Ir para conteúdo

Colpani

Participante
  • Postagens

    59
  • Desde

  • Última visita

Sobre Colpani

Perfil

  • Escolaridade
    Superior completo
  • Área Profissional
    Educação
  • Nível Profissional
    Profissional curso superior
  • Estado
    Minas Gerais
  • Sexo
    masculino
  1. Dois botões na capa do facebook

    Salve, vejo que algumas páginas do facebook apresentam dois botões de contato no canto inferior esquerdo como: "ligar agora" e "enviar mensagem". O facebook só permite adicionar um botão. Gostaria de saber como faço para adicionar mais um. Obrigado.
  2. Análise de log - malware do-search

    Show de bola Mr. Million. Problema resolvido!!! Muito obrigado pela ajuda.
  3. Análise de log - malware do-search

    Zoek.exe v5.0.0.1 Updated 06-October-2015 Tool run by Colpani on 08/10/2015 at 11:09:21,43. Microsoft Windows 10 Pro 10.0.10240 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Colpani\Desktop\zoek.exe [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-10-06-114508.log 16056 bytes ==== System Restore Info ====================== 08/10/2015 11:10:04 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright © 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ==== Empty Folders Check ====================== C:\PROGRA~3\Comms deleted successfully C:\PROGRA~3\SoftwareDistribution deleted successfully C:\Users\Administrator\AppData\LocalLow deleted successfully C:\Users\Colpani\AppData\Local\PeerDistRepub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Deleting Files \ Folders ====================== C:\HijackThis.exe deleted C:\PROGRA~3\Package Cache deleted C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted "C:\Users\Colpani\AppData\Local\{8C2E3B46-F726-4EFF-AEA5-56E638DB0589}" deleted "C:\WINDOWS\Syswow64\Windows.Devices.Midi.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Devices.WiFi.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Gaming.Input.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Media.FaceAnalysis.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Media.Import.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Media.MediaControl.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Media.Speech.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Media.Speech.UXRes.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Media.Streaming.ps.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Networking.Connectivity.dll" not deleted "C:\WINDOWS\Syswow64\Windows.UI.Immersive.dll" not deleted "C:\WINDOWS\Syswow64\Windows.UI.Input.Inking.dll" not deleted "C:\WINDOWS\Syswow64\Windows.UI.Xaml.Maps.dll" not deleted ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Administrator\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== BIODIGITAL HUMAN - Colpani\AppData\Local\Google\Chrome\User Data\Default\Extensions\agoenciogemlojlhccbcpcfflicgnaak Baixou - Colpani\AppData\Local\Google\Chrome\User Data\Default\Extensions\cenkmdjemdbbdhljabmhnlelcaapnkke Readium - Colpani\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl AdBlock - Colpani\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom Chrome Hotword Shared Module - Colpani\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg New Tab Page - Colpani\AppData\Local\Google\Chrome\User Data\Default\Extensions\llaficoajjainaijghjlofdfmbjpebpa Google Dictionary (by Google) - Colpani\AppData\Local\Google\Chrome\User Data\Default\Extensions\mgijmajocgfcbeboacabfgobmjgjcoja ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}] not found New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes {012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}" {0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02" ==== Reset Google Chrome ====================== C:\Users\Colpani\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Colpani\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Colpani\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Colpani\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe C:\Users\Public\Desktop\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe C:\Users\Public\Desktop\WD Drive Utilities.lnk - C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilities.exe C:\Users\Public\Desktop\WD Security.lnk - C:\Program Files (x86)\Western Digital\WD Security\WDSecurity.exe ==== shortcuts in Users Start Menu ====================== C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk - C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk - C:\Users\Colpani\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recursos Opcionais.lnk - C:\Windows\System32\fodhelper.exe C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk - C:\WINDOWS\system32\magnify.exe C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk - C:\WINDOWS\system32\narrator.exe C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk - C:\WINDOWS\system32\osk.exe C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk - C:\WINDOWS\system32\notepad.exe C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Aplicativos do Google Chrome\Readium.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk - C:\WINDOWS\system32\cmd.exe C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk - C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk - C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk - C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk - C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk - C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk - C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk - C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\PowerShell_ISE.exe C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\PowerShell_ISE.exe C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm C:\Users\Colpani\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk - C:\WINDOWS\syswow64\WindowsPowerShell\v1.0\powershell.exe C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk - C:\WINDOWS\system32\WindowsPowerShell\v1.0\powershell.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Lightroom.lnk - C:\Program Files (x86)\Adobe\Adobe Lightroom\lightroom.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk - C:\WINDOWS\system32\GfxUIEx.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk - C:\WINDOWS\Speech\Common\sapisvr.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk - C:\WINDOWS\system32\mspaint.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk - C:\WINDOWS\system32\mstsc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk - C:\WINDOWS\system32\psr.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk - C:\WINDOWS\system32\xpsrchvw.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk - C:\WINDOWS\system32\charmap.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk - C:\WINDOWS\system32\comexp.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk - C:\WINDOWS\system32\compmgmt.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk - C:\WINDOWS\system32\dfrgui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk - C:\WINDOWS\system32\cleanmgr.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk - C:\WINDOWS\system32\eventvwr.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk - C:\WINDOWS\system32\iscsicpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk - C:\WINDOWS\syswow64\odbcad32.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk - C:\WINDOWS\system32\odbcad32.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk - C:\WINDOWS\system32\perfmon.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk - C:\WINDOWS\system32\perfmon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk - C:\WINDOWS\system32\services.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk - C:\WINDOWS\system32\msinfo32.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk - C:\WINDOWS\system32\taskschd.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk - C:\WINDOWS\system32\WF.msc C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Creative Software AutoUpdate.lnk - C:\Program Files (x86)\Creative\Shared Files\Software Update\AutoUpdate.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2.lnk - C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Program Files (x86)\Dropbox\Client\Dropbox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Scan\Definições EPSON Scan.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON\EPSON Scan\EPSON Scan.lnk - C:\Windows\twain_32\escndv\escndv.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET Smart Security.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\egui.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET\ESET Smart Security\ESET SysInspector.lnk - C:\Program Files (x86)\ESET\ESET Smart Security\SysInspector.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Excel 2013.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\xlicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\PowerPoint 2013.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\pptico.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\SkyDrive Pro 2013.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\grv_icons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\wordicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Database Compare 2013.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\dbcicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Language Preferences.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\misc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Office 2013 Upload Center.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\msouc.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Spreadsheet Compare 2013.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\sscicons.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Dashboard for Office 2013.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\osmadminicon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Office 2013 Tools\Telemetry Log for Office 2013.lnk - C:\WINDOWS\Installer\{91150000-0011-0000-1000-0000000FF1CE}\osmclienticon.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation\GeForce Experience.lnk - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA GeForce Experience\LaunchGFExperience.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\License (English).lnk - C:\Program Files (x86)\Oracle\VirtualBox\License_en_US.rtf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\Oracle VM VirtualBox.lnk - C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\User manual (CHM, English).lnk - C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox\User manual (PDF, English).lnk - C:\Program Files (x86)\Oracle\VirtualBox\doc\UserManual.pdf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Hotkey.lnk - C:\Program Files (x86)\Hotkey\HkeyTray.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk - C:\WINDOWS\system32\control.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk - C:\WINDOWS\system32\taskmgr.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital\WD Apps\WD Drive Unlocker.lnk - C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital\WD Apps\WD Drive Utilities.lnk - C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilities.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital\WD Apps\WD Security.lnk - C:\Program Files (x86)\Western Digital\WD Security\WDSecurity.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital\WD SmartWare\WD Quick View.lnk - C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital\WD SmartWare\WD SmartWare.lnk - C:\Program Files (x86)\Western Digital\WD SmartWare\WDSmartWare.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Console RAR manual.lnk - C:\Program Files (x86)\WinRAR\Rar.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\What is new in the latest version.lnk - C:\Program Files (x86)\WinRAR\WhatsNew.txt C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR help.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe ==== shortcuts in Quick Launch ====================== C:\Users\Colpani\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Colpani\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Colpani\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Oracle VM VirtualBox.lnk - C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe C:\Users\Colpani\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Colpani\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Colpani\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Colpani\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Colpani\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Oracle VM VirtualBox.lnk - C:\Program Files (x86)\Oracle\VirtualBox\VirtualBox.exe C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Colpani\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Colpani\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Administrator\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Colpani\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Colpani\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Colpani\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=33 folders=19 56689061 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Colpani\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== Deleting Files / Folders ====================== "C:\WINDOWS\Syswow64\Windows.Devices.Midi.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Devices.WiFi.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Gaming.Input.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Media.FaceAnalysis.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Media.Import.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Media.MediaControl.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Media.Speech.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Media.Speech.UXRes.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Media.Streaming.ps.dll" not deleted "C:\WINDOWS\Syswow64\Windows.Networking.Connectivity.dll" not deleted "C:\WINDOWS\Syswow64\Windows.UI.Immersive.dll" not deleted "C:\WINDOWS\Syswow64\Windows.UI.Input.Inking.dll" not deleted "C:\WINDOWS\Syswow64\Windows.UI.Xaml.Maps.dll" not deleted ==== EOF on 08/10/2015 at 11:19:27,81 ====================== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 11:24:14, on 08/10/2015 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.10240.16412) Boot mode: Normal Running processes: C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Users\Colpani\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\Hotkey\HkeyTray.exe C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe C:\Program Files (x86)\Dropbox\Client\Dropbox.exe C:\Program Files (x86)\Hotkey\ComboKeyTray.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O4 - HKLM\..\Run: [DriveUtilitiesHelper] C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe O4 - HKLM\..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe O4 - HKLM\..\Run: [sound Blaster Cinema 2] "C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe" /r O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup O4 - HKCU\..\Run: [OneDrive] "C:\Users\Colpani\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\RunOnce: [uninstall C:\Users\Colpani\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Colpani\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - Global Startup: Hotkey.lnk = C:\Program Files (x86)\Hotkey\HkeyTray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: Serviço Atualização do Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe O23 - Service: Serviço Atualização do Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing) O23 - Service: PowerBiosServer - CLEVO CO. - C:\Program Files (x86)\Hotkey\HotkeyService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @oem19.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\WINDOWS\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9905 bytes
  4. Análise de log - malware do-search

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 7.6.4 (09.28.2015:1) OS: Windows 10 Pro x64 Ran by Colpani on 08/10/2015 at 10:38:21,76 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~ Chrome [C:\Users\Colpani\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Colpani\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Colpani\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Colpani\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted: [] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08/10/2015 at 10:39:59,09 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v5.012 - Relatório criado 08/10/2015 às 10:35:36 # Atualizado 08/10/2015 por Xplode # Banco de dados : 2015-10-07.1 [servidor] # Sistema operacional : Windows 10 Pro (x64) # Usuário : Colpani - NOTE_COLPANI # Executando de : C:\Users\Colpani\Desktop\adwcleaner_5.012.exe # Opção : Limpar # Apoio : http://toolslib.net/forum ***** [ Serviços ] ***** ***** [ Pastas ] ***** ***** [ Arquivos ] ***** ***** [ DLLs ] ***** ***** [ Atalhos ] ***** ***** [ Tarefas agendadas ] ***** ***** [ Registro ] ***** ***** [ Navegadores ] ***** [-] [C:\Users\Colpani\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Excluído : hxxp://do-search.com/?type=hp&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184 ************************* :: Configurações Winsock restauradas ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [917 bytes] ########## Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:40:46, on 08/10/2015 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.10240.16412) Boot mode: Normal Running processes: C:\WINDOWS\SysWOW64\notepad.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O4 - HKLM\..\Run: [DriveUtilitiesHelper] C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe O4 - HKLM\..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe O4 - HKLM\..\Run: [sound Blaster Cinema 2] "C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe" /r O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup O4 - HKCU\..\Run: [OneDrive] "C:\Users\Colpani\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\RunOnce: [uninstall C:\Users\Colpani\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Colpani\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - Global Startup: Hotkey.lnk = C:\Program Files (x86)\Hotkey\HkeyTray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: Serviço Atualização do Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe O23 - Service: Serviço Atualização do Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing) O23 - Service: PowerBiosServer - CLEVO CO. - C:\Program Files (x86)\Hotkey\HotkeyService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @oem19.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\WINDOWS\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 9531 bytes
  5. Análise de log - malware do-search

    Olá Mr. Million, abaixo seguem os logs: Malwarebytes Anti-Malware www.malwarebytes.org Data da verificação: 08/10/2015Hora da verificação: 09:07Arquivo de registro: mbam.txtAdministrador: Sim Versão: 2.1.8.1057Banco de dados de malware: v2015.10.08.03Banco de dados de rootkit: v2015.10.06.01Licença: GratuitaProteção contra malware: DesabilitadoProteção contra website malicioso: DesabilitadoAutoproteção: Desabilitado Sistema operacional: Windows 10CPU: x64Sistema de arquivos: NTFSUsuário: Colpani Tipo de verificação: Verificação da ameaçaResultado: ConcluídoObjetos verificados: 405193Tempo decorrido: 4 min, 57 seg Memória: HabilitadoInicialização: HabilitadoSistema de arquivos: HabilitadoArquivos compactados: HabilitadoRootkits: HabilitadoHeurística: HabilitadoPUP: HabilitadoPUM: Habilitado Processos: 1PUP.Optional.Elex, C:\Program Files (x86)\RayDld\ihpmServer.exe, 2204, Excluir ao reiniciar, [2b5863f1c6c5cb6b920112d7d1301ce4] Módulos: 0(Nenhum item malicioso detectado) Chaves de registro: 14PUP.Optional.Elex, HKLM\SOFTWARE\CLASSES\TYPELIB\{8DD92279-9B04-4C6F-A862-EF3C24603804}, Quarentena, [2b5863f1c6c5cb6b920112d7d1301ce4], PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{8DD92279-9B04-4C6F-A862-EF3C24603804}, Quarentena, [2b5863f1c6c5cb6b920112d7d1301ce4], PUP.Optional.Elex, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{8DD92279-9B04-4C6F-A862-EF3C24603804}, Quarentena, [2b5863f1c6c5cb6b920112d7d1301ce4], PUP.Optional.Elex, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ihpmServer, Quarentena, [2b5863f1c6c5cb6b920112d7d1301ce4], PUP.Optional.WinManger, HKLM\SOFTWARE\CLASSES\APPID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}, Quarentena, [d3b0163ec3c8fa3cb0bd976825dd718f], PUP.Optional.WinManger, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}, Quarentena, [d3b0163ec3c8fa3cb0bd976825dd718f], PUP.Optional.WinManger, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{85198F55-85AC-498A-BFE4-BBC33840F4AB}, Quarentena, [d3b0163ec3c8fa3cb0bd976825dd718f], PUP.Optional.DoSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarentena, [91f26aeae0abff3750923e08a85be61a], PUP.Optional.DoSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\do-searchSoftware, Quarentena, [9ae9c094ccbf3501133218492cd76e92], PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\ihpmserver, Quarentena, [94efaca8117a51e53058eef971937f81], PUP.Optional.DoSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarentena, [a2e17dd74249f83efee4d571ef142dd3], PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\RAYDLD, Quarentena, [1c670e466724ea4c4c1ffd4632d143bd], PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-1536006046-2271653282-987619720-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, Quarentena, [a2e1fd57107b989e33b085c1f80b13ed], PUP.Optional.DoSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\do-search, Quarentena, [2c5787cd4348c274084b29ec3fc433cd], Valores de registro: 4PUP.Optional.DoSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://do-search.com/web/?type=ds&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184&q={searchTerms},Quarentena, [91f26aeae0abff3750923e08a85be61a] PUP.Optional.DoSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://do-search.com/web/?type=ds&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184&q={searchTerms},Quarentena, [a2e17dd74249f83efee4d571ef142dd3] PUP.Optional.Elex, HKLM\SOFTWARE\WOW6432NODE\RAYDLD|dir, C:\Program Files (x86)\RayDld, Quarentena, [1c670e466724ea4c4c1ffd4632d143bd]PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-1536006046-2271653282-987619720-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}|URL, http://do-search.com/web/?type=ds&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184&q={searchTerms},Quarentena, [a2e1fd57107b989e33b085c1f80b13ed] Dados de registro: 12PUP.Optional.DoSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|Default_Page_URL, http://do-search.com/?type=hp&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184, Bom: (www.google.com), Ruim: (http://do-search.com/?type=hp&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184),Substituído,[592ab69eddaea0965da18a0025e0df21] PUP.Optional.DoSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|Default_Search_URL, http://do-search.com/web/?type=ds&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184&q={searchTerms},Bom: (www.google.com), Ruim: (http://do-search.com/web/?type=ds&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184&q={searchTerms}),Substituído,[3c472f258506e2541ae423679273bc44] PUP.Optional.DoSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|Search Page, http://do-search.com/web/?type=ds&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184&q={searchTerms},Bom: (www.google.com), Ruim: (http://do-search.com/web/?type=ds&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184&q={searchTerms}),Substituído,[a5de3c1838531323c13db3d77590f30d] PUP.Optional.DoSearch.ShrtCln, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|Start Page, http://do-search.com/?type=hp&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184, Bom: (www.google.com), Ruim: (http://do-search.com/?type=hp&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184),Substituído,[4340f75d286342f421ddb6d47590fb05] PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bom: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Ruim: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Substituído,[4f341c386724ab8b23c3573346bf6e92]PUP.Optional.DoSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\MAIN|Default_Page_URL, http://do-search.com/?type=hp&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184, Bom: (www.google.com), Ruim: (http://do-search.com/?type=hp&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184),Substituído,[097a69eb2e5d280e6b939af07c89c739] PUP.Optional.DoSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\MAIN|Default_Search_URL, http://do-search.com/web/?type=ds&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184&q={searchTerms},Bom: (www.google.com), Ruim: (http://do-search.com/web/?type=ds&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184&q={searchTerms}),Substituído,[552edd771c6f8fa756a87d0d0302d42c] PUP.Optional.DoSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\MAIN|Search Page, http://do-search.com/web/?type=ds&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184&q={searchTerms},Bom: (www.google.com), Ruim: (http://do-search.com/web/?type=ds&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184&q={searchTerms}),Substituído,[463da4b0e5a66cca88762961e32204fc] PUP.Optional.DoSearch.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\MAIN|Start Page, http://do-search.com/?type=hp&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184, Bom: (www.google.com), Ruim: (http://do-search.com/?type=hp&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184),Substituído,[542f44101576092daa546e1c41c4946c] PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Bom: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Ruim: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),Substituído,[72117ed65c2f67cf7571553529dc13ed]PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-1536006046-2271653282-987619720-1001\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|Start Page, http://do-search.com/?type=hp&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184, Bom: (www.google.com), Ruim: (http://do-search.com/?type=hp&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184),Substituído,[2063d77da8e3b383a15a5b2f5ea719e7] PUP.Optional.DoSearch.ShrtCln, HKU\S-1-5-21-1536006046-2271653282-987619720-1001\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|Default_Page_URL, http://do-search.com/?type=hp&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184, Bom: (www.google.com), Ruim: (http://do-search.com/?type=hp&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184),Substituído,[dfa4381cd4b7f93dd82393f7c0451de3] Pastas: 3PUP.Optional.Elex, C:\Program Files (x86)\RayDld, Excluir ao reiniciar, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.DoSearch.ShrtCln, C:\Users\Colpani\AppData\Roaming\do-search, Quarentena, [2c5787cd4348c274084b29ec3fc433cd], Arquivos: 51PUP.Optional.Elex, C:\Program Files (x86)\RayDld\ihpmServer.exe, Excluir ao reiniciar, [2b5863f1c6c5cb6b920112d7d1301ce4], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\ihpmServer.ini, Quarentena, [bac9f65ed3b8e2549201b930b34e0bf5], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\uninstall.exe, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\Raydld.exe, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\main.xml, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\About.xml, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\about_banner.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\animate_history.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\animate_portal.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\animate_recent.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\big_button_down.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\bk_shadow.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\bottom_toolbar_bk.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\brower_back.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\brower_refresh.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\btn.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\btn_browser_dir.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\ck_box.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\ck_check.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\close.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\create.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\delete.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\drag_flag.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\exclamation.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\list_header_bk.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\logo_16.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\logo_small.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\Menu.xml, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\MenuItem.xml, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\menu_bk.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\menu_bk_seperator.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\MessageBox.xml, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\min.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\open_position.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\pause.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\progress_bk.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\progress_fore.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\scrollbar.bmp, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\Start.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\sysmenu.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\TaskListItem.xml, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\TaskListItemHistory.xml, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\TaskNew.xml, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\task_completed.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\task_failed.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\task_pause.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\toolbar_separator.png, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.Elex, C:\Program Files (x86)\RayDld\skin\WebPortal.xml, Quarentena, [0a7976ded5b6280ec5c233b49d67bb45], PUP.Optional.DoSearch.ShrtCln, C:\Users\Colpani\AppData\Roaming\do-search\inst1.dat, Quarentena, [2c5787cd4348c274084b29ec3fc433cd], PUP.Optional.DoSearch.ShrtCln, C:\Users\Colpani\AppData\Roaming\do-search\Uninstall.exe, Quarentena, [2c5787cd4348c274084b29ec3fc433cd], PUP.Optional.DoSearch.ShrtCln, C:\Users\Colpani\AppData\Roaming\do-search\unipc.dat, Quarentena, [2c5787cd4348c274084b29ec3fc433cd], Setores físicos: 0(Nenhum item malicioso detectado) (end) Logfile of Trend Micro HijackThis v2.0.4Scan saved at 09:22:13, on 08/10/2015Platform: Unknown Windows (WinNT 6.02.1008)MSIE: Internet Explorer v11.0 (11.00.10240.16412)Boot mode: Normal Running processes:C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exeC:\Users\Colpani\AppData\Local\Microsoft\OneDrive\OneDrive.exeC:\Program Files (x86)\Hotkey\HkeyTray.exeC:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exeC:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exeC:\Program Files (x86)\Dropbox\Client\Dropbox.exeC:\Program Files (x86)\Hotkey\ComboKeyTray.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.comR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.comR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.comR0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLLO2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLLO4 - HKLM\..\Run: [DriveUtilitiesHelper] C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exeO4 - HKLM\..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exeO4 - HKLM\..\Run: [sound Blaster Cinema 2] "C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe" /rO4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXEO4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exeO4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartupO4 - HKCU\..\Run: [OneDrive] "C:\Users\Colpani\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /backgroundO4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITORO4 - HKCU\..\RunOnce: [uninstall C:\Users\Colpani\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Colpani\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')O4 - Global Startup: Hotkey.lnk = C:\Program Files (x86)\Hotkey\HkeyTray.exeO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLLO18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dllO18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLLO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exeO23 - Service: Serviço Atualização do Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exeO23 - Service: Serviço Atualização do Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exeO23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exeO23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exeO23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exeO23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exeO23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing)O23 - Service: PowerBiosServer - CLEVO CO. - C:\Program Files (x86)\Hotkey\HotkeyService.exeO23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)O23 - Service: @oem19.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\WINDOWS\system32\viakaraokesrv.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exeO23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exeO23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 9997 bytes
  6. Análise de log - malware do-search

    Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:11:30, on 07/10/2015 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.10240.16412) Boot mode: Normal Running processes: C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe C:\Users\Colpani\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe C:\Program Files (x86)\Hotkey\HkeyTray.exe C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe C:\Program Files (x86)\Dropbox\Client\Dropbox.exe C:\Program Files (x86)\Hotkey\ComboKeyTray.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184&q={searchTerms} R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=1443727302&z=efba6466ef16809036535cbg3z5z8c4m6o8mecee1o&from=dae&uid=kingstonxsv300s37a240g_50026b7256067184 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O4 - HKLM\..\Run: [DriveUtilitiesHelper] C:\Program Files (x86)\Western Digital\WD Utilities\WDDriveUtilitiesHelper.exe O4 - HKLM\..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe O4 - HKLM\..\Run: [sound Blaster Cinema 2] "C:\Program Files (x86)\Creative\Sound Blaster Cinema 2\Sound Blaster Cinema 2\SBCinema2.exe" /r O4 - HKLM\..\Run: [updReg] C:\WINDOWS\UpdReg.EXE O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup O4 - HKCU\..\Run: [OneDrive] "C:\Users\Colpani\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\RunOnce: [uninstall C:\Users\Colpani\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Colpani\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64" O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE') O4 - Global Startup: Hotkey.lnk = C:\Program Files (x86)\Hotkey\HkeyTray.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000 O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing) O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe O23 - Service: Serviço Atualização do Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe O23 - Service: Serviço Atualização do Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing) O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe O23 - Service: Elan Service (ETDService) - ELAN Microelectronics Corp. - C:\Program Files\Elantech\ETDService.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing) O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing) O23 - Service: ihpmServer - Unknown owner - C:\Program Files (x86)\RayDld\ihpmServer.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\WINDOWS\system32\nvvsvc.exe (file missing) O23 - Service: PowerBiosServer - CLEVO CO. - C:\Program Files (x86)\Hotkey\HotkeyService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing) O23 - Service: @oem19.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\WINDOWS\system32\viakaraokesrv.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing) O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10677 bytes
  7. Análise de log - malware do-search

    Salve colegas, uso o google chrome e apareceu um tal de do-search.com ao iniciar o navegador. Esse mesmo aparece no painel de controle>desinstalar programas porém acredito que se tratando de malware não é tão simples eliminá-lo. Poderiam analisar o log e orientar como proceder? Obrigado.
  8. Notebook Powernote i5 ou i7?

    Bom dia, busco um notebook para trabalhar basicamente com edição de imagens (e alguns jogos também) e me deparei com as opções oferecidas pela Powernote (link aqui). A minha dúvida fica quanto a configuração de processador + memória ram (placa de vídeo é a mesma nas duas opções): - Intel Core i5 4210M + 8 Gb Ram: R$ 3.790,00 - Intel Core i7 4710MQ + 8 Gb Ram: R$ 4.090,00 porém posso colocar 16 Gb no i5: Intel Core i5 4210M + 16 Gb Ram: R$ 4.080,00 Gostaria de saber qual deles fica com custo/benefício melhor: o i5 com mais ram ou o i7 com menos memória? Ou existe alguma outra opção melhor no mercado? Obrigado.
  9. Quanto vale este meu PC?

    Obrigado Alexmq pela resposta. Acho que vou desmontar e anunciar as peças separadamente. Até mais.
  10. Quanto vale este meu PC?

    Desde que montei este PC não fui mais atrás de preços e, por isso, estou desatualizado. Peço ajuda aos colegas para ter uma ideia de quanto vale este computador: Processador: i7-920, 2800 Mhz placa-mãe: Asus Rampage II Extreme Ram: OCZ 6Gb DDR3-1066 Vídeo: XFX ATI Radeon HD4890 Fonte: ATX Corsair 850W Gabinete: Cooler Master CM690 Obs: não penso em vender o HD e nem o monitor. Obrigado pela força.
  11. Armazenagem de fotos em viagens

    Buenas! farei uma viagem no segundo semestre ao extremo oriente e tenho dúvidas sobre a armazenagem das fotos. Minha ideia era transferir as imagens para um HD externo (slim - pequeno e leve) através de um leitor de cartões que tivesse essa função. O mais próximo que encontrei disso foi o Digimate III (mas não o encontrei à venda). Outras opções foram: Digital Photo Bank PB007 - não encontrei à venda. My passport wireless - caro no Brasil e pesado para ser levado em uma viagem com apenas uma mochila. alguém conhece alguma alternativa para isso ou já vez esse tipo de viagem e pode relatar como armazenou as fotos? Obs: não pretendo levar inúmeros cartões de memória e nem notebook. Obrigado.
  12. Fechou Mourense, agora tá na medida, atualizando a data e no formato DD/MM/AAAA. Obrigado fera.
  13. Com essa alteração a data ficou no formato correto: DD/MM/AAAA. Só que ela atualiza assim que a planilha é aberta e não quando a célula (no caso, a R5) é alterada. Valeu pela força.
  14. Valeu pela ajuda Marcelokai! fiz o que você propôs mas também não resolveu. Continua aparecendo MM/DD/AAAA. Abs.
  15. Que estranho Mourense. Coloquei o macro em várias outras tabelas que uso aqui alterando somente as entradas "R5" e "R10" pois variam conforme a tabela, e o formato da data aparece primeiro o mês e depois o dia mesmo mudando em <formatar células>. Abs.
×