Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

Ir para conteúdo

julianocgn

Participante
  • Postagens

    23
  • Desde

  • Última visita

Últimos Visitantes

1.052 visualizações
  1. C:\Program Files\Easeware\DriverEasy\DriverEasy.exe a variant of MSIL/DriverNavigator.A potentially unwanted application cleaned by deleting C:\Program Files\Legendas-3.7\nfregdrv.exe Win32/RiskWare.NetFilter.V application cleaned by deleting C:\Users\Uicaa\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\antimalwaresetup.exe a variant of Win32/SafeBytes.A potentially unwanted application cleaned by deleting C:\Users\Uicaa\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\bootstrap.js JS/Mindspark.D potentially unwanted application cleaned by deleting C:\Users\Uicaa\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\ffxtbr.jar JS/Mindspark.B potentially unwanted application deleted C:\Users\Uicaa\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\Superdownloads_utorrent-utorrent-mtorrent [1].exe a variant of MSIL/WebCompanion.A potentially unwanted application cleaned by deleting C:\Users\Uicaa\Downloads\Legendas37.exe multiple threats cleaned by deleting C:\Users\Uicaa\Downloads\Legendas37.zip multiple threats deleted C:\Users\Uicaa\Downloads\Não confirmado 351434.crdownload a variant of Win32/TrojanDownloader.Agent.EIM trojan deleted C:\Windows\AutoKMS.exe MSIL/HackKMS.A potentially unsafe application cleaned by deleting C:\Windows\System32\drivers\legendasdrv.sys a variant of Win32/NetFilter.A potentially unsafe application cleaned by deleting
  2. Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 27/04/2019 Hora da análise: 01:28 Arquivo de registro: e8026076-68a4-11e9-abb1-00ffc78637c8.json -Informação do software- Versão: 3.7.1.2839 Versão de componentes: 1.0.586 Versão do pacote de definições: 1.0.10360 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x86 Sistema de arquivos: NTFS Usuário: Uicaa-PC\Uicaa -Resumo da análise- Tipo de análise: Análise de Ameaças Análise Iniciada Por: Manual Resultado: Concluído Objetos verificados: 166279 Ameaças detectadas: 65 Ameaças em quarentena: 0 Tempo decorrido: 9 min, 38 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 1 PUP.Optional.MindSpark.Generic, HKU\S-1-5-21-3642303166-1503609442-2024683328-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|hhaalpeklfijljphgfkgppokkijcbpga, Nenhuma ação do usuário, [1749], [443121],1.0.10360 Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 9 PUP.Optional.MindSpark.Generic, C:\USERS\UICAA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Local Extension Settings\hhaalpeklfijljphgfkgppokkijcbpga, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\_locales\en, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\_metadata, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\_locales, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\config, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\icons, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\USERS\UICAA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HHAALPEKLFIJLJPHGFKGPPOKKIJCBPGA, Nenhuma ação do usuário, [1749], [443121],1.0.10360 Arquivo: 55 PUP.Optional.MindSpark, C:\USERS\UICAA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DLSYAOQS.DEFAULT\SEARCHPLUGINS\ASK-WEB-SEARCH.XML, Nenhuma ação do usuário, [627], [240303],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhaalpeklfijljphgfkgppokkijcbpga\000003.log, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhaalpeklfijljphgfkgppokkijcbpga\CURRENT, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhaalpeklfijljphgfkgppokkijcbpga\LOCK, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhaalpeklfijljphgfkgppokkijcbpga\LOG, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhaalpeklfijljphgfkgppokkijcbpga\LOG.old, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hhaalpeklfijljphgfkgppokkijcbpga\MANIFEST-000001, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\USERS\UICAA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\USERS\UICAA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\USERS\UICAA\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\HHAALPEKLFIJLJPHGFKGPPOKKIJCBPGA\13.870.15.8329_0\MANIFEST.JSON, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\config\config.json, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\icons\icon128.png, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\icons\icon16.png, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\icons\icon19disabled.png, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\icons\icon19on.png, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\icons\icon48.png, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\meta.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\ajax.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\babAPI.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\babClickHandler.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\babContentScript.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\babContentScriptAPI.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\background.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\browserUtils.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\chrome.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\contentScriptConnectionManager.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\dateTimeUtils.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\dlp.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\dlpHelper.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\extensionDetect.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\index.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\localStorageContentScript.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\logger.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\offerService.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\pageUtils.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\PartnerId.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\polyfill.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\product.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\remoteConfigLoader.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\splashPageLocalStorageSetter.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\splashPageRedirectHandler.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\storageUtils.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\TemplateParser.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\ul.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\urlFragmentActions.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\urlUtils.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\util.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\webtooltabAPI.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\js\webTooltabAPIProxy.js, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\_locales\en\messages.json, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\_metadata\verified_contents.json, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.MindSpark.Generic, C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhaalpeklfijljphgfkgppokkijcbpga\13.870.15.8329_0\newtabpage.html, Nenhuma ação do usuário, [1749], [443121],1.0.10360 PUP.Optional.OpenCandy, C:\USERS\UICAA\DOWNLOADS\PHOTOSCAPE-3-7-MULTI-WIN.EXE, Nenhuma ação do usuário, [1146], [297667],1.0.10360 Adware.InstallCore, C:\USERS\UICAA\DOWNLOADS\SUPERDOWNLOADS_UTORRENT-UTORRENT-MTORRENT.EXE, Nenhuma ação do usuário, [436], [615405],1.0.10360 Generic.Malware/Suspicious, C:\USERS\UICAA\DOWNLOADS\PHOTOSCAPE-3-7-MULTI-WIN.EXE, Nenhuma ação do usuário, [0], [392686],1.0.10360 Setor físico: 0 (Nenhum item malicioso detectado) Instrumentação do Windows (WMI): 0 (Nenhum item malicioso detectado) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 02:27:00, on 27/04/2019 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.19326) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\igfxEM.exe C:\Windows\system32\igfxHK.exe C:\Windows\system32\igfxTray.exe C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\HP\HP Deskjet 4640 series\Bin\ScanToPCActivationApp.exe C:\Program Files\Steam\Steam.exe C:\Users\Uicaa\AppData\Roaming\uTorrent\uTorrent.exe C:\Windows\system32\taskeng.exe C:\Program Files\CCleaner\CCleaner.exe C:\Users\Uicaa\AppData\Roaming\uTorrent\updates\3.5.5_45146\utorrentie.exe C:\Users\Uicaa\AppData\Roaming\uTorrent\updates\3.5.5_45146\utorrentie.exe C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe C:\Program Files\Steam\bin\cef\cef.Windows 7\steamwebhelper.exe C:\Program Files\Steam\bin\cef\cef.Windows 7\steamwebhelper.exe C:\Program Files\Steam\bin\cef\cef.Windows 7\steamwebhelper.exe C:\Windows\system32\wuauclt.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\NOTEPAD.EXE C:\Users\Uicaa\Desktop\HijackThis.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\HP\HP Deskjet 4640 series\Bin\HPNetworkCommunicatorCom.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [HP Deskjet 4640 series (NET)] "C:\Program Files\HP\HP Deskjet 4640 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN45S3B0VF05Z4:NW" -scfn "HP Deskjet 4640 series (NET)" -AutoStart 1 O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent O4 - HKCU\..\Run: [uTorrent] "C:\Users\Uicaa\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: COM+ Leg Service (COMLegService) - Unknown owner - C:\Program Files\Legendas-3.7\srvlegendas.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Software Inc. - C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files\Google\Chrome\Application\73.0.3683.103\elevation_service.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Intel Corporation - C:\Windows\system32\igfxCUIService.exe O23 - Service: Serviço do Kaspersky Secure Connection 2.0.0 (KSDE2.0.0) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe -- End of file - 7617 bytes
  3. ~ ZHPCleaner v2019.4.21.51 by Nicolas Coolman (2019/04/21) ~ Run by Uicaa (Administrator) (24/04/2019 20:50:35) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : C:\Users\Uicaa\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\Uicaa\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (33) DELETED Firefox: [dlsyaoqs.default] URL HomePage : http://home.tb.ask.com/index.jhtml?n=781c5002 =>Toolbar.Ask DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.browser.startup.homepage.savedPrev", "true"); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.browser.startup.homepage.tb", "http://home.tb.as[...] =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.browser.startup.page.savedPrev", 1); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.browser.startup.page.tb", 1); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.browser.version.last", "56.0"); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.competitorDNS", "{\"comment\":\"refresh every 1 [...] =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.firstKnownVersion", "7.38.8.46590"); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.homepage", "http://home.tb.ask.com/index.jhtml?n[...] =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.hp.enabled", true); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.hp.guardType", "HPR"); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.hp.user.defined", false); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.initialized", true); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.installation.dlpCountryCode", "BR"); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.installation.installDate", "2015121410"); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.installation.success", true); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.lastActivePing", "1530186913162"); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.lastKnownVersion", "7.38.8.46590"); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.lssState", "{\"previousLocales\":[\"pt-BR\",\"pt[...] =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.options.defaultSearch", false); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.options.homePageEnabled", false); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.options.keywordEnabled", false); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.options.tabEnabled", false); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.productDeliveryOption.language", "en"); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.productDeliveryOption.type", "Toolbar"); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.startupTasks", "{}"); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.successUrl", "http://productivityboss.dl.tb.ask.[...] =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.toolbar.versionChanged", false); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.toolbarCollapsed", true); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark._e5Members_.uninstallTasks", "{\"prefBranchesToDelete\":[\"e[...] =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark.hp.enabled", true); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark.hp.enabled.guid", "productivityboss@mindspark.com"); =>Adware.Bandoo DELETED: [dlsyaoqs.default] - user_pref("extensions.toolbar.mindspark.lastInstalled", "productivityboss@mindspark.com"); =>Adware.Bandoo ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (15) MOVED file: C:\Users\Uicaa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk [Bad : C:\Users\Uicaa\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\Users\Uicaa\AppData\Roaming\Mozilla\Firefox\Profiles\dlsyaoqs.default\Extensions\_e5Members_@www.productivityboss.com\bootstrap.js =>.SUP.ProductivityBoss MOVED file^: C:\Users\Uicaa\AppData\Roaming\Mozilla\Firefox\Profiles\dlsyaoqs.default\Extensions\_e5Members_@www.productivityboss.com\chrome =>.SUP.ProductivityBoss MOVED file: C:\Users\Uicaa\AppData\Roaming\Mozilla\Firefox\Profiles\dlsyaoqs.default\Extensions\_e5Members_@www.productivityboss.com\chrome.manifest =>.SUP.ProductivityBoss MOVED file: C:\Users\Uicaa\AppData\Roaming\Mozilla\Firefox\Profiles\dlsyaoqs.default\Extensions\_e5Members_@www.productivityboss.com\chrome.manifest.restartless =>.SUP.ProductivityBoss MOVED file: C:\Users\Uicaa\AppData\Roaming\Mozilla\Firefox\Profiles\dlsyaoqs.default\Extensions\_e5Members_@www.productivityboss.com\install.rdf =>.SUP.ProductivityBoss MOVED file^: C:\Users\Uicaa\AppData\Roaming\Mozilla\Firefox\Profiles\dlsyaoqs.default\Extensions\_e5Members_@www.productivityboss.com\META-INF =>.SUP.ProductivityBoss MOVED file: C:\Users\Uicaa\AppData\Roaming\Mozilla\Firefox\Profiles\dlsyaoqs.default\ProductivityBoss_e5\A7BA2918-5852-482A-863B-DFE2FC17E115.sqlite =>.SUP.ProductivityBoss MOVED file: C:\Users\Uicaa\AppData\Roaming\Mozilla\Firefox\Profiles\dlsyaoqs.default\ProductivityBoss_e5\STUB.sqlite =>.SUP.ProductivityBoss MOVED file: C:\Users\Uicaa\Downloads\antimalwaresetup.exe [Plumbytes Software - Plumbytes Anti-Malware] =>.SUP.Plumbytes MOVED file: C:\Users\Uicaa\Downloads\Superdownloads_utorrent-utorrent-mtorrent [1].exe [BitTorrent Inc. - µTorrent] =>BitTorrent (P2P) MOVED file: C:\Users\Uicaa\AppData\Local\Temp\~DFCD4B0760D75F3F6F.TMP =>.SUP.Temporary.Other MOVED folder: C:\Users\Uicaa\AppData\Roaming\Mozilla\Firefox\Profiles\dlsyaoqs.default\Extensions\_e5Members_@www.productivityboss.com =>.SUP.ProductivityBoss MOVED folder: C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\File System\000 =>.SUP.Temporary.Chrome MOVED folder: C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\Default\File System\001 =>.SUP.Temporary.Chrome ---\\ Registry ( Key, Value, Data) (5) DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.] =>BitTorrent (P2P) DELETED key*: HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} [ITool] =>Toolbar.Ask DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Users\Uicaa\AppData\Local\Temp\HPDiagnosticAlert\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\Kaspersky Lab\KSDE1.0.0\ [No Folder] =>.SUP.Obsolete.NoFolder DELETED value: HKLM64\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\ProgramData\Kaspersky Lab\KSDE1.0.0\Temp\ [No Folder] =>.SUP.Obsolete.NoFolder ---\\ Summary of the elements found (8) https://nicolascoolman.eu/2017/02/28/toolbar-ask/ =>Toolbar.Ask https://nicolascoolman.eu/2017/02/23/adware-bandoo/ =>Adware.Bandoo https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P) https://nicolascoolman.eu/2017/11/18/sup-productivityboss/ =>.SUP.ProductivityBoss https://nicolascoolman.eu/2017/09/09/sup-plumbytes/ =>.SUP.Plumbytes https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Other https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Chrome https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Obsolete.NoFolder ---\\ Other deletions. (29) ~ Registry Keys Tracing deleted (29) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Opera Software) ~ The system has been restarted. ---\\ Statistics ~ Items scanned : 1129 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 12/12 ~ Space saving (bytes) : 114688 ~ End of clean in 00h00mn30s ---\\ Reports (2) ZHPCleaner--24042019-20_48_15.txt ZHPCleaner-[R]-24042019-20_51_05.txt Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:54:39, on 24/04/2019 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.19326) Boot mode: Normal Running processes: C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\HP\HP Deskjet 4640 series\Bin\ScanToPCActivationApp.exe C:\Program Files\Steam\Steam.exe C:\Users\Uicaa\AppData\Roaming\uTorrent\uTorrent.exe C:\Windows\system32\taskeng.exe C:\Program Files\CCleaner\CCleaner.exe C:\Users\Uicaa\AppData\Roaming\uTorrent\updates\3.5.5_45146\utorrentie.exe C:\Users\Uicaa\AppData\Roaming\uTorrent\updates\3.5.5_45146\utorrentie.exe C:\Windows\system32\igfxEM.exe C:\Windows\system32\igfxHK.exe C:\Windows\system32\igfxTray.exe C:\Program Files\Steam\bin\cef\cef.Windows 7\steamwebhelper.exe C:\Program Files\Steam\bin\cef\cef.Windows 7\steamwebhelper.exe C:\Program Files\Steam\bin\cef\cef.Windows 7\steamwebhelper.exe C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe C:\Windows\system32\wuauclt.exe C:\Windows\system32\NOTEPAD.EXE C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Users\Uicaa\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\RunOnce: [ZHPCleaner_File1] CMD /c DEL "C:\Users\Uicaa\AppData\Roaming\Mozilla\Firefox\Profiles\dlsyaoqs.default\Extensions\_e5Members_@www.productivityboss.com\chrome" /F /Q O4 - HKLM\..\RunOnce: [ZHPCleaner_File2] CMD /c DEL "C:\Users\Uicaa\AppData\Roaming\Mozilla\Firefox\Profiles\dlsyaoqs.default\Extensions\_e5Members_@www.productivityboss.com\META-INF" /F /Q O4 - HKLM\..\RunOnce: [ZHPCleaner] Notepad C:\Users\Uicaa\AppData\Roaming\ZHP\ZHPCleaner.txt O4 - HKCU\..\Run: [HP Deskjet 4640 series (NET)] "C:\Program Files\HP\HP Deskjet 4640 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN45S3B0VF05Z4:NW" -scfn "HP Deskjet 4640 series (NET)" -AutoStart 1 O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent O4 - HKCU\..\Run: [uTorrent] "C:\Users\Uicaa\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: COM+ Leg Service (COMLegService) - Unknown owner - C:\Program Files\Legendas-3.7\srvlegendas.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Software Inc. - C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files\Google\Chrome\Application\73.0.3683.103\elevation_service.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Intel Corporation - C:\Windows\system32\igfxCUIService.exe O23 - Service: Serviço do Kaspersky Secure Connection 2.0.0 (KSDE2.0.0) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe -- End of file - 7722 bytes
  4. Fiz o procedimento e não senti diferença. Outro problema que esqueci de mencionar é que às vezes aparecem aqueles anúncios chatos no navegador.
  5. Olá. Já fiz todos os procedimentos solicitados no Tópico Oficial. O meu problema é que meu notebook está muito lento na inicialização e na utilização de programas. Acho que podem ser malwares.. Segue meu log para exame: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:18:32, on 21/04/2019 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.19326) Boot mode: Normal Running processes: C:\Windows\system32\taskhost.exe C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avpui.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\igfxEM.exe C:\Windows\system32\igfxHK.exe C:\Windows\system32\igfxTray.exe C:\Program Files\HP\HP Software Update\hpwuschd2.exe C:\Program Files\HP\HP Deskjet 4640 series\Bin\ScanToPCActivationApp.exe C:\Program Files\Steam\Steam.exe C:\Users\Uicaa\AppData\Roaming\uTorrent\uTorrent.exe C:\Users\Uicaa\AppData\Roaming\uTorrent\updates\3.5.5_45146\utorrentie.exe C:\Users\Uicaa\AppData\Roaming\uTorrent\updates\3.5.5_45146\utorrentie.exe C:\Program Files\Steam\bin\cef\cef.Windows 7\steamwebhelper.exe C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksdeui.exe C:\Program Files\Steam\bin\cef\cef.Windows 7\steamwebhelper.exe C:\Program Files\Steam\bin\cef\cef.Windows 7\steamwebhelper.exe C:\Windows\system32\wuauclt.exe C:\Program Files\CCleaner\CCleaner.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Users\Uicaa\AppData\Local\Google\Chrome\User Data\SwReporter\39.195.200.3\software_reporter_tool.exe c:\users\uicaa\appdata\local\google\chrome\user data\swreporter\39.195.200.3\software_reporter_tool.exe c:\users\uicaa\appdata\local\google\chrome\user data\swreporter\39.195.200.3\software_reporter_tool.exe c:\users\uicaa\appdata\local\google\chrome\user data\swreporter\39.195.200.3\software_reporter_tool.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Program Files\HP\HP Deskjet 4640 series\Bin\HPNetworkCommunicatorCom.exe C:\Users\Uicaa\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {2E38825B-8815-42CF-9126-C58BC28D4591} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL O3 - Toolbar: Kaspersky Protection Toolbar - {093F479D-712E-46CD-9E06-62E734A05F68} - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\IEExt\ie_plugin.dll O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe O4 - HKCU\..\Run: [HP Deskjet 4640 series (NET)] "C:\Program Files\HP\HP Deskjet 4640 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN45S3B0VF05Z4:NW" -scfn "HP Deskjet 4640 series (NET)" -AutoStart 1 O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent O4 - HKCU\..\Run: [uTorrent] "C:\Users\Uicaa\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL O23 - Service: Serviço do Kaspersky Anti-Virus 17.0.0 (AVP17.0.0) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Internet Security 17.0.0\avp.exe O23 - Service: COM+ Leg Service (COMLegService) - Unknown owner - C:\Program Files\Legendas-3.7\srvlegendas.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\system32\IntelCpHeciSvc.exe O23 - Service: Foxit Cloud Safe Update Service (FoxitCloudUpdateService) - Foxit Software Inc. - C:\Program Files\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files\Google\Chrome\Application\73.0.3683.103\elevation_service.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Intel Corporation - C:\Windows\system32\igfxCUIService.exe O23 - Service: Serviço do Kaspersky Secure Connection 2.0.0 (KSDE2.0.0) - AO Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Secure Connection 2.0\ksde.exe O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe O23 - Service: TeamViewer 10 (TeamViewer) - TeamViewer GmbH - C:\Program Files\TeamViewer\TeamViewer_Service.exe -- End of file - 8217 bytes
  6. Pronto, funcionou. Acessando sites normalmente. Muito obrigado pela ajuda!
  7. C:\Users\All Users\Microsoft\Windows Defender\Scans\FilesStash\FE33D9E8-61A1-C8CA-16A8-CA784F5FA0AC_1d4341d017bb5d9 a variant of MSIL/WebCompanion.A potentially unwanted application C:\Users\Todos os Usuários\Microsoft\Windows Defender\Scans\FilesStash\FE33D9E8-61A1-C8CA-16A8-CA784F5FA0AC_1d4341d017bb5d9 a variant of MSIL/WebCompanion.A potentially unwanted application C:\Windows.old\Users\All Users\Microsoft\Windows Defender\Scans\FilesStash\FE33D9E8-61A1-C8CA-16A8-CA784F5FA0AC_1d4341d017bb5d9 a variant of MSIL/WebCompanion.A potentially unwanted application C:\Windows.old\Users\Todos os Usuários\Microsoft\Windows Defender\Scans\FilesStash\FE33D9E8-61A1-C8CA-16A8-CA784F5FA0AC_1d4341d017bb5d9 a variant of MSIL/WebCompanion.A potentially unwanted application C:\Windows.old.000\Documents and Settings\All Users\Microsoft\Windows Defender\Scans\FilesStash\FE33D9E8-61A1-C8CA-16A8-CA784F5FA0AC_1d4341d017bb5d9 a variant of MSIL/WebCompanion.A potentially unwanted application C:\Windows.old.000\Documents and Settings\Todos os Usuários\Microsoft\Windows Defender\Scans\FilesStash\FE33D9E8-61A1-C8CA-16A8-CA784F5FA0AC_1d4341d017bb5d9 a variant of MSIL/WebCompanion.A potentially unwanted application C:\Windows.old.000\Users\All Users\Microsoft\Windows Defender\Scans\FilesStash\FE33D9E8-61A1-C8CA-16A8-CA784F5FA0AC_1d4341d017bb5d9 a variant of MSIL/WebCompanion.A potentially unwanted application C:\Windows.old.000\Users\Leopardo\AppData\Roaming\uTorrent\updates\3.5.0_43916.exe Win32/OpenCandy.J potentially unsafe application C:\Windows.old.000\Users\Public\Documents\GenieSoft\Common\Cef\1.0.0\CrashReport.exe a variant of Win32/Adware.Mobogenie.A application C:\Windows.old.000\Users\Public\Documents\GenieSoft\Common\Cef\1.0.0\CrashRpt.dll a variant of Win32/Adware.Mobogenie.A application C:\Windows.old.000\Users\Public\Documents\GenieSoft\Common\Cef\1.0.0\icudt.dll a variant of Win32/Adware.Mobogenie.A application C:\Windows.old.000\Users\Public\Documents\GenieSoft\Common\Cef\1.0.0\libEGL.dll a variant of Win32/Adware.Mobogenie.A application C:\Windows.old.000\Users\Public\Documents\GenieSoft\Common\Cef\1.0.0\libGLESv2.dll a variant of Win32/Adware.Mobogenie.A application C:\Windows.old.000\Users\Todos os Usuários\Microsoft\Windows Defender\Scans\FilesStash\FE33D9E8-61A1-C8CA-16A8-CA784F5FA0AC_1d4341d017bb5d9 a variant of MSIL/WebCompanion.A potentially unwanted application C:\Program Files (x86)\Legendas-3.7\nfregdrv.exe Win32/RiskWare.NetFilter.V application cleaned by deleting C:\ProgramData\Microsoft\Windows Defender\Scans\FilesStash\FE33D9E8-61A1-C8CA-16A8-CA784F5FA0AC_1d4341d017bb5d9 a variant of MSIL/WebCompanion.A potentially unwanted application cleaned by deleting C:\Users\Leonardo\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\uTorrent (1).exe Win32/OpenCandy.J potentially unsafe application deleted C:\Users\Leonardo\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\uTorrent (2).exe a variant of MSIL/WebCompanion.A potentially unwanted application cleaned by deleting C:\Users\Leonardo\Documents\Mobogenie\Downloads\MoboInstaller.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting C:\Users\Leonardo\Downloads\cctrialsetup.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting C:\Users\Leonardo\Downloads\Adobe Photoshop Lightroom 6.2\adobe.snr.patch-painter v.1.4\adobe.snr.patch-painter.exe a variant of Win32/HackTool.Patcher.CH potentially unsafe application cleaned by deleting C:\Users\Leonardo\Downloads\Adobe Photoshop Lightroom CC 6.5.1 Multilingual + Crack [SadeemPC]\Crack.rar a variant of Win32/HackTool.Patcher.CH potentially unsafe application deleted C:\Users\Leonardo\Downloads\Adobe Photoshop Lightroom CC 6.5.1 Multilingual + Crack [SadeemPC]\Adobe CC 2015 Universal Patcher 1.5\adobe.snr.patch-painter.exe a variant of Win32/HackTool.Patcher.CH potentially unsafe application cleaned by deleting C:\Users\Leonardo\Downloads\Adobe Photoshop Lightroom CC 6.5.1 Multilingual + Crack [SadeemPC]\ADOBE_CC_V2015-XFORCE\disable_activation.cmd BAT/HostsChanger.A potentially unsafe application cleaned by deleting C:\Users\Leonardo\Downloads\Adobe Photoshop Lightroom CC 6.5.1 Multilingual + Crack [SadeemPC]\ADOBE_CC_V2015-XFORCE\xf-adobecc2015.exe a variant of Win32/Keygen.HA potentially unsafe application cleaned by deleting C:\Users\Leonardo\Downloads\Adobe Photoshop Lightroom CC 6.5.1 Multilingual + Crack [SadeemPC]\AMT Emulator v0.7 by PainteR\amtemu.v0.7-painter.exe a variant of Win32/HackTool.Crack.FS potentially unsafe application cleaned by deleting C:\Windows\System32\drivers\legendasdrv.sys a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting C:\Windows.old\Users\Leonardo\AppData\Local\Microsoft\Windows\INetCache\IE\G7R9BQNT\drp[1].js Win32/DriverPack.B potentially unwanted application cleaned by deleting C:\Windows.old\Users\Leonardo\AppData\Local\Microsoft\Windows\INetCache\IE\YYJPPRSH\config[1].js Win32/DriverPack.B potentially unwanted application cleaned by deleting C:\Windows.old.000\Documents and Settings\Leopardo\AppData\Roaming\uTorrent\updates\3.5.0_43916.exe Win32/OpenCandy.J potentially unsafe application deleted C:\Windows.old.000\Documents and Settings\Public\Documents\GenieSoft\Common\Cef\1.0.0\CrashReport.exe a variant of Win32/Adware.Mobogenie.A application cleaned by deleting C:\Windows.old.000\Documents and Settings\Public\Documents\GenieSoft\Common\Cef\1.0.0\CrashRpt.dll a variant of Win32/Adware.Mobogenie.A application cleaned by deleting C:\Windows.old.000\Documents and Settings\Public\Documents\GenieSoft\Common\Cef\1.0.0\icudt.dll a variant of Win32/Adware.Mobogenie.A application cleaned by deleting C:\Windows.old.000\Documents and Settings\Public\Documents\GenieSoft\Common\Cef\1.0.0\libEGL.dll a variant of Win32/Adware.Mobogenie.A application cleaned by deleting C:\Windows.old.000\Documents and Settings\Public\Documents\GenieSoft\Common\Cef\1.0.0\libGLESv2.dll a variant of Win32/Adware.Mobogenie.A application cleaned by deleting
  8. Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 28/03/2019 Hora da análise: 23:20 Arquivo de registro: 43ac7738-51c9-11e9-b0bc-7085c22de615.json -Informação do software- Versão: 3.7.1.2839 Versão de componentes: 1.0.563 Versão do pacote de definições: 1.0.9906 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 10 (Build 14393.105) CPU: x64 Sistema de arquivos: NTFS Usuário: DESKTOP-07KB229\Leonardo -Resumo da análise- Tipo de análise: Análise de Ameaças Análise Iniciada Por: Manual Resultado: Concluído Objetos verificados: 278859 Ameaças detectadas: 24 Ameaças em quarentena: 0 Tempo decorrido: 19 min, 23 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 2 PUP.Optional.WinYahoo.TskLnk, C:\Users\Leonardo\AppData\Local\{47F071AC-6358-1D14-0EC0-38FC2AA8C464}\HowToRemove, Nenhuma ação do usuário, [768], [542290],1.0.9906 PUP.Optional.WinYahoo.TskLnk, C:\USERS\LEONARDO\APPDATA\LOCAL\{47F071AC-6358-1D14-0EC0-38FC2AA8C464}, Nenhuma ação do usuário, [768], [542290],1.0.9906 Arquivo: 22 PUP.Optional.WinYahoo, C:\USERS\LEONARDO\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\1QF36YM3.DEFAULT\SEARCHPLUGINS\YHS.XML, Nenhuma ação do usuário, [237], [457864],1.0.9906 PUP.Optional.WinYahoo.TskLnk, C:\USERS\LEONARDO\APPDATA\LOCAL\{47F071AC-6358-1D14-0EC0-38FC2AA8C464}\HOWTOREMOVE\HOWTOREMOVE.HTML, Nenhuma ação do usuário, [768], [542290],1.0.9906 PUP.Optional.WinYahoo.TskLnk, C:\Users\Leonardo\AppData\Local\{47F071AC-6358-1D14-0EC0-38FC2AA8C464}\HowToRemove\chromium-min.jpg, Nenhuma ação do usuário, [768], [542290],1.0.9906 PUP.Optional.WinYahoo.TskLnk, C:\Users\Leonardo\AppData\Local\{47F071AC-6358-1D14-0EC0-38FC2AA8C464}\HowToRemove\control panel-min-min.JPG, Nenhuma ação do usuário, [768], [542290],1.0.9906 PUP.Optional.WinYahoo.TskLnk, C:\Users\Leonardo\AppData\Local\{47F071AC-6358-1D14-0EC0-38FC2AA8C464}\HowToRemove\down.png, Nenhuma ação do usuário, [768], [542290],1.0.9906 PUP.Optional.WinYahoo.TskLnk, C:\Users\Leonardo\AppData\Local\{47F071AC-6358-1D14-0EC0-38FC2AA8C464}\HowToRemove\ff menu.JPG, Nenhuma ação do usuário, [768], [542290],1.0.9906 PUP.Optional.WinYahoo.TskLnk, C:\Users\Leonardo\AppData\Local\{47F071AC-6358-1D14-0EC0-38FC2AA8C464}\HowToRemove\ff search engine-min.png, Nenhuma ação do usuário, [768], [542290],1.0.9906 PUP.Optional.WinYahoo.TskLnk, C:\Users\Leonardo\AppData\Local\{47F071AC-6358-1D14-0EC0-38FC2AA8C464}\HowToRemove\hp-min ff.png, Nenhuma ação do usuário, [768], [542290],1.0.9906 PUP.Optional.WinYahoo.TskLnk, C:\Users\Leonardo\AppData\Local\{47F071AC-6358-1D14-0EC0-38FC2AA8C464}\HowToRemove\hp-min ie.png, Nenhuma ação do usuário, [768], [542290],1.0.9906 PUP.Optional.WinYahoo.TskLnk, C:\Users\Leonardo\AppData\Local\{47F071AC-6358-1D14-0EC0-38FC2AA8C464}\HowToRemove\search engine.gif, Nenhuma ação do usuário, [768], [542290],1.0.9906 PUP.Optional.WinYahoo.TskLnk, C:\Users\Leonardo\AppData\Local\{47F071AC-6358-1D14-0EC0-38FC2AA8C464}\HowToRemove\setup pages.gif, Nenhuma ação do usuário, [768], [542290],1.0.9906 PUP.Optional.WinYahoo.TskLnk, C:\Users\Leonardo\AppData\Local\{47F071AC-6358-1D14-0EC0-38FC2AA8C464}\HowToRemove\sp-min.png, Nenhuma ação do usuário, [768], [542290],1.0.9906 PUP.Optional.WinYahoo.TskLnk, C:\Users\Leonardo\AppData\Local\{47F071AC-6358-1D14-0EC0-38FC2AA8C464}\HowToRemove\start-min.jpg, Nenhuma ação do usuário, [768], [542290],1.0.9906 PUP.Optional.WinYahoo.TskLnk, C:\Users\Leonardo\AppData\Local\{47F071AC-6358-1D14-0EC0-38FC2AA8C464}\HowToRemove\up.png, Nenhuma ação do usuário, [768], [542290],1.0.9906 PUP.Optional.WinYahoo.TskLnk, C:\Users\Leonardo\AppData\Local\{47F071AC-6358-1D14-0EC0-38FC2AA8C464}\tanalon, Nenhuma ação do usuário, [768], [542290],1.0.9906 PUP.Optional.WinYahoo.TskLnk, C:\Users\Leonardo\AppData\Local\{47F071AC-6358-1D14-0EC0-38FC2AA8C464}\uninst.exe, Nenhuma ação do usuário, [768], [542290],1.0.9906 PUP.Optional.WinYahoo.TskLnk, C:\Users\Leonardo\AppData\Local\{47F071AC-6358-1D14-0EC0-38FC2AA8C464}\uninstp.dat, Nenhuma ação do usuário, [768], [542290],1.0.9906 CrackTool.Agent, C:\PROGRAMDATA\MICROSOFT\Windows DEFENDER\SCANS\FILESSTASH\703A792E-879C-8ACF-8B4F-79C09E299CC2_1D4341F59E6F01B, Nenhuma ação do usuário, [6111], [445980],1.0.9906 CrackTool.Agent, C:\USERS\LEONARDO\DESKTOP\AMTEMU.V0.9.2-PAINTER.EXE, Nenhuma ação do usuário, [6111], [445980],1.0.9906 CrackTool.Agent, C:\USERS\LEONARDO\DOWNLOADS\AMT EMULATOR V0.9.2 BY PAINTER.ZIP, Nenhuma ação do usuário, [6111], [445980],1.0.9906 Adware.InstallCore, C:\USERS\LEONARDO\DOWNLOADS\LEGENDAS36.EXE, Nenhuma ação do usuário, [428], [654211],1.0.9906 Adware.InstallCore, C:\USERS\LEONARDO\DOWNLOADS\LEGENDAS36.ZIP, Nenhuma ação do usuário, [428], [654211],1.0.9906 Setor físico: 0 (Nenhum item malicioso detectado) Instrumentação do Windows (WMI): 0 (Nenhum item malicioso detectado) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:53:40, on 28/03/2019 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.14393.0000) Boot mode: Normal Running processes: C:\Program Files (x86)\scpbrad\scpbradguard.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Users\Leonardo\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files (x86)\Steam\Steam.exe C:\Users\Leonardo\AppData\Roaming\uTorrent\updates\3.5.5_45146\utorrentie.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Users\Leonardo\AppData\Roaming\uTorrent\updates\3.5.5_45146\utorrentie.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe C:\Users\Leonardo\AppData\Roaming\uTorrent\helper\helper.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://us.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=is_s_18_46_jny_soverj_00_00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzuyBtDzzyD0CtBtB0D0EyCtCyDyCyBzyzytN0D0TzutN1L2XzuyEtFtBzztFtDtFtCyDyDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2S1QzztB1T1R1PtC1PtGyE1RtD1PtGyEzy1QyBtG1StAyDtCtGyEtD1StAyD1R1QyDzy1P1SyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1R1OzztByCyDtBtG1PtC1R1OtGyEyB1QzztGzy1TzztAtG1T1O1P1O1SyEtB1RyB1SyDyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1Rzu%26cr%3D140780865%26a%3Dis_s_18_46_jny_soverj_00_00%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll O3 - Toolbar: Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKCU\..\Run: [OneDrive] "C:\Users\Leonardo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Users\Leonardo\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [Chromium] "c:\users\leonardo\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{3e5390e4-d693-4b32-9989-924b6f6cbdce}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AdobeUpdateService - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Kaspersky Anti-Virus Service 19.0.0 (AVP19.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe O23 - Service: COM+ Leg Service (COMLegService) - Unknown owner - C:\Program Files (x86)\Legendas-3.7\srvlegendas.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\elevation_service.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: klvssbridge64_19.0.0 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Componente de Segurança Bradesco (scpbradserv) - Scopus Soluções em TI Ltda - C:\Program Files (x86)\scpbrad\scpbradserv.exe O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13590 bytes
  9. Seguem abaixo os logs solicitados: ~ ZHPCleaner v2019.3.25.39 by Nicolas Coolman (2019/03/25) ~ Run by Leonardo (Administrator) (27/03/2019 22:11:48) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : C:\Users\Leonardo\Desktop\ZHPCleaner (R).txt ~ Quarantine : C:\Users\Leonardo\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 14393) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (1) DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride [Bad : 127.0.0.1;localhost;<local>] =>Hijacker.Proxy ---\\ Hosts file (0) ~ No malicious or unnecessary items found. ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (16) MOVED file: C:\Users\Leonardo\Desktop\Popcorn-Time.lnk [Bad : C:\Users\Leonardo\AppData\Local\Popcorn-Time\Popcorn-Time.exe](.The NWJS Community.) =>.SUP.PopcornTime MOVED file: C:\Users\Leonardo\Desktop\µTorrent.lnk [Bad : C:\Users\Leonardo\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\Users\Leonardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [Bad : C:\Users\Leonardo\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\Users\Leonardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk [Bad : C:\Users\Leonardo\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\Windows\Prefetch\POPCORN-TIME-0.3.10-SETUP.EXE-EBB9BB08.pf =>.SUP.PopcornTime MOVED file: C:\Windows\Prefetch\POPCORN-TIME.EXE-C8B9FD19.pf =>.SUP.PopcornTime MOVED file: C:\Users\Leonardo\Downloads\Popcorn-Time-0.3.10-Setup.exe [Popcorn Time - Popcorn-Time 0.3.10 Installer] =>.SUP.PopcornTime MOVED file: C:\Users\Leonardo\Downloads\PopcornTime-latest.exe [Popcorn Time - Popcorn Time Setup] =>.SUP.PopcornTime MOVED file: C:\Users\Leonardo\Downloads\uTorrent (1).exe [BitTorrent Inc. - µTorrent] =>BitTorrent (P2P) MOVED file: C:\Users\Leonardo\Downloads\uTorrent (2).exe [BitTorrent Inc. - µTorrent] =>BitTorrent (P2P) MOVED file: C:\Users\Leonardo\Downloads\uTorrent.exe [BitTorrent Inc. - µTorrent] =>BitTorrent (P2P) MOVED file: C:\Users\Leonardo\AppData\Local\Temp\{144BF97B-D80F-414D-ADC9-4DA847117AC1}.png =>.SUP.Temporary.Picture MOVED folder: C:\ProgramData\ByteFence =>.SUP.ByteFence MOVED folder: C:\Users\Leonardo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn-Time =>.SUP.PopcornTime MOVED folder: C:\Users\Leonardo\AppData\Local\Popcorn-Time =>.SUP.PopcornTime MOVED folder: C:\Users\Leonardo\AppData\LocalLow\Free Lives =>.SUP.Empty ---\\ Registry ( Key, Value, Data) (9) DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Popcorn-Time [Popcorn Time] =>.SUP.PopcornTime DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.] =>BitTorrent (P2P) DELETED key*: HKU\.DEFAULT\Software\ByteFence [] =>.SUP.ByteFence DELETED key**: HKU\S-1-5-18\Software\ByteFence [] =>.SUP.ByteFence DELETED key*: HKEY_USERS\S-1-5-21-1219567488-1477629150-2880592445-1001\Software\csastats [] =>Adware.InstallCore DELETED key**: HKCU\Software\csastats [] =>Adware.InstallCore DELETED key*: HKLM\SOFTWARE\Microsoft\RADAR\HeapLeakDetection\DiagnosedApplications\ByteFence.exe [] =>.SUP.ByteFence DELETED value: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\MAIN\FeatureControl\FEATURE_BROWSER_EMULATION\\ByteFence.exe [9000] =>.SUP.ByteFence DELETED value: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} [0x020000000000000000000000] =>Trojan.Dropper ---\\ Summary of the elements found (8) https://nicolascoolman.eu/2017/04/03/hijacker-proxy/ =>Hijacker.Proxy https://nicolascoolman.eu/2017/02/26/superfluous-popcorntime/ =>.SUP.PopcornTime https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P) https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Picture https://nicolascoolman.eu/2017/03/13/superfluous-bytefence/ =>.SUP.ByteFence https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty https://nicolascoolman.eu/2017/09/19/adware-installcore-3/ =>Adware.InstallCore https://www.anti-malware.top/2016/09/07/trojan-dropper/ =>Trojan.Dropper ---\\ Other deletions. (22) ~ Registry Keys Tracing deleted (22) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 693 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 12/12 ~ Space saving (bytes) : 1670 ~ End of clean in 00h01mn50s ---\\ Reports (2) ZHPCleaner--27032019-22_09_34.txt ZHPCleaner-[R]-27032019-22_13_38.txt Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:21:06, on 27/03/2019 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.14393.0000) Boot mode: Normal Running processes: C:\Program Files (x86)\scpbrad\scpbradguard.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe C:\Users\Leonardo\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Users\Leonardo\AppData\Roaming\uTorrent\updates\3.5.5_45146\utorrentie.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe C:\Users\Leonardo\AppData\Roaming\uTorrent\updates\3.5.5_45146\utorrentie.exe C:\Users\Leonardo\AppData\Roaming\uTorrent\helper\helper.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe C:\Users\Leonardo\Desktop\ZHPCleaner.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://us.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=is_s_18_46_jny_soverj_00_00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzuyBtDzzyD0CtBtB0D0EyCtCyDyCyBzyzytN0D0TzutN1L2XzuyEtFtBzztFtDtFtCyDyDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2S1QzztB1T1R1PtC1PtGyE1RtD1PtGyEzy1QyBtG1StAyDtCtGyEtD1StAyD1R1QyDzy1P1SyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1R1OzztByCyDtBtG1PtC1R1OtGyEyB1QzztGzy1TzztAtG1T1O1P1O1SyEtB1RyB1SyDyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1Rzu%26cr%3D140780865%26a%3Dis_s_18_46_jny_soverj_00_00%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll O3 - Toolbar: Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKCU\..\Run: [OneDrive] "C:\Users\Leonardo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Users\Leonardo\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [Chromium] "c:\users\leonardo\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{3e5390e4-d693-4b32-9989-924b6f6cbdce}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AdobeUpdateService - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Kaspersky Anti-Virus Service 19.0.0 (AVP19.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe O23 - Service: COM+ Leg Service (COMLegService) - Unknown owner - C:\Program Files (x86)\Legendas-3.7\srvlegendas.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\73.0.3683.86\elevation_service.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: klvssbridge64_19.0.0 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Componente de Segurança Bradesco (scpbradserv) - Scopus Soluções em TI Ltda - C:\Program Files (x86)\scpbrad\scpbradserv.exe O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13503 bytes
  10. Bom dia. Já fiz todos os procedimentos solicitados no Tópico Oficial. Recentemente meu computador passou a não acessar nenhuma página, mesmo estando conectado à internet. Outros dispositivos, utilizando o mesmo wi-fi, continuam acessando normalmente. Isso aconteceu após instalar o programa do site https://legendasbrasil.org/. Não sei se isso tem relação com o problema, mas após desinstalar o programa, voltei a conseguir acessar os sites. O problema é que, alguns dias depois, o problema voltou a acontecer, e persiste. Hoje não consigo acessar nenhum site, em nenhum navegador. A seguinte mensagem é mostrada: "Não é possível acessar esse site". Informa que o site "encerrou a conexão inesperadamente". Em anexo, deixo o print da tela ao tentar acessar um site qualquer. Segue meu log para exame: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 22:10:32, on 25/03/2019 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.14393.0000) Boot mode: Normal Running processes: C:\Program Files (x86)\scpbrad\scpbradguard.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avpui.exe C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe C:\Users\Leonardo\AppData\Roaming\uTorrent\uTorrent.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Users\Leonardo\AppData\Roaming\uTorrent\updates\3.5.5_45095\utorrentie.exe C:\Users\Leonardo\AppData\Roaming\uTorrent\updates\3.5.5_45095\utorrentie.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\IPCBox\AdobeIPCBroker.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\CCXProcess.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud Experience\libs\node.exe C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\CCLibrary.exe C:\Program Files (x86)\Common Files\Adobe\Creative Cloud Libraries\libs\node.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://us.search.yahoo.com/yhs/web?hspart=elm&hsimp=yhs-001&type=is_s_18_46_jny_soverj_00_00&param1=1&param2=f%3D1%26b%3DIE%26cc%3Dus%26pa%3Dhodor%26cd%3D2XzuyEtN2Y1L1QzuyBtDzzyD0CtBtB0D0EyCtCyDyCyBzyzytN0D0TzutN1L2XzuyEtFtBzztFtDtFtCyDyDtN1L1CzutN1L1G1B1V1N2Y1L1Qzu2S1QzztB1T1R1PtC1PtGyE1RtD1PtGyEzy1QyBtG1StAyDtCtGyEtD1StAyD1R1QyDzy1P1SyB2QtN1M1F1B2Z1V1N2Y1L1Qzu2S1T1R1OzztByCyDtBtG1PtC1R1OtGyEyB1QzztGzy1TzztAtG1T1O1P1O1SyEtB1RyB1SyDyC2QtN0A0LzuyEtN1B2Z1V1T1S1NzutN1Q2Z1B1P1Rzu%26cr%3D140780865%26a%3Dis_s_18_46_jny_soverj_00_00%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office15\URLREDIR.DLL O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O2 - BHO: ScriptInjectionPluginBrowserHelperObject - {EC1E29BB-F56A-45D8-B023-D3EF710FA0E0} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll O3 - Toolbar: Kaspersky Protection Toolbar - {C500C267-63BF-451F-8797-4D720C9A2ED9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\IEExt\ie_plugin.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKCU\..\Run: [OneDrive] "C:\Users\Leonardo\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Users\Leonardo\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent O4 - HKCU\..\Run: [Chromium] "c:\users\leonardo\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory=Default --restore-last-session O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O17 - HKLM\System\CCS\Services\Tcpip\..\{3e5390e4-d693-4b32-9989-924b6f6cbdce}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: AdobeUpdateService - Adobe Inc. - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Kaspersky Anti-Virus Service 19.0.0 (AVP19.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\avp.exe O23 - Service: COM+ Leg Service (COMLegService) - Unknown owner - C:\Program Files (x86)\Legendas-3.7\srvlegendas.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\72.0.3626.121\elevation_service.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: klvssbridge64_19.0.0 - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Free 19.0.0\x64\vssbridge64.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Unknown owner - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe (file missing) O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe O23 - Service: Origin Client Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginClientService.exe O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Componente de Segurança Bradesco (scpbradserv) - Scopus Soluções em TI Ltda - C:\Program Files (x86)\scpbrad\scpbradserv.exe O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13305 bytes
×
×
  • Criar Novo...