Ir para conteúdo

A partir do dia 19/11/2018, o foco do Fórum do BABOO é apenas Windows e Segurança Digital conforme informado no início de 2018.
As áreas que não têm relação com esses dois assuntos foram arquivadas e seus tópicos estão disponíveis para consulta na área Tópicos Antigos.

jardaon2

  • Postagens

    24
  • Desde

  • Última visita

Perfil

  • Estado
    São Paulo
  • Sexo
    masculino
  1. jardaon2

    Analise de Logs - Virus e Chrome com Propaganda

    Muito obrigado! 👍
  2. jardaon2

    Analise de Logs - Virus e Chrome com Propaganda

    Encontrou 10 ameaças: C:\Downloads Torrent\drivers impressora.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting C:\Downloads Torrent\uTorrent.exe a variant of MSIL/WebCompanion.A potentially unwanted application cleaned by deleting C:\Downloads Torrent\winrar_64_bit_4137866686.exe Win32/InstallCore.Gen.A potentially unwanted application cleaned by deleting C:\Program Files\KMSpico\scripts\AddExceptionsWD.reg Win32/HackKMS.AZ potentially unsafe application cleaned by deleting C:\Program Files\KMSpico\scripts\Silent.cmd Win32/HackKMS.AZ potentially unsafe application cleaned by deleting C:\Users\Guilherme\AppData\Local\Temp\nsvBE5A.tmp\EzmnXDjVSLc.dll a variant of Win32/Adware.Zdengo.CDY application cleaned by deleting C:\Users\Guilherme\AppData\Local\Temp\wjm653D.tmp\update.exe multiple threats cleaned by deleting C:\Users\Guilherme\Downloads\FFSetup296.exe multiple threats cleaned by deleting C:\Windows\kpadcohrsmvqoes.bpad a variant of Win32/Adware.Zdengo.CDX application cleaned by deleting C:\Windows\Temp\nsi1D91.tmp\EzmnXDjVSLc.dll a variant of Win32/Adware.Zdengo.CDY application cleaned by deleting =================== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 23:15:29, on 03/12/2018 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17763.0001) Boot mode: Normal Running processes: C:\Users\Guilherme\AppData\Local\FluxSoftware\Flux\flux.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10477_756_181126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-b2017702190a9a47 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll O4 - HKCU\..\Run: [f.lux] "C:\Users\Guilherme\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.webcompanion.com O17 - HKLM\System\CCS\Services\Tcpip\..\{2ff41a84-8e76-400d-a201-5918d65ccc02}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{42ef69d4-1394-4acd-8f2a-707a32319128}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{5e408d0b-ffd4-4266-8cb6-ee275fecf209}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{5f1297f9-1f8d-47db-9255-21c09c38724b}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{9db0df7d-85b8-4f72-9737-19b904cf801d}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{cd576b97-ed0c-11e8-8536-806e6f6e6963}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{d254fb69-c176-491e-b9e6-52f2ccc80ac1}: NameServer = 8.8.8.8 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8 O17 - HKLM\System\CS1\Services\Tcpip\..\{2ff41a84-8e76-400d-a201-5918d65ccc02}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8 O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe O23 - Service: CDB Service (CDBService) - Unknown owner - C:\Program Files (x86)\Cdb 1.0\srvcdb.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NGUwOWQ2M - Unknown owner - C:\Program Files\NGUwOWQ2M\M2JlZjcy.exe O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @oem2.inf,%WirelessKB850NotificationSvcDisplayName%;Wireless Keyboard 850 Notification Service (WirelessKB850NotificationService) - Unknown owner - C:\Windows\system32\WirelessKB850NotificationService.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10766 bytes
  3. jardaon2

    Analise de Logs - Virus e Chrome com Propaganda

    Redefini o Chrome sim. O Mbam achou uma porrada de problemas e corrigiu. Seguem os logs. Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 03/12/2018 Hora da análise: 17:38 Arquivo de registro: f7d68a2e-f732-11e8-8350-6c3be591043a.json -Informação do software- Versão: 3.6.1.2711 Versão de componentes: 1.0.482 Versão do pacote de definições: 1.0.8145 Licença: Gratuita -Informação do sistema- Sistema operacional: Windows 10 (Build 17763.134) CPU: x64 Sistema de arquivos: NTFS Usuário: DESKTOP-2EUF7CF\Guilherme -Resumo da análise- Tipo de análise: Análise de Ameaças Análise Iniciada Por: Manual Resultado: Concluído Objetos verificados: 287122 Ameaças detectadas: 198 Ameaças em quarentena: 0 Tempo decorrido: 19 min, 53 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 4 Trojan.Egguard, C:\USERS\GUILHERME\APPDATA\LOCAL\NTVHOST\SYSSVC.EXE, Nenhuma ação do usuário, [5040], [550057],1.0.8145 RiskWare.EventSvc, C:\PROGRAMDATA\MICROSOFT\Windows\EVENTSVC\EVENTSVC.EXE, Nenhuma ação do usuário, [4096], [561520],1.0.8145 Adware.Wajam, C:\Program Files\NGUwOWQ2M\M2JlZjcy.exe, Nenhuma ação do usuário, [474], [556539],1.0.8145 Trojan.Agent, C:\PROGRAMDATA\MICROSOFT\Windows\EVENTSVC\WORK0.EXE, Nenhuma ação do usuário, [403], [579533],1.0.8145 Módulo: 4 Trojan.Egguard, C:\USERS\GUILHERME\APPDATA\LOCAL\NTVHOST\SYSSVC.EXE, Nenhuma ação do usuário, [5040], [550057],1.0.8145 RiskWare.EventSvc, C:\PROGRAMDATA\MICROSOFT\Windows\EVENTSVC\EVENTSVC.EXE, Nenhuma ação do usuário, [4096], [561520],1.0.8145 Adware.Wajam, C:\Program Files\NGUwOWQ2M\M2JlZjcy.exe, Nenhuma ação do usuário, [474], [556539],1.0.8145 Trojan.Agent, C:\PROGRAMDATA\MICROSOFT\Windows\EVENTSVC\WORK0.EXE, Nenhuma ação do usuário, [403], [579533],1.0.8145 Chave de registro: 40 Adware.OnlineIO, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Updater_Online_Application, Nenhuma ação do usuário, [1166], [399420],1.0.8145 Adware.OnlineIO, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{89AF62F3-5DF1-435A-9B0A-8D58A2C5BA13}, Nenhuma ação do usuário, [1166], [399420],1.0.8145 Adware.OnlineIO, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{89AF62F3-5DF1-435A-9B0A-8D58A2C5BA13}, Nenhuma ação do usuário, [1166], [399420],1.0.8145 Adware.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CRMSvc, Nenhuma ação do usuário, [101], [403162],1.0.8145 Trojan.Egguard, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SysSvc, Nenhuma ação do usuário, [5040], [550057],1.0.8145 RiskWare.EventSvc, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EventSvc, Nenhuma ação do usuário, [4096], [561520],1.0.8145 Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, Nenhuma ação do usuário, [474], [-1],0.0.0 Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NGUwOWQ2M, Nenhuma ação do usuário, [474], [556539],1.0.8145 PUP.Optional.Wajam, HKU\S-1-5-21-3430502845-4032608720-2987334402-1001\SOFTWARE\WajIEnhance, Nenhuma ação do usuário, [204], [244670],1.0.8145 Spyware.Socelars, HKU\S-1-5-21-3430502845-4032608720-2987334402-1001\SOFTWARE\{6D187CC8-35BD-47F6-8760-D406AA1927B1}, Nenhuma ação do usuário, [5017], [584328],1.0.8145 Adware.SearchAwesome, HKLM\SOFTWARE\WOW6432NODE\SrcAAAesom Browser Enhancer, Nenhuma ação do usuário, [7205], [509886],1.0.8145 Trojan.Agent, HKLM\SOFTWARE\CRMSvc, Nenhuma ação do usuário, [403], [533736],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\AUSLOGICS\Disk Defrag Prof, Nenhuma ação do usuário, [3588], [383224],1.0.8145 Adware.SearchAwesome, HKLM\SOFTWARE\SrcAAAesom Browser Enhancer, Nenhuma ação do usuário, [7205], [509886],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Auslogics\Disk Defrag Prof\Task {00000001-0E25-49B8-A1C9-BBFA20F44839} for Guilherme, Nenhuma ação do usuário, [3588], [383212],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E8EF6753-0769-4A6D-AC1D-6780A065BC9F}, Nenhuma ação do usuário, [3588], [383212],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{E8EF6753-0769-4A6D-AC1D-6780A065BC9F}, Nenhuma ação do usuário, [3588], [383212],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Auslogics\Disk Defrag Prof\Task {00000001-ABED-406F-AE89-B030A049F77C} for Guilherme, Nenhuma ação do usuário, [3588], [383212],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{50D27391-C57A-41D2-8E45-11C4C347482C}, Nenhuma ação do usuário, [3588], [383212],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{50D27391-C57A-41D2-8E45-11C4C347482C}, Nenhuma ação do usuário, [3588], [383212],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Auslogics\Disk Defrag Prof\Task {00000001-ED2A-438D-8CF9-2C6BD86E9A4D} for Guilherme, Nenhuma ação do usuário, [3588], [383212],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{28093655-F82B-490C-AE16-D3346668DB3D}, Nenhuma ação do usuário, [3588], [383212],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{28093655-F82B-490C-AE16-D3346668DB3D}, Nenhuma ação do usuário, [3588], [383212],1.0.8145 PUP.Optional.PCSpeedUp, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\TRACING\PCSUSpeedTest_RASAPI32, Nenhuma ação do usuário, [593], [246229],1.0.8145 Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\bestavicampaign563, Nenhuma ação do usuário, [432], [584322],1.0.8145 Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\campaign9961, Nenhuma ação do usuário, [432], [518478],1.0.8145 Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\multitimercampaign84170, Nenhuma ação do usuário, [432], [518476],1.0.8145 Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\Speedycar, Nenhuma ação do usuário, [432], [518473],1.0.8145 Adware.ICLoader, HKLM\SOFTWARE\MICROSOFT\TechnologyDesktopnew, Nenhuma ação do usuário, [432], [518479],1.0.8145 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Nenhuma ação do usuário, [2887], [260247],1.0.8145 Adware.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online Application, Nenhuma ação do usuário, [1166], [527822],1.0.8145 PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\Online.io Application, Nenhuma ação do usuário, [3666], [317312],1.0.8145 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\SYSTEMCERTIFICATES\ROOT\CERTIFICATES\26D9E607FFF0C58C7844B47FF8B6E079E5A2220E, Nenhuma ação do usuário, [2887], [260247],1.0.8145 PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROLEAVES\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Nenhuma ação do usuário, [3666], [339688],1.0.8145 PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Windows\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Nenhuma ação do usuário, [3666], [398592],1.0.8145 PUP.Optional.PCSpeedUp, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\PCSUUCDRV, Nenhuma ação do usuário, [593], [241622],1.0.8145 PUP.Optional.WinYahoo.TskLnk, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Windows\CURRENTVERSION\UNINSTALL\{2CE2C422-7C62-15A2-CDE2-65221D62B6A2}, Nenhuma ação do usuário, [717], [542290],1.0.8145 PUP.Optional.Wajam, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Nenhuma ação do usuário, [204], [170024],1.0.8145 PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Nenhuma ação do usuário, [204], [170024],1.0.8145 PUP.Optional.Wajam, HKLM\SOFTWARE\CLASSES\APPID\56BF5154-0B48-4ADB-902A-6C8B12E270D9, Nenhuma ação do usuário, [204], [170024],1.0.8145 Valor de registro: 15 Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Nenhuma ação do usuário, [474], [-1],0.0.0 Adware.Wajam, HKU\S-1-5-19\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Nenhuma ação do usuário, [474], [-1],0.0.0 Adware.Wajam, HKU\S-1-5-20\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Nenhuma ação do usuário, [474], [-1],0.0.0 Adware.Wajam, HKU\S-1-5-21-3430502845-4032608720-2987334402-1001\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Nenhuma ação do usuário, [474], [-1],0.0.0 Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Nenhuma ação do usuário, [474], [-1],0.0.0 Adware.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CRMSVC|IMAGEPATH, Nenhuma ação do usuário, [101], [403160],1.0.8145 Trojan.Egguard, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SYSSVC|IMAGEPATH, Nenhuma ação do usuário, [5040], [550056],1.0.8145 RiskWare.EventSvc, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTSVC|IMAGEPATH, Nenhuma ação do usuário, [4096], [561519],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{28093655-F82B-490C-AE16-D3346668DB3D}|PATH, Nenhuma ação do usuário, [3588], [383225],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{50D27391-C57A-41D2-8E45-11C4C347482C}|PATH, Nenhuma ação do usuário, [3588], [383225],1.0.8145 PUP.Optional.OnlineIO, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{89AF62F3-5DF1-435A-9B0A-8D58A2C5BA13}|PATH, Nenhuma ação do usuário, [3666], [391427],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{E8EF6753-0769-4A6D-AC1D-6780A065BC9F}|PATH, Nenhuma ação do usuário, [3588], [383225],1.0.8145 PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Windows\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|CONTACT, Nenhuma ação do usuário, [3666], [333852],1.0.8145 PUP.Optional.OnlineIO, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Windows\CURRENTVERSION\UNINSTALL\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}|URLINFOABOUT, Nenhuma ação do usuário, [3666], [321304],1.0.8145 Trojan.DNSChanger.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{d254fb69-c176-491e-b9e6-52f2ccc80ac1}|NAMESERVER, Nenhuma ação do usuário, [7480], [260227],1.0.8145 Dados de registro: 10 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|DhcpNameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{2ff41a84-8e76-400d-a201-5918d65ccc02}|NameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{42ef69d4-1394-4acd-8f2a-707a32319128}|NameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5e408d0b-ffd4-4266-8cb6-ee275fecf209}|NameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{5f1297f9-1f8d-47db-9255-21c09c38724b}|NameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9db0df7d-85b8-4f72-9737-19b904cf801d}|NameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{9db0df7d-85b8-4f72-9737-19b904cf801d}|DhcpNameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{d254fb69-c176-491e-b9e6-52f2ccc80ac1}|NameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0 PUP.Optional.DNSUnlocker.ACMB2, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\Interfaces\{d254fb69-c176-491e-b9e6-52f2ccc80ac1}|DhcpNameServer, Nenhuma ação do usuário, [2887], [-1],0.0.0 Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 29 PUP.Optional.APNToolBar.Gen, C:\PROGRAMDATA\APN\APN-STUB, Nenhuma ação do usuário, [774], [175062],1.0.8145 Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0, Nenhuma ação do usuário, [1166], [399420],1.0.8145 Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application, Nenhuma ação do usuário, [1166], [399420],1.0.8145 Adware.OnlineIO, C:\PROGRAM FILES (X86)\MICROLEAVES, Nenhuma ação do usuário, [1166], [399420],1.0.8145 Adware.Agent, C:\USERS\GUILHERME\APPDATA\ROAMING\CRMSVC, Nenhuma ação do usuário, [101], [403162],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\_locales\en_US, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\_locales\en, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\_locales, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\ico, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\_locales\en_US, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\_locales\en, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\_locales, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\ico, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\USERS\GUILHERME\APPDATA\LOCAL\NTVHOST, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Adware.Wajam, C:\Windows\SYSWOW64\SSL, Nenhuma ação do usuário, [474], [533889],1.0.8145 Adware.Wajam, C:\PROGRAM FILES\NGUwOWQ2M, Nenhuma ação do usuário, [474], [556539],1.0.8145 PUP.Optional.ASK.Gen, C:\USERS\GUILHERME\APPDATA\LOCAL\TEMP\APN-STUB, Nenhuma ação do usuário, [3594], [181296],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, C:\Windows\SYSTEM32\TASKS\AUSLOGICS\Disk Defrag Prof, Nenhuma ação do usuário, [3588], [383212],1.0.8145 PUP.Optional.OnlineIO, C:\Windows\INSTALLER\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Nenhuma ação do usuário, [3666], [391425],1.0.8145 Adware.OnlineIO, C:\Users\Guilherme\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1, Nenhuma ação do usuário, [1166], [399763],1.0.8145 Adware.OnlineIO, C:\Users\Guilherme\AppData\Roaming\Microleaves\Online Application 2.7.0\install, Nenhuma ação do usuário, [1166], [399763],1.0.8145 Adware.OnlineIO, C:\Users\Guilherme\AppData\Roaming\Microleaves\Online Application 2.7.0, Nenhuma ação do usuário, [1166], [399763],1.0.8145 Adware.OnlineIO, C:\USERS\GUILHERME\APPDATA\ROAMING\MICROLEAVES, Nenhuma ação do usuário, [1166], [399763],1.0.8145 Adware.Agent, C:\Windows\SYSTEM32\CONFIG\SYSTEMPROFILE\APPDATA\ROAMING\CRMSVC, Nenhuma ação do usuário, [101], [597937],1.0.8145 Adware.Neoreklami, C:\PROGRAM FILES (X86)\FVGEDVJZKGFU2, Nenhuma ação do usuário, [908], [602645],1.0.8145 PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove, Nenhuma ação do usuário, [717], [542290],1.0.8145 PUP.Optional.WinYahoo.TskLnk, C:\USERS\GUILHERME\APPDATA\LOCAL\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}, Nenhuma ação do usuário, [717], [542290],1.0.8145 Arquivo: 96 Adware.Wajam, C:\Windows\System32\drivers\M2JiZTg1, Nenhuma ação do usuário, [474], [488914],0.0.0 PUP.Optional.WinBing, C:\Windows\TASKS\Search Provided by Bing nanef.job, Nenhuma ação do usuário, [5366], [336088],1.0.8145 PUP.Optional.OnlineIO, C:\Windows\TASKS\UPDATER_ONLINE_APPLICATION.JOB, Nenhuma ação do usuário, [3666], [391430],1.0.8145 Adware.OnlineIO, C:\Windows\SYSTEM32\TASKS\Updater_Online_Application, Nenhuma ação do usuário, [1166], [399420],1.0.8145 Adware.OnlineIO, C:\PROGRAM FILES (X86)\MICROLEAVES\Online Application\Online Application Updater.exe, Nenhuma ação do usuário, [1166], [399420],1.0.8145 Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io EULA.url, Nenhuma ação do usuário, [1166], [399420],1.0.8145 Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Online.io Privacy.url, Nenhuma ação do usuário, [1166], [399420],1.0.8145 Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Version 2.6.0\Uninstall Online Application.lnk, Nenhuma ação do usuário, [1166], [399420],1.0.8145 Adware.OnlineIO, C:\Program Files (x86)\Microleaves\Online Application\Online Application Updater.ini, Nenhuma ação do usuário, [1166], [399420],1.0.8145 Adware.Agent, C:\USERS\GUILHERME\APPDATA\ROAMING\CRMSVC\CRMSvc.exe, Nenhuma ação do usuário, [101], [403162],1.0.8145 PUP.Optional.OnlineIO, C:\Windows\INSTALLER\SOURCEHASH{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}, Nenhuma ação do usuário, [3666], [391431],1.0.8145 Adware.Linkury.Generic, C:\USERS\GUILHERME\APPDATA\LOCAL\SHAM.DB, Nenhuma ação do usuário, [3725], [516191],1.0.8145 Trojan.Egguard, C:\USERS\GUILHERME\APPDATA\LOCAL\NTVHOST\SYSSVC.EXE, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\ico\128.png, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\ico\16.png, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\ico\32.png, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\ico\48.png, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\_locales\en\messages.json, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\_locales\en_US\messages.json, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\background.html, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\background.js, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\ext\manifest.json, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\ico\128.png, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\ico\16.png, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\ico\32.png, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\ico\48.png, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\_locales\en\messages.json, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\_locales\en_US\messages.json, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\background.html, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\background.js, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\jquery-3.2.1.min.js, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\main.js, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\Google Translate fbh5play\manifest.json, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\C.dll, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\data.cfg, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\h5host.json, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\host.json, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\InC.exe, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\syssvc.exe.config, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\syssvc.wrapper.log, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\syssvc.xml, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\U.dll, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\x64.dll, Nenhuma ação do usuário, [5040], [550057],1.0.8145 Trojan.Egguard, C:\Users\Guilherme\AppData\Local\NtvHost\x86.dll, Nenhuma ação do usuário, [5040], [550057],1.0.8145 PUP.Optional.FFHijacker.Generic, C:\PROGRAM FILES\MOZILLA FIREFOX\DEFAULTS\PREF\SECURE_CERT.JS, Nenhuma ação do usuário, [5347], [505085],1.0.8145 RiskWare.EventSvc, C:\PROGRAMDATA\MICROSOFT\Windows\EVENTSVC\EVENTSVC.EXE, Nenhuma ação do usuário, [4096], [561520],1.0.8145 Adware.Wajam, C:\Windows\SYSWOW64\SSL\CERT.DB, Nenhuma ação do usuário, [474], [533889],1.0.8145 Adware.Wajam, C:\Windows\SysWOW64\SSL\MGVmM 2.cer, Nenhuma ação do usuário, [474], [533889],1.0.8145 Adware.Wajam, C:\Windows\SysWOW64\SSL\x.db, Nenhuma ação do usuário, [474], [533889],1.0.8145 Adware.Wajam, C:\Windows\SysWOW64\SSL\xtls.db, Nenhuma ação do usuário, [474], [533889],1.0.8145 Adware.Wajam, C:\PROGRAM FILES\NGUwOWQ2M\WBE_uninstall.dat, Nenhuma ação do usuário, [474], [556539],1.0.8145 Adware.Wajam, C:\Program Files\NGUwOWQ2M\M2JlZjcy.exe, Nenhuma ação do usuário, [474], [556539],1.0.8145 Adware.Wajam, C:\Program Files\NGUwOWQ2M\mozcrt19.dll, Nenhuma ação do usuário, [474], [556539],1.0.8145 Adware.Wajam, C:\Program Files\NGUwOWQ2M\MTU5ND, Nenhuma ação do usuário, [474], [556539],1.0.8145 Adware.Wajam, C:\Program Files\NGUwOWQ2M\nspr4.dll, Nenhuma ação do usuário, [474], [556539],1.0.8145 Adware.Wajam, C:\Program Files\NGUwOWQ2M\nss3.dll, Nenhuma ação do usuário, [474], [556539],1.0.8145 Adware.Wajam, C:\Program Files\NGUwOWQ2M\plc4.dll, Nenhuma ação do usuário, [474], [556539],1.0.8145 Adware.Wajam, C:\Program Files\NGUwOWQ2M\plds4.dll, Nenhuma ação do usuário, [474], [556539],1.0.8145 Adware.Wajam, C:\Program Files\NGUwOWQ2M\service.dat, Nenhuma ação do usuário, [474], [556539],1.0.8145 Adware.Wajam, C:\Program Files\NGUwOWQ2M\service_64.dat, Nenhuma ação do usuário, [474], [556539],1.0.8145 Adware.Wajam, C:\Program Files\NGUwOWQ2M\softokn3.dll, Nenhuma ação do usuário, [474], [556539],1.0.8145 Adware.Wajam, C:\Program Files\NGUwOWQ2M\ZjA5NDQ1NTY2OTE1MjJh.ico, Nenhuma ação do usuário, [474], [556539],1.0.8145 Adware.Wajam, C:\Program Files\NGUwOWQ2M\ZmJlYWFhMTAyMWM1NGE4.exe, Nenhuma ação do usuário, [474], [556539],1.0.8145 Trojan.Agent, C:\PROGRAMDATA\MICROSOFT\Windows\EVENTSVC\WORK0.EXE, Nenhuma ação do usuário, [403], [579533],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, C:\Windows\System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-0E25-49B8-A1C9-BBFA20F44839} for Guilherme, Nenhuma ação do usuário, [3588], [383212],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, C:\Windows\System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-ABED-406F-AE89-B030A049F77C} for Guilherme, Nenhuma ação do usuário, [3588], [383212],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, C:\Windows\System32\Tasks\Auslogics\Disk Defrag Prof\Task {00000001-ED2A-438D-8CF9-2C6BD86E9A4D} for Guilherme, Nenhuma ação do usuário, [3588], [383212],1.0.8145 PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\online.exe, Nenhuma ação do usuário, [3666], [391425],1.0.8145 PUP.Optional.OnlineIO, C:\Windows\Installer\{5266F634-7B7D-4537-BDDC-98DD6CFCBAA1}\SystemFoldermsiexec.exe, Nenhuma ação do usuário, [3666], [391425],1.0.8145 Adware.OnlineIO, C:\Users\Guilherme\AppData\Roaming\Microleaves\Online Application 2.7.0\install\CFCBAA1\Basic Installer with memory detection.msi, Nenhuma ação do usuário, [1166], [399763],1.0.8145 RiskWare.DontStealOurSoftware, C:\Windows\SYSTEM32\DRIVERS\ETC\HOSTS, Nenhuma ação do usuário, [5323], [353142],0.0.0 PUP.Optional.WinYahoo.TskLnk, C:\PROGRAMDATA\Microsoft\Windows\Start Menu\Programs\HowToRemove.lnk, Nenhuma ação do usuário, [717], [542290],1.0.8145 PUP.Optional.WinYahoo.TskLnk, C:\USERS\GUILHERME\APPDATA\LOCAL\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HOWTOREMOVE\HOWTOREMOVE.HTML, Nenhuma ação do usuário, [717], [542290],1.0.8145 PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\chromium-min.jpg, Nenhuma ação do usuário, [717], [542290],1.0.8145 PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\control panel-min-min.JPG, Nenhuma ação do usuário, [717], [542290],1.0.8145 PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\down.png, Nenhuma ação do usuário, [717], [542290],1.0.8145 PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\ff menu.JPG, Nenhuma ação do usuário, [717], [542290],1.0.8145 PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\ff search engine-min.png, Nenhuma ação do usuário, [717], [542290],1.0.8145 PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\hp-min ff.png, Nenhuma ação do usuário, [717], [542290],1.0.8145 PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\hp-min ie.png, Nenhuma ação do usuário, [717], [542290],1.0.8145 PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\search engine.gif, Nenhuma ação do usuário, [717], [542290],1.0.8145 PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\setup pages.gif, Nenhuma ação do usuário, [717], [542290],1.0.8145 PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\sp-min.png, Nenhuma ação do usuário, [717], [542290],1.0.8145 PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\start-min.jpg, Nenhuma ação do usuário, [717], [542290],1.0.8145 PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\HowToRemove\up.png, Nenhuma ação do usuário, [717], [542290],1.0.8145 PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\cosicide, Nenhuma ação do usuário, [717], [542290],1.0.8145 PUP.Optional.WinYahoo.TskLnk, C:\Users\Guilherme\AppData\Local\{D05BE607-F4F3-8ABF-996B-AF57BD0353CF}\uninst.exe, Nenhuma ação do usuário, [717], [542290],1.0.8145 Adware.Linkury.TskLnk, C:\USERS\GUILHERME\APPDATA\LOCAL\INSTALLATIONCONFIGURATION.XML, Nenhuma ação do usuário, [14226], [444923],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, C:\USERS\GUILHERME\DESKTOP\Auslogics Disk Defrag Professional.lnk, Nenhuma ação do usuário, [3588], [380631],1.0.8145 PUP.Optional.AuslogicsDiskDefrag, C:\PROGRAM FILES (X86)\AUSLOGICS\DISK DEFRAG PROFESSIONAL\DISKDEFRAGPRO.EXE, Nenhuma ação do usuário, [3588], [380631],1.0.8145 Adware.Agent, C:\USERS\GUILHERME\APPDATA\ROAMING\Microsoft\Windows\Recent\DAEMON.Tools.Lite.10.5.1.230.lnk, Nenhuma ação do usuário, [101], [552648],1.0.8145 Adware.Agent, C:\USERS\GUILHERME\DOWNLOADS\DAEMON.TOOLS.LITE.10.5.1.230.RAR, Nenhuma ação do usuário, [101], [552648],1.0.8145 Adware.Agent, C:\PROGRAM FILES\DAEMON TOOLS LITE\PATCH-URET.RAR, Nenhuma ação do usuário, [101], [552648],1.0.8145 Adware.Agent, C:\PROGRAM FILES\DAEMON TOOLS LITE\URET NFO V2.2.EXE, Nenhuma ação do usuário, [101], [552648],1.0.8145 RiskWare.DontStealOurSoftware, C:\Windows\SYSTEM32\DRIVERS\ETC\HOSTS, Nenhuma ação do usuário, [5323], [353142],1.0.8145 Generic.Malware/Suspicious, C:\USERS\GUILHERME\APPDATA\LOCAL\NTVHOST\INC.EXE, Nenhuma ação do usuário, [0], [392686],1.0.8145 Setor físico: 0 (Nenhum item malicioso detectado) Instrumentação do Windows (WMI): 0 (Nenhum item malicioso detectado) (end) ==================== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 18:14:03, on 03/12/2018 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17763.0001) Boot mode: Normal Running processes: C:\Users\Guilherme\AppData\Local\FluxSoftware\Flux\flux.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\IObit\Driver Booster\6.1.0\Scheduler.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files (x86)\Glary Utilities 5\Integrator.exe C:\Program Files (x86)\IObit\Driver Booster\6.1.0\Pub\PubMonitor.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10477_756_181126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-b2017702190a9a47 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll O4 - HKCU\..\Run: [f.lux] "C:\Users\Guilherme\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12032018180343528\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12032018180343856\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.webcompanion.com O17 - HKLM\System\CCS\Services\Tcpip\..\{2ff41a84-8e76-400d-a201-5918d65ccc02}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{42ef69d4-1394-4acd-8f2a-707a32319128}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{5e408d0b-ffd4-4266-8cb6-ee275fecf209}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{5f1297f9-1f8d-47db-9255-21c09c38724b}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{9db0df7d-85b8-4f72-9737-19b904cf801d}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{cd576b97-ed0c-11e8-8536-806e6f6e6963}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\..\{d254fb69-c176-491e-b9e6-52f2ccc80ac1}: NameServer = 8.8.8.8 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 8.8.8.8 O17 - HKLM\System\CS1\Services\Tcpip\..\{2ff41a84-8e76-400d-a201-5918d65ccc02}: NameServer = 8.8.8.8 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 8.8.8.8 O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe O23 - Service: CDB Service (CDBService) - Unknown owner - C:\Program Files (x86)\Cdb 1.0\srvcdb.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NGUwOWQ2M - Unknown owner - C:\Program Files\NGUwOWQ2M\M2JlZjcy.exe O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @oem2.inf,%WirelessKB850NotificationSvcDisplayName%;Wireless Keyboard 850 Notification Service (WirelessKB850NotificationService) - Unknown owner - C:\Windows\system32\WirelessKB850NotificationService.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: YmFiZTYzYjIwODZl - Unknown owner - rundll32.exe (file missing) -- End of file - 11605 bytes
  4. jardaon2

    Analise de Logs - Virus e Chrome com Propaganda

    O ZHPCleaner infelizmente não encontrou nada. Seguem abaixo os LOGS ZHPCleaner Report ~ ZHPCleaner v2018.11.30.201 by Nicolas Coolman (2018/11/30) ~ Run by Guilherme (Administrator) (03/12/2018 09:00:29) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Scan ~ Report : C:\Users\Guilherme\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Guilherme\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 17763) ---\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. (ADS) ---\ Services (0) ~ No malicious or unnecessary items found. (Service) ---\ Browser internet (0) ~ No malicious or unnecessary items found. (Browser) ---\ Hosts file (0) ~ No malicious or unnecessary items found. (Hosts) ---\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. (Task) ---\ Explorer ( File, Folder) (0) ~ No malicious or unnecessary items found. (Explorer) ---\ Registry ( Key, Value, Data) (0) ~ No malicious or unnecessary items found. (Register) ---\ Other deletions. (23) ~ Registry Keys Tracing deleted (23) ~ Remove the old reports ZHPCleaner. (0) ---\ Result of repair ~ Any repair made ~ Browser not found (Mozilla Firefox) ~ Browser not found (Internet Explorer) ~ Browser not found (Opera Software) ---\ Statistics ~ Items scanned : 25 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 12/12 ~ Space saving (bytes) : 0 ~ End of search in 00h00mn01s ---\ Reports (2) ZHPCleaner-[S]-03122018-08_59_09.txt ZHPCleaner-[S]-03122018-09_00_30.txt ======================== Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 09:08:52, on 03/12/2018 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17763.0001) Boot mode: Normal Running processes: C:\Users\Guilherme\AppData\Local\FluxSoftware\Flux\flux.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\Glary Utilities 5\Integrator.exe C:\Users\Guilherme\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe C:\Users\Guilherme\AppData\Local\Microsoft\OneDrive\StandaloneUpdater\OneDriveSetup.exe C:\Program Files (x86)\IObit\Driver Booster\6.1.0\Pub\PubMonitor.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securedsearch.lavasoft.com/?pr=vmn&id=webcompa&ent=hp_WCYID10477_756_181126 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-b2017702190a9a47 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll O4 - HKCU\..\Run: [f.lux] "C:\Users\Guilherme\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [GUDelayStartup] "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra 'Tools' menuitem: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print\SmartPrintSetup.exe O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.webcompanion.com O17 - HKLM\System\CCS\Services\Tcpip\..\{d254fb69-c176-491e-b9e6-52f2ccc80ac1}: NameServer = 82.163.143.146,82.163.142.148 O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing) O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: Avast Firewall Service (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe O23 - Service: AvastWscReporter - AVAST Software - C:\Program Files\AVAST Software\Avast\wsc_proxy.exe O23 - Service: CDB Service (CDBService) - Unknown owner - C:\Program Files (x86)\Cdb 1.0\srvcdb.exe O23 - Service: CRMSvc - Unknown owner - C:\Users\Guilherme\AppData\Roaming\CRMSvc\CRMSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: Disc Soft Lite Bus Service - Disc Soft Ltd - C:\Program Files\DAEMON Tools Lite\DiscSoftBusServiceLite.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: COM+ Event Manager (EventSvc) - CloudBees, Inc. - C:\ProgramData\Microsoft\Windows\EventSvc\eventsvc.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NGUwOWQ2M - Unknown owner - C:\Program Files\NGUwOWQ2M\M2JlZjcy.exe O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10102 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe O23 - Service: System Manager (SysSvc) - CloudBees, Inc. - C:\Users\Guilherme\AppData\Local\NtvHost\syssvc.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @oem2.inf,%WirelessKB850NotificationSvcDisplayName%;Wireless Keyboard 850 Notification Service (WirelessKB850NotificationService) - Unknown owner - C:\Windows\system32\WirelessKB850NotificationService.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 10620 bytes
  5. OI pessoal, boa noite. Recentemente formatei o computador, instalei todos os programas essenciais e, nessas, peguei um vírus que o Avast indica, mas não consegue remover. O Google Chrome também está apresentando um monte de links de propagandas nos resultados de busca, antes mesmo dos anúncios patrocinados, e eu gostaria de poder tirar isso. Segui às instruções do post fixo e abaixo está o log para análise. Agradeço a gentileza de me auxiliarem. Um bom domingo a todos. Atenciosamente
×