Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

Ir para conteúdo

clmumber

Participante
  • Postagens

    138
  • Desde

  • Última visita

Últimos Visitantes

O bloco dos últimos visitantes está desativado e não está sendo visualizado por outros usuários.

  1. Boa tarde Segue o log C:\IObit\IObitLauncher.exe a variant of Win32/IObit.L potentially unwanted application cleaned by deleting C:\Program Files\VIJFO7FIQX\FUG1RXAL5.exe a variant of MSIL/Kryptik.LML trojan cleaned by deleting C:\Program Files (x86)\4KDownload\4kvideodownloader\4k.video.downloader stogram YouTube.to.mp3-patch.v.2.3-WD.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application cleaned by deleting C:\Program Files (x86)\Atari\Test Drive Unlimited 2\rld.dll Win32/HackTool.Crack.CY potentially unsafe application cleaned by deleting C:\Program Files (x86)\Atari\Test Drive Unlimited 2\steam_api.dll a variant of Win32/HackTool.Crack.EN potentially unsafe application cleaned by deleting C:\Program Files (x86)\Common Files\Hotlattip\uninstall.exe a variant of Win32/TrojanDropper.Addrop.CL trojan cleaned by deleting C:\Program Files (x86)\IObit\LiveUpdate\IObitLauncher.exe a variant of Win32/IObit.L potentially unwanted application cleaned by deleting C:\Program Files (x86)\Seed Trade\Seed\seed.exe a variant of Win32/Kryptik.GTMF trojan cleaned by deleting C:\Users\Cleiton\AppData\Local\Mozilla\Firefox\Profiles\03zygwdv.default\cache2\entries\5F4EBB5CDC0A6118C64A88FC2E9F989F25F9AACA a variant of Win32/Kryptik.GTLM trojan deleted C:\Users\Cleiton\AppData\Local\Mozilla\Firefox\Profiles\03zygwdv.default\cache2\entries\7F9DB68C7C83BBD7969E3200CA1FB50D7C27FF60 Win32/InstallCore.AYH potentially unwanted application cleaned by deleting C:\Users\Cleiton\AppData\Local\Mozilla\Firefox\Profiles\03zygwdv.default\cache2\entries\C030CFEB5089CA218F39D114D015E0AA2BBF6A1B HTML/ScrInject.B trojan deleted C:\Users\Cleiton\AppData\Local\Mozilla\Firefox\Profiles\03zygwdv.default\cache2\entries\EED00DB56A8D2F5DA750D77406F698BB552F5594 Win32/InstallCore.Gen.A potentially unwanted application cleaned by deleting C:\Users\Cleiton\AppData\Local\Temp\RiVxsKOJ.exe.part Win32/InstallCore.AYH potentially unwanted application cleaned by deleting C:\Users\Cleiton\AppData\Roaming\uTorrent\updates\3.5.3_44428.exe a variant of MSIL/WebCompanion.A potentially unwanted application cleaned by deleting C:\Users\Cleiton\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\Microsoft Toolkit 2.5.2.exe a variant of MSIL/HackKMS.G potentially unsafe application cleaned by deleting C:\Users\Cleiton\Downloads\4K Video Downloader Crack v4 With Serial Key Full Version Download.zip a variant of Win32/Kryptik.GNDZ trojan deleted C:\Users\Cleiton\Downloads\ccsetup552.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting C:\Users\Cleiton\Downloads\ccsetup557.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting C:\Users\Cleiton\Downloads\phonerescue_3.7_70339a2-1010.zip a variant of Win32/DownloadAssistant.S potentially unwanted application deleted C:\Users\Cleiton\Downloads\wondershare-drfone-v103023-final-crack-download_5db9bf6-1123.zip a variant of Win32/DownloadAssistant.S potentially unwanted application deleted C:\Users\Cleiton\Downloads\4K Video Downloader 4.4.2.2255 + Crack [CracksNow]\Patch\Patch.zip a variant of Win32/HackTool.Patcher.A potentially unsafe application deleted C:\Users\Cleiton\Downloads\4K Video Downloader 4.4.2.2255 + Crack [CracksNow]\Patch\Patch\4k.video.downloader stogram YouTube.to.mp3-patch.v.2.3-WD.exe a variant of Win32/HackTool.Patcher.A potentially unsafe application cleaned by deleting C:\Users\Cleiton\Downloads\ATIVADOR 4K-VIDEO\Crack\4K Video Downloader Crack .exe a variant of MSIL/HackTool.StuffFull.F potentially unsafe application cleaned by deleting C:\Users\Cleiton\Downloads\CorelDRAW Graphics Suite X8 18.0.0.448 Multilingual + Keygen [SadeemPC]\CorelDRAW Graphics Suite X8 18.0.0.448 Multilingual + Keygen [SadeemPC]\CDGSX8.iso a variant of Win32/Keygen.PE potentially unsafe application deleted C:\Users\Cleiton\Downloads\CorelDRAW Graphics Suite X8 18.0.0.448 Multilingual + Keygen [SadeemPC]\CorelDRAW Graphics Suite X8 18.0.0.448 Multilingual + Keygen [SadeemPC]\Crack\Keygen.exe a variant of Win32/Keygen.PE potentially unsafe application cleaned by deleting C:\Users\Cleiton\Downloads\Office 2013\Daemon Tools Lite 2014 - 4491-0356.exe Win32/DownWare.L potentially unwanted application cleaned by deleting C:\Users\Cleiton\Downloads\Office 2013\Ativador Office 2013 [ArphaNET]\ARQUIVOS\Microsoft Toolkit 2.5.2.rar a variant of MSIL/HackKMS.G potentially unsafe application deleted C:\Windows\Installer\90a1a79.msi a variant of Win32/Adware.Adposhel.CC application deleted computador esta melhor, mas ainda aparece algumas paginas do nada!
  2. Boa tarde, Segue os logs Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:14:58, on 03/06/2019 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?PC=ACJB R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll O4 - HKLM\..\Run: [PDFVPrinter] C:\Program Files (x86)\Classic PDF Editor\PDFVPrinter.exe O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [OneDrive] "C:\Users\Cleiton\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [uTorrent] "C:\Users\Cleiton\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-21-4085650246-1502467932-1502206782-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019161157196\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" (User '?') O4 - HKUS\S-1-5-21-4085650246-1502467932-1502206782-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019161157196\..\Run: [OneDrive] "C:\Users\Cleiton\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background (User '?') O4 - HKUS\S-1-5-21-4085650246-1502467932-1502206782-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019161157196\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe (User '?') O4 - HKUS\S-1-5-21-4085650246-1502467932-1502206782-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019161157196\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" (User '?') O4 - HKUS\S-1-5-21-4085650246-1502467932-1502206782-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019161157196\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun (User '?') O4 - HKUS\S-1-5-21-4085650246-1502467932-1502206782-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019161157196\..\Run: [uTorrent] "C:\Users\Cleiton\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED (User '?') O4 - HKUS\S-1-5-21-4085650246-1502467932-1502206782-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-06032019161157196\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR (User '?') O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://www.caixa.gov.br O17 - HKLM\System\CCS\Services\Tcpip\..\{22c53490-a62e-402c-b1d4-94029ca91b3e}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{2863f81a-7d36-4e76-8c2b-9a761cbb13c2}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{29effb5f-324a-40d4-a8ea-7ca7bab42112}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{3780f459-5d60-49a6-94e3-0a4fa42c8059}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{59969b07-d747-4c56-ae92-bd8f72e222d6}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{5b685a62-da66-40f7-baa2-12d44f4df276}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{720b7f5c-c05c-4548-baaa-d17522a44b12}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{7e959cbd-4249-47cc-b49d-17d1e9ca0dd6}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{9ab39485-52b6-4b8a-ae51-d4bcf2928f61}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{aef4f2f9-9438-46a7-ba96-910d002ece57}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{beff52d0-eccd-11e7-a38d-806e6f6e6963}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{e4e2aeda-e5f2-4163-b11d-af9fc4103fee}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{e4e825c3-c85e-4c35-b42d-0accf0309ae3}: NameServer = 8.8.8.8 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8 O17 - HKLM\System\CS1\Services\Tcpip\..\{22c53490-a62e-402c-b1d4-94029ca91b3e}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8 O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: WSISAllmytubechrome - (no CLSID) - (no file) O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\elevation_service.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) Technology Access Software Asset Manager (Intel(R) TA SAM) - Intel Corporation - C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Quick Access Service (QASvc) - Acer Incorporate - C:\Program Files\Acer\Acer Quick Access\QASvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: TenorshareWinAdService - Tenorshare Co,Ltd - C:\Users\Cleiton\AppData\Roaming\Tenorshare\Service\configs\TenorshareWinAdService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing) -- End of file - 16629 bytes Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 03/06/2019 Hora da análise: 14:36 Arquivo de registro: 8a5284ae-862e-11e9-9bd4-0250f2d6bf59.json -Informação do software- Versão: 3.7.1.2839 Versão de componentes: 1.0.586 Versão do pacote de definições: 1.0.10886 Licença: Gratuita -Informação do sistema- Sistema operacional: Windows 10 (Build 17134.765) CPU: x64 Sistema de arquivos: NTFS Usuário: Cleitinho\Cleiton -Resumo da análise- Tipo de análise: Análise de Ameaças Análise Iniciada Por: Manual Resultado: Concluído Objetos verificados: 402133 Ameaças detectadas: 80 Ameaças em quarentena: 78 Tempo decorrido: 27 min, 32 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 1 Adware.Wajam.Generic, C:\Windows\VIZAVLVPWMPLHSTHTOB.VIZ, Quarentena, [4890], [580247],1.0.10886 Chave de registro: 12 Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Quarentena, [517], [-1],0.0.0 Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\YWVkNWEyYzJiMGI, Quarentena, [517], [556539],1.0.10886 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarentena, [2945], [260247],1.0.10886 Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MTc1YW, Quarentena, [4890], [580247],1.0.10886 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Quarentena, [2945], [260247],1.0.10886 Adware.NetAdapter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NATIVEDESKTOPMEDIASERVICE, Quarentena, [1038], [683133],1.0.10886 Adware.Adposhel, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\C2282038-984E-572F-689D-0E040B5A7334, Quarentena, [485], [690145],1.0.10886 Adware.Adposhel, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{D997E213-5469-473F-B7AC-0AE34698DC51}, Quarentena, [485], [690145],1.0.10886 Adware.Adposhel, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{D997E213-5469-473F-B7AC-0AE34698DC51}, Quarentena, [485], [690145],1.0.10886 Adware.NetAdapter, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{E8C0E438-37AD-46BE-B3EF-E4820E1CF138}, Quarentena, [1038], [683129],1.0.10886 Adware.NetAdapter, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{66996631-D5C7-472D-84C3-2F7B6D07C7F3}, Quarentena, [1038], [683129],1.0.10886 Adware.NetAdapter, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{66996631-D5C7-472D-84C3-2F7B6D07C7F3}, Quarentena, [1038], [683129],1.0.10886 Valor de registro: 10 Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Falha ao remover, [517], [-1],0.0.0 Adware.Wajam, HKU\S-1-5-21-4085650246-1502467932-1502206782-1001\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [517], [-1],0.0.0 Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Falha ao remover, [517], [-1],0.0.0 Adware.NetAdapter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{9E658FE0-EEA9-4643-A5E6-FC1EF19A2EEA}, Quarentena, [1038], [683134],1.0.10886 Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MTc1YW|IMAGEPATH, Quarentena, [4890], [580247],1.0.10886 PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, Quarentena, [7101], [676881],1.0.10886 PUM.Optional.DisableMRT, HKLM\SOFTWARE\POLICIES\MICROSOFT\MRT|DONTOFFERTHROUGHWUAU, Quarentena, [7101], [676880],1.0.10886 PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTREPORTINFECTIONINFORMATION, Quarentena, [7101], [676881],1.0.10886 PUM.Optional.DisableMRT, HKLM\SOFTWARE\WOW6432NODE\POLICIES\MICROSOFT\MRT|DONTOFFERTHROUGHWUAU, Quarentena, [7101], [676880],1.0.10886 Adware.NetAdapter, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NATIVEDESKTOPMEDIASERVICE|IMAGEPATH, Quarentena, [1038], [683133],1.0.10886 Dados de registro: 23 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{22c53490-a62e-402c-b1d4-94029ca91b3e}|NameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{22c53490-a62e-402c-b1d4-94029ca91b3e}|DhcpNameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{2863f81a-7d36-4e76-8c2b-9a761cbb13c2}|NameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{29effb5f-324a-40d4-a8ea-7ca7bab42112}|NameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{29effb5f-324a-40d4-a8ea-7ca7bab42112}|DhcpNameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3780f459-5d60-49a6-94e3-0a4fa42c8059}|NameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{3780f459-5d60-49a6-94e3-0a4fa42c8059}|DhcpNameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{59969b07-d747-4c56-ae92-bd8f72e222d6}|NameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{59969b07-d747-4c56-ae92-bd8f72e222d6}|DhcpNameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5b685a62-da66-40f7-baa2-12d44f4df276}|NameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5b685a62-da66-40f7-baa2-12d44f4df276}|DhcpNameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{720b7f5c-c05c-4548-baaa-d17522a44b12}|NameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{7e959cbd-4249-47cc-b49d-17d1e9ca0dd6}|NameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9ab39485-52b6-4b8a-ae51-d4bcf2928f61}|NameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9ab39485-52b6-4b8a-ae51-d4bcf2928f61}|DhcpNameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{aef4f2f9-9438-46a7-ba96-910d002ece57}|NameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{aef4f2f9-9438-46a7-ba96-910d002ece57}|DhcpNameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{beff52d0-eccd-11e7-a38d-806e6f6e6963}|NameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{e4e2aeda-e5f2-4163-b11d-af9fc4103fee}|NameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{e4e825c3-c85e-4c35-b42d-0accf0309ae3}|NameServer, Substituído, [2945], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{e4e825c3-c85e-4c35-b42d-0accf0309ae3}|DhcpNameServer, Substituído, [2945], [-1],0.0.0 Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 2 Adware.Wajam, C:\USERS\CLEITON\APPDATA\LOCAL\TEMP\wjmE045.tmp, Quarentena, [517], [511084],1.0.10886 Adware.Wajam, C:\PROGRAM FILES\YWVkNWEyYzJiMGI, Quarentena, [517], [556539],1.0.10886 Arquivo: 32 Adware.Zdengo, C:\Windows\System32\drivers\YjJhYWZiYTFkNDdi, Quarentena, [518], [671707],0.0.0 PUP.Optional.FFHijacker.Generic, C:\PROGRAM FILES (X86)\MOZILLA FIREFOX\DEFAULTS\PREF\SECURE_CERT.JS, Quarentena, [5347], [505085],1.0.10886 Adware.Wajam, C:\USERS\CLEITON\APPDATA\LOCAL\TEMP\wjmE045.tmp\update.exe, Quarentena, [517], [511084],1.0.10886 Adware.Wajam, C:\PROGRAM FILES\YWVkNWEyYzJiMGI\WBE_uninstall.dat, Quarentena, [517], [556539],1.0.10886 Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\MjRiYjg.exe, Quarentena, [517], [556539],1.0.10886 Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\mozcrt19.dll, Quarentena, [517], [556539],1.0.10886 Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\NDY1MDA1M, Quarentena, [517], [556539],1.0.10886 Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\nspr4.dll, Quarentena, [517], [556539],1.0.10886 Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\nss3.dll, Quarentena, [517], [556539],1.0.10886 Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\NzUzOTlkOGE2.exe, Quarentena, [517], [556539],1.0.10886 Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\ODBlNTEzNzBjN.ico, Quarentena, [517], [556539],1.0.10886 Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\plc4.dll, Quarentena, [517], [556539],1.0.10886 Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\plds4.dll, Quarentena, [517], [556539],1.0.10886 Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\service.dat, Quarentena, [517], [556539],1.0.10886 Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\service_64.dat, Quarentena, [517], [556539],1.0.10886 Adware.Wajam, C:\Program Files\YWVkNWEyYzJiMGI\softokn3.dll, Quarentena, [517], [556539],1.0.10886 Adware.Wajam.Generic, C:\Windows\VIZAVLVPWMPLHSTHTOB.VIZ, Quarentena, [4890], [580247],1.0.10886 MachineLearning/Anomalous.100%, C:\Windows\MGZHY.EXE, Quarentena, [0], [392687],1.0.10886 Adware.Adposhel, C:\Windows\SYSTEM32\TASKS\C2282038-984E-572F-689D-0E040B5A7334, Quarentena, [485], [690145],1.0.10886 Adware.Adposhel, C:\PROGRA~3\3C101F~1\{570C0~1, Quarentena, [485], [690145],1.0.10886 Adware.Adposhel, C:\PROGRAMDATA\3C101F24-47AE-572F-DA82-F298922D6474\{570C05AA-6BD6-1720-8E1A-1C6B782C0F40}, Quarentena, [485], [690145],1.0.10886 Adware.NetAdapter, C:\Windows\SYSTEM32\TASKS\{E8C0E438-37AD-46BE-B3EF-E4820E1CF138}, Quarentena, [1038], [683129],1.0.10886 Spyware.PasswordStealer, C:\USERS\CLEITON\APPDATA\ROAMING\MICROSOFT\Windows\FCITWADR\ECTFIAEB.EXE, Quarentena, [494], [689143],1.0.10886 Adware.Adposhel, C:\USERS\CLEITON\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\1418462950965527827\DESKTOP_MEDIA_SERVICE.EXE, Quarentena, [485], [690296],1.0.10886 Adware.Csdimonetize, C:\USERS\CLEITON\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\GHFXQLJLPLI\BGSNOXGDWHA.EXE, Quarentena, [2917], [688678],1.0.10886 Adware.Csdimonetize, C:\USERS\CLEITON\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\50I55YC4IZJ\UHP133DZQF5.EXE, Quarentena, [2917], [688678],1.0.10886 Adware.Adposhel, C:\USERS\CLEITON\APPDATA\ROAMING\ZHP\QUARANTINE\ZHPCLEANER\1418462950965527827\WATCHDOG.EXE, Quarentena, [485], [690148],1.0.10886 Adware.Adposhel, C:\USERS\CLEITON\APPDATA\LOCAL\TEMP\{B320D06C-B020-EE7B-B828-BC34CE6A1F5D}\NA.EXE, Quarentena, [485], [688270],1.0.10886 Adware.Zdengo, C:\USERS\CLEITON\APPDATA\LOCAL\TEMP\NSN137C.TMP\HQVJVHNOWNS.DLL, Quarentena, [518], [689439],1.0.10886 Adware.Zdengo, C:\USERS\CLEITON\APPDATA\LOCAL\TEMP\NSG2A4F.TMP\HQVJVHNOWNS.DLL, Quarentena, [518], [689439],1.0.10886 Adware.Adposhel, C:\USERS\CLEITON\APPDATA\LOCAL\TEMP\3A5AC2D049644DF9, Quarentena, [485], [690145],1.0.10886 Adware.Zdengo, C:\Windows\TEMP\NSS2D4D.TMP\HQVJVHNOWNS.DLL, Quarentena, [518], [689439],1.0.10886 Setor físico: 0 (Nenhum item malicioso detectado) Instrumentação do Windows (WMI): 0 (Nenhum item malicioso detectado) (end)
  3. Boa tarde, segue ~ ZHPCleaner v2019.5.29.79 by Nicolas Coolman (2019/05/29) ~ Run by Cleiton (Administrator) (30/05/2019 14:58:08) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Scan ~ Report : C:\Users\Cleiton\Desktop\ZHPCleaner (S).txt ~ Quarantine : C:\Users\Cleiton\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows 10 Home Single Language, 64-bit (Build 17134) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (1) FOUND data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\webcompanion.com\\http [Bad : Sensitive Websites] =>PUP.Optional.LavasoftWebCompanion ---\\ Hosts file (1) ~ The hosts file is legitimate (11) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (138) FOUND file: C:\Users\Cleiton\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [Bad : C:\Users\Cleiton\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) FOUND folder: C:\Users\Cleiton\AppData\Roaming\DRPNano =>.SUP.DriverPack FOUND folder: C:\Users\Cleiton\AppData\Roaming\DRPSu =>.SUP.DriverPack FOUND file: C:\Users\Cleiton\AppData\Roaming\uTorrent\uTorrent.exe [BitTorrent Inc. - µTorrent] =>BitTorrent (P2P) FOUND file: C:\Users\Cleiton\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk =>BitTorrent (P2P) FOUND file: C:\Windows\Prefetch\CLOUDPRINTER.EXE-5DE8B619.pf =>.SUP.Linkury FOUND file: C:\Windows\Prefetch\ONESYSTEMCARE.EXE-2CCD2217.pf =>PUP.Optional.OneSystemCare FOUND file: C:\Windows\Prefetch\QUOTEEX.EXE-D93407B1.pf =>PUP.Optional.Graftor FOUND file: C:\Windows\Installer\wix{1FD817A6-63E1-4519-BFD4-228DABB7AB6B}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{3490D0B6-BB44-417E-8B82-F30C7B48E3F5}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{3540181E-340A-4E7A-B409-31663472B2F7}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{38103AAA-83CB-4540-B206-56800AE60A36}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{5095145F-A690-405A-9ABF-69C7A7319834}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{583882E7-EA75-4BF0-94FA-7DD5A3731C76}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{5FA8C4BE-8C74-4B9C-9B49-EBF759230189}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{6044DB2C-08DE-4B8B-90AE-64D6FF604AC6}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{62F029AB-85F2-0000-866A-9FC0DD99DDBC}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{6B23CC2A-3660-4430-920B-E3C706A252E4}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{7CC317AF-84DC-4C6B-9894-453545969892}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{919CE8F2-C283-4FBE-B29F-3BEA088C37EA}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{9CBA860F-7437-4A75-941C-8EF559F2D145}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{B2E25355-C24E-4E7D-8AD3-455D59810838}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{B5E06417-A4AC-4225-B36E-7E34C91616E7}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{B6DCCCD3-520D-4485-B642-FCC136CE12C3}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{C3ACFCEA-240F-4DCC-A0C3-DD55FEE6C3C2}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{C4123106-B685-48E6-B9BD-E4F911841EB4}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{EBCCD2B7-FCA9-4714-97A4-CBC48E544BB2}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{F814D094-197F-43C8-87FA-3210BB780486}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{FBA3961B-D1DF-493C-BC1F-E67D3B832895}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\wix{FE4EC25E-CCE4-477C-80B4-C6B351EE1BC6}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Windows\Installer\MSI8198.tmp [ - IFilter] =>.SUP.MSIInstaller FOUND file: C:\Windows\Installer\MSIC455.tmp [ - IFilter] =>.SUP.MSIInstaller FOUND file: C:\Windows\Installer\18288a.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\24997c1.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\2595fe7e.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\85acf8c.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\8d25416.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\961e739.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\9828546.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\a6ee8b1.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Windows\Installer\cacd8e.msp =>.SUP.Obsolete.Adobe FOUND file: C:\Users\Cleiton\AppData\Local\Temp\aria-debug-11364.log =>.SUP.Temporary.OneDrive FOUND file: C:\Users\Cleiton\AppData\Local\Temp\CVR96EF.tmp.cvr =>.SUP.Temporary.Empty FOUND file: C:\Users\Cleiton\AppData\Local\Temp\wct40B9.tmp =>.SUP.Temporary.Office FOUND file: C:\Users\Cleiton\AppData\Local\Temp\wct6FEA.tmp =>.SUP.Temporary.Office FOUND file: C:\Users\Cleiton\AppData\Local\Temp\wctAF34.tmp =>.SUP.Temporary.Office FOUND file: C:\Users\Cleiton\AppData\Local\Temp\wctCDAA.tmp =>.SUP.Temporary.Office FOUND file: C:\Users\Cleiton\AppData\Local\Temp\~DF2C682E584EE63F8B.TMP =>.SUP.Temporary.Other FOUND file: C:\Users\Cleiton\AppData\Local\Temp\~DFA791E0F68A13FABA.TMP =>.SUP.Temporary.Other FOUND file: C:\Users\Cleiton\AppData\Local\Temp\~DFFF69883CC45BF063.TMP =>.SUP.Temporary.Other FOUND file: C:\Users\Cleiton\Downloads\Office 2013\Ativador Office 2013 [ArphaNET]\ARQUIVOS\Microsoft Toolkit 2.5.2\Microsoft Toolkit 2.5.2.exe [CODYQX4 - Microsoft Toolkit] =>HackTool.WinActivator FOUND file: C:\Users\Cleiton\AppData\Local\ApplicationHosting.dat =>PUP.Optional.ApplicationHosting FOUND file: C:\Windows\SysWOW64\SSL =>Trojan.Agent FOUND file: C:\ProgramData\1418462950965527827\desktop_media_service.exe =>Adware.CrossRider FOUND file: C:\ProgramData\1418462950965527827\watchdog.exe =>Adware.CrossRider FOUND file: C:\ProgramData\Microsoft Toolkit\Settings.xml =>HackTool.AutoKMS FOUND folder: C:\ProgramData\Jetmedia\NativeDesktopMediaService =>PUP.Optional.Jetmedia FOUND folder: C:\ProgramData\1418462950965527827 =>Adware.CrossRider FOUND folder: C:\ProgramData\Jetmedia =>PUP.Optional.Jetmedia FOUND folder: C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS FOUND file: C:\Users\Cleiton\AppData\Roaming\50i55yc4izj\uhp133dzqf5.exe [Cal - Boulsis Setup] =>Heuristic.Wizzcaster FOUND file: C:\Users\Cleiton\AppData\Roaming\ghfxqljlpli\bgsnoxgdwha.exe [Cal - Boulsis Setup] =>Heuristic.Wizzcaster FOUND folder: C:\Users\Cleiton\AppData\Roaming\50i55yc4izj =>Heuristic.Wizzcaster FOUND folder: C:\Users\Cleiton\AppData\Roaming\ghfxqljlpli =>Heuristic.Wizzcaster FOUND folder: C:\ProgramData\IObit\ASCDownloader =>.SUP.AdvancedSystemCare FOUND folder: C:\ProgramData\Application Data\lavasoft\web companion =>PUP.Optional.LavasoftWebCompanion FOUND folder: C:\Users\Cleiton\AppData\Local\AdvinstAnalytics =>.SUP.Various FOUND folder: C:\Users\Cleiton\AppData\Local\{DEEBE8B7-FA43-840F-97DB-A1E7B3B35D7F} =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI16B.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI173B.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI175.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI17FA.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI1DAD.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI230A.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI2515.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI263.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI29AE.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI2A5A.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI2AD1.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI3823.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI3D52.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI3ED.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI400F.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI444D.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI4E6C.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI500D.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI5A2C.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI5C02.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI5E94.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI60D7.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI6C0F.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI6CFC.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI6FAD.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI737D.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI73C0.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI7885.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI7C3C.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI8160.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI83BE.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI8704.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI8772.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI8947.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI8AB4.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI8ECD.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI9318.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI987C.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI9A70.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSI9BF2.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIA2B3.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIA64E.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIA85C.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIB351.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIB526.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIBE80.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIC266.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIC30E.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIC934.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSICB4D.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSICBCB.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSICCF3.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSID621.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSID6E2.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIE2D9.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIE42A.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIF3F6.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIF562.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIF7C0.tmp- =>.SUP.Empty FOUND folder: C:\Windows\Installer\MSIFA6B.tmp- =>.SUP.Empty FOUND folder: C:\Users\Cleiton\AppData\LocalLow\EmieBrowserModeList =>.SUP.Empty FOUND folder: C:\Users\Cleiton\AppData\LocalLow\EmieSiteList =>.SUP.Empty FOUND folder: C:\Users\Cleiton\AppData\LocalLow\EmieUserList =>.SUP.Empty FOUND folder: C:\Users\Cleiton\AppData\LocalLow\VDownloader =>.SUP.Empty ---\\ Registry ( Key, Value, Data) (34) FOUND key: HKCU\Software\WajIEnhance [] =>PUP.Optional.Wajam FOUND key: HKEY_USERS\S-1-5-21-4085650246-1502467932-1502206782-1001\SOFTWARE\WajIEnhance [] =>PUP.Optional.WaEnhance FOUND key: HKCU\Software\WajIEnhance [] =>PUP.Optional.WaEnhance FOUND key: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.] =>BitTorrent (P2P) FOUND key: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\akamaihd.net [] =>.SUP.AkamaiHD FOUND key: HKCU\Software\Microsoft\Internet Explorer\DOMStorage\cdncache-a.akamaihd.net [2068] =>.SUP.AkamaiHD FOUND key: [X64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} [_IReiEngineEvents] =>PUP.Optional.Legacy FOUND key: [X64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} [IReiEngine] =>PUP.Optional.Legacy FOUND key: [X64] HKLM\SOFTWARE\Classes\AppID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 [] =>PUP.Optional.Wajam FOUND key: [X64] HKLM\SOFTWARE\Classes\Installer\Products\436F6625D7B77354DBCD89DDC6CFAB1A [Online Application] =>.SUP.Microleaves FOUND key: [X64] HKLM\SOFTWARE\Classes\Installer\Products\883B9FC4AF873C644B9091F62EFCF502 [NativeDesktopMediaService] =>PUP.Optional.Jetmedia FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{22c53490-a62e-402c-b1d4-94029ca91b3e}\\NameServer [Bad : 82.163.142.182 82.163.143.180] =>Adware.DNSUnlocker FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{29effb5f-324a-40d4-a8ea-7ca7bab42112}\\NameServer [Bad : 82.163.142.182 82.163.143.180] =>Adware.DNSUnlocker FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3780f459-5d60-49a6-94e3-0a4fa42c8059}\\NameServer [Bad : 82.163.142.182 82.163.143.180] =>Adware.DNSUnlocker FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5b685a62-da66-40f7-baa2-12d44f4df276}\\NameServer [Bad : 82.163.142.182 82.163.143.180] =>Adware.DNSUnlocker FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9ab39485-52b6-4b8a-ae51-d4bcf2928f61}\\NameServer [Bad : 82.163.142.182 82.163.143.180] =>Adware.DNSUnlocker FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e4e825c3-c85e-4c35-b42d-0accf0309ae3}\\NameServer [Bad : 82.163.142.182 82.163.143.180] =>Adware.DNSUnlocker FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{22c53490-a62e-402c-b1d4-94029ca91b3e}\\DhcpNameServer [Bad : 82.163.142.182] =>Adware.DNSUnlocker FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{3780f459-5d60-49a6-94e3-0a4fa42c8059}\\DhcpNameServer [Bad : 82.163.142.182] =>Adware.DNSUnlocker FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{5b685a62-da66-40f7-baa2-12d44f4df276}\\DhcpNameServer [Bad : 82.163.142.182] =>Adware.DNSUnlocker FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9ab39485-52b6-4b8a-ae51-d4bcf2928f61}\\DhcpNameServer [Bad : 82.163.142.182] =>Adware.DNSUnlocker FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{e4e825c3-c85e-4c35-b42d-0accf0309ae3}\\DhcpNameServer [Bad : 82.163.142.182] =>Adware.DNSUnlocker FOUND data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\NameServer [Bad : 82.163.142.182 82.163.143.180] =>Adware.DNSUnlocker FOUND key: [X64] HKLM\SOFTWARE\SrcAAAesom Browser Enhancer [] =>PUP.Optional.Wajam FOUND key: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\QuoteexU [] =>PUP.Optional.Graftor FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Jetmedia [] =>PUP.Optional.Jetmedia FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\SrcAAAesom Browser Enhancer [] =>PUP.Optional.Wajam FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 [] =>PUP.Optional.Wajam FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546} [_IReiEngineEvents] =>PUP.Optional.Legacy FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4} [IReiEngine] =>PUP.Optional.Legacy FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\App Paths\QuoteexU [] =>PUP.Optional.Graftor FOUND key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4CF9B388-78FA-46C3-B409-196FE2CF5F20} [Jetmedia] =>PUP.Optional.Jetmedia FOUND value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Cleiton\Downloads\ZHPCleaner.exe.FriendlyAppName [ZHPCleaner] =>.SUP.Orphan.MUICache FOUND value: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\\C:\Users\Cleiton\Downloads\ZHPCleaner.exe.ApplicationCompany [Nicolas Coolman] =>.SUP.Orphan.MUICache ---\\ Summary of the elements found (29) https://nicolascoolman.eu/2017/03/12/superfluous-lavasoftwebcompanion/ =>PUP.Optional.LavasoftWebCompanion https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P) https://nicolascoolman.eu/2018/07/04/sup-driverpack/ =>.SUP.DriverPack https://nicolascoolman.eu/2017/09/07/pup-optional-salus/ =>.SUP.Linkury https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.OneSystemCare https://nicolascoolman.eu/2017/03/30/adware-graftor/ =>PUP.Optional.Graftor https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.MSIInstaller https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Obsolete.Adobe https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.OneDrive https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Office https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Other https://nicolascoolman.eu/2017/01/13/hacktool-winactivator/ =>HackTool.WinActivator https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.ApplicationHosting https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Trojan.Agent https://nicolascoolman.eu/2017/03/11/pup-optional-crossrider/ =>Adware.CrossRider https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS https://nicolascoolman.eu/2019/05/22/pup-optional-jetmedia/ =>PUP.Optional.Jetmedia https://nicolascoolman.eu/2017/09/15/adware-wizzcaster/ =>Heuristic.Wizzcaster https://nicolascoolman.eu/2017/12/26/sup-advancedsystemcare/ =>.SUP.AdvancedSystemCare https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Various https://nicolascoolman.eu/2017/02/24/pup-optional-wajam/ =>PUP.Optional.Wajam https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.WaEnhance https://nicolascoolman.eu/2017/12/26/sup-akamaihd/ =>.SUP.AkamaiHD https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.Legacy https://nicolascoolman.eu/2017/12/24/sup-microleaves/ =>.SUP.Microleaves https://nicolascoolman.eu/2017/09/27/adware-dnsunlocker/ =>Adware.DNSUnlocker https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Orphan.MUICache ---\\ Result of repair ~ Any repair made ~ Browser not found (Google Chrome) ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 124537 ~ Items found : 183 ~ Items cancelled : 0 ~ Items options : 12/12 ~ Space saving (bytes) : 156237 ~ End of search in 00h27mn11s ---\\ Reports (5) ZHPCleaner-[R]-30082017-13_16_08.txt ZHPCleaner-[R]-30082017-15_46_28.txt ZHPCleaner--30082017-11_55_51.txt ZHPCleaner--30082017-15_45_27.txt ZHPCleaner--30052019-15_25_19.txt Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:34:06, on 30/05/2019 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Program Files\Acer\Acer Power Management\ePowerWMPRemoteCtrl.exe C:\Program Files (x86)\Windows Media Player\wmplayer.exe C:\HijackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?PC=ACJB R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll O4 - HKLM\..\Run: [PDFVPrinter] C:\Program Files (x86)\Classic PDF Editor\PDFVPrinter.exe O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [OneDrive] "C:\Users\Cleiton\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [uTorrent] "C:\Users\Cleiton\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://www.caixa.gov.br O17 - HKLM\System\CCS\Services\Tcpip\..\{2863f81a-7d36-4e76-8c2b-9a761cbb13c2}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{59969b07-d747-4c56-ae92-bd8f72e222d6}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{720b7f5c-c05c-4548-baaa-d17522a44b12}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{7e959cbd-4249-47cc-b49d-17d1e9ca0dd6}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{aef4f2f9-9438-46a7-ba96-910d002ece57}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{beff52d0-eccd-11e7-a38d-806e6f6e6963}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{e4e2aeda-e5f2-4163-b11d-af9fc4103fee}: NameServer = 8.8.8.8 O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: WSISAllmytubechrome - (no CLSID) - (no file) O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\elevation_service.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) Technology Access Software Asset Manager (Intel(R) TA SAM) - Intel Corporation - C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MTc1YW - Unknown owner - rundll32.exe (file missing) O23 - Service: NativeDesktopMediaService - Unknown owner - C:\ProgramData\1418462950965527827\desktop_media_service.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Quick Access Service (QASvc) - Acer Incorporate - C:\Program Files\Acer\Acer Quick Access\QASvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: TenorshareWinAdService - Tenorshare Co,Ltd - C:\Users\Cleiton\AppData\Roaming\Tenorshare\Service\configs\TenorshareWinAdService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing) O23 - Service: YWVkNWEyYzJiMGI - Unknown owner - C:\Program Files\YWVkNWEyYzJiMGI\NzUzOTlkOGE2.exe -- End of file - 14780 bytes
  4. Boa tarde, Realizei os procedimentos, segue o log hijack Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 14:21:48, on 30/05/2019 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe C:\HijackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?PC=ACJB R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = www.google.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = www.google.com R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\ssv.dll O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~1\Office15\GROOVEEX.DLL O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_181\bin\jp2ssv.dll O4 - HKLM\..\Run: [PDFVPrinter] C:\Program Files (x86)\Classic PDF Editor\PDFVPrinter.exe O4 - HKLM\..\Run: [ADSKAppManager] "C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgr.exe" -showminimized -checkautorun O4 - HKLM\..\Run: [Aimersoft Helper Compact.exe] C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKLM\..\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [OneDrive] "C:\Users\Cleiton\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe O4 - HKCU\..\Run: [iCloudServices] "C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun O4 - HKCU\..\Run: [uTorrent] "C:\Users\Cleiton\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: http://*.webcompanion.com O17 - HKLM\System\CCS\Services\Tcpip\..\{22c53490-a62e-402c-b1d4-94029ca91b3e}: NameServer = 82.163.142.182 82.163.143.180 O17 - HKLM\System\CCS\Services\Tcpip\..\{2863f81a-7d36-4e76-8c2b-9a761cbb13c2}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{29effb5f-324a-40d4-a8ea-7ca7bab42112}: NameServer = 82.163.142.182 82.163.143.180 O17 - HKLM\System\CCS\Services\Tcpip\..\{3780f459-5d60-49a6-94e3-0a4fa42c8059}: NameServer = 82.163.142.182 82.163.143.180 O17 - HKLM\System\CCS\Services\Tcpip\..\{59969b07-d747-4c56-ae92-bd8f72e222d6}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{5b685a62-da66-40f7-baa2-12d44f4df276}: NameServer = 82.163.142.182 82.163.143.180 O17 - HKLM\System\CCS\Services\Tcpip\..\{720b7f5c-c05c-4548-baaa-d17522a44b12}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{7e959cbd-4249-47cc-b49d-17d1e9ca0dd6}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{9ab39485-52b6-4b8a-ae51-d4bcf2928f61}: NameServer = 82.163.142.182 82.163.143.180 O17 - HKLM\System\CCS\Services\Tcpip\..\{aef4f2f9-9438-46a7-ba96-910d002ece57}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{beff52d0-eccd-11e7-a38d-806e6f6e6963}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{e4e2aeda-e5f2-4163-b11d-af9fc4103fee}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{e4e825c3-c85e-4c35-b42d-0accf0309ae3}: NameServer = 82.163.142.182 82.163.143.180 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 82.163.142.182 82.163.143.180 O17 - HKLM\System\CS1\Services\Tcpip\..\{22c53490-a62e-402c-b1d4-94029ca91b3e}: NameServer = 82.163.142.182 82.163.143.180 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 82.163.142.182 82.163.143.180 O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: WSISAllmytubechrome - (no CLSID) - (no file) O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.169\elevation_service.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: HP DS Service - Hewlett-Packard Company - C:\Program Files (x86)\HP\HPBDSService\HPBDSService.exe O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe O23 - Service: Intel(R) Technology Access Software Asset Manager (Intel(R) TA SAM) - Intel Corporation - C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Update Manager (iumsvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Launch Manager Service (LMSvc) - Acer Incorporate - C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MTc1YW - Unknown owner - rundll32.exe (file missing) O23 - Service: NativeDesktopMediaService - Unknown owner - C:\ProgramData\1418462950965527827\desktop_media_service.exe O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Corel License Validation Service V2, Powered by arvato (PSI_SVC_2) - arvato digital services llc - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe O23 - Service: Quick Access Service (QASvc) - Acer Incorporate - C:\Program Files\Acer\Acer Quick Access\QASvc.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: TeamViewer 13 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: TenorshareWinAdService - Tenorshare Co,Ltd - C:\Users\Cleiton\AppData\Roaming\Tenorshare\Service\configs\TenorshareWinAdService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing) O23 - Service: YWVkNWEyYzJiMGI - Unknown owner - C:\Program Files\YWVkNWEyYzJiMGI\NzUzOTlkOGE2.exe -- End of file - 15656 bytes
×
×
  • Criar Novo...