The service is running --------------------------- [ AntiSpyware_WMI ] --------------------------- Avira Antivirus (disabled and up to date) Windows Defender (disabled) ---------------------- [ AntiVirusFirewallInstall ] ----------------------- Avira Antivirus v.15.0.15.129 ESET Online Scanner v3 Avira Launcher v.1.1.53.13962 -------------------------- [ SecurityUtilities ] -------------------------- Malwarebytes Anti-Malware versão 2.2.0.1024 v.2.2.0.1024 --------------------------- [ OtherUtilities ] ---------------------------- Arquivo do WinRAR Microsoft Silverlight v.5.1.41212.0 --------------------------------- [ P2P ] --------------------------------- µTorrent v.3.4.5.41372 Warning! P2P-client. -------------------------------- [ Java ] --------------------------------- Java 8 Update 66 v.8.0.660.18 ------------------------------- [ Browser ] ------------------------------- Google Chrome v.47.0.2526.111 --------------------------- [ RunningProcess ] ---------------------------- C:\Users\OSNI\AppData\Local\Google\Chrome\Application\chrome.exe v.47.0.2526.111 sched.exe avguard.exe avshadow.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe v.15.0.15.106 C:\Program Files\Malwarebytes Anti-Malware\mbam.exe v.2.3.125.0 mbamscheduler.exe mbamservice.exe MsMpEng.exe MpCmdRun.exe C:\Program Files\Windows Defender\MSASCui.exe v.4.9.10586.0 ----------------------------- [ End of Log ] ------------------------------ Tenho uma pergunta, uma versão que tinha instalado do photoshop parou de funcionar, é normal. aguardo instruções. Osni
  8. Boa Noite, 1) o Button Manager, é um programa que veio com o scaner, eu uso toda vez que vou escanear alguma folha. 2) - segue o texto do fixlog. Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão:10-01-2015 01 Executado por OSNI (2016-01-17 19:16:23) Run:1 Executando a partir de C:\Users\OSNI\Desktop Perfis Carregados: OSNI (Perfis Disponíveis: OSNI) Modo da Inicialização: Normal ============================================== fixlist Conteúdo: ***************** start CreateRestorePoint: Task: {03393D14-3EE8-48AE-83D5-30331CA928B9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> Nenhum Arquivo <==== ATENÇÃO Task: {11AA6B9D-ED49-4A66-9E7F-C3FB6D7F5C25} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {55A2B2D6-78CB-4A22-9CF0-9E470914C162} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> Nenhum Arquivo <==== ATENÇÃO Task: {59DE7A9A-BD47-4FFB-95D0-DFC8DC2AD0AD} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> Nenhum Arquivo <==== ATENÇÃO Task: {712D0D0D-EC32-4394-8545-6E23F2C30E26} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> Nenhum Arquivo <==== ATENÇÃO Task: {71574D20-2F63-492B-9E9B-81D9B5216344} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {7B423833-DC28-4B90-B8C9-C00D32385D8D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> Nenhum Arquivo <==== ATENÇÃO Task: {7F5354D5-00FC-45C1-B211-CD0C54931CDB} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> Nenhum Arquivo <==== ATENÇÃO Task: {8A987C26-6CBD-4D31-8880-213AD4487602} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {B5DB1ADE-D3FC-480E-981F-8F7B1FA15C04} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> Nenhum Arquivo <==== ATENÇÃO Task: {BD2EC824-B3A9-44CD-929B-236E5778F1B6} - \Run_Bobby_Browser -> Nenhum Arquivo <==== ATENÇÃO Task: {F6FB1665-9A14-4FB3-B181-28F600AFF565} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> Nenhum Arquivo <==== ATENÇÃO FirewallRules: [{15E0DBEB-5389-4F4F-A855-1872150CA325}] => (Allow) C:\Program Files\YourFileDownloader\YourFileDownloader.exe FirewallRules: [{A40EBE13-EBC7-4144-8311-6B6CFAE2AD24}] => (Allow) C:\Program Files\YourFileDownloader\YourFileDownloader.exe FirewallRules: [{46B8FA5C-61CD-47F8-B177-713A134020AC}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe FirewallRules: [{D082D5CC-4AA2-4261-B8A5-739E09191931}] => (Allow) C:\Program Files\YourFileDownloader\Downloader.exe C:\Program Files\YourFileDownloader cmd: ipconfig /flushdns EmptyTemp: end ***************** Ponto de Restauração criado com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03393D14-3EE8-48AE-83D5-30331CA928B9}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03393D14-3EE8-48AE-83D5-30331CA928B9}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{11AA6B9D-ED49-4A66-9E7F-C3FB6D7F5C25}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{11AA6B9D-ED49-4A66-9E7F-C3FB6D7F5C25}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55A2B2D6-78CB-4A22-9CF0-9E470914C162}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55A2B2D6-78CB-4A22-9CF0-9E470914C162}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59DE7A9A-BD47-4FFB-95D0-DFC8DC2AD0AD}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59DE7A9A-BD47-4FFB-95D0-DFC8DC2AD0AD}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{712D0D0D-EC32-4394-8545-6E23F2C30E26}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{712D0D0D-EC32-4394-8545-6E23F2C30E26}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{71574D20-2F63-492B-9E9B-81D9B5216344}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{71574D20-2F63-492B-9E9B-81D9B5216344}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7B423833-DC28-4B90-B8C9-C00D32385D8D}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7B423833-DC28-4B90-B8C9-C00D32385D8D}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7F5354D5-00FC-45C1-B211-CD0C54931CDB}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F5354D5-00FC-45C1-B211-CD0C54931CDB}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A987C26-6CBD-4D31-8880-213AD4487602}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A987C26-6CBD-4D31-8880-213AD4487602}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B5DB1ADE-D3FC-480E-981F-8F7B1FA15C04}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B5DB1ADE-D3FC-480E-981F-8F7B1FA15C04}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BD2EC824-B3A9-44CD-929B-236E5778F1B6}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD2EC824-B3A9-44CD-929B-236E5778F1B6}" => chave removido (a) com sucesso. HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Run_Bobby_Browser => chave não encontrado (a). "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6FB1665-9A14-4FB3-B181-28F600AFF565}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6FB1665-9A14-4FB3-B181-28F600AFF565}" => chave removido (a) com sucesso. "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => chave removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{15E0DBEB-5389-4F4F-A855-1872150CA325} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A40EBE13-EBC7-4144-8311-6B6CFAE2AD24} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{46B8FA5C-61CD-47F8-B177-713A134020AC} => valor removido (a) com sucesso. HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{D082D5CC-4AA2-4261-B8A5-739E09191931} => valor removido (a) com sucesso. "C:\Program Files\YourFileDownloader" => não encontrado (a). ========= ipconfig /flushdns ========= Configura��o de IP do Windows Libera��o do Cache do DNS Resolver bem-sucedida. ========= Fim de CMD: ========= EmptyTemp: => 711 MB de dados temporários Removidos. O sistema precisou ser reiniciado. ==== Fim de Fixlog 19:19:45 ==== obrigado, aguardo instruções Osni.
  9. Boa Noite, fiz 3 tentativas e ele não aceitou colar o texto. segue anexado obrigado Osni ps.; aguardo novas instruções FRST.txt Addition.txt
  10. boa noite, segue conforme solicitado. ZA-Scan V1.0.0.5 Updated 31-December-2015 Tool run by OSNI on 14/01/2016 at 20:57:43,07. Microsoft Windows 10 Pro 10.0.10586 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\OSNI\Downloads\ZaScan\ZA-Scan.exe Script used: C:\Users\OSNI\Downloads\ZaScan\zascript.txt ==== System Restore Info ====================== ==== Empty Folders Check ====================== C:\Program Files\uTorrent deleted successfully C:\PROGRA~2\boost_interprocess deleted successfully C:\PROGRA~2\Comms deleted successfully C:\PROGRA~2\ISIS Drivers deleted successfully C:\PROGRA~2\SoftwareDistribution deleted successfully C:\Users\OSNI\AppData\Local\ActiveSync deleted successfully C:\Users\OSNI\AppData\Local\EmieBrowserModeList deleted successfully C:\Users\OSNI\AppData\Local\EmieSiteList deleted successfully C:\Users\OSNI\AppData\Local\EmieUserList deleted successfully C:\Users\OSNI\AppData\Local\Opera Software deleted successfully C:\Users\OSNI\AppData\Local\PeerDistRepub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\OSNI\AppData\Roaming\Mozilla\Firefox\Profiles\mLoC7IxE.default\prefs.js: Added to C:\Users\OSNI\AppData\Roaming\Mozilla\Firefox\Profiles\mLoC7IxE.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Deleting Files \ Folders ====================== C:\Program Files\uTorrent not found C:\Program Files\Arquivos Comuns deleted C:\Users\OSNI\AppData\Local\Aplicativo Itau deleted C:\PROGRA~2\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted C:\WINDOWS\system32\GroupPolicy\Machine deleted C:\WINDOWS\system32\GroupPolicy\User deleted C:\WINDOWS\system32\GroupPolicy\gpt.ini deleted C:\Users\OSNI\AppData\Roaming\Mozilla\Firefox\Profiles\mLoC7IxE.default\extensions\abs@avira.com deleted ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\OSNI\AppData\Roaming\Mozilla\Firefox\Profiles\mLoC7IxE.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "web2pdfextension@web2pdf.adobedotcom"="C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [15/04/2015 22:04] ==== Firefox Extensions ====================== ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[03/12/2014 04:31] flliilndjeohchalpbbcdekjklbdgfkk - No path found[] ==== Chromium Fix ====================== C:\Users\OSNI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.uol.com.br_0.localstorage deleted successfully C:\Users\OSNI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_shopping.uol.com.br_0.localstorage-journal deleted successfully C:\Users\OSNI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage deleted successfully C:\Users\OSNI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage-journal deleted successfully C:\Users\OSNI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully C:\Users\OSNI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully C:\Users\OSNI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully C:\Users\OSNI\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04 ==== Reset Google Chrome ====================== C:\Users\OSNI\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\OSNI\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\OSNI\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\OSNI\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\OSNI\Desktop\audacity.exe - Atalho.lnk - C:\Program Files\Audacity\audacity.exe C:\Users\OSNI\Desktop\Button Manager.lnk - C:\Program Files\Avision\Button Manager\ButtonManager.exe /gogoscan C:\Users\OSNI\Desktop\Dropbox.lnk - C:\Users\OSNI\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\OSNI\Desktop\Google Chrome.lnk - C:\Users\OSNI\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\OSNI\Desktop\IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - C:\Users\OSNI\Desktop\Itaú.lnk - C:\Users\OSNI\Desktop\Microsoft Office Access 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe C:\Users\OSNI\Desktop\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\OSNI\Desktop\Nero Burning ROM.lnk - C:\Windows\Installer\{B3756FCF-13D3-460B-88D5-33CB88CE6CFA}\ARPPRODUCTICON.exe C:\Users\OSNI\Desktop\Samsung Drive Manager.lnk - C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe C:\Users\OSNI\Desktop\Samsung Link Osni.sousa@hotmail.com.lnk - C:\Users\OSNI\Samsung Link\Osni.sousa@hotmail.com C:\Users\OSNI\Desktop\Voobys.lnk - C:\Users\OSNI\Desktop\µTorrent.lnk - ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrobat.exe C:\Users\Public\Desktop\Adobe Application Manager.lnk - C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe --appletID=CCM_UI --appletVersion=1.0 --workflow=CCM_workflow_launch C:\Users\Public\Desktop\Adobe FormsCentral.lnk - C:\Program Files\Adobe\Acrobat 11.0\FormsCentral\FormsCentralForAcrobat.exe C:\Users\Public\Desktop\Avira Launcher.lnk - C:\Program Files\Avira\Launcher\Avira.Systray.exe /showMiniGui C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\Nero 2015.lnk - C:\Windows\Installer\{9D780839-6E97-4E2A-A5F7-711AF221B609}\NeroLauncher.ex_06255901E67449719980557FAA5EC1C6.exe C:\Users\Public\Desktop\Presto PageManager 7.16.lnk - C:\Users\Public\Desktop\Readiris Pro 11.lnk - C:\Program Files\Readiris Pro 11 HP\readiris.exe C:\Users\Public\Desktop\µTorrent.lnk - ==== shortcuts in Users Start Menu ====================== C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk - page=SettingsPageAppsDefaults C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk - page=SettingsPagePCSystemDevices C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk - page=SettingsPageAppsDefaults C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk - page=SettingsPagePCSystemDevices C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk - C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\OSNI\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú\Desinstalador.lnk - C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativo Itaú\Itaú.lnk - C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\OSNI\AppData\Roaming\Dropbox\bin\Dropbox.exe /home C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\OSNI\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\OSNI\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk - C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk - C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk - page=SettingsPageAppsDefaults C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk - page=SettingsPagePCSystemDevices C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk - C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk - C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe C:\Users\OSNI\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk - page=SettingsPageAppsDefaults C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk - page=SettingsPagePCSystemDevices C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk - ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk - C:\Program Files\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe --appletID=CCM_UI --appletVersion=1.0 --workflow=CCM_workflow_launch C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk - C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk - C:\Program Files\Adobe\Adobe Utilities - CS6\ExtendScript Toolkit CS6\ExtendScript Toolkit.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk - C:\Program Files\Adobe\Adobe Extension Manager CS6\Adobe Extension Manager CS6.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk - C:\Program Files\Adobe\Adobe Photoshop CS6\Photoshop.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desktop.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk - C:\WINDOWS\DevicesFlow\DevicesFlow.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk - C:\WINDOWS\System32\Control.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk - C:\WINDOWS\MiracastView\MiracastView.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk - C:\WINDOWS\PrintDialog\PrintDialog.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk - C:\WINDOWS\Speech\Common\sapisvr.exe -SpeechUX C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk - C:\WINDOWS\system32\mspaint.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\WINDOWS\system32\mstsc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\WINDOWS\system32\SnippingTool.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk - C:\WINDOWS\system32\psr.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\WINDOWS\system32\StikyNot.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk - C:\WINDOWS\system32\WFS.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk - C:\Program Files\Windows NT\Accessories\wordpad.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk - C:\WINDOWS\system32\xpsrchvw.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk - C:\WINDOWS\system32\charmap.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk - C:\Program Files\Windows Journal\Journal.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk - C:\WINDOWS\system32\comexp.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk - C:\WINDOWS\system32\compmgmt.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk - C:\WINDOWS\system32\dfrgui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk - C:\WINDOWS\system32\cleanmgr.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk - C:\WINDOWS\system32\eventvwr.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk - C:\WINDOWS\system32\iscsicpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk - C:\WINDOWS\system32\MdSched.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources.lnk - C:\WINDOWS\system32\odbcad32.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk - C:\WINDOWS\system32\perfmon.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\WINDOWS\system32\printmanagement.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk - C:\WINDOWS\system32\perfmon.exe /res C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk - C:\WINDOWS\system32\secpol.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk - C:\WINDOWS\system32\services.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk - C:\WINDOWS\system32\msconfig.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk - C:\WINDOWS\system32\msinfo32.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk - C:\WINDOWS\system32\taskschd.msc /s C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk - C:\WINDOWS\system32\WF.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira Launcher.lnk - C:\Program Files\Avira\Launcher\Avira.Systray.exe /showMiniGui C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Ajuda do Avira Antivirus.lnk - C:\Program Files\Avira\AntiVir Desktop\57\avwin.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Avira na Internet.lnk - C:\Program Files\Avira\AntiVir Desktop\weblink.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Antivirus\Iniciar Avira Antivirus.lnk - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files\Java\jre1.8.0_66\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files\Java\jre1.8.0_66\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Application Compatibility Toolkit\Application Compatibility Manager.lnk - C:\Program Files\Microsoft Application Compatibility Toolkit\Application Compatibility Manager\ACM.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit).lnk - C:\WINDOWS\Installer\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}\Compatadmin.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Application Compatibility Toolkit\Demo Application\Stock Viewer.lnk - C:\Program Files\Microsoft Application Compatibility Toolkit\Compatibility Administrator (32-bit)\Demo Application\StockViewer\StockViewer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Application Compatibility Toolkit\Developer and Tester Tools\Internet Explorer Compatibility Test Tool.lnk - C:\WINDOWS\Installer\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}\testtool.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Application Compatibility Toolkit\Developer and Tester Tools\Standard User Analyzer Wizard.lnk - C:\WINDOWS\Installer\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}\SUAnalyzerIcon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Application Compatibility Toolkit\Developer and Tester Tools\Standard User Analyzer.lnk - C:\WINDOWS\Installer\{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}\SUAnalyzerIcon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.41212.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk - C:\WINDOWS\system32\control.exe /name Microsoft.DefaultPrograms C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk - C:\WINDOWS\system32\taskmgr.exe /7 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk - C:\Program Files\Windows Defender\MSASCui.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\OSNI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Aimersoft Video Converter Ultimate.lnk - C:\Program Files\Aimersoft\Video Converter Ultimate\VideoConverterUltimate.exe C:\Users\OSNI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Users\OSNI\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\OSNI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\OSNI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE /recycle C:\Users\OSNI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\OSNI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\OSNI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\OSNI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\OSNI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Users\OSNI\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\OSNI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Outlook 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe C:\Users\OSNI\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1 C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Empty IE Cache ====================== C:\Users\Default\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\OSNI\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\OSNI\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\OSNI\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\OSNI\AppData\Local\Microsoft\Windows\INetCache\IE\XXDJ1MVV will be deleted at reboot ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\OSNI\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\OSNI\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\Users\OSNI\AppData\Local\Microsoft\Windows\INetCache\IE\XXDJ1MVV" deleted ==== EOF on 14/01/2016 at 21:33:54,63 ====================== aguardo instruçoes Osni
  11. Boa Noite, segue ZA-Scan V1.0.0.5 Updated 31-December-2015 Tool run by OSNI on 13/01/2016 at 22:19:32,53. Microsoft Windows 10 Pro 10.0.10586 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\OSNI\Downloads\ZA-Scan.exe [Z-Analyse Scan] ==== Running Processes ====================== C:\WINDOWS\system32\lsass.exe C:\PROGRA~1\GbPlugin\GbpSv.exe C:\Windows\System32\WUDFHost.exe C:\WINDOWS\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\WINDOWS\system32\dashost.exe C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe C:\Program Files\Samsung\Samsung Link\Samsung Link.exe C:\Program Files\Samsung\Samsung Link\Samsung Link.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\wbem\wmiprvse.exe C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkManagerDMS.exe C:\Program Files\Samsung\AllShare Framework DMS\1.3.23\AllShareFrameworkDMS.exe C:\WINDOWS\system32\conhost.exe C:\Program Files\Nero\Update\NASvc.exe C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\WINDOWS\System32\WinLogon.exe C:\WINDOWS\System32\dwm.exe C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\WINDOWS\system32\sihost.exe C:\WINDOWS\system32\taskhostw.exe C:\WINDOWS\Explorer.EXE C:\Windows\System32\RuntimeBroker.exe C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe C:\Program Files\Adobe\Acrobat 11.0\Acrobat\acrotray.exe C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe C:\Program Files\Avira\Launcher\Avira.Systray.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe C:\Users\OSNI\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files\Clarus\Samsung Drive Manager\ABRTMon.exe C:\Users\OSNI\AppData\Roaming\Dropbox\bin\Dropbox.exe C:\Program Files\Voobys\Voobys.exe C:\WINDOWS\system32\ApplicationFrameHost.exe C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe C:\WINDOWS\system32\SearchProtocolHost.exe C:\Users\OSNI\Downloads\ZA-Scan.exe C:\WINDOWS\system32\conhost.exe C:\WINDOWS\system32\conhost.exe C:\Users\OSNI\AppData\Local\Temp\ZAScan.exe C:\WINDOWS\system32\SearchFilterHost.exe C:\WINDOWS\system32\svchost.exe -k DcomLaunch C:\WINDOWS\system32\svchost.exe -k RPCSS C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork C:\WINDOWS\system32\svchost.exe -k netsvcs C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\System32\svchost.exe -k NetworkService C:\WINDOWS\System32\svchost.exe -k utcsvc C:\WINDOWS\system32\svchost.exe -k appmodel C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup ==== Services(whitelist) ====================== Powered by E Dev R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files\common files\adobe\arm\1.0\armsvc.exe R2 - [AllShare Framework DMS] - AllShare Framework DMS - c:\program files\samsung\allshare framework dms\1.3.23\allshareframeworkmanagerdms.exe R2 - [AntiVirSchedulerService] - Avira Agendamento - c:\program files\avira\antivir desktop\sched.exe R2 - [AntiVirService] - Avira Real-Time Protection - c:\program files\avira\antivir desktop\avguard.exe R2 - [GbpSv] - Gbp Service - c:\progra~1\gbplugin\gbpsv.exe R2 - [MBAMScheduler] - MBAMScheduler - c:\program files\malwarebytes anti-malware\mbamscheduler.exe R2 - [MBAMService] - MBAMService - c:\program files\malwarebytes anti-malware\mbamservice.exe R2 - [NAUpdate] - Nero Update - c:\program files\nero\update\nasvc.exe R2 - [samsung Link Service] - Samsung Link Service - c:\program files\samsung\samsung link\samsung link.exe R2 - [sZDrvSvc] - Samsung Drive Manager Service - c:\program files\clarus\samsung drive manager\szdrvsvc.exe R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe S2 - [AntiVirMailService] - Avira Mail Protection - c:\program files\avira\antivir desktop\avmailc7.exe S2 - [AntiVirWebService] - Avira Web Protection - c:\program files\avira\antivir desktop\avwebg7.exe S2 - [Avira.ServiceHost] - Avira Service Host - c:\program files\avira\launcher\avira.servicehost.exe S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe S2 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe S3 - [diagnosticshub.standardcollector.service] - Serviço Coletor de Padrões de Hub de Diagnóstico da Microsoft ® - c:\windows\system32\diagsvcs\diagnosticshub.standardcollector.service.exe S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe S3 - [iDriverT] - InstallDriver Table Manager - c:\program files\common files\installshield\driver\1150\intel 32\idrivert.exe S3 - [iEEtwCollectorService] - Serviço Coletor ETW do Internet Explorer - c:\windows\system32\ieetwcollector.exe S3 - [Microsoft Office Groove Audit Service] - Microsoft Office Groove Audit Service - c:\program files\microsoft office\office12\grooveauditservice.exe S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe S3 - [odserv] - Microsoft Office Diagnostics Service - c:\program files\common files\microsoft shared\office12\odserv.exe S3 - [ose] - Office Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe S3 - [sensorDataService] - Serviço de Dados de Sensor - c:\windows\system32\sensordataservice.exe S3 - [sNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe S3 - [switchBoard] - SwitchBoard - c:\program files\common files\adobe\switchboard\switchboard.exe S3 - [TieringEngineService] - Gerenciamento de Camadas de Armazenamento - c:\windows\system32\tieringengineservice.exe S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe S3 - [WdNisSvc] - Serviço de Inspeção de Rede do Windows Defender - c:\program files\windows defender\nissrv.exe S3 - [WinDefend] - Serviço Windows Defender - c:\program files\windows defender\msmpeng.exe S3 - [wmiApSrv] - Adaptador de Desempenho WMI - c:\windows\system32\wbem\wmiapsrv.exe S3 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe ==== Drivers(whitelist) ====================== Powered by E Dev R0 - [FileInfo] - File Information FS MiniFilter - C:\WINDOWS\system32\Drivers\FileInfo.sys R0 - [FltMgr] - FltMgr - C:\WINDOWS\system32\Drivers\FltMgr.sys R0 - [Mup] - Mup - C:\WINDOWS\system32\Drivers\Mup.sys R0 - [Wof] - Windows Overlay File System Filter Driver - C:\WINDOWS\system32\Drivers\Wof.sys R1 - [NetBIOS] - NetBIOS Interface - C:\WINDOWS\system32\Drivers\NetBIOS.sys R2 - [srv] - Driver SMB 1.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv.sys R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\WINDOWS\system32\Drivers\srv2.sys R0 - [Achernar] - Achernar - SCSI Command Filter Drivers - C:\WINDOWS\system32\Drivers\Achernar.sys R0 - [ACPI] - Microsoft ACPI Driver - C:\WINDOWS\system32\Drivers\ACPI.sys R0 - [acpiex] - Microsoft ACPIEx Driver - C:\WINDOWS\system32\Drivers\acpiex.sys R0 - [atapi] - Canal de IDE - C:\WINDOWS\system32\Drivers\atapi.sys R0 - [CLFS] - Common Log (CLFS) - C:\WINDOWS\system32\Drivers\CLFS.sys R0 - [CNG] - CNG - C:\WINDOWS\system32\Drivers\CNG.sys R0 - [disk] - Driver de disco - C:\WINDOWS\system32\Drivers\disk.sys R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\WINDOWS\system32\Drivers\fvevol.sys R0 - [GbpKm] - Gbp KernelMode - C:\WINDOWS\system32\Drivers\GbpKm.sys R0 - [intelide] - intelide - C:\WINDOWS\system32\Drivers\intelide.sys R0 - [KSecDD] - KSecDD - C:\WINDOWS\system32\Drivers\KSecDD.sys R0 - [KSecPkg] - KSecPkg - C:\WINDOWS\system32\Drivers\KSecPkg.sys R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\WINDOWS\system32\Drivers\mountmgr.sys R0 - [msisadrv] - msisadrv - C:\WINDOWS\system32\Drivers\msisadrv.sys R0 - [NDIS] - Driver do Sistema NDIS - C:\WINDOWS\system32\Drivers\NDIS.sys R0 - [partmgr] - Gerenciador de Partições - C:\WINDOWS\system32\Drivers\partmgr.sys R0 - [pci] - PCI Bus Driver - C:\WINDOWS\system32\Drivers\pci.sys R0 - [pcw] - Performance Counters for Windows Driver - C:\WINDOWS\system32\Drivers\pcw.sys R0 - [pdc] - pdc - C:\WINDOWS\system32\Drivers\pdc.sys R0 - [rdyboost] - ReadyBoost - C:\WINDOWS\system32\Drivers\rdyboost.sys R0 - [spaceport] - Driver de Espaços de Armazenamento - C:\WINDOWS\system32\Drivers\spaceport.sys R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\WINDOWS\system32\Drivers\Tcpip.sys R0 - [vdrvroot] - Enumerador de Unidade Virtual Microsoft - C:\WINDOWS\system32\Drivers\vdrvroot.sys R0 - [volmgr] - Driver de Gerenciador de Volumes - C:\WINDOWS\system32\Drivers\volmgr.sys R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\WINDOWS\system32\Drivers\volmgrx.sys R0 - [volsnap] - Volumes de armazenamento - C:\WINDOWS\system32\Drivers\volsnap.sys R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\WINDOWS\system32\Drivers\Wdf01000.sys R0 - [WFPLWFS] - Plataforma para Filtros do Microsoft Windows - C:\WINDOWS\system32\Drivers\WFPLWFS.sys R0 - [WindowsTrustedRT] - Windows Trusted Execution Environment Class Extension - C:\WINDOWS\system32\Drivers\WindowsTrustedRT.sys R0 - [WindowsTrustedRTProxy] - Serviço de Proteção de Tempo de Execução Confiável do Microsoft Windows - C:\WINDOWS\system32\Drivers\WindowsTrustedRTProxy.sys R1 - [AFD] - Ancillary Function Driver for Winsock - C:\WINDOWS\system32\Drivers\AFD.sys R1 - [beep] - Beep - C:\WINDOWS\system32\Drivers\Beep.sys R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\WINDOWS\system32\Drivers\tdx.sys R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\WINDOWS\system32\Drivers\tcpipreg.sys S0 - [EhStorClass] - Enhanced Storage Filter Driver - C:\WINDOWS\system32\Drivers\EhStorClass.sys S0 - [hwpolicy] - Hardware Policy Driver - C:\WINDOWS\system32\Drivers\hwpolicy.sys S3 - [Tcpip6] - @todo.dll,-100;Microsoft IPv6 Protocol Driver - C:\WINDOWS\system32\Drivers\Tcpip6.sys [x] ==== Startup Registry Enabled ====================== [HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run] "OneDriveSetup"="C:\Windows\System32\OneDriveSetup.exe /thfirstsetup" [HKEY_USERS\S-1-5-21-824874608-1179982059-950576204-1000\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\OSNI\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Samsung Drive Manager"="C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe -Hide" "Dropbox Update"="C:\Users\OSNI\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "OneDrive"="C:\Users\OSNI\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_USERS\S-1-5-21-824874608-1179982059-950576204-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\OSNI\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Samsung Drive Manager"="C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe -Hide" "Dropbox Update"="C:\Users\OSNI\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "OneDrive"="C:\Users\OSNI\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "avgnt"="C:\Program Files\Avira\AntiVir Desktop\avgnt.exe /min" "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" "Samsung Link"="C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe" "WrtMon.exe"="C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe" "AdobeAAMUpdater-1.0"="C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" "Adobe ARM"="C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe" "Aimersoft Helper Compact.exe"="C:\Program Files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe" "Avira SystrayStartTrigger"="C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe" "SwitchBoard"="C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" "AdobeCS6ServiceManager"="C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe -launchedbylogin" "SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "Google Update"="C:\Users\OSNI\AppData\Local\Google\Update\GoogleUpdate.exe /c" "Samsung Drive Manager"="C:\Program Files\Clarus\Samsung Drive Manager\Drive Manager.exe -Hide" "Dropbox Update"="C:\Users\OSNI\AppData\Local\Dropbox\Update\DropboxUpdate.exe /c" "OneDrive"="C:\Users\OSNI\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background" ==== Task Scheduler Jobs ====================== C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-824874608-1179982059-950576204-1000Core.job --a-------- C:\Users\OSNI\AppData\Local\Dropbox\Update\DropboxUpdate.exe [19/06/2015 16:25] C:\WINDOWS\tasks\DropboxUpdateTaskUserS-1-5-21-824874608-1179982059-950576204-1000UA.job --a-------- C:\Users\OSNI\AppData\Local\Dropbox\Update\DropboxUpdate.exe [19/06/2015 16:25] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-824874608-1179982059-950576204-1000Core.job --a-------- [undetermined Task] C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-824874608-1179982059-950576204-1000UA.job --a-------- [undetermined Task] ==== Other Scheduled Tasks ====================== "C:\WINDOWS\system32\tasks\AdobeAAMUpdater-1.0-OSNI-PC-OSNI" [C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe] "C:\WINDOWS\system32\tasks\AutoPico Daily Restart" ["C:\Program Files\KMSpico\AutoPico.exe"] "C:\WINDOWS\system32\tasks\DropboxUpdateTaskUserS-1-5-21-824874608-1179982059-950576204-1000Core" [C:\Users\OSNI\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\system32\tasks\DropboxUpdateTaskUserS-1-5-21-824874608-1179982059-950576204-1000UA" [C:\Users\OSNI\AppData\Local\Dropbox\Update\DropboxUpdate.exe] "C:\WINDOWS\system32\tasks\GoogleUpdateTaskUserS-1-5-21-824874608-1179982059-950576204-1000Core" [C:\Users\OSNI\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\system32\tasks\GoogleUpdateTaskUserS-1-5-21-824874608-1179982059-950576204-1000UA" [C:\Users\OSNI\AppData\Local\Google\Update\GoogleUpdate.exe] "C:\WINDOWS\system32\tasks\User_Feed_Synchronization-{6CB7BBF5-08D4-40C6-894B-26F3ACDBF6DD}" [C:\Windows\system32\msfeedssync.exe] ==== Firefox Extensions Registry ====================== [HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions] "web2pdfextension@web2pdf.adobedotcom"="C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [15/04/2015 22:04] ==== Firefox Extensions ====================== ProfilePath: C:\Users\OSNI\AppData\Roaming\Mozilla\Firefox\Profiles\mLoC7IxE.default - Segurana do navegador Avira - %ProfilePath%\extensions\abs@avira.com ==== Firefox Plugins ====================== ==== Chromium Look ====================== HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[03/12/2014 04:31] flliilndjeohchalpbbcdekjklbdgfkk - No path found[] Google Slides - OSNI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek Google Docs - OSNI\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake Google Drive - OSNI\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf YouTube - OSNI\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo Google Search - OSNI\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf Google Sheets - OSNI\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap Avira Browser Safety - OSNI\AppData\Local\Google\Chrome\User Data\Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk Google Docs Offline - OSNI\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi Chrome Web Store Payments - OSNI\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda Gmail - OSNI\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia ==== IE Start and Search Settings ====================== [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02&pc=UE04 ==== HijackThis Entries ====================== R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll O2 - BHO: Adobe Acrobat Create PDF Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRAM FILES\GBPLUGIN\gbiehuni.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll ==== EOF on 13/01/2016 at 22:21:53,22 ====================== aguardo instruções.
  12. Oi achei, estou pensando aqui, acho que ontem deletei ele junto com a listagem, mas hoje gerei novamente, depois de passar o mbam, segue o log Malwarebytes Anti-Malware www.malwarebytes.org Data da verificação: 12/01/2016 Hora da verificação: 21:12 Arquivo de registro: log_mbam_12012016.txt Administrador: Sim Versão: 2.2.0.1024 Banco de dados de malware: v2016.01.12.07 Banco de dados de rootkit: v2016.01.09.01 Licença: Versão de avaliação Proteção contra malware: Habilitado Proteção contra website malicioso: Habilitado Autoproteção: Desabilitado Sistema operacional: Windows 10 CPU: x86 Sistema de arquivos: NTFS Usuário: OSNI Tipo de verificação: Verificação da ameaça Resultado: Concluído Objetos verificados: 349148 Tempo decorrido: 39 min, 3 seg Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Desabilitado Heurística: Habilitado PUP: Habilitado PUM: Habilitado Processos: 0 (Nenhum item malicioso detectado) Módulos: 0 (Nenhum item malicioso detectado) Chaves de registro: 0 (Nenhum item malicioso detectado) Valores de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Pastas: 0 (Nenhum item malicioso detectado) Arquivos: 0 (Nenhum item malicioso detectado) Setores físicos: 0 (Nenhum item malicioso detectado) (end) aguardo novas instruções, obrigado. Osni
  13. Boa Noite, 1) o MBM não fez log, não achei, procurei no local indicado nas configurações e não tinha nenhum arquivo, o programa rodou demorou uns 45 minutos, mandei remover tudo, mas nao tinha a opção de exportar o log, 2) - segue adwcleaner # AdwCleaner v5.029 - Relatório criado 11/01/2016 às 23:19:31 # Atualizado 11/01/2016 por Xplode # Banco de dados : 2016-01-11.4 [servidor] # Sistema operacional : Windows 10 Pro (x86) # Usuário : OSNI - OSNI-PC # Executando de : C:\Users\OSNI\Downloads\AdwCleaner.exe # Opção : Limpar # Apoio : http://toolslib.net/forum ***** [ Serviços ] ***** ***** [ Pastas ] ***** [-] Pasta Excluído : C:\Program Files\kmspico [-] Pasta Excluído : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\kmspico ***** [ Arquivos ] ***** ***** [ DLLs ] ***** ***** [ Atalhos ] ***** ***** [ Tarefas agendadas ] ***** ***** [ Registro ] ***** [-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{1663C10B-0D55-438D-8496-19A3DBAEC0E4} [-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{A43DE495-3D00-47D4-9D2C-303115707939} [-] Chave Excluída : HKCU\Software\Conduit [-] Chave Excluída : HKLM\SOFTWARE\Clara [-] Chave Excluída : HKLM\SOFTWARE\DesktopSearch [-] Chave Excluída : HKU\S-1-5-21-824874608-1179982059-950576204-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Conduit [-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com [-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\chatango.com [-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\st.chatango.com [-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\videodownloadconverter.dl.tb.ask.com [-] Chave Excluída : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\mysearchengine.info [-] Chave Excluída : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\search.mysearchengine.info [-] Chave Excluída : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\softonic.com.br [-] Chave Excluída : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\subtitle-workshop.softonic.com.br [-] Chave Excluída : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\mysearchengine.info [-] Chave Excluída : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\search.mysearchengine.info [-] Chave Excluída : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\softonic.com.br [-] Chave Excluída : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\subtitle-workshop.softonic.com.br ***** [ Navegadores ] ***** ************************* :: Chaves "Tracing" excluídas :: Configurações Winsock restauradas ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3522 bytes] ########## 3) - agora o JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.2 (01.06.2016) Operating System: Windows 10 Pro x86 Ran by OSNI (Administrator) on 11/01/2016 at 23:31:36,82 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 2 Successfully deleted: C:\Users\OSNI\Documents\my pagemanager (Folder) Successfully deleted: C:\WINDOWS\System32\newsoft (File) Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 11/01/2016 at 23:33:41,93 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ espero que a analise nao fique comprometida, se puder me explicar outra forma de localizar o log do mbam, eu posso procurar att agradeço Osni;
  14. C:\Program Files\KMSpico\AutoPico.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application cleaned by deleting C:\Program Files\KMSpico\KMSELDI.exe a variant of MSIL/HackTool.IdleKMS.E potentially unsafe application cleaned by deleting C:\Program Files\KMSpico\Service_KMS.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application cleaned by deleting (after the next restart) C:\Program Files\uTorrent\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application cleaned by deleting C:\Users\OSNI\AppData\Roaming\uTorrent\updates\3.4.2_38913.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting C:\Users\OSNI\Desktop\kmspico10\KMSpicoPortable.rar a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application deleted C:\Users\OSNI\Desktop\kmspico10\Install\KMSpico_setup.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application deleted C:\Users\OSNI\Downloads\Setup_WinThruster_2015.exe a variant of Win32/Systweak potentially unwanted application deleted C:\Windows\SECOH-QAD.dll Win32/HackKMS.AB potentially unsafe application cleaned by deleting C:\Windows\SECOH-QAD.exe Win32/HackKMS.AB potentially unsafe application cleaned by deleting D:\$RECYCLE.BIN\S-1-5-21-824874608-1179982059-950576204-1000\$RCQI602.exe a variant of Win32/Keygen.BH potentially unsafe application cleaned by deleting D:\Downloadas\Nero 2015 Platinum 16.0.02900 Final (Patch) [ChingLiu]\Patch\nero.15.platinum.build.16.0.02900-patch.exe a variant of Win32/HackTool.Patcher.AD potentially unsafe application cleaned by deleting D:\Downloadas\Popcorn-Time 3.7 Win\Popcorn-Time-0.3.7.1-Setup.exe multiple threats cleaned by deleting I:\Backup HD\Softwares\17313_isobuster_28.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted I:\Downloads\ccsetup323.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted I:\Downloads\ccsetup404.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application deleted I:\Downloads\hwmonitor_1.19-setup.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\rcsetup146.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application deleted I:\Downloads\The Wolf of Wall Street (2013) DVDRip HD 1080p x264.rar NSIS/TrojanDownloader.Adload.M trojan deleted I:\Downloads\uTorrent.exe a variant of Win32/Bunndle potentially unsafe application cleaned by deleting I:\Downloads\Legendas\vioplayerv.exe a variant of Win32/InstallIQ.A potentially unwanted application cleaned by deleting I:\Downloads\N Dell\R153997\DriverUpdaterSetup-1.2.3.2277.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R153997\R153997.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R154200\DriverUpdaterSetup-1.2.3.2277.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R154200\R154200.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R165731\DriverUpdaterSetup-1.2.3.2277.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R165731\R165731.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R165801\DriverUpdaterSetup-1.2.3.2277.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R165801\R165801.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R165804\DriverUpdaterSetup-1.2.3.2277.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R165804\R165804.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R167368\DriverUpdaterSetup-1.2.3.2277.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R167368\R167368.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R170381\DriverUpdaterSetup-1.2.3.2277.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R170381\R170381.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R171789\DriverUpdaterSetup-1.2.3.2277.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R171789\R171789.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R181739\DriverUpdaterSetup-1.2.3.2277.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R181739\R181739.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R202964\DriverUpdaterSetup-1.2.3.2277.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\N Dell\R202964\R202964.zip a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application deleted I:\Downloads\W2001i- sony\app2519.jar J2ME/SMSReg.AY potentially unsafe application deleted I:\Downloads\W2001i- sony\app28121.jar J2ME/SMSReg.AY potentially unsafe application deleted I:\Downloads\W2001i- sony\app28313.jar J2ME/SMSReg.AY potentially unsafe application deleted I:\Downloads\W2001i- sony\app3115.jar a variant of J2ME/SMSReg.AY potentially unsafe application deleted I:\Downloads\W2001i- sony\app8580.jar J2ME/SMSReg.AY potentially unsafe application deleted I:\Downloads\Windows7Ultimate\Windows7Ultimate.iso MSIL/HackTool.Wpakill.A potentially unsafe application deleted I:\G91 Strike\Jogos\app28121.jar J2ME/SMSReg.AY potentially unsafe application deleted I:\G91 Strike\Programas\app28121.jar J2ME/SMSReg.AY potentially unsafe application deleted I:\G91 Strike\Programas\app28313.jar J2ME/SMSReg.AY potentially unsafe application deleted I:\G91 Strike\Programas\app8580.jar J2ME/SMSReg.AY potentially unsafe application deleted
  15. Boa Noite, Eu estou com problemas com o windows 10 e site de banco, tenho o avira instalado na maquina mas mesmo assim quando acesso o site do banco itau, vem uma pagina falsa, coloco senha errada, numeros errados e ele nao rejeita, agora começou a dizer que a conexão esta instavel e naão abre mais, Estou preocupado porque o avira nao detectou e o antivirus do windows nao consigo ativar, ja passei "Malwarebytes e não resolveu também, gostaria de ajuda para remover, sem necessidade de precisar formatar a maquina para tirar esse possível virus. obrigado Osni. PS.; estou postando novamente com os relatorios solicitados. pelo Sam Spade. FSS.txt MbrScan.log ZA-Scan.txt