Ir para conteúdo

Fernando Agustini

  • Postagens

    7
  • Desde

  • Última visita

  1. Fernando Agustini

    Remover livestream123.info

    Ok e agradeço muito a ajuda, orientações e, principalmente, a paciência. Desejo sorte e sucesso para toda a equipe do Baboo. Abraços.
  2. Fernando Agustini

    Remover livestream123.info

    Muitíssimo obrigado. A solução seria formatar? Ou não convém e posso conviver com ele assim sem que me prejudique significativamente?
  3. Fernando Agustini

    Remover livestream123.info

    Olá, bom dia. Segue o log do ESET. C:\Users\All Users\IObit\IObit Uninstaller\Downloader\un\uTorrent_IU.exe a variant of MSIL/WebCompanion.A potentially unwanted application C:\Users\Fernando\AppData\Roaming\ZHP\Quarantine\Babylon.DIR\Babylon-Pro\Utils\BabylonIEPI.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application C:\Users\Fernando\AppData\Roaming\ZHP\Quarantine\Babylon.DIR\Babylon-Pro\Utils\BabylonOfficePI.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application C:\Users\Todos os Usuários\IObit\IObit Uninstaller\Downloader\un\uTorrent_IU.exe a variant of MSIL/WebCompanion.A potentially unwanted application C:\Windows\Installer\23355.msi a variant of Win32/Toolbar.Babylon.P potentially unwanted application C:\Windows\Installer\6b4bd20.msi a variant of Win32/UwS.SlimDrivers.A application D:\$Recycle.Bin\S-1-5-21-1666307205-2425720271-1612990953-1000\$R0KZ7ZU.apk a variant of Android/Aio.B potentially unwanted application D:\$Recycle.Bin\S-1-5-21-1666307205-2425720271-1612990953-1000\$RHD2CC7.apk a variant of Android/Inmobi.D potentially unsafe application D:\$Recycle.Bin\S-1-5-21-384961390-449475085-3424255208-1000\$R0YTVGK.rar a variant of Win32/InstallMonstr.QJ potentially unwanted application D:\$Recycle.Bin\S-1-5-21-384961390-449475085-3424255208-1000\$RUQGUVZ.rar a variant of Win32/InstallMonstr.QJ potentially unwanted application D:\01 - Dados de Usuários - Não Apagar\Fernando\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application D:\01 - Dados de Usuários - Não Apagar\Fernando\Downloads\2015_FileViewPro_Setup.rar Win32/Solvusoft.B potentially unwanted application D:\01 - Dados de Usuários - Não Apagar\Fernando\Downloads\adobe_fplayer-v32.exe a variant of Win32/Spy.Zumanek.CV trojan D:\01 - Dados de Usuários - Não Apagar\Fernando\Downloads\avastdriverupdater.exe a variant of Win32/Slimware.A potentially unwanted application D:\01 - Dados de Usuários - Não Apagar\Fernando\Downloads\C-Media-FORCED-C-Media-All81x86x64-8768_8.1.8.1746-drp.exe Win32/DriverPack.B potentially unwanted application D:\01 - Dados de Usuários - Não Apagar\Fernando\Downloads\camstudio.exe Win32/InstallCore.Gen.A potentially unwanted application D:\01 - Dados de Usuários - Não Apagar\Fernando\Downloads\ccsetup535pro (1).exe Win32/Bundled.Toolbar.Google.D potentially unsafe application D:\01 - Dados de Usuários - Não Apagar\Fernando\Downloads\ccsetup535pro.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application D:\01 - Dados de Usuários - Não Apagar\Fernando\Downloads\DriverPack-17-Online_2067903843.1498903150.exe Win32/DriverPack.B potentially unwanted application D:\01 - Dados de Usuários - Não Apagar\Fernando\Downloads\FaceNiff 2.4 Cracked(DroidsCrack).apk a variant of Android/HackTool.FaceNiff.C potentially unsafe application D:\01 - Dados de Usuários - Não Apagar\Fernando\Downloads\FFSetup.exe Win32/FusionCore.L potentially unwanted application D:\01 - Dados de Usuários - Não Apagar\Fernando\Downloads\FFSetup3.9.5.0.exe Win32/FusionCore.L potentially unwanted application D:\01 - Dados de Usuários - Não Apagar\Fernando\Downloads\MEDIA-C-Media-C-Media-PCI-Audio-Device.exe a variant of Win32/InnovativeSolutions.B potentially unwanted application D:\Arquivos Telefone Samsung i-9505\TWRP - Backup Rom Stock - original\BACKUPS\9c5e15fc\2016-05-04--13-02-23_LRX22C.I9505VJUHOK1Nandroid\data.ext4.win000 a variant of Android/Inmobi.D potentially unsafe application D:\backup 17-11-16\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application D:\backup 17-11-16\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOfficePI.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application D:\backup 17-11-16\Program Files (x86)\IObit\IObit Uninstaller\IObitDownloader.exe a variant of Win32/IObit.L potentially unwanted application D:\backup 17-11-16\Program Files (x86)\IObit\IObit Uninstaller\UninstallPromote.exe a variant of Win32/IObit.J potentially unwanted application D:\backup 17-11-16\Program Files (x86)\IObit\IObit Uninstaller\UninstallPromote_1.exe a variant of Win32/IObit.J potentially unwanted application D:\backup 17-11-16\Program Files (x86)\IObit\LiveUpdate\IObitLauncher.exe a variant of Win32/IObit.L potentially unwanted application D:\backup 17-11-16\Program Files (x86)\NCH Software\VideoPad\videopad.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application D:\backup 17-11-16\Program Files (x86)\NCH Software\VideoPad\videopadsetup_v3.61.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application D:\backup 17-11-16\Program Files (x86)\NCH Software\WavePad\wavepad.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application D:\backup 17-11-16\Program Files (x86)\NCH Software\WavePad\wavepadsetup_v5.90.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application D:\backup 17-11-16\Users\All Users\IObit\IObit Uninstaller\Downloader\un\uTorrent_IU.exe a variant of MSIL/WebCompanion.A potentially unwanted application D:\backup 17-11-16\Users\Fernando\AppData\Local\Programs\MD_MXP.dll a variant of Win64/Spy.Banker.AV trojan D:\backup 17-11-16\Users\Fernando\AppData\Local\Temp\AskPIP_FF_.exe a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application D:\backup 17-11-16\Users\Fernando\AppData\Local\Temp\HYDDCD9.tmp.1478936207\HTA\install.1478936207.zip a variant of Win32/FusionCore.K potentially unwanted application D:\backup 17-11-16\Users\Fernando\AppData\Local\Temp\HYDDCD9.tmp.1478936207\HTA\3rdparty\FS.dll a variant of Win32/FusionCore.K potentially unwanted application D:\backup 17-11-16\Users\Fernando\AppData\Local\Temp\Picosmos P2P Installer 16_08_29\PTSetupLatest.exe Win32/FusionCore.L potentially unwanted application D:\backup 17-11-16\Users\Fernando\AppData\Roaming\Identities\FERNANDO-PC.exe Win64/Spy.Banker.AV trojan D:\backup 17-11-16\Users\Todos os Usuários\IObit\IObit Uninstaller\Downloader\un\uTorrent_IU.exe a variant of MSIL/WebCompanion.A potentially unwanted application D:\backup 17-11-16\Windows\Installer\48de0.msi a variant of Win32/Toolbar.Babylon.P potentially unwanted application E:\$RECYCLE.BIN\S-1-5-21-106242581-495252270-745245019-1000\$REF7D4B.zip Win32/Somoto.P potentially unwanted application E:\$RECYCLE.BIN\S-1-5-21-106242581-495252270-745245019-1000\$RFN4YQS.apk a variant of Android/Aio.B potentially unwanted application E:\$RECYCLE.BIN\S-1-5-21-106242581-495252270-745245019-1000\$RGKM78G.zip Win32/Somoto.P potentially unwanted application E:\$RECYCLE.BIN\S-1-5-21-106242581-495252270-745245019-1000\$RHEDLIQ.apk a variant of Android/Aio.B potentially unwanted application E:\$RECYCLE.BIN\S-1-5-21-106242581-495252270-745245019-1000\$RN2XA89.zip Win32/InstallCore.Gen.A potentially unwanted application E:\$RECYCLE.BIN\S-1-5-21-106242581-495252270-745245019-1000\$RQQS5UU.apk a variant of Android/Aio.B potentially unwanted application E:\$RECYCLE.BIN\S-1-5-21-106242581-495252270-745245019-1000\$RSPQ0Q7.crdownload LNK/Agent.CH trojan E:\$RECYCLE.BIN\S-1-5-21-106242581-495252270-745245019-1000\$RUNCS4A.zip a variant of Win32/Amonetize.GS potentially unwanted application E:\$RECYCLE.BIN\S-1-5-21-106242581-495252270-745245019-1000\$RWD1RC0.zip a variant of Win64/WirelessKeyView.B potentially unsafe application E:\$RECYCLE.BIN\S-1-5-21-106242581-495252270-745245019-1000\$RY08A9Z.crdownload LNK/Agent.CH trojan E:\$RECYCLE.BIN\S-1-5-21-106242581-495252270-745245019-1000\$RF4ZFWX\COREL DRAW X7.rar a variant of Win32/Keygen.PE potentially unsafe application E:\$RECYCLE.BIN\S-1-5-21-384961390-449475085-3424255208-1000\$RQ17YLS\YouTube-tubemate.6.74.apk a variant of Android/Inmobi.D potentially unsafe application E:\backup 05-07-16\Office 2010 Toolkit-2.2.3.0.exe a variant of MSIL/HackKMS.G potentially unsafe application E:\backup 05-07-16\Program Files (x86)\ccsetup408.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application E:\backup 05-07-16\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application E:\backup 05-07-16\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOfficePI.dll a variant of Win32/Toolbar.Babylon.P potentially unwanted application E:\backup 05-07-16\Program Files (x86)\FreeTime\FormatFactory\FFModules\Package\Ask\AskPIP_FF_.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application E:\backup 05-07-16\ProgramData\IObit\ASCDownloader\Advanced SystemCare.exe a variant of Win32/IObit.L potentially unwanted application E:\backup 05-07-16\ProgramData\IObit\ASCDownloader\Driver Booster.exe a variant of Win32/IObit.J potentially unwanted application E:\backup 05-07-16\ProgramData\IObit\ASCDownloader\IObit Malware Fighter 2.exe a variant of Win32/IObit.J potentially unwanted application E:\backup 05-07-16\ProgramData\IObit\ASCDownloader\Smart Defrag.exe a variant of Win32/IObit.J potentially unwanted application E:\backup 05-07-16\ProgramData\IObit\ASCDownloader\IU5\Advanced SystemCare 8.exe a variant of Win32/IObit.L potentially unwanted application E:\backup 05-07-16\Users\Fernando\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojfkehjclaeiedfhhbjndggmjgiaieef\0.4_0\background.js JS/Adware.Imali.A application E:\backup 05-07-16\Users\Fernando\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojfkehjclaeiedfhhbjndggmjgiaieef\0.4_0\redirect.js JS/Adware.Imali.A application E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\13082836755383924026.exe Win32/InstallCore.Gen.A potentially unwanted application E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\13082837212074675913.exe Win32/InstallCore.Gen.A potentially unwanted application E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\13082837825904859677.exe Win32/InstallCore.Gen.A potentially unwanted application E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\atcMedia5951453308333.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\atcMedia7101451371186.exe a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\FFSetup3.7.0.0.exe a variant of Win32/Toptools.A potentially unwanted application E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\FFSetup3.8.0.0.exe Win32/FusionCore.L potentially unwanted application E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\ICReinstall_Wondershare-Helper-Compact_full1025.exe Win32/InstallCore.Gen.A potentially unwanted application E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\vpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYD7E73.tmp.1449435144\HTA\install.1449435144.zip a variant of Win32/OpenCandy.G potentially unsafe application E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYD7FD9.tmp.1449435013\HTA\install.1449435013.zip a variant of Win32/OpenCandy.G potentially unsafe application E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYD9933.tmp.1449434757\HTA\install.1449434757.zip a variant of Win32/OpenCandy.G potentially unsafe application E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYDD222.tmp.1456388599\HTA\install.1456388599.zip a variant of Win32/OpenCandy.G potentially unsafe application E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYDE16E.tmp.1456388734\HTA\install.1456388734.zip a variant of Win32/OpenCandy.G potentially unsafe application E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYDE446.tmp.1449434318\HTA\install.1449434318.zip a variant of Win32/OpenCandy.G potentially unsafe application E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\oc_B28F\OCDLL.dll a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\~un090dad793\u093617b39.exe a variant of Win32/InstallCore.ACL potentially unwanted application E:\backup 05-07-16\Users\Fernando\AppData\Local\Wondershare\WSHelper\Wondershare-Helper-Compact_full1025.exe Win32/InstallCore.Gen.A potentially unwanted application E:\backup 05-07-16\Users\Fernando\AppData\Local\ZJMedia\PerfectRoot\files\Superuser.apk a variant of Android/DroidRooter.AG potentially unsafe application E:\backup 05-07-16\Users\Fernando\AppData\Roaming\winsystem32.dll a variant of Win64/Spy.Banker.R trojan E:\backup 05-07-16\Users\Fernando\AppData\Roaming\IObit\IObit Uninstaller\UninstallPromotetemp.exe a variant of Win32/IObit.J potentially unwanted application E:\backup 05-07-16\Users\Public\Documents\Downloaded Installers\{A5457401-D56A-43F2-9524-78E54A7FC07A}\setup.msi a variant of Win32/UwS.SlimDrivers.A application E:\backup 05-07-16\Users\Public\Documents\Wondershare\drfone-for-android_full1464.exe multiple threats E:\DRIVERS - NÃO APAGAR\Babylon.v10.0.2.r13\Babylon10_PCE_setup.msi a variant of Win32/Toolbar.Babylon.P potentially unwanted application E:\DRIVERS - NÃO APAGAR\Babylon.v10.0.2.r13\PATCH.rar a variant of Win32/HackTool.Patcher.A potentially unsafe application E:\Minha Pasta\01 - Telefone\01 - Cartão SD Telefone\Disco removível\Arquivos apk\YouTube-tubemate.6.74.apk a variant of Android/Inmobi.D potentially unsafe application E:\Minha Pasta\Documents\advanced-systemcare-setup.exe a variant of Win32/IObit.M potentially unwanted application E:\Minha Pasta\Documents\FreeYouTubeDownload.exe a variant of Win32/OpenCandy.A potentially unsafe application E:\Minha Pasta\Downloads\4880.tmp a variant of Win32/InstallCore.ACL potentially unwanted application E:\Minha Pasta\Downloads\avc-free (1).exe Win32/OpenCandy potentially unsafe application E:\Minha Pasta\Downloads\ccsetup321.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application E:\Minha Pasta\Downloads\ccsetup322.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application E:\Minha Pasta\Downloads\ccsetup401.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application E:\Minha Pasta\Downloads\FFSetup3.0.1.1.zip a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application E:\Minha Pasta\Downloads\FFSetup3.6.0.0.exe a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application E:\Minha Pasta\Downloads\iMeshV11.exe Win32/Toolbar.SearchSuite.Y potentially unwanted application E:\Minha Pasta\Downloads\rcsetup142.exe Win32/Bundled.Toolbar.Google.E potentially unsafe application E:\Minha Pasta\Downloads\unchecky_setup.exe a variant of Win32/InstallCore.ACL potentially unwanted application E:\Minha Pasta\Programas\avc-free.exe Win32/OpenCandy potentially unsafe application E:\Minha Pasta\Programas\FreeYouTubeToMP3Converter.exe a variant of Win32/OpenCandy.A potentially unsafe application E:\Minha Pasta\Programas\JDownloaderSetup_kikin.exe Win32/Kikin.A potentially unwanted application E:\Minha Pasta\Programas\Uncheky.rar Win32/InstallCore.ACL potentially unwanted application E:\Minha Pasta\Programas\WirelessKeyView.exe Win32/WirelessKeyView.A potentially unsafe application E:\Minha Pasta\Programas\wirelesskeyview.zip Win32/WirelessKeyView.A potentially unsafe application E:\Minha Pasta\Programas\Adobe\Adobe Acrobat Pro DC 2016 (PDF)\Adobe Acrobat Pro DC 2016.rar a variant of Win32/HackTool.Patcher.CH potentially unsafe application E:\Minha Pasta\Programas\Adobe\Adobe Acrobat Pro DC 2016 (PDF)\Crack Adobe Acrobat DC 2016.rar a variant of Win32/HackTool.Patcher.CH potentially unsafe application E:\Minha Pasta\Programas\Adobe\Adobe Acrobat Pro DC 2016 (PDF)\Crack\Patcher.exe a variant of Win32/HackTool.Patcher.CH potentially unsafe application E:\Minha Pasta\Programas\Adobe\Adobe Acrobat Pro DC 2016 (PDF)\Crack Adobe Acrobat DC 2016\Patcher.exe a variant of Win32/HackTool.Patcher.CH potentially unsafe application E:\Minha Pasta\Programas\Adobe\Crack\ADOBE_ACROBAT_PRO_DC_V2015_MULTI-XFORCE.rar OSX/Keygen.AC potentially unsafe application E:\Minha Pasta\Programas\Adobe\Crack\Crack.rar a variant of Win32/HackTool.Patcher.CH potentially unsafe application E:\Minha Pasta\Programas\ConvertXtoDVD\Convert 5\Como Instalar e ativar ConvertXtoDVD 5.0 .rar a variant of Win32/HackTool.Crack.BR potentially unsafe application E:\Minha Pasta\Programas\File View\2015_FileViewPro_Setup (1).rar Win32/Solvusoft.B potentially unwanted application E:\Minha Pasta\Programas\File View\2015_FileViewPro_Setup.exe Win32/Solvusoft.B potentially unwanted application E:\Minha Pasta\Programas\Format Factory\FFSetup3.0.1.1.exe a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application E:\Minha Pasta\Programas\MKV to avi\avc-free.exe Win32/OpenCandy potentially unsafe application E:\Minha Pasta\Programas\PC Heaslth Advisor\Paretologic PC Health Advisor 3.1.4.0.rar a variant of Win32/RegCure.A potentially unwanted application E:\Minha Pasta\Programas\PC Heaslth Advisor\Paretologic PC Health Advisor 3.1.4.0\Paretologic PC Health Advisor 3.1.4.0\ParetoLogic PC Health Advisor.exe a variant of Win32/RegCure.A potentially unwanted application E:\Minha Pasta\Programas\PC Heaslth Advisor\Paretologic PC Health Advisor 3.1.4.0\Paretologic PC Health Advisor 3.1.4.0\Crack\PCHA.exe a variant of Win32/RegCure.A potentially unwanted application E:\Minha Pasta\Programas\Programas do Backup DVD\Monitor\Keygen\Keymaker.exe a variant of Win32/Keygen.MP potentially unsafe application E:\Minha Pasta\Programas\Programas do Backup DVD\Nero Burning\- Adobe Acrobat Reader 8 Professional (Con Crack).iso a variant of Win32/Keygen.AH potentially unsafe application E:\Minha Pasta\Programas\Programas do Backup DVD\Nero Burning\Nero.Ultra.Edition.v8.0.3.0.MULTILANGUAGE.rar Win32/Toolbar.AskSBar potentially unwanted application E:\Minha Pasta\Programas\Uncheky\Uncheky.exe Win32/InstallCore.ACL potentially unwanted application E:\Minha Pasta\Programas\Vdownloader\VDownloaderSetup2.8.387.exe Win32/OpenCandy potentially unsafe application E:\Minha Pasta\Programas\Videopad\vppsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application E:\Minha Pasta\Programas\WavePad\WavePad Sound Editor Masters Edition v5.90\WavePad-Sound-Editor-Masters-Edition-v5.90.rar a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application E:\Minha Pasta\Programas\WavePad\WavePad Sound Editor Masters Edition v5.90\wpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application E:\Minha Pasta\Programas\WavePad\WavePad Sound Editor Masters Edition v5.90\WavePad Sound Editor Masters Edition v5.90\wpsetup.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application E:\Minha Pasta\Programas\YouTube video downloader\myCOM - YTD Video Downloader Pro 4.8.9.7 Setup + Crack\YTDSetup.exe a variant of Win32/Toolbar.Widgi.W potentially unwanted application E:\Office 2010\crack\Office 2010 Toolkit.exe a variant of MSIL/HackKMS.G potentially unsafe application C:\AdwCleaner\Quarantine\v1\20180906.064603\1\Downloaded Installers\{18720A54-6C82-4BF3-91B2-D7DCCE723557}\setup.msi#7B238CD47778005F a variant of Win32/UwS.SlimDrivers.A application deleted C:\Program Files\TechSmith\Camtasia 9\Camtasia 09 + Crack + Vídeo 2017-2018\Camtasia 09 + Desenhando Códigos.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted C:\Program Files (x86)\IObit\IObit Uninstaller\IObitDownloader.exe a variant of Win32/IObit.L potentially unwanted application cleaned by deleting C:\Program Files (x86)\IObit\IObit Uninstaller\IU800827_patch.exe a variant of Win32/IObit.E potentially unwanted application cleaned by deleting C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallPromote.exe a variant of Win32/IObit.J potentially unwanted application cleaned by deleting C:\Program Files (x86)\NCH Software\VideoPad\videopadsetup_v3.61.exe a variant of Win32/Bundled.Toolbar.Google.C potentially unsafe application deleted C:\ProgramData\IObit\IObit Uninstaller\Downloader\un\uTorrent_IU.exe a variant of MSIL/WebCompanion.A potentially unwanted application cleaned by deleting C:\Users\Fernando\AppData\Local\Google\Chrome\User Data\Default\Cache\f_005a0e JS/Adware.Agent.AA application D:\backup 17-11-16\Users\Fernando\AppData\Local\Temp\HYDDCD9.tmp.1478936207\HTA\scripts\uninstall.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting D:\backup 17-11-16\Users\Fernando\AppData\Local\Temp\HYDDCD9.tmp.1478936207\HTA\shell_scripts\shell_install_offer.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYD7E73.tmp.1449435144\HTA\scripts\install.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYD7E73.tmp.1449435144\HTA\scripts\uninstall.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYD7E73.tmp.1449435144\HTA\shell_scripts\shell_install_offer.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYD7FD9.tmp.1449435013\HTA\scripts\install.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYD7FD9.tmp.1449435013\HTA\scripts\uninstall.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYD7FD9.tmp.1449435013\HTA\shell_scripts\shell_install_offer.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYD9933.tmp.1449434757\HTA\install.1449434757.zip Win32/OpenCandy.J potentially unsafe application deleted E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYD9933.tmp.1449434757\HTA\scripts\install.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYD9933.tmp.1449434757\HTA\scripts\uninstall.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYD9933.tmp.1449434757\HTA\shell_scripts\shell_install_offer.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYDD222.tmp.1456388599\HTA\install.1456388599.zip Win32/OpenCandy.J potentially unsafe application deleted E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYDD222.tmp.1456388599\HTA\scripts\install.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYDD222.tmp.1456388599\HTA\scripts\uninstall.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYDD222.tmp.1456388599\HTA\shell_scripts\shell_install_offer.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYDE16E.tmp.1456388734\HTA\install.1456388734.zip Win32/OpenCandy.J potentially unsafe application deleted E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYDE16E.tmp.1456388734\HTA\scripts\install.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYDE16E.tmp.1456388734\HTA\scripts\uninstall.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYDE16E.tmp.1456388734\HTA\shell_scripts\shell_install_offer.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYDE446.tmp.1449434318\HTA\install.1449434318.zip Win32/OpenCandy.J potentially unsafe application deleted E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYDE446.tmp.1449434318\HTA\scripts\install.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYDE446.tmp.1449434318\HTA\scripts\uninstall.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\backup 05-07-16\Users\Fernando\AppData\Local\Temp\HYDE446.tmp.1449434318\HTA\shell_scripts\shell_install_offer.js Win32/OpenCandy.J potentially unsafe application cleaned by deleting E:\Minha Pasta\Programas\Adobe\Crack\Adobe CC 2015.5 XFORCE Activation.zip BAT/HostsChanger.A potentially unsafe application deleted
  4. Fernando Agustini

    Remover livestream123.info

    Log MBAM Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 15/09/2018 Hora da análise: 06:43 Arquivo de registro: dddec14a-b8cb-11e8-800a-00016c7b8b04.json -Informação do software- Versão: 3.5.1.2522 Versão de componentes: 1.0.441 Versão do pacote de definições: 1.0.6841 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 10 (Build 17134.285) CPU: x64 Sistema de arquivos: NTFS Usuário: DESKTOP-25E6IF0\Fernando -Resumo da análise- Tipo de análise: Análise de Ameaças Análise Iniciada Por: Manual Resultado: Concluído Objetos verificados: 343775 Ameaças detectadas: 1 Ameaças em quarentena: 1 Tempo decorrido: 2 min, 22 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Log Hijaqckthis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 07:23:27, on 15/09/2018 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Users\Fernando\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Intel Driver Update Utility\DSATray.exe C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe D:\01 - Dados de Usuários - Não Apagar\Fernando\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DSATray] C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKLM\..\Run: [Babylon Client] C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe -AutoStart O4 - HKCU\..\Run: [OneDrive] "C:\Users\Fernando\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [7B346E802E27E4400553AC1EE71F48F4D73CB0F2._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service /prefetch:8 O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_5DC164A90031ABD45897C38A1D6262AA] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 O4 - HKCU\..\Run: [uTorrent] "C:\Users\Fernando\AppData\Roaming\uTorrent\uTorrent.exe" O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office16\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra button: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: aapj.bb.com.br O15 - Trusted Zone: seg.bb.com.br O15 - Trusted Zone: www.bb.com.br O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: cloud.gastecnologia.com.br O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Anvi Cloud System Booster Speed Service (AnviCsbSvc) - Anvisoft - C:/Program Files (x86)/Anvisoft/Cloud System Booster/CSBSvc.exe O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: Intel(R) Driver and Support Assistant (DSAService) - Intel - C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: Unchecky - Reason Software Company Inc. - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing) -- End of file - 12340 bytes
  5. Fernando Agustini

    Remover livestream123.info

    Bom dia. Log do ZHPCleaner: ~ ZHPCleaner v2018.9.3.169 by Nicolas Coolman (2018/09/03) ~ Run by Fernando (Administrator) (12/09/2018 07:20:11) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : D:\01 - Dados de Usuários - Não Apagar\Fernando\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Fernando\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Home Single Language, 64-bit (Build 17134) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (1) DELETED: [kyhe77j3.default] - user_pref("extensions.xpiState", "{\"app-system-defaults\":{\"aushelper@mozilla.org\":{\"d\":\"C:\\\[...] =>Adware.Babylon ---\\ Hosts file (1) ~ The hosts file is legitimate (78) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (16) MOVED file: C:\Users\Fernando\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Babylon.lnk [Bad : C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe](.Babylon Ltd..) =>Adware.Babylon MOVED file: C:\Users\Public\Desktop\Babylon.lnk [Bad : C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe](.Babylon Ltd..) =>Adware.Babylon MOVED file: C:\Users\Public\Desktop\µTorrent.lnk [Bad : C:\Users\Fernando\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file^: C:\Program Files (x86)\Babylon\Babylon-Pro\Plugins\ocr@babylon.com =>Adware.Babylon MOVED file: C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe [ - Language Application] =>Heuristic.Salus MOVED file: C:\Windows\Prefetch\BABYLON.EXE-9D5C5354.pf =>Adware.Babylon MOVED file: C:\Windows\AutoKMS\AutoKMS.exe [CODYQX4 - AutoKMS] =>HackTool.AutoKMS MOVED file: C:\Windows\AutoKMS\AutoKMS.log =>HackTool.AutoKMS MOVED folder^: C:\Program Files (x86)\Babylon =>Adware.Babylon MOVED folder: C:\ProgramData\Babylon =>Adware.Babylon MOVED folder: C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Babylon =>Adware.Babylon MOVED folder: C:\Windows\AutoKMS =>HackTool.AutoKMS MOVED folder^: C:\Users\Fernando\AppData\Roaming\Babylon =>Adware.Babylon MOVED folder: C:\Users\Fernando\AppData\Local\Babylon =>Adware.Babylon MOVED folder: C:\Users\Fernando\AppData\Local\Temp\Babylon =>Adware.Babylon ---\\ Registry ( Key, Value, Data) (20) DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE [] =>Adware.Babylon DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman] =>PUP.Optional.Camec DELETED key*: [X64] HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho [Babylon IE plugin] =>Adware.Babylon DELETED key*: [X64] HKLM\SOFTWARE\Classes\BabylonIEPI.BabylonIEBho.1 [Babylon IE plugin] =>Adware.Babylon DELETED key*: [X64] HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin [OfficeAddin Class] =>Adware.Babylon DELETED key*: [X64] HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin.1 [OfficeAddin Class] =>Adware.Babylon DELETED key*: [X64] HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin64 [OfficeAddin Class] =>Adware.Babylon DELETED key*: [X64] HKLM\SOFTWARE\Classes\BabylonOfficeAddin.OfficeAddin64.1 [OfficeAddin Class] =>Adware.Babylon DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04E236517CFC1A74887006C69A519379 [01:\Software\Microsoft\Babylon\QuickIcon_Shortcut (Not File)] =>Adware.Babylon DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\04F1FD7058A2C1249B33191CB78C212E [C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonDocTranslation64PI.dll (Not File)] =>Adware.Babylon DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\05264ABCD80D9C74385149AE171F1340 [C:\Program Files (x86)\Babylon\Babylon-Pro\BException.dll] =>Adware.Babylon DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0772E6FB874E57B46ACDF689B89C2072 [C:\Program Files (x86)\Babylon\Babylon-Pro\Plugins\ocr@babylon.com\chrome\content\overlay.js (Not File)] =>Adware.Babylon DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\086A60C5778192E43B4FB78EFEF19686 [C:\Program Files (x86)\Babylon\Babylon-Pro\Plugins\ocr@babylon.com\chrome.manifest (Not File)] =>Adware.Babylon DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\BabylonHelper.EXE [] =>Adware.Babylon DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56} [secman] =>PUP.Optional.Camec DELETED key*: [X64] HKLM\SOFTWARE\Classes\CLSID\{B5E7C3E9-37BF-4b5c-8234-F5DC02111B23} [OfficeAddin Class] =>Adware.Babylon DELETED key: [X64] HKLM\SOFTWARE\Classes\CLSID\{B5E7C3E9-37BF-4b5c-8234-F5DC02111B23}\InprocServer32 [C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonOffice64PI.dll (Not File)] =>Adware.Babylon DELETED value: HKLM64\SOFTWARE\Wow6432Node\Mozilla\Firefox\Extensions\\ocr@babylon.com [C:\Program Files (x86)\Babylon\Babylon-Pro\Plugins\ocr@babylon.com] =>Adware.Babylon DELETED value: HKLM64\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\LanguageShortcut [C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe] =>Heuristic.Salus DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_5DC164A90031ABD45897C38A1D6262AA ["C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5] =>PUP.Optional.MyBrowser ---\\ Summary of the elements found (6) https://nicolascoolman.eu/2017/03/03/adware-babylon/ =>Adware.Babylon https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P) https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Heuristic.Salus https://nicolascoolman.eu/2017/02/02/hacktool-autokms/ =>HackTool.AutoKMS https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.Camec https://nicolascoolman.eu/2017/11/01/adware-mybrowser/ =>PUP.Optional.MyBrowser ---\\ Other deletions. (5) ~ Registry Keys Tracing deleted (5) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Opera Software) ~ The system has been restarted. ---\\ Statistics ~ Items scanned : 959 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 0/7 ~ Space saving (bytes) : 0 ~ End of clean in 00h00mn58s ---\\ Reports (2) ZHPCleaner--12092018-06_20_47.txt ZHPCleaner-[R]-12092018-07_21_09.txt Log do HijackYhis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 07:39:19, on 12/09/2018 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe C:\Users\Fernando\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Intel Driver Update Utility\DSATray.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe D:\01 - Dados de Usuários - Não Apagar\Fernando\Downloads\HijackThis.exe C:\HijackThis (4).exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DSATray] C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\Fernando\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [7B346E802E27E4400553AC1EE71F48F4D73CB0F2._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service /prefetch:8 O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_5DC164A90031ABD45897C38A1D6262AA] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'SERVIÇO DE REDE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office16\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra button: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: aapj.bb.com.br O15 - Trusted Zone: seg.bb.com.br O15 - Trusted Zone: www.bb.com.br O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: cloud.gastecnologia.com.br O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Anvi Cloud System Booster Speed Service (AnviCsbSvc) - Anvisoft - C:/Program Files (x86)/Anvisoft/Cloud System Booster/CSBSvc.exe O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: Intel(R) Driver and Support Assistant (DSAService) - Intel - C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: SpyHunter 5 Kernel (EsgShKernel) - EnigmaSoft Limited - C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: SpyHunter 5 Kernel Monitor (ShMonitor) - EnigmaSoft Limited - C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: Unchecky - Reason Software Company Inc. - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing) -- End of file - 12854 bytes
  6. Fernando Agustini

    Remover livestream123.info

    Tenho visto odos os dias mensagens de que o livestream123.info foi atualizado em segundo plano. Como não instalei (ao menos que saiba) e não sei o que é, procurei na internet e vi que é recomendável desinstalar, pois pode ser nocivo. Recomendaram um anti malwere e instalei o SuperAntiSpywere, mas não resolveu. Por isso segui as instruções e está aí o Log. Peço por favor que o analisem e me orientem, se possível. Obrigado. Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 10:43:33, on 10/09/2018 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Program Files (x86)\Unchecky\bin\unchecky_bg.exe C:\Program Files (x86)\Babylon\Babylon-Pro\Babylon.exe C:\Users\Fernando\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Intel Driver Update Utility\DSATray.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe C:\Program Files (x86)\FastStone Capture\FSCapture.exe D:\HijackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit= O2 - BHO: Skype for Business Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\Office16\GROOVEEX.DLL O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files (x86)\CyberLink\PowerDVD\PDVDServ.exe" O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD\Language\Language.exe" O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [DSATray] C:\Program Files (x86)\Intel Driver Update Utility\DsaTray.exe O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\Fernando\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [7B346E802E27E4400553AC1EE71F48F4D73CB0F2._service_run] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=service /prefetch:8 O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_5DC164A90031ABD45897C38A1D6262AA] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5 O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'SERVIÇO DE REDE') O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~1\Office16\ONBttnIE.dll/105 O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Translate this web page with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/ActionTU.htm O8 - Extra context menu item: Translate with Babylon - res://C:\Program Files (x86)\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Action.htm O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIE.dll O9 - Extra button: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: @%CommonProgramFiles%\Microsoft Shared\Office16\oregres.dll,-430 - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office16\OCHelper.dll O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O13 - Gopher Prefix: O15 - Trusted Zone: www.bancobrasil.com.br O15 - Trusted Zone: www14.bancobrasil.com.br O15 - Trusted Zone: www2.bancobrasil.com.br O15 - Trusted Zone: aapj.bb.com.br O15 - Trusted Zone: seg.bb.com.br O15 - Trusted Zone: www.bb.com.br O15 - Trusted Zone: http://www.bb.com.br O15 - Trusted Zone: http://www.caixa.gov.br O15 - Trusted Zone: cloud.gastecnologia.com.br O18 - Protocol: mso-minsb.16 - {3459B272-CC19-4448-86C9-DDC3B4B2FAD3} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\MSOXMLMF.DLL O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Anvi Cloud System Booster Speed Service (AnviCsbSvc) - Anvisoft - C:/Program Files (x86)/Anvisoft/Cloud System Booster/CSBSvc.exe O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\x64\aswidsagenta.exe O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: Intel(R) Driver and Support Assistant (DSAService) - Intel - C:\Program Files (x86)\Intel Driver Update Utility\DSAService.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: SpyHunter 5 Kernel (EsgShKernel) - EnigmaSoft Limited - C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe O23 - Service: IObit Uninstaller Service (IObitUnSvr) - IObit - C:\Program Files (x86)\IObit\IObit Uninstaller\IUService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared Files\RichVideo.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: SpyHunter 5 Kernel Monitor (ShMonitor) - EnigmaSoft Limited - C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files (x86)\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: Unchecky - Reason Software Company Inc. - C:\Program Files (x86)\Unchecky\bin\unchecky_svc.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing) -- End of file - 13026 bytes
  7. Fernando Agustini

    Remover livestream123.info

    Olá pessoal, bom dia. Como remover livestream123.info?
×