Ir para conteúdo

leonardo leo

  • Postagens

    3
  • Desde

  • Última visita

  1. leonardo leo

    Solicitação de ajuda com remoção de virus

    ok obrigado pela informação. irei adquirir cópia original, acho que o post pode ser encerrado.
  2. leonardo leo

    Solicitação de ajuda com remoção de virus

    segue abaixo logs ~ ZHPCleaner v2018.9.14.172 by Nicolas Coolman (2018/09/14) ~ Run by Leonardo (Administrator) (15/09/2018 19:26:50) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Repair ~ Report : C:\Users\Leonardo\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Leonardo\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 17134) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (6) DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\webcompanion.com\\http [Bad : Sensitive Websites] =>PUP.Optional.LavasoftWebCompanion DELETED: [3i9pimfz.default] - user_pref("browser.newtab.url", "file:///C:/ProgramData/Kolnixos/ff.NT"); =>.SUP.Linkury DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer [Bad : http=127.0.0.1:8888;] =>Hijacker.Proxy DELETED data: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable [Bad : 0] =>Hijacker.Proxy DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings [Bad : Port=8888] =>Hijacker.Proxy DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings [Bad : Port=8888] =>Hijacker.Proxy ---\\ Hosts file (1) ~ The hosts file is legitimate (33) ---\\ Scheduled automatic tasks. (1) DELETED task: [One System CarePeriod] [C:\Windows\Tasks\One System CarePeriod.job (Not File) ] =>PUP.Optional.OneSystemCare ---\\ Explorer ( File, Folder) (21) MOVED file: C:\Users\Leonardo\Desktop\µTorrent.lnk [Bad : C:\Users\Leonardo\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\Users\Leonardo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk [Bad : C:\Users\Leonardo\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..) =>BitTorrent (P2P) MOVED file: C:\Windows\Tasks\One System CarePeriod.job =>PUP.Optional.OneSystemCare MOVED file: C:\Windows\Prefetch\KMSPICO-11-KMSPICO-INFO.EXE-35039B4C.pf =>HackTool.KMSpico MOVED file: C:\Windows\Prefetch\KOLNIXO.EXE-57F378B1.pf =>.SUP.Linkury MOVED file: C:\Windows\Prefetch\ONESYSTEMCARE.TMP-2E3A5D88.pf =>PUP.Optional.OneSystemCare MOVED file: C:\Windows\Prefetch\ONESYSTEMCARE.TMP-43B44F8F.pf =>PUP.Optional.OneSystemCare MOVED file: C:\Users\Leonardo\Downloads\uTorrent.exe [BitTorrent Inc. - µTorrent] =>BitTorrent (P2P) MOVED file^: C:\Windows\SysWOW64\SSL =>Trojan.Agent MOVED folder: C:\Program Files (x86)\OneSystemCare =>PUP.Optional.OneSystemCare MOVED folder: C:\ProgramData\723de468-1c15-1 =>.SUP.Polluteware MOVED folder: C:\ProgramData\723de468-5321-0 =>.SUP.Polluteware MOVED folder: C:\ProgramData\Kolnixos =>.SUP.Linkury MOVED folder: C:\ProgramData\Logic Cramble =>.SUP.Linkury MOVED folder: C:\ProgramData\panda_url_filtering =>.SUP.StartSearch MOVED folder: C:\ProgramData\PrefsSecure =>.SUP.Linkury MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico =>HackTool.KMSpico MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care =>PUP.Optional.OneSystemCare MOVED folder: C:\Users\Leonardo\AppData\Roaming\mmnfbtpiruz =>Heuristic.Wizzcaster MOVED folder: C:\Users\Leonardo\AppData\Roaming\mmyij0mubci =>Heuristic.Wizzcaster MOVED folder: C:\Users\Leonardo\AppData\Roaming\One System Care =>PUP.Optional.OneSystemCare ---\\ Registry ( Key, Value, Data) (16) DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} [https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVy[...]] [Search the web] =>PUP.Optional.IMBooster DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch [https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVy[...]] [Search the web] =>PUP.Optional.IMBooster DELETED key: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{ielnksrch} [https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJJTZbYSOlhN0YWq4tmC4hPD3TdIlD-L41k9p3ViPGDDePwk2LJyBXu_Ch4O0oacyYnigjxrCJybFyvOVIcDZuPHGP_SZXyKtycLcLF99ITKDEDk-JRQBiFpVnlk0boIdz3xGWShCNrfd95zCcY54y3FeziJg,,&q={searchTerms}] =>PUP.Optional.IMBooster DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch [https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJJTZbYSOlhN0YWq4tmC4hPD3TdIlD-L41k9p3ViPGDDePwk2LJyBXu_Ch4O0oacyYnigjxrCJybFyvOVIcDZuPHGP_SZXyKtycLcLF99ITKDEDk-JRQBiFpVnlk0boIdz3xGWShCNrfd95zCcY54y3FeziJg,,&q={searchTerms}] =>PUP.Optional.IMBooster DELETED key*: HKCU\Software\WajIEnhance [] =>PUP.Optional.Wajam DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.] =>BitTorrent (P2P) DELETED key*: HKU\S-1-5-21-1235788383-3236170941-3412556670-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com [] =>PUP.Optional.LavasoftWebCompanion DELETED key*: HKCU\Software\Lavasoft\Web Companion [] =>PUP.Optional.LavasoftWebCompanion DELETED key: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com [] =>PUP.Optional.LavasoftWebCompanion DELETED key*: HKLM\SOFTWARE\Wow6432Node\Lavasoft\Web Companion [] =>PUP.Optional.LavasoftWebCompanion DELETED key*: HKLM\SOFTWARE\Wow6432Node\pandasecuritytb [] =>.SUP.VisicomMedia DELETED key: HKLM\SOFTWARE\Lavasoft\Web Companion [] =>PUP.Optional.LavasoftWebCompanion DELETED key: HKLM\SOFTWARE\pandasecuritytb [] =>.SUP.VisicomMedia DELETED key*: [X64] HKLM\SOFTWARE\Classes\AppID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 [] =>PUP.Optional.Wajam DELETED key*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MWQ2OD [SearchAwesome] =>Adware.SearchAwesome DELETED key: [X64] HKLM\SOFTWARE\Wow6432Node\Classes\AppID\56BF5154-0B48-4ADB-902A-6C8B12E270D9 [] =>PUP.Optional.Wajam ---\\ Summary of the elements found (14) https://nicolascoolman.eu/2017/03/12/superfluous-lavasoftwebcompanion/ =>PUP.Optional.LavasoftWebCompanion https://nicolascoolman.eu/2017/09/07/pup-optional-salus/ =>.SUP.Linkury https://nicolascoolman.eu/2017/04/03/hijacker-proxy/ =>Hijacker.Proxy https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>PUP.Optional.OneSystemCare https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>BitTorrent (P2P) https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/ =>HackTool.KMSpico https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/ =>Trojan.Agent https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Polluteware https://nicolascoolman.eu/2017/09/11/sup-startsearch/ =>.SUP.StartSearch https://nicolascoolman.eu/2017/09/15/adware-wizzcaster/ =>Heuristic.Wizzcaster https://nicolascoolman.eu/2017/09/08/adware-imbooster/ =>PUP.Optional.IMBooster https://nicolascoolman.eu/2017/02/24/pup-optional-wajam/ =>PUP.Optional.Wajam https://nicolascoolman.eu/2017/03/18/superfluous-visicommedia/ =>.SUP.VisicomMedia https://nicolascoolman.eu/2017/09/15/adware-searchawesome/ =>Adware.SearchAwesome ---\\ Other deletions. (40) ~ Registry Keys Tracing deleted (40) ~ Remove the old reports ZHPCleaner. (0) ---\\ Result of repair ~ Repair carried out successfully ~ Browser not found (Google Chrome) ~ Browser not found (Opera Software) ~ The system has been restarted. ---\\ Statistics ~ Items scanned : 1110 ~ Items found : 0 ~ Items cancelled : 0 ~ Items options : 0/7 ~ Space saving (bytes) : 0 ~ End of clean in 00h00mn33s ---\\ Reports (2) ZHPCleaner--15092018-19_25_41.txt ZHPCleaner-[R]-15092018-19_27_23.txt -------------------------------------------------------------------------------------------------- HijackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 19:31:48, on 15/09/2018 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJJTZbYSOlhN0YWq4tmC4hPD3TdIlD-L41k9p3ViPGDDePwk2LJyBXu_Ch4O0oacyYnigjxrCJybFyvOVIcDZuPHGP_SZXyKtycLcLF99ITKDEDk-JRQBiFpVnlk0boIdz3xGWShCNrfd95zCcY54y3FeziJg,,&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJJTZbYSOlhN0YWq4tmC4hPD3TdIlD-L41k9p3ViPGDDePwk2LJyBXu_Ch4O0oacyYnigjxrCJybFyvOVIcDZuPHGP_SZXyKtycLcLF99ITKDEDk-JRQBiFpVnlk0boIdz3xGWShCNrfd95zCcY54y3FeziJg,,&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJJTZbYSOlhN0YWq4tmC4hPD3TdIlD-L41k9p3ViPGDDePwk2LJyBXu_Ch4O0oacyYnigjxrCJybFyvOVIcDZuPHGP_SZXyKtycLcLF99ITKDEDk-JRQBiFpVnlk0boIdz3xGWShCNrfd95zCcY54y3FeziJg,,&q={searchTerms} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJJTZbYSOlhN0YWq4tmC4hPD3TdIlD-L41k9p3ViPGDDePwk2LJyBXu_Ch4O0oacyYrPnipbT_eh2ZRB1AJ-JvnWuF9zhaRmbUoaOBcI4iJtw-2_IGgVgCA-OGjWeJ_GIPJiFE5LKiTy7qhxkjA3-TGU1acUA,, R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJJTZbYSOlhN0YWq4tmC4hPD3TdIlD-L41k9p3ViPGDDePwk2LJyBXu_Ch4O0oacyYnigjxrCJybFyvOVIcDZuPHGP_SZXyKtycLcLF99ITKDEDk-JRQBiFpVnlk0boIdz3xGWShCNrfd95zCcY54y3FeziJg,,&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080 R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe, O2 - BHO: Panda Safe Web - {b60873b9-51aa-4566-b2fc-c16de2ec8bff} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll O3 - Toolbar: Panda Safe Web - {b60873b9-51aa-4566-b2fc-c16de2ec8bff} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray O4 - HKCU\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup O4 - HKCU\..\Run: [Discord] C:\Users\Leonardo\AppData\Local\Discord\app-0.0.301\Discord.exe O4 - HKCU\..\Run: [6535252] "C:\Users\Leonardo\AppData\Roaming\mmnfbtpiruz\igfo2wassyt.exe" /VERYSILENT O4 - HKCU\..\Run: [DEQQCKNB8S61PR6] "C:\Program Files\9MMW538IW1\U0A130FEQ.exe" O4 - HKCU\..\Run: [188593] "C:\Users\Leonardo\AppData\Roaming\mmyij0mubci\lho2zgihuna.exe" /VERYSILENT O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'SERVIÇO DE REDE') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Background Logic Handler (backlh) - Unknown owner - C:\ProgramData\Logic Cramble\set.exe (file missing) O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe O23 - Service: btscService - AIAfeeCream - C:\ProgramData\btscService\btscService.exe O23 - Service: Developer Tools Service (DeveloperToolsService) - Unknown owner - C:\Windows\System32\DeveloperToolsSvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Gaming Registry Service (LogiRegistryService) - Logitech Inc. - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: MWQ2OD - Unknown owner - C:\Program Files\MWQ2OD\MzNkZDQz.exe O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Prefs Secure (Nettrans) - Unknown owner - C:\ProgramData\PrefsSecure\Nettrans.exe (file missing) O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe O23 - Service: Panda VPN Service - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe O23 - Service: panda_url_filtering Service (panda_url_filtering) - Visicom Media Inc. - C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing) O23 - Service: YzRmMzZiMDMzNTQ0M - Unknown owner - rundll32.exe (file missing) -- End of file - 10961 bytes
  3. Todos os procedimentos do tópico oficial já feitas Problema: várias janelas abrindo no navegador (firefox) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:41:55, on 15/09/2018 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Users\Leonardo\AppData\Roaming\mmnfbtpiruz\igfo2wassyt.exe C:\Users\Leonardo\AppData\Local\Temp\is-AIQ3D.tmp\igfo2wassyt.tmp C:\Users\Leonardo\AppData\Roaming\mmyij0mubci\lho2zgihuna.exe C:\Users\Leonardo\AppData\Local\Temp\is-4BGK7.tmp\lho2zgihuna.tmp C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe C:\Program Files (x86)\Panda Security\Panda Cloud Cleaner\PCloudCleaner.exe C:\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJJTZbYSOlhN0YWq4tmC4hPD3TdIlD-L41k9p3ViPGDDePwk2LJyBXu_Ch4O0oacyYnigjxrCJybFyvOVIcDZuPHGP_SZXyKtycLcLF99ITKDEDk-JRQBiFpVnlk0boIdz3xGWShCNrfd95zCcY54y3FeziJg,,&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJJTZbYSOlhN0YWq4tmC4hPD3TdIlD-L41k9p3ViPGDDePwk2LJyBXu_Ch4O0oacyYnigjxrCJybFyvOVIcDZuPHGP_SZXyKtycLcLF99ITKDEDk-JRQBiFpVnlk0boIdz3xGWShCNrfd95zCcY54y3FeziJg,,&q={searchTerms} R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJJTZbYSOlhN0YWq4tmC4hPD3TdIlD-L41k9p3ViPGDDePwk2LJyBXu_Ch4O0oacyYnigjxrCJybFyvOVIcDZuPHGP_SZXyKtycLcLF99ITKDEDk-JRQBiFpVnlk0boIdz3xGWShCNrfd95zCcY54y3FeziJg,,&q={searchTerms} R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://%66%65%65%64.%68%65%6C%70%65%72%62%61%72.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJJTZbYSOlhN0YWq4tmC4hPD3TdIlD-L41k9p3ViPGDDePwk2LJyBXu_Ch4O0oacyYrPnipbT_eh2ZRB1AJ-JvnWuF9zhaRmbUoaOBcI4iJtw-2_IGgVgCA-OGjWeJ_GIPJiFE5LKiTy7qhxkjA3-TGU1acUA,, R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = https://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBLoO-BhLymRVyoiO2t6mfQOs8M5OH4pNp6eRJJTZbYSOlhN0YWq4tmC4hPD3TdIlD-L41k9p3ViPGDDePwk2LJyBXu_Ch4O0oacyYnigjxrCJybFyvOVIcDZuPHGP_SZXyKtycLcLF99ITKDEDk-JRQBiFpVnlk0boIdz3xGWShCNrfd95zCcY54y3FeziJg,,&q={searchTerms} R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:8888; R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe, O2 - BHO: Panda Safe Web - {b60873b9-51aa-4566-b2fc-c16de2ec8bff} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll O3 - Toolbar: Panda Safe Web - {b60873b9-51aa-4566-b2fc-c16de2ec8bff} - C:\Program Files (x86)\pandasecuritytb\pandasecurityDx.dll O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray O4 - HKCU\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup O4 - HKCU\..\Run: [Discord] C:\Users\Leonardo\AppData\Local\Discord\app-0.0.301\Discord.exe O4 - HKCU\..\Run: [6535252] "C:\Users\Leonardo\AppData\Roaming\mmnfbtpiruz\igfo2wassyt.exe" /VERYSILENT O4 - HKCU\..\Run: [J6XCU4XOE3G64RT] "C:\Program Files (x86)\hk2kuiu4uyv\32DBT.exe" O4 - HKCU\..\Run: [DEQQCKNB8S61PR6] "C:\Program Files\9MMW538IW1\U0A130FEQ.exe" O4 - HKCU\..\Run: [7VM07TWTXL0S5OZ] "C:\Program Files\NZY6YXIMG0\O1POU4UEV.exe" O4 - HKCU\..\Run: [188593] "C:\Users\Leonardo\AppData\Roaming\mmyij0mubci\lho2zgihuna.exe" /VERYSILENT O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'SERVIÇO DE REDE') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.webcompanion.com O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Background Logic Handler (backlh) - Unknown owner - C:\ProgramData\Logic Cramble\set.exe O23 - Service: BattlEye Service (BEService) - Unknown owner - C:\Program Files (x86)\Common Files\BattlEye\BEService.exe O23 - Service: btscService - AIAfeeCream - C:\ProgramData\btscService\btscService.exe O23 - Service: Developer Tools Service (DeveloperToolsService) - Unknown owner - C:\Windows\System32\DeveloperToolsSvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: EasyAntiCheat - EasyAntiCheat Ltd - C:\Program Files (x86)\EasyAntiCheat\EasyAntiCheat.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Logitech Gaming Registry Service (LogiRegistryService) - Logitech Inc. - C:\Program Files\Logitech Gaming Software\Drivers\APOService\LogiRegistryService.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Prefs Secure (Nettrans) - Unknown owner - C:\ProgramData\PrefsSecure\Nettrans.exe O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe O23 - Service: Origin Web Helper Service - Electronic Arts - C:\Program Files (x86)\Origin\OriginWebHelperService.exe O23 - Service: Panda VPN Service - Unknown owner - C:\Program Files (x86)\Panda Security\Panda Security Protection\Hydra.Sdk.Windows.Service.exe O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe O23 - Service: panda_url_filtering Service (panda_url_filtering) - Visicom Media Inc. - C:\Program Files\Panda Security URL Filtering\Panda_URL_Filteringb.exe O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\SAMSUNG\USB Drivers\25_escape\conn\ss_conn_service.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing) O23 - Service: YzRmMzZiMDMzNTQ0M - Unknown owner - rundll32.exe (file missing) -- End of file - 11324 bytes
×