Ir para conteúdo
AVISO IMPORTANTE  MUDANÇA DE FOCO DO SITE E FÓRUM DO BABOO

BABOO e KTS 2018 no YouTube Loja online do BABOO

augustocezar

Participante
  • Postagens

    63
  • Desde

  • Última visita

Perfil

  • Estado
    São Paulo
  • Sexo
    masculino
  1. Solicitação de Análise de Logs

    Obrigado mais uma vez, Mr. Million!
  2. Solicitação de Análise de Logs

    Procedimento realizado. Segue abaixo os logs. ~ ZHPCleaner v2018.2.11.27 by Nicolas Coolman (2018/02/11) ~ Run by Augusto (Administrator) (11/02/2018 22:40:18) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version KO ~ Certificate ZHPCleaner: Legal ~ Type : Scan ~ Report : C:\Users\Augusto\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Augusto\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Professional, 32-bit Service Pack 1 (Build 7601) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (22) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (0) ~ No malicious or unnecessary items found. ---\\ Registry ( Key, Value, Data) (0) ~ No malicious or unnecessary items found. ---\\ Result of repair ~ Any repair made ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 64083 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 0/7 ~ Space saving (bytes) : 0 ~ End of search in 00h15mn22s ~==================== ZHPCleaner-[R]-15012018-20_14_00.txt ZHPCleaner--15012018-20_10_58.txt ZHPCleaner--11022018-22_55_40.txt Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:57:26, on 11/02/2018 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18894) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Diebold\Warsaw\core.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe C:\Program Files\AVG\antivírus\AVGUI.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Avira\Launcher\Avira.Systray.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\NOTEPAD.EXE C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__171223__yaie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.avira.net/#web/result?source=art&q= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.avira.net/#web/result?source=art&q= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [AVGUI.exe] "C:\Program Files\AVG\antivírus\AvLaunch.exe" /gui O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe" O4 - HKLM\..\Run: [Avira System Speedup User Starter] "C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\Windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\Windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVG antivírus - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\antivírus\AVGSvc.exe O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\antivírus\aswidsagent.exe O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Avira System Speedup (SpeedupService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe -- End of file - 6541 bytes
  3. Solicitação de Análise de Logs

    Olá, Mr Million! Já tinha desinstalado o programa Spyware Terminator 2015 Internet Guard há algum tempo. De qualquer forma, ao tentar abrir a opção para Desinstalar Programas do Painel de Controle, o programa não aparece na lista. Após isso, abri o Hijackthis, fui na linha que você citou e apertei no botão Fix Checked. Depois disso, reiniciei o PC e segui todos os passos determinados. O estranho é que agora o Malwarebytes iniciou normalmente. Segue os logs do Malwarebytes e do HijackThis: Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 11/02/18 Hora da análise: 21:34 Arquivo de registro: 1aa9300d-0f84-11e8-900c-001c25ae34cf.json Administrador: Sim -Informação do software- Versão: 3.3.1.2183 Versão de componentes: 1.0.262 Versão do pacote de definições: 1.0.3920 Licença: Premium -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x86 Sistema de arquivos: NTFS Usuário: Augusto-PC\Augusto -Resumo da análise- Tipo de análise: Análise de Ameaças Resultado: Concluído Objetos verificados: 262208 Ameaças detectadas: 0 (Nenhum item malicioso detectado) Ameaças em quarentena: 0 (Nenhum item malicioso detectado) Tempo decorrido: 11 min, 47 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:49:17, on 11/02/2018 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18894) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Diebold\Warsaw\core.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe C:\Program Files\AVG\antivírus\AVGUI.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Avira\Launcher\Avira.Systray.exe C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\Windows\system32\DllHost.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__171223__yaie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.avira.net/#web/result?source=art&q= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.avira.net/#web/result?source=art&q= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [AVGUI.exe] "C:\Program Files\AVG\antivírus\AvLaunch.exe" /gui O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe" O4 - HKLM\..\Run: [Avira System Speedup User Starter] "C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\Windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\Windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVG antivírus - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\antivírus\AVGSvc.exe O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\antivírus\aswidsagent.exe O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Avira System Speedup (SpeedupService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe -- End of file - 6394 bytes
  4. Solicitação de Análise de Logs

    Já fiz todos os procedimentos solicitados no Tópico Oficial. Boa noite! Já estive aqui há pouco tempo atrás e o problema foi resolvido. No entanto, de um dias para cá suspeito que meu PC tenha sido novamente infectado. Instalei o programa Malwarebytes e comprei uma licença de uso. De uns 3 dias para cá o computador parou de carregar o ícone do Malwarebytes. O gerenciador de tarefas sequer acusa a presença do programa no PC, no entanto ele está no computador sim. Depois de reiniciar várias vezes o programa aparece. Suspeito que tenha algum programa rootkit no meu PC. Segue abaixo o log do HijackThis para análise: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:01:35, on 11/02/2018 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18894) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe C:\Windows\system32\Dwm.exe C:\Program Files\AVG\antivírus\AVGUI.exe C:\Program Files\Diebold\Warsaw\core.exe C:\Program Files\Avira\Launcher\Avira.Systray.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\explorer.exe C:\Windows\system32\taskeng.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__171223__yaie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.avira.net/#web/result?source=art&q= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.avira.net/#web/result?source=art&q= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll O2 - BHO: Spyware Terminator 2015 Internet Guard - {82A76710-4F98-4957-92BE-99648A4E2475} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O4 - HKLM\..\Run: [AVGUI.exe] "C:\Program Files\AVG\antivírus\AvLaunch.exe" /gui O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe" O4 - HKLM\..\Run: [Avira System Speedup User Starter] "C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112018210003763\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?') O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112018210003763\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112018210003950\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?') O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112018210003950\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?') O4 - HKUS\S-1-5-21-3765219849-3279150773-2029606266-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112018210006914\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR (User '?') O4 - HKUS\S-1-5-21-3765219849-3279150773-2029606266-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112018210007289\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR (User '?') O4 - S-1-5-21-3765219849-3279150773-2029606266-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112018210004169 Startup: zSpeedup.lnk = C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (User '?') O4 - S-1-5-21-3765219849-3279150773-2029606266-1002-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112018210006914 Startup: zSpeedup.lnk = C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (User '?') O4 - S-1-5-21-3765219849-3279150773-2029606266-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112018210007289 Startup: zSpeedup.lnk = C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (User '?') O4 - S-1-5-21-3765219849-3279150773-2029606266-501-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-02112018210007663 Startup: zSpeedup.lnk = C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe (User '?') O4 - Startup: zSpeedup.lnk = C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\Windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\Windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVG antivírus - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\antivírus\AVGSvc.exe O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\antivírus\aswidsagent.exe O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Avira System Speedup (SpeedupService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe -- End of file - 8422 bytes
  5. Solicitação de Análise de Logs

    Muito obrigado, Mr Million. O PC está bem melhor. Desejo uma ótima noite!
  6. Solicitação de Análise de Logs

    Segue os logs # AdwCleaner 7.0.6.0 - Logfile created on Mon Jan 15 23:22:14 2018 # Updated on 2017/21/12 by Malwarebytes # Running on Windows 7 Professional (X86) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: YSearchUtilSvc ***** [ Folders ] ***** Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil Deleted: C:\Users\Augusto\AppData\Local\YSearchUtil Deleted: C:\Program Files\Yahoo!\yset Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion ***** [ Files ] ***** Deleted: C:\Windows\System32\drivers\sp_rsdrv2.sys Deleted: C:\Users\Augusto\AppData\Roaming\Mozilla\Firefox\Profiles\pmgh7i6d.default-1444172923001\searchplugins\yahoo-lavasoft.xml ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Value] - HKLM\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\POLICIES\EXPLORER|ENABLESHELLEXECUTEHOOKS Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion Deleted: [Key] - HKU\S-1-5-21-3765219849-3279150773-2029606266-1000\Software\Lavasoft\Web Companion Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion Deleted: [Key] - HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\services Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** No malicious Chromium entries deleted. ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[C2].txt - [2437 B] - [2015/8/24 1:18:47] C:/AdwCleaner/AdwCleaner[S0].txt - [898 B] - [2014/4/6 5:16:20] C:/AdwCleaner/AdwCleaner[S2].txt - [6908 B] - [2015/8/24 0:45:1] C:/AdwCleaner/AdwCleaner[S3].txt - [7022 B] - [2015/8/24 0:53:34] C:/AdwCleaner/AdwCleaner[S4].txt - [2400 B] - [2015/8/24 1:16:28] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ########## Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:31:12, on 15/01/2018 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18894) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe C:\Program Files\AVG\Framework\Common\avguix.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\AVG\antivírus\AVGUI.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files\Avira\Launcher\Avira.Systray.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Augusto\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__171223__yaie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.avira.net/#web/result?source=art&q= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.avira.net/#web/result?source=art&q= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll O2 - BHO: Spyware Terminator 2015 Internet Guard - {82A76710-4F98-4957-92BE-99648A4E2475} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll O4 - HKLM\..\Run: [AvgUi] "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw O4 - HKLM\..\Run: [AVGUI.exe] "C:\Program Files\AVG\antivírus\AvLaunch.exe" /gui O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe" O4 - HKLM\..\Run: [Avira System Speedup User Starter] "C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - Startup: zSpeedup.lnk = C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.Core.Common.Starter.exe O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\Windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\Windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVG antivírus - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\antivírus\AVGSvc.exe O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\antivírus\aswidsagent.exe O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Framework\Common\avgsvcx.exe O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Avira System Speedup (SpeedupService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe -- End of file - 7288 bytes
  7. Solicitação de Análise de Logs

    Olá, Mr Million. No sábado uma chuva forte derrubou a conexão de internet do prédio onde moro. A internet só voltou hoje. Segue o log conforme solicitado. ~ ZHPCleaner v2018.1.15.10 by Nicolas Coolman (2018/01/15) ~ Run by Augusto (Administrator) (15/01/2018 20:13:28) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version KO ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : C:\Users\Augusto\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Augusto\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Professional, 32-bit Service Pack 1 (Build 7601) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (22) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (2) MOVED file: C:\Users\Augusto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk [Bad : C:\Program Files\Webteh\BSPlayer\bsplayer.exe](.AB Team.) =>.SUP.ABTeam MOVED folder: C:\Program Files\Webteh =>.SUP.ABTeam ---\\ Registry ( Key, Value, Data) (3) DELETED key*: HKEY_USERS\S-1-5-21-3765219849-3279150773-2029606266-1000\SOFTWARE\Conduit [] =>.SUP.Conduit DELETED key: HKCU\Software\Conduit [] =>.SUP.Conduit DELETED key*: HKLM\SOFTWARE\Webteh [] =>.SUP.ABTeam ---\\ Summary of the elements found (2) https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.ABTeam https://nicolascoolman.eu/2017/02/06/superfluous-conduit/ =>.SUP.Conduit ---\\ Other deletions. (10) ~ Registry Keys Tracing deleted (10) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 3027 ~ Items found : 0 ~ Items cancelled : 0 ~ Items repaired : 5 ~ Items options : 0/0 ~ End of clean in 00h00mn32s ~==================== ZHPCleaner-[R]-15012018-20_14_00.txt ZHPCleaner--15012018-20_10_58.txt
  8. Solicitação de Análise de Logs

    Segue logs conforme solicitado Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 13/01/18 Hora da análise: 16:08 Arquivo de registro: c1a0499a-f88c-11e7-8f6b-001c25ae34cf.json Administrador: Sim -Informação do software- Versão: 3.3.1.2183 Versão de componentes: 1.0.262 Versão do pacote de definições: 1.0.3688 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x86 Sistema de arquivos: NTFS Usuário: Augusto-PC\Augusto -Resumo da análise- Tipo de análise: Análise de Ameaças Resultado: Concluído Objetos verificados: 261931 Ameaças detectadas: 4 Ameaças em quarentena: 4 Tempo decorrido: 11 min, 57 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 4 PUP.Optional.WinBing, C:\PROGRAM FILES\MOZILLA FIREFOX\DEFAULTS\PREF\DSENGINE.JS, Quarentena, [1490], [474786],1.0.3688 PUP.Optional.WinBing, C:\PROGRAM FILES\MOZILLA FIREFOX\DSENGINE.CFG, Quarentena, [1490], [474787],1.0.3688 PUP.Optional.InstallCore, C:\USERS\AUGUSTO\DOWNLOADS\CR_DOWNLOADER_PARA_POLE-POSITION-(ATARI-VERSION-1).EXE, Quarentena, [2], [429787],1.0.3688 PUP.Optional.SpyHunter, C:\USERS\AUGUSTO\DOWNLOADS\SPYHUNTER-INSTALLER.EXE, Quarentena, [860], [433139],1.0.3688 Setor físico: 0 (Nenhum item malicioso detectado) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:40:13, on 13/01/2018 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18894) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe C:\Program Files\AVG\Framework\Common\avguix.exe C:\Program Files\AVG\antivírus\AVGUI.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files\Avira\Launcher\Avira.Systray.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\Augusto\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__171223__yaie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.avira.net/#web/result?source=art&q= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.avira.net/#web/result?source=art&q= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll O2 - BHO: Spyware Terminator 2015 Internet Guard - {82A76710-4F98-4957-92BE-99648A4E2475} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll O4 - HKLM\..\Run: [AvgUi] "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw O4 - HKLM\..\Run: [AVGUI.exe] "C:\Program Files\AVG\antivírus\AvLaunch.exe" /gui O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe" O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\Windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\Windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: http://*.webcompanion.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVG antivírus - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\antivírus\AVGSvc.exe O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\antivírus\aswidsagent.exe O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Framework\Common\avgsvcx.exe O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Avira System Speedup (SpeedupService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe -- End of file - 6667 bytes
  9. Solicitação de Análise de Logs

    Olá, Mr Million! Boa tarde! Tentei desinstalar o programa Spyware Terminator 205 Guard, mas acho que já tinha feito isso há muito tempo atrás. Quando vou na opção Desinstalar Programa do Painel de Controle, o programa não aparece na lista de programas. Posso continuar os procedimentos de verificação do MBAM ou devo tentar desinstalar antes?
  10. Solicitação de Análise de Logs

    Já fiz todos os procedimentos solicitados no Tópico Oficial. O antivírus de uns 2 dias para cá começou a dar um aviso de bloqueio do trojan js-miner. E nesse mesmo aviso ele cita uma tentativa de acesso a um site malicioso. Fiquei preocupado pois pesquisando na internet soube que esse é um trojan muito perigoso. Segue meu log para exame: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:19:03, on 13/01/2018 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18894) Boot mode: Normal Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.UI.Systray.exe C:\Windows\Explorer.EXE C:\Program Files\AVG\Framework\Common\avguix.exe C:\Program Files\AVG\antivírus\AVGUI.exe D:\Program Files\Malwarebytes Anti-Exploit\mbae.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Avira\Launcher\Avira.Systray.exe C:\Program Files\Common Files\Java\Java Update\jucheck.exe C:\Windows\system32\taskeng.exe C:\Users\Augusto\Desktop\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10440__171223__yaie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://search.avira.net/#web/result?source=art&q= R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://search.avira.net/#web/result?source=art&q= R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.avira.net/#web/result?source=art&q= R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhost O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll O2 - BHO: Spyware Terminator 2015 Internet Guard - {82A76710-4F98-4957-92BE-99648A4E2475} - (no file) O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dll O4 - HKLM\..\Run: [AvgUi] "C:\Program Files\AVG\Framework\Common\avguirnx.exe" /lps=fmw O4 - HKLM\..\Run: [AVGUI.exe] "C:\Program Files\AVG\antivírus\AvLaunch.exe" /gui O4 - HKLM\..\Run: [Avira SystrayStartTrigger] "C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe" O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\Windows live\wlidnsp.dll O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\Windows live\wlidnsp.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: imagem.caixa.gov.br O15 - Trusted Zone: internetbanking.caixa.gov.br O15 - Trusted Zone: internetbankingpf.caixa.gov.br O15 - Trusted Zone: www.caixa.gov.br O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: http://*.webcompanion.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe O23 - Service: AVG antivírus - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\antivírus\AVGSvc.exe O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\antivírus\aswidsagent.exe O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\Framework\Common\avgsvcx.exe O23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - D:\Program Files\Malwarebytes Anti-Exploit\mbae-svc.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe O23 - Service: Avira System Speedup (SpeedupService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\System Speedup\Avira.SystemSpeedup.SpeedupService.exe O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe -- End of file - 7125 bytes
  11. Solicitação de Análise de Logs

    Obrigado, Mr Million.
  12. Solicitação de Análise de Logs

    O computador está normal, aparentemente sem problemas.
  13. Solicitação de Análise de Logs

    Boa tarde, Mr. Million! Conforme solicitado descompactei e executei o Zoek (não cliquei naquela opção executar como administrador, cliquei diretamente com o botão esquerdo, tem algum problema?). De qualquer forma o meu perfil no PC é de administrador do sistema. Segue abaixo o relatório do Zoek e o log do Hijackthis. Zoek.exe v5.0.0.0 Updated 04-May-2015Tool run by Augusto on 24/08/2015 at 7:17:47,73.Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86Running in: Normal Mode No Internet Access DetectedLaunched: C:\Users\Augusto\Desktop\zoek.scr [scan all users] [script inserted] ==== Older Logs ====================== C:\zoek-results2015-08-24-023948.log 1306 bytesC:\zoek-results2015-08-24-025436.log 1399 bytesC:\zoek-results2015-08-24-044846.log 554 bytesC:\zoek-results2015-08-24-101349.log 655 bytes ==== System Restore Info ====================== 24/08/2015 07:20:10 Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright © 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host # localhost name resolution is handled within DNS itself. 127.0.0.1 localhost ::1 localhost ==== Empty Folders Check ====================== C:\Program Files\Bitdefender deleted successfullyC:\Program Files\MSXML 4.0 deleted successfullyC:\Users\Augusto\AppData\Roaming\baidu deleted successfullyC:\Users\Augusto\AppData\Roaming\HpUpdate deleted successfullyC:\Users\Augusto\AppData\Roaming\Opera Software deleted successfullyC:\Users\Augusto\AppData\Roaming\Panda Security deleted successfullyC:\Users\Augusto\AppData\Roaming\QuickScan deleted successfullyC:\Users\Augusto\AppData\Roaming\Spyware Terminator deleted successfullyC:\Users\Alessandra\AppData\Local\VirtualStore deleted successfullyC:\Users\Augusto\AppData\Local\Opera Software deleted successfullyC:\Users\Convidado\AppData\Local\VirtualStore deleted successfullyC:\Users\Inalda\AppData\Local\EmieBrowserModeList deleted successfullyC:\Users\Inalda\AppData\Local\EmieSiteList deleted successfullyC:\Users\Inalda\AppData\Local\EmieUserList deleted successfullyC:\Users\Inalda\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== HKEY_USERS\S-1-5-21-3765219849-3279150773-2029606266-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3785216E-1C50-4FC9-AB20-81211007F5C9} deleted successfully ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\ALESSA~1\AppData\Roaming\Mozilla\Firefox\Profiles\ny19qa66.default-1404152375172\prefs.js: Added to C:\Users\ALESSA~1\AppData\Roaming\Mozilla\Firefox\Profiles\ny19qa66.default-1404152375172\prefs.js:user_pref("browser.startup.homepage", "about:home");user_pref("browser.newtab.url", "about:newtab"); Deleted from C:\Users\Augusto\AppData\Roaming\Mozilla\Firefox\Profiles\bz297p2c.default\prefs.js:user_pref("browser.startup.homepage", " C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Preferences"startup_urls": [ "http://www.google.com/" ], C:\Users\Inalda\AppData\Local\Google\Chrome\User Data\Default\Preferencesnbpagnldghgfoolbancepceaanlmhfmd":"0856563B7D96809121CF7DFFC458A6A4B612A0E1AEEC4428CFEB0C7C52FBB2D6","neajdppkdcdipfabeoofebfddakdcjhd":"515264BD72DFC31FDDE824CBD13C5F14472085E5CFA2A74D392AF12123B3DF97","nkeimhogjdpnpccoofpliimaahmaaome":"3AA10E5BE31CCB50EE91F231CE81E9BF899E201B0BFF07720509A4089B9F121E","nmmhkkegccagdldgiimedpiccmgmieda":"2C95F203AC9F3F47472896107D72B7F325E852F3983B4BE0DEE897B4458A576C","npdicihegicnhaangkdmcgbjceoemeoo":"9E495B1DD40AEC41E65B26B650AF4B307C2D560456A14DBEECC6110350DC4866","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"468953C87EB6A98E28DA4D841EFFAB45EE64BAB977CE5DB1F5C28228838F2078","pjkljhegncpnkpknbcohdijeoejaedia":"42A769C0FEC01597DBB23B6225A8465EE39DD26610F8BEEE3B5BC6E5E1E235CC"}},"google":{"services":{"account_id":"1F2D4E53CDEA35BE896F52BC35184F1AEE08F8EDF249D7D369F5C87262ABDF3D","last_username":"1096A1CA42DDBE4D72F4062899016D2795BA82E29DD95886DE72D5372E6E3521","username":"A65B6601C809CF687A4C8C7E85F45F5856EC71EACB710905B2BE3DD7388D91D8"}},"homepage":"622A0E213980EEED93DA7CAC09871A56E22F567D91EF7E6286DB5A134C29C4EB","homepage_is_newtabpage":"8E9CC1BB6A739B5022775C7728AA7C126D553B66FE4B8E46BBE642BCCB9AB91D","pinned_tabs":"CFC655DD5B8281E552B32EB5DF3C1E9B9A2F36D2FE5C856DCC156380A9C95B20","prefs":{"preference_reset_time":"E65D8F81A1E862EAF4205C6EE04058AAAEE28BF5D4ACD573AAF2766563C1CA0A"},"profile":{"reset_prompt_memento":"40607BF4F847E0ECE12B69D5F448144FB51A31DAE40573686D62231252F78D60"},"safebrowsing":{"incidents_sent":"8738146269808852C58DD2FEED4F104CB0BC19ED8FE26FE60E1289D5F0D4E661"},"search_provider_overrides":"F77796F4A79C3EF1977AFB17C103B945964C9055DF7D693CAB453BC5DE680AF5","session":{"restore_on_startup":"9F11AF05F8C8BBCDD608A6D75BE08BABB8BA001D69BB2D38DF35425E9C8C412C","startup_urls":"DDC89AC172A779955E4ECD336D4165E728D958B624A0EEED843ACE12599FFFB2"},"software_reporter":{"prompt_reason":"F3FCDD07C73F225966E26DAD6ECA853ECB1EA5D5D846FFC2437F41078F3504E1","prompt_seed":"A4B0D11C3D4A94C677DCD6003631D4A9FC6B68FE2CB6D4B037E0A6EBD278BB8E","prompt_version":"4DE714B0FCB7AA5F067A7AAC9EC9C33EA94532FE888DADCEF7051D0969191C0F"},"sync":{"remaining_rollback_tries":"AD56126D8BEDD862C8FA8E46A3ECFDCD03CBD77738A6A9842826AB0440FCA445"}},"super_mac":"3EAAAC94CF05B9A25967D6A9C38C466326F2A77A7A46E2725B79AD3C161718E2"},"session":{"restore_on_startup":4,"startup_urls":["http://www.google.com/"]}} ==== Set IE to Default ====================== Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset" New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://www.google.com" ==== All HKCU SearchScopes ====================== HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR" ==== Reset Google Chrome ====================== C:\Users\Augusto\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfullyC:\Users\Augusto\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfullyC:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfullyC:\Users\Inalda\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfullyC:\Users\Inalda\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfullyC:\Users\Augusto\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfullyC:\Users\Augusto\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfullyC:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfullyC:\Users\Inalda\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\Augusto\Desktop\Backup - Augusto - Atalho.lnk - D:\Backup - Augusto C:\Users\Augusto\Desktop\chrome - Atalho.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Augusto\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Augusto\Desktop\IRPF2015 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - C:\Users\Augusto\Desktop\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe C:\Users\Augusto\Desktop\Microsoft Office Word 2007.lnk - C:\Windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe C:\Users\Convidado\Desktop\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Inalda\Desktop\chrome - Atalho.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Inalda\Desktop\Computador - Atalho.lnk - C:\Users\Inalda\Desktop\Documentos - Atalho.lnk - C:\Users\Augusto\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms C:\Users\Inalda\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe C:\Users\Public\Desktop\Avira.lnk - C:\Program Files\Avira\Launcher\Avira.Systray.exe /showMiniGuiC:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe C:\Users\Public\Desktop\Central de Soluções HP.lnk - C:\Users\Public\Desktop\HP ePrinterCenter.lnk - C:\Program Files\HP\Digital Imaging\AppStudio\hpzsip.url C:\Users\Public\Desktop\Loja de Suprimentos HP.lnk - C:\Program Files\HP\HPSSUPPLY\hpqSSupply.exe C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe C:\Users\Public\Desktop\Receitanet 1.07 .lnk - C:\Program Files\Programas RFB\Receitanet\Windows\Receitanet.exe C:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}\SkypeIcon.exe C:\Users\Public\Desktop\Spyware Terminator 2015.lnk - C:\Program Files\Spyware Terminator\SpywareTerminator.exe C:\Users\Public\Desktop\SpywareBlaster.lnk - D:\Program Files\SpywareBlaster\spywareblaster.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AB0000000001}\SC_Reader.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira.lnk - C:\Program Files\Avira\Launcher\Avira.Systray.exe /showMiniGuiC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\antivírus\Avira antivírus Help.lnk - C:\Program Files\Avira\AntiVir Desktop\57\avwin.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\antivírus\Avira on the Internet.lnk - C:\Program Files\Avira\AntiVir Desktop\weblink.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\antivírus\Start Avira antivírus.lnk - C:\Program Files\Avira\AntiVir Desktop\SecurityCenter.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe -tab aboutC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe -tab updateC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Obter Ajuda.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files\Java\jre1.8.0_51\bin\javacpl.exe -tab aboutC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visite Java.com.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.40728.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015\Desinstalar Spyware Terminator 2015.lnk - C:\Program Files\Spyware Terminator\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2015\Spyware Terminator 2015.lnk - C:\Program Files\Spyware Terminator\SpywareTerminator.exe ==== shortcuts in Quick Launch ====================== C:\Users\Alessandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Alessandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Alessandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Alessandra\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1C:\Users\Augusto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk - C:\Program Files\Webteh\BSPlayer\bsplayer.exe C:\Users\Augusto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Augusto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Augusto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Augusto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Augusto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk - C:\Users\Augusto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Augusto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Convidado\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Inalda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Inalda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Inalda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Inalda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Inalda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe C:\Users\Inalda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe C:\Users\Inalda\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Reset IE Proxy ====================== Value(s) before fix:"ProxyEnable"=dword:00000000 Value(s) after fix:"ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\nnjbodopomfddehlalfilheomcahbpei deleted successfullyHKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bdagent deleted successfully ==== Empty IE Cache ====================== C:\Users\Alessandra\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Augusto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Augusto\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\Convidado\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Inalda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Inalda\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Alessandra\AppData\Local\Mozilla\Firefox\Profiles\ny19qa66.default-1404152375172\Cache emptied successfullyC:\Users\Augusto\AppData\Local\Mozilla\Firefox\Profiles\bz297p2c.default\cache2 emptied successfully ==== Empty Chrome Cache ====================== C:\Users\Augusto\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\Inalda\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== Flash Cache Emptied Successfully ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== C:\zoek_backup content ====================== C:\zoek_backup (files=154 folders=48 58322521 bytes) ==== Empty Temp Folders ====================== C:\Users\Alessandra\AppData\Local\Temp emptied successfullyC:\Users\Augusto\AppData\Local\Temp will be emptied at rebootC:\Users\Convidado\AppData\Local\Temp emptied successfullyC:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\Inalda\AppData\Local\Temp emptied successfullyC:\Users\USURIO~1\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\Windows\Temp successfully emptiedC:\Users\Augusto\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 24/08/2015 at 12:50:05,87 ====================== Logfile of Trend Micro HijackThis v2.0.4Scan saved at 12:58:21, on 24/08/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17937)Boot mode: Normal Running processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\notepad.exeC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeD:\Program Files\Online Armor\oaui.exeD:\Program Files\Online Armor\OAhlp.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Windows\system32\taskeng.exeC:\Program Files\CCleaner\CCleaner.exeC:\Program Files\Avira\Launcher\Avira.Systray.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Program Files\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchFilterHost.exeC:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O1 - Hosts: ::1 localhostO2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dllO2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dllO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [@OnlineArmor GUI] "D:\Program Files\Online Armor\oaui.exe"O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\Launcher\Avira.Systray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITORO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exeO23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exeO23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - D:\Program Files\Online Armor\OAcat.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: Spyware Terminator 2015 Realtime Shield Service (ST2012_Svc) - Crawler Group - C:\Program Files\Spyware Terminator\st_rsser.exeO23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - D:\Program Files\Online Armor\oasrv.exeO23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (file missing)O23 - Service: Bitdefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (file missing) --End of file - 7261 bytes
  14. Solicitação de Análise de Logs

    Prezado Mr.Million, Segui todos os procedimentos solicitados. Segue respectivamente o log do AdwCleaner, JRT e HijackThis: # AdwCleaner v5.003 - Relatório criado 23/08/2015 às 22:18:47# Atualizado 20/08/2015 por Xplode# Base de dados : 2015-08-20.1 [Local]# Sistema operacional : Windows 7 Professional Service Pack 1 (x86)# Usuário : Augusto - AUGUSTO-PC# Executando de : C:\Users\Augusto\Desktop\AdwCleaner.exe# Opção : Limpar ***** [ Serviços ] ***** [-] Serviço Excluído : sp_rsdrv2[-] Serviço Excluído : YSearchUtilSvc ***** [ Pastas ] ***** [-] Pasta Excluído : C:\Program Files\driverupdate[-] Pasta Excluído : C:\Users\Augusto\AppData\Local\YSearchUtil[-] Pasta Excluído : C:\Users\Augusto\AppData\LocalLow\HPAppData[-] Pasta Excluído : C:\Users\Inalda\AppData\Local\Google\Chrome\User Data\Default\Extensions\npdicihegicnhaangkdmcgbjceoemeoo[-] Pasta Excluído : C:\Windows\system32\config\systemprofile\AppData\Local\YSearchUtil ***** [ Arquivos ] ***** [-] Arquivo Excluído : C:\Windows\system32\drivers\sp_rsdrv2.sys ***** [ Atalhos ] ***** ***** [ Tarefas agendadas ] ***** ***** [ Registro ] ***** [-] Chave Apagado : HKLM\SOFTWARE\Google\Chrome\Extensions\npdicihegicnhaangkdmcgbjceoemeoo[-] Chave Apagado : HKCU\Software\Conduit[-] Chave Apagado : HKCU\Software\systweak[-] Chave Apagado : HKCU\Software\SlimWare Utilities Inc[-] Chave Apagado : HKLM\SOFTWARE\TermTutor[-] Chave Apagado : HKLM\SOFTWARE\SiteSee[-] Chave Apagado : HKLM\SOFTWARE\SlimWare Utilities Inc[-] Chave Apagado : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet ***** [ Navegadores ] ***** [-] [C:\Users\Augusto\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Excluído : br.ask.com[-] [C:\Users\Augusto\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Homepage] Excluído : [-] [C:\Users\Augusto\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [startup_URLs] Excluído : hxxp://br.hao123.com/?tn=incore_pay_hp_ex01_hao123_br","hxxp://www.google.com/[-] [C:\Users\Inalda\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Excluído : br.ask.com[-] [C:\Users\Convidado\AppData\Local\Google\Chrome\User Data\Default\Web Data] [search Provider] Excluído : br.ask.com ************************* :: Configurações Proxy restauradas:: Configurações Winsock restauradas:: Políticas do Chrome Excluído ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [2358 bytes] ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by MalwarebytesVersion: 7.5.7 (08.18.2015:1)OS: Windows 7 Professional x86Ran by Augusto on 23/08/2015 at 22:23:00,37~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services Successfully deleted: [service] bdsandbox [Reboot required]Successfully deleted: [service] sp_rsdrv2 [Reboot required] ~~~ Tasks ~~~ Registry Values ~~~ Registry Keys ~~~ Files Successfully deleted: [File] C:\ProgramData\1396648706.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397960751.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397961210.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962689.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962695.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962740.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962780.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962795.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962916.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962920.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962947.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962970.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397962978.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397963245.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397963247.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397965942.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1397967004.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1402204388.bdinstall.binSuccessfully deleted: [File] C:\ProgramData\1402204403.bdinstall.bin ~~~ Folders Successfully deleted: [Folder] C:\users\Public\Documents\downloaded installers ~~~ FireFox Successfully deleted: [File] C:\Users\Augusto\AppData\Roaming\mozilla\firefox\profiles\bz297p2c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpiEmptied folder: C:\Users\Augusto\AppData\Roaming\mozilla\firefox\profiles\bz297p2c.default\minidumps [16 files] ~~~ Chrome [C:\Users\Augusto\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset [C:\Users\Augusto\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted: [C:\Users\Augusto\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset [C:\Users\Augusto\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:[] ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on 23/08/2015 at 22:35:05,41End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of Trend Micro HijackThis v2.0.4Scan saved at 22:36:08, on 23/08/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17937)Boot mode: Normal Running processes:C:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXED:\Program Files\Online Armor\oaui.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeD:\Program Files\Online Armor\OAhlp.exeC:\Windows\system32\taskeng.exeC:\Windows\system32\SearchFilterHost.exeC:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpsetR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dllO2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dllO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [@OnlineArmor GUI] "D:\Program Files\Online Armor\oaui.exe"O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\Launcher\Avira.Systray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITORO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exeO23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exeO23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - D:\Program Files\Online Armor\OAcat.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: Spyware Terminator 2015 Realtime Shield Service (ST2012_Svc) - Crawler Group - C:\Program Files\Spyware Terminator\st_rsser.exeO23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - D:\Program Files\Online Armor\oasrv.exeO23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (file missing)O23 - Service: Bitdefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (file missing) --End of file - 6915 bytes
  15. Solicitação de Análise de Logs

    Boa noite, Mr Million, Conforme solicitado realizei os procedimentos. Quanto ao br.hao123.com, lembro de ter realmente tido problemas com ele há algum tempo atrás, não me lembro bem como fiz na época, mas consegui retirar esse site da página inicial do navegador. De qualquer forma, segui as suas recomendações e verifiquei que o br.hao123.com não estava aparecendo no atalho de cada um dos três navegadores que utilizo. O MBAM fez o log e pediu para reiniciar. Vários arquivos foram enviados para quarentena, apesar do log do MBAM aparentemente não encontrar nada. Logo após a verificação do MBAM e antes de reiniciar, o log do MBAM gerou o resultado abaixo . PS: Segue também o novo log do HijackThis Malwarebytes Anti-Malwarewww.malwarebytes.org Data da verificação: 23/08/2015Hora da verificação: 20:05Arquivo de registro: mbam-log.txtAdministrador: Sim Versão: 2.1.8.1057Banco de dados de malware: v2015.08.23.05Banco de dados de rootkit: v2015.08.16.01Licença: GratuitaProteção contra malware: DesabilitadoProteção contra website malicioso: DesabilitadoAutoproteção: Desabilitado Sistema operacional: Windows 7 Service Pack 1CPU: x86Sistema de arquivos: NTFSUsuário: Augusto Tipo de verificação: Verificação da ameaçaResultado: ConcluídoObjetos verificados: 444200Tempo decorrido: 13 min, 4 seg Memória: HabilitadoInicialização: HabilitadoSistema de arquivos: HabilitadoArquivos compactados: HabilitadoRootkits: HabilitadoHeurística: HabilitadoPUP: HabilitadoPUM: Habilitado Processos: 0(Nenhum item malicioso detectado) Módulos: 0(Nenhum item malicioso detectado) Chaves de registro: 0(Nenhum item malicioso detectado) Valores de registro: 0(Nenhum item malicioso detectado) Dados de registro: 0(Nenhum item malicioso detectado) Pastas: 0(Nenhum item malicioso detectado) Arquivos: 0(Nenhum item malicioso detectado) Setores físicos: 0(Nenhum item malicioso detectado) (end) Logfile of Trend Micro HijackThis v2.0.4Scan saved at 20:26:24, on 23/08/2015Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v11.0 (11.00.9600.17937)Boot mode: Normal Running processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Microsoft Office\Office12\GrooveMonitor.exeD:\Program Files\Online Armor\oaui.exeC:\Program Files\Avira\AntiVir Desktop\avgnt.exeD:\Program Files\Online Armor\OAhlp.exeC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Windows\system32\taskeng.exeC:\Program Files\CCleaner\CCleaner.exeC:\Program Files\Avira\Launcher\Avira.Systray.exeC:\Program Files\Malwarebytes Anti-Malware\mbam.exeC:\Windows\system32\SearchFilterHost.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\NOTEPAD.EXEC:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpsetR1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com/?tn=incore_pay_hp_ex01_hao123_brR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dllO2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dllO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_51\bin\ssv.dllO2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllO2 - BHO: MSN Toolbar BHO - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_51\bin\jp2ssv.dllO2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO3 - Toolbar: MSN Toolbar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\MSN Toolbar\Platform\4.0.0357.1\npwinext.dllO4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"O4 - HKLM\..\Run: [@OnlineArmor GUI] "D:\Program Files\Online Armor\oaui.exe"O4 - HKLM\..\Run: [Microsoft Default Manager] "C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resumeO4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [Avira Systray] C:\Program Files\Avira\Launcher\Avira.Systray.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITORO4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')O4 - HKUS\S-1-5-21-3765219849-3279150773-2029606266-1003-{637FE20B-9A5B-4F51-B1BE-D10045625B40}-0\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_13_0_0_182_Plugin.exe -update plugin (User '?')O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: Avira Mail Protection (AntiVirMailService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avmailc7.exeO23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exeO23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avwebg7.exeO23 - Service: Avira Service Host (Avira.ServiceHost) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\Launcher\Avira.ServiceHost.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: Online Armor Helper Service (OAcat) - Unknown owner - D:\Program Files\Online Armor\OAcat.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exeO23 - Service: Spyware Terminator 2015 Realtime Shield Service (ST2012_Svc) - Crawler Group - C:\Program Files\Spyware Terminator\st_rsser.exeO23 - Service: Online Armor (SvcOnlineArmor) - Unknown owner - D:\Program Files\Online Armor\oasrv.exeO23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender 2013\updatesrv.exe (file missing)O23 - Service: Bitdefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Bitdefender\Bitdefender 2013\vsserv.exe (file missing)O23 - Service: YSearchUtilSvc - Yahoo Inc. - C:\Program Files\Yahoo!\yset\{125E2934-3DFE-F045-9F07-ECC83FB7C60D}\YSearchUtilSvc.exe --End of file - 7771 bytes
×