Ir para conteúdo

BABOO e KTS 2018 no YouTube Loja online do BABOO

lari120

Participante
  • Postagens

    351
  • Desde

  • Última visita

Últimos Visitantes

3.865 visualizações
  1. Analise de log

    Como desinstalo os programas que foram baixados?
  2. Analise de log

    Funcionamento aparentemente normal
  3. Analise de log

    ~ ZHPCleaner v2017.9.13.156 by Nicolas Coolman (2017/09/13) ~ Run by Adm (Administrator) (14/09/2017 19:30:39) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Reparo ~ Report : C:\Users\Adm\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Adm\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Serviços (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Navegadores de Internet (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Arquivo hosts (1) ~ O arquivo hosts é legítimo (21) ---\\ Tarefas automáticas agendadas. (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Explorer ( Arquivos, Pastas) (14) MOVIDO pasta: C:\Users\Adm\AppData\Local\Temp\LavasoftTcpServicer.log =>PUP.Optional.LavasoftWebCompanion MOVIDO pasta: C:\Users\Adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage =>PUP.Optional.Generic MOVIDO pasta: C:\Users\Adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage-journal =>PUP.Optional.Generic MOVIDO pasta: C:\Users\Adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3mwhxgzltpnyp.cloudfront.net_0.localstorage =>.SUP.CloudfrontNet MOVIDO pasta: C:\Users\Adm\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_d3mwhxgzltpnyp.cloudfront.net_0.localstorage-journal =>.SUP.CloudfrontNet MOVIDO arquivo*: C:\ProgramData\panda_url_filtering =>.SUP.StartSearch MOVIDO arquivo*: C:\Users\Adm\AppData\Local\Tempzxpsign084f4e5712f968eb =>.SUP.Temporary MOVIDO arquivo*: C:\Users\Adm\AppData\Local\Tempzxpsign1c3ac4148bd0b34b =>.SUP.Temporary MOVIDO arquivo*: C:\Users\Adm\AppData\Local\Tempzxpsign2076cfb69c2af787 =>.SUP.Temporary MOVIDO arquivo*: C:\Users\Adm\AppData\Local\Tempzxpsign2afb7d3cd1eeaf5c =>.SUP.Temporary MOVIDO arquivo*: C:\Users\Adm\AppData\Local\Tempzxpsign32b131e39f4cf8c8 =>.SUP.Temporary MOVIDO arquivo*: C:\Users\Adm\AppData\Local\Tempzxpsign4c56c6cb91f29a25 =>.SUP.Temporary MOVIDO arquivo*: C:\Users\Adm\AppData\Local\Tempzxpsign9613f8e2924bc051 =>.SUP.Temporary MOVIDO arquivo*: C:\Users\Adm\AppData\Local\Tempzxpsignc2bdc11cc733db0e =>.SUP.Temporary ---\\ Registro ( Chaves, Valores, Dados ) (51) SUPRIMIDO dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{D0C2BF7F-4FE1-4BEA-BD36-443C72139B17}\\DhcpNameServer [Bad : 187.23.72.15 187.23.72.16] =>Hijacker.Browser SUPRIMIDO dados: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 187.23.72.15 187.23.72.16] =>Hijacker.Browser SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\1916A2AF346D399F50313C393200F14140456616 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\2A83E9020591A55FC6DDAD3FB102794C52B24E70 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\2B84BFBB34EE2EF949FE1CBE30AA026416EB2216 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\305F8BD17AA2CBC483A4C41B19A39A0C75DA39D6 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\367D4B3B4FCBBC0B767B2EC0CDB2A36EAB71A4EB [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\3A850044D8A195CD401A680C012CB0A3B5F8DC08 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\40AA38731BD189F9CDB5B9DC35E2136F38777AF4 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\43D9BCB568E039D073A74A71D8511F7476089CC3 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\471C949A8143DB5AD5CDF1C972864A2504FA23C9 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\51C3247D60F356C7CA3BAF4C3F429DAC93EE7B74 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\5DE83EE82AC5090AEA9D6AC4E7A6E213F946E179 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\61793FCBFA4F9008309BBA5FF12D2CB29CD4151A [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\637162CC59A3A1E25956FA5FA8F60D2E1C52EAC6 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\63FEAE960BAA91E343CE2BD8B71798C76BDB77D0 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\6431723036FD26DEA502792FA595922493030F97 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\7D7F4414CCEF168ADF6BF40753B5BECD78375931 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\80962AE4D6C5B442894E95A13E4A699E07D694CF [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\86E817C81A5CA672FE000F36F878C19518D6F844 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\8E5BD50D6AE686D65252F843A9D4B96D197730AB [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\9845A431D51959CAF225322B4A4FE9F223CE6D15 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\B533345D06F64516403C00DA03187D3BFEF59156 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\B86E791620F759F17B8D25E38CA8BE32E7D5EAC2 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\C060ED44CBD881BD0EF86C0BA287DDCF8167478C [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\CEA586B2CE593EC7D939898337C57814708AB2BE [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\D018B62DC518907247DF50925BB09ACF4A5CB3AD [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\F8A54E03AADC5692B850496A4C4630FFEAA29D83 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\SystemCertificates\Disallowed\Certificates\FA6660A94AB45F6A88C0D7874D89A863D74DEE97 [Avast Software] =>PUM.Misplaced.Certificate SUPRIMIDO chave*: HKLM\SOFTWARE\Wow6432Node\pandasecuritytb [] =>.SUP.VisicomMedia SUPRIMIDO chave: HKLM\SOFTWARE\pandasecuritytb [] =>.SUP.VisicomMedia SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer [DataContainer Class] =>PUP.Optional.LavasoftWebCompanion SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1 [DataContainer Class] =>PUP.Optional.LavasoftWebCompanion SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController [DataController Class] =>PUP.Optional.LavasoftWebCompanion SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1 [DataController Class] =>PUP.Optional.LavasoftWebCompanion SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable [DataTable Class] =>PUP.Optional.LavasoftWebCompanion SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1 [DataTable Class] =>PUP.Optional.LavasoftWebCompanion SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields [DataTableFields Class] =>PUP.Optional.LavasoftWebCompanion SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1 [DataTableFields Class] =>PUP.Optional.LavasoftWebCompanion SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder [DataTableHolder Class] =>PUP.Optional.LavasoftWebCompanion SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1 [DataTableHolder Class] =>PUP.Optional.LavasoftWebCompanion SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic [LSPLogic Class] =>PUP.Optional.LavasoftWebCompanion SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1 [LSPLogic Class] =>PUP.Optional.LavasoftWebCompanion SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager [ReadOnlyManager Class] =>PUP.Optional.LavasoftWebCompanion SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1 [ReadOnlyManager Class] =>PUP.Optional.LavasoftWebCompanion SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController [WFPController Class] =>PUP.Optional.LavasoftWebCompanion SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1 [WFPController Class] =>PUP.Optional.LavasoftWebCompanion SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\panda_url_filtering [] =>.SUP.StartSearch SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\Panda_URL_Filteringb_RASAPI32 [] =>.SUP.StartSearch SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Tracing\Panda_URL_Filteringb_RASMANCS [] =>.SUP.StartSearch SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\pandasecuritytb [Panda Security and Visicom Media Inc.] =>.SUP.VisicomMedia ---\\ Resumo dos elementos encontrados na sua estação de trabalho (8) https://nicolascoolman.eu/2017/03/12/superfluous-lavasoftwebcompanion/ =>PUP.Optional.LavasoftWebCompanion https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.Generic https://nicolascoolman.eu/2017/02/02/superfluous-cloudfrontnet/ =>.SUP.CloudfrontNet https://nicolascoolman.eu/2017/09/11/sup-startsearch/ =>.SUP.StartSearch https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary https://nicolascoolman.eu/2017/02/02/hijacker-browser-2/ =>Hijacker.Browser https://nicolascoolman.eu/2017/06/26/trojan-certlock/ =>PUM.Misplaced.Certificate https://nicolascoolman.eu/2017/03/18/superfluous-visicommedia/ =>.SUP.VisicomMedia ---\\ Dodatkowe oczyszczenie. (16) ~ Chave de registro Tracing Supprimido (16) ~ Remover os relatórios antigos ZHPCleaner. (0) ---\\ Resultado de reparação Reparação efectuada com sucesso ~ Este navegador está faltando ! (Mozilla Firefox) ~ Este navegador está faltando ! (Opera Software) ---\\ Estatísticas ~ Items scan : 529 ~ Items encontrado : 0 ~ items cancelados : 0 ~ Items réparo : 65 ~ End of clean in 00h02mn41s ~==================== ZHPCleaner-[R]-14092017-19_33_20.txt ZHPCleaner--14092017-19_29_08.txt
  4. Analise de log

    # AdwCleaner 7.0.2.1 - Logfile created on Thu Sep 14 00:08:58 2017 # Updated on 2017/29/08 by Malwarebytes # Running on Windows 7 Ultimate (X64) # Mode: clean # Support: https://www.malwarebytes.com/support ***** [ Services ] ***** Deleted: WCAssistantService Deleted: panda_url_filtering ***** [ Folders ] ***** Deleted: C:\Program Files (x86)\pandasecuritytb Deleted: C:\Users\Adm\AppData\LocalLow\pandasecuritytb Deleted: C:\Users\Work\AppData\LocalLow\pandasecuritytb Deleted: C:\ProgramData\lavasoft\web companion Deleted: C:\ProgramData\Application Data\lavasoft\web companion Deleted: C:\Program Files (x86)\lavasoft\web companion Deleted: C:\Users\Adm\AppData\Roaming\lavasoft\web companion Deleted: C:\Users\All Users\lavasoft\web companion Deleted: C:\Users\Todos os Usuários\lavasoft\web companion Deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion Deleted: C:\Windows\System32\config\systemprofile\AppData\Local\LavasoftTcpService Deleted: C:\Windows\SysWOW64\config\systemprofile\AppData\Local\LavasoftTcpService Deleted: C:\Program Files\Panda Security URL Filtering ***** [ Files ] ***** Deleted: C:\Windows\System32\lavasofttcpservice.dll Deleted: C:\Windows\SysWOW64\lavasofttcpservice.dll Deleted: C:\Windows\System32\LavasoftTcpServiceOff.ini Deleted: C:\Windows\SysNative\LavasoftTcpServiceOff.ini Deleted: C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini Deleted: C:\Windows\SysNative\LavasoftTcpService64.dll ***** [ DLL ] ***** No malicious DLLs cleaned. ***** [ WMI ] ***** No malicious WMI cleaned. ***** [ Shortcuts ] ***** No malicious shortcuts cleaned. ***** [ Tasks ] ***** No malicious tasks deleted. ***** [ Registry ] ***** Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{59CD6F86-DF43-4499-A603-C0F44D077A64} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{59CD6F86-DF43-4499-A603-C0F44D077A64} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{481618E9-EA7F-46A3-BA8D-83B1291F7729} Deleted: [Value] - HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules|{481618E9-EA7F-46A3-BA8D-83B1291F7729} Deleted: [Key] - HKLM\SOFTWARE\Lavasoft\Web Companion Deleted: [Key] - HKU\.DEFAULT\Software\Lavasoft\Web Companion Deleted: [Key] - HKU\S-1-5-21-2546937290-3797187286-197559017-1000\Software\Lavasoft\Web Companion Deleted: [Key] - HKU\S-1-5-18\Software\Lavasoft\Web Companion Deleted: [Key] - HKCU\Software\Lavasoft\Web Companion Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890} Deleted: [Key] - HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105} Deleted: [Key] - HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057} Deleted: [Value] - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion Deleted: [Value] - HKU\S-1-5-21-2546937290-3797187286-197559017-1000\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion Deleted: [Value] - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion Deleted: [Value] - HKCU\Software\Microsoft\Windows\CurrentVersion\Run|Web Companion Deleted: [Key] - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\{2CE0F1DC-C504-4B7B-A385-D94A2531DFFB} Deleted: [Key] - HKLM\SOFTWARE\Classes\AppID\LavasoftTcpService.exe ***** [ Firefox (and derivatives) ] ***** No malicious Firefox entries deleted. ***** [ Chromium (and derivatives) ] ***** Plugin deleted: Panda Safe Web - Plugin deleted: Panda Safe Web - ************************* ::Tracing keys deleted ::Winsock settings cleared ::Additional Actions: 0 ************************* C:/AdwCleaner/AdwCleaner[S0].txt - [5224 B] - [2017/9/13 22:31:7] ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt ########## ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.1.4 (07.09.2017) Operating System: Windows 7 Ultimate x64 Ran by Adm (Administrator) on 13/09/2017 at 21:23:58,08 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 40 Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\04RU0YBQ (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2BGD9MQ3 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2T1VKSNN (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DODKU1T (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYENVI9U (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CE2SZQ42 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COEZD9RB (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DAMUE65C (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EETHTDNA (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ITJ68596 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGXLPGKT (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KURIXIYP (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0KBANHL (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OIJH9L2J (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCO03JCF (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOONKN94 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUW4O58C (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF60I7X1 (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLBNQ9ED (Temporary Internet Files Folder) Successfully deleted: C:\Users\Adm\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZX74IG1Q (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\04RU0YBQ (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2BGD9MQ3 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2T1VKSNN (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DODKU1T (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BYENVI9U (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\CE2SZQ42 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\COEZD9RB (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DAMUE65C (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EETHTDNA (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ITJ68596 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JGXLPGKT (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\KURIXIYP (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N0KBANHL (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OIJH9L2J (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\PCO03JCF (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\UOONKN94 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WUW4O58C (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XF60I7X1 (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\XLBNQ9ED (Temporary Internet Files Folder) Successfully deleted: C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZX74IG1Q (Temporary Internet Files Folder) Registry: 2 Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C0C3A6C6-03BC-4195-8FCB-AEA091301353} (Registry Key) Successfully deleted: HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} (Registry Value) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 13/09/2017 at 21:50:12,63 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:53:09, on 13/09/2017 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18763) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe C:\PROGRA~2\GbPlugin\GbpSv.exe F:\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&PC=UE12&ocid=UE12DHP R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Carteira Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll O3 - Toolbar: Carteira Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" O4 - HKLM\..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60 O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: http://www.caixa.gov.br O17 - HKLM\System\CCS\Services\Tcpip\..\{D0C2BF7F-4FE1-4BEA-BD36-443C72139B17}: NameServer = 8.8.8.8,8.8.4.4 O17 - HKLM\System\CS1\Services\Tcpip\..\{D0C2BF7F-4FE1-4BEA-BD36-443C72139B17}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bitdefender RedLine Service (bdredline) - Bitdefender - C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\ASRock\XFast LAN\spd.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel(R) Small Business Advantage (intelsba) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NitroPDFDriverCreatorReadSpool11 (NitroDriverReadSpool11) - Nitro Software, Inc. - C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe O23 - Service: NitroUpdateService - Unknown owner - C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE O23 - Service: PAExec - Power Admin LLC - C:\Windows\PAExec.exe O23 - Service: ProductAgentService - Bitdefender - C:\Program Files\Bitdefender Agent\ProductAgentService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 11948 bytes
  5. Analise de log

    Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 10/09/17 Hora da análise: 12:28 Arquivo de registro: adad6678-963c-11e7-9ecc-bc5ff4cbc70d.json Administrador: Sim -Informação do software- Versão: 3.2.2.2018 Versão de componentes: 1.0.188 Versão do pacote de definições: 1.0.2767 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x64 Sistema de arquivos: NTFS Usuário: Adm-PC\Adm -Resumo da análise- Tipo de análise: Análise de Ameaças Resultado: Concluído Objetos verificados: 381823 Ameaças detectadas: 0 (Nenhum item malicioso detectado) Ameaças em quarentena: 0 (Nenhum item malicioso detectado) Tempo decorrido: 17 min, 46 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 0 (Nenhum item malicioso detectado) Setor físico: 0 (Nenhum item malicioso detectado) (end) -Detalhes da análise- Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 00:11:45, on 12/09/2017 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18763) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\Adm\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe C:\Program Files\Bitdefender\Bitdefender Security\antispam32\OBKAgent.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe C:\Windows\SysWOW64\DllHost.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe F:\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&PC=UE12&ocid=UE12DHP R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - (no file) F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Carteira Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\ssv.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_144\bin\jp2ssv.dll O3 - Toolbar: Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - (no file) O3 - Toolbar: Carteira Bitdefender - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender Security\Antispam32\pmbxie.dll O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" O4 - HKLM\..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60 O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-18\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (User 'SISTEMA') O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA') O4 - HKUS\.DEFAULT\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: http://*.webcompanion.com O17 - HKLM\System\CCS\Services\Tcpip\..\{D0C2BF7F-4FE1-4BEA-BD36-443C72139B17}: NameServer = 8.8.8.8,8.8.4.4 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Bitdefender RedLine Service (bdredline) - Bitdefender - C:\Program Files\Common Files\Bitdefender\SetupInformation\Bitdefender RedLine\bdredline.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\ASRock\XFast LAN\spd.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel(R) Small Business Advantage (intelsba) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NitroPDFDriverCreatorReadSpool11 (NitroDriverReadSpool11) - Nitro Software, Inc. - C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe O23 - Service: NitroUpdateService - Unknown owner - C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE O23 - Service: PAExec - Power Admin LLC - C:\Windows\PAExec.exe O23 - Service: panda_url_filtering Service (panda_url_filtering) - Visicom Media Inc. - C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe O23 - Service: ProductAgentService - Bitdefender - C:\Program Files\Bitdefender Agent\ProductAgentService.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: Bitdefender Desktop Update Service (UPDATESRV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender Security\updatesrv.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Bitdefender Virus Shield (VSSERV) - Bitdefender - C:\Program Files\Bitdefender\Bitdefender Security\vsserv.exe O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WC Assistant (WCAssistantService) - Unknown owner - C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13917 bytes
  6. Analise de log

    não detectou nada
  7. Analise de log

    ainda nao consegui resolver essa questão, apesar que já reiniciei o roteador..... toda hora meu antivírus detecta Esta página web https://ash.creativecdn.com/bidder/pubs/tagging foi identificada como uma página de phishing que pode provocar roubo de identidade ou perda financeira. A página web foi bloqueada com êxito pelo filtro antiphishing e seu PC está seguro agora. tem como dar sequencia na verificacao de virus ou preciso resolver esse fato primeiro?
  8. Analise de log

    trocar o roteador resolve? pois tenho outro aqui, ai seria mais rapido configurar esse que entrar em contato com o provedor de internet para resolver
  9. Analise de log

    Eu tenho o modem da net, e o roteador tp-link. Resetei o roteador, mas não consegui acessar ele...... e ele continua funcionando normal. Será q nao funcionou o reset? consegui acessar somente o sagemcom da net. WiFi Security aparece q ta na opcao WPA/WPA2. eu tenho que alterar a senha desse ambiente de acesso? problema que aparentemente alteraram algumas coisas.... segue imagem https://imgur.com/a/oDPf9
  10. Analise de log

    C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringc.dll a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting (after the next restart) C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringd.sys a variant of Win64/NetFilter.A potentially unsafe application cleaned by deleting C:\Program Files (x86)\Panda Security\Panda Security Protection\Tools\PandaSecurityTb.exe Win32/Toolbar.Visicom.G potentially unwanted application cleaned by deleting C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll a variant of Win32/Toolbar.Visicom.B potentially unwanted application cleaned by deleting C:\Program Files (x86)\pandasecuritytb\pandasecurityDx64.dll a variant of Win64/Toolbar.Visicom.A potentially unwanted application cleaned by deleting C:\Program Files (x86)\pandasecuritytb\pandasecuritytb.dll a variant of Win32/Toolbar.Visicom.A potentially unwanted application cleaned by deleting C:\Program Files (x86)\pandasecuritytb\ToolbarCleaner.exe a variant of Win32/Toolbar.Visicom.E potentially unwanted application cleaned by deleting C:\Program Files (x86)\pandasecuritytb\uninstall.exe a variant of Win32/Toolbar.Visicom.E potentially unwanted application cleaned by deleting C:\Users\Adm\AppData\Local\Temp\{585599F6-32CC-4E07-9ED7-B62E82D664E5}.exe Win32/Toolbar.Visicom.G potentially unwanted application deleted C:\Users\Adm\AppData\Local\Temp\HYDD7A.tmp.1481753994\HTA\install.1481753994.zip a variant of Win32/FusionCore.K potentially unwanted application deleted C:\Users\Adm\AppData\Local\Temp\HYDD7A.tmp.1481753994\HTA\3rdparty\FS.dll a variant of Win32/FusionCore.K potentially unwanted application cleaned by deleting devo mandar para quarentena?
  11. Analise de log

    Recebi mensagem que foi identificada uma violação no meu modem.. mensagem do banco. Queria saber se tem algum virus aparente Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:52:49, on 01/09/2017 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18763) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe C:\Users\Adm\AppData\Roaming\BitTorrent\BitTorrent.exe C:\Program Files (x86)\Skype\Phone\Skype.exe C:\Users\Adm\AppData\Roaming\BitTorrent\updates\7.10.0_43917\bittorrentie.exe C:\Users\Adm\AppData\Roaming\BitTorrent\updates\7.10.0_43917\bittorrentie.exe C:\Users\Adm\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe C:\Program Files (x86)\Adobe\Adobe Sync\Coresync\Coresync.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe F:\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&PC=UE12&ocid=UE12DHP R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll O3 - Toolbar: Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" O4 - HKLM\..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60 O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Adm\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [Spotify] C:\Users\Adm\AppData\Roaming\Spotify\Spotify.exe --autostart O4 - HKCU\..\Run: [Spotify Web Helper] C:\Users\Adm\AppData\Roaming\Spotify\SpotifyWebHelper.exe --autostart O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-21-2546937290-3797187286-197559017-1001\..\Run: [Spotify] C:\Users\Work\AppData\Roaming\Spotify\Spotify.exe --autostart --minimized (User 'Work') O4 - HKUS\S-1-5-18\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (User 'SISTEMA') O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA') O4 - HKUS\.DEFAULT\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: http://*.webcompanion.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\ASRock\XFast LAN\spd.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel(R) Small Business Advantage (intelsba) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NitroPDFDriverCreatorReadSpool11 (NitroDriverReadSpool11) - Nitro Software, Inc. - C:\Program Files\Nitro\Pro 11\NitroPDFDriverService11x64.exe O23 - Service: NitroUpdateService - Unknown owner - C:\Program Files\Nitro\Pro 11\Nitro_UpdateService.exe O23 - Service: Nalpeiron Licensing Service (nlsX86cc) - Nalpeiron Ltd. - C:\Windows\SysWOW64\NLSSRV32.EXE O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe O23 - Service: panda_url_filtering Service (panda_url_filtering) - Visicom Media Inc. - C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WC Assistant (WCAssistantService) - Unknown owner - C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 14468 bytes
  12. Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:21:04, on 19/03/2017 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.18618) Boot mode: Normal Running processes: C:\PROGRA~2\GbPlugin\GbpSv.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Users\Adm\AppData\Roaming\Spotify\SpotifyWebHelper.exe C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe C:\Users\Adm\AppData\Roaming\BitTorrent\BitTorrent.exe C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe C:\Users\Adm\AppData\Roaming\BitTorrent\updates\7.9.9_43296\bittorrentie.exe C:\Users\Adm\AppData\Roaming\BitTorrent\updates\7.9.9_43296\bittorrentie.exe C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ADS\Adobe Desktop Service.exe C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\HEX\Adobe CEF Helper.exe C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\CCXProcess.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCXProcess\libs\node.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\CCLibrary.exe C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CCLibrary\libs\node.exe C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe F:\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.search.yahoo.com/yhs/web?hspart=lvs&hsimp=yhs-awc&type=lvs__webcompa__1_0__ya__hp_WCYID10181_1235_161214__yaie R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll F2 - REG:system.ini: UserInit=userinit.exe, O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office12\GR469A~1.DLL O2 - BHO: Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll O3 - Toolbar: Panda Safe Web - {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll O4 - HKLM\..\Run: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" O4 - HKLM\..\Run: [IntelSBA] C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\SBALaunchDelay.exe "C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\UI\IntelSmallBusinessAdvantage.exe -minimized" 60 O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\Adm\AppData\Roaming\Spotify\SpotifyWebHelper.exe" O4 - HKCU\..\Run: [Spotify] "C:\Users\Adm\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize O4 - HKCU\..\Run: [BitTorrent] "C:\Users\Adm\AppData\Roaming\BitTorrent\BitTorrent.exe" /MINIMIZED O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-18\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (User 'SISTEMA') O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA') O4 - HKUS\.DEFAULT\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize (User 'Default user') O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user') O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O10 - Unknown file in Winsock LSP: c:\Windows\system32\lavasofttcpservice.dll O10 - Unknown file in Winsock LSP: c:\Windows\system32\lavasofttcpservice.dll O10 - Unknown file in Winsock LSP: c:\Windows\system32\lavasofttcpservice.dll O10 - Unknown file in Winsock LSP: c:\Windows\system32\lavasofttcpservice.dll O10 - Unknown file in Winsock LSP: c:\Windows\system32\lavasofttcpservice.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: http://*.webcompanion.com O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~2\MICROS~1\Office12\GRA32A~1.DLL O20 - Winlogon Notify: GbPluginBb - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: cFosSpeed System Service (cFosSpeedS) - cFos Software GmbH - C:\Program Files\ASRock\XFast LAN\spd.exe O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Foxit Reader Service (FoxitReaderService) - Foxit Software Inc. - C:\Program Files (x86)\Foxit Software\Foxit Reader\FoxitConnectedPDFService.exe O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe O23 - Service: Intel(R) Small Business Advantage (intelsba) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: LavasoftTcpService - Lavasoft Limited - C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe O23 - Service: panda_url_filtering Service (panda_url_filtering) - Visicom Media Inc. - C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: WC Assistant (WCAssistantService) - Unknown owner - C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 13872 bytes
  13. Analisar LOG

    agradeço muito a você
  14. Analisar LOG

    Comportamento aparentemente normal.. so que como meu cartao foi clonado, queria saber se nao era algum virus do computador mesmo
×