Ir para conteúdo
  • Cadastre-se

A partir do dia 19/11/2018, o foco do Fórum do BABOO é apenas Windows e Segurança Digital conforme informado no início de 2018.
As áreas que não têm relação com esses dois assuntos foram arquivadas e seus tópicos estão disponíveis para consulta na área Tópicos Antigos.

Conheça as novidades de 2019 para o BABOO e Fórum do BABOO

Adrianow

  • Postagens

    8
  • Desde

  • Última visita

Perfil

  • Estado
    Rio de Janeiro
  • Sexo
    masculino
  • Escolaridade
    2º grau completo
  • Área Profissional
    TI / Informática
  • Nível Profissional
    Autônomo

Como me contatar

  • Facebook
    https://www.facebook.com/adriano.carlos.98

Humor

  • Exausto
  • Me sentindo Exausto
  1. Adrianow

    Análise de Logs

    Obrigado pela ajuda.
  2. Adrianow

    Análise de Logs

    Log: C:\Users\Zer0_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc\31.2.7_0\js\contentScripts\contentScript.js JS/Chromex.Agent.AP trojan C:\Program Files (x86)\Common Files\CrashReports\23404\SetupUi.dll a variant of Win32/Adware.FileTour.FHQ application cleaned by deleting C:\Program Files (x86)\Common Files\CrashReports\7381\SetupUi.dll a variant of Win32/Adware.FileTour.FHQ application cleaned by deleting C:\Program Files (x86)\Common Files\CrashReports\8398\SetupUi.dll a variant of Win32/Adware.FileTour.FHQ application cleaned by deleting C:\Program Files (x86)\IObit\Driver Booster\6.0.2\AutoUpdate.exe a variant of Win32/IObit.N potentially unwanted application cleaned by deleting C:\Program Files (x86)\Panda Security\Panda Security Protection\LostandFound\Re-Loader.exe a variant of MSIL/HackTool.WinActivator.J potentially unsafe application deleted C:\Users\Zer0_\AppData\Local\Google\Chrome\User Data\Default\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc\31.2.7_0\js\background.js JS/Chromex.Agent.AP trojan cleaned by deleting C:\Users\Zer0_\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\Files\S0\4\server1[36].zip a variant of Win32/Beastdoor trojan deleted C:\Users\Zer0_\Google Drive\Ferramentas Tecnico em informatica\Ativadores\Ativar Permanente Office 2010\Crack Ativador Permanente Office 2010 By www.pcdowns.com.br\Office 2010 Toolkit.exe a variant of MSIL/HackKMS.A potentially unsafe application cleaned by deleting C:\Users\Zer0_\Google Drive\Ferramentas Tecnico em informatica\Ativadores\Super Pack KeyGen\Adobe Acrobat 7.0.rar Win32/Keygen.AAP potentially unsafe application deleted C:\Users\Zer0_\Google Drive\Ferramentas Tecnico em informatica\Ativadores\Super Pack KeyGen\AVG Anti-Virus 7.0.338.rar a variant of Win32/Keygen.AQ potentially unsafe application deleted C:\Users\Zer0_\Google Drive\Ferramentas Tecnico em informatica\Ativadores\Super Pack KeyGen\Call of Duty 2.rar a variant of Win32/Keygen.CU potentially unsafe application deleted C:\Users\Zer0_\Google Drive\Ferramentas Tecnico em informatica\Ativadores\Super Pack KeyGen\Macromedia Dreamweaver MX 6.0 SSG.rar a variant of Win32/Keygen.AQ potentially unsafe application deleted C:\Users\Zer0_\Google Drive\Ferramentas Tecnico em informatica\Ativadores\Super Pack KeyGen\Macromedia Fireworks MX 6.0 SSG.rar a variant of Win32/Keygen.AQ potentially unsafe application deleted C:\Users\Zer0_\Google Drive\Ferramentas Tecnico em informatica\Ativadores\Super Pack KeyGen\Nero 7 Full.rar a variant of Win32/Keygen.AJ potentially unsafe application deleted C:\Users\Zer0_\Google Drive\Ferramentas Tecnico em informatica\Ativadores\Super Pack KeyGen\Nero Burning Rom 6.0.0.28.rar a variant of Win32/Keygen.CY potentially unsafe application deleted C:\Users\Zer0_\Google Drive\Ferramentas Tecnico em informatica\Ativadores\Super Pack KeyGen\Nero Burning ROM 6.6 + MP3Pro.rar a variant of Win32/Keygen.CY potentially unsafe application deleted C:\Users\Zer0_\Google Drive\Ferramentas Tecnico em informatica\Ativadores\Super Pack KeyGen\Power DVD 7.rar a variant of Win32/Keygen.QU potentially unsafe application deleted C:\Users\Zer0_\Google Drive\Ferramentas Tecnico em informatica\best drivers\Files\Everest__2169.7z a variant of Win32/Keygen.AE potentially unsafe application deleted C:\Users\Zer0_\Google Drive\Programas\Microsoft Visio x64 2010.rar Win32/HackKMS.A potentially unsafe application deleted C:\Windows\KMS-R@1nhook.exe Win64/HackKMS.C potentially unsafe application cleaned by deleting G:\Backup pendrive.rar a variant of Win32/InstallCore.D potentially unwanted application deleted G:\Cursos, livros e Tutorias\Area Hacker\brutus-aet2 (2).rar Win32/PSWTool.Brutus potentially unsafe application deleted G:\Cursos, livros e Tutorias\Area Hacker\nc.exe Win32/RemoteAdmin.NetCat potentially unsafe application cleaned by deleting G:\Cursos, livros e Tutorias\Area Hacker\nc111nt.zip Win32/RemoteAdmin.NetCat potentially unsafe application deleted G:\Cursos, livros e Tutorias\Area Hacker\PwDump7 - [ Hackerinocente.coM ].rar Win32/PWDump.A potentially unsafe application deleted G:\Cursos, livros e Tutorias\Area Hacker\New Backdoor\Backdoor definition.exe Win32/RemoteAdmin.NetCat potentially unsafe application cleaned by deleting G:\Cursos, livros e Tutorias\Area Hacker\Programas\Cactus Joiner 2.5\Cactus Joiner 2[1].5 + Registrador - By Mago Rave.rar multiple threats deleted G:\Cursos, livros e Tutorias\Area Hacker\Programas\ProxyShell Hide IP\Keygen.exe a variant of Win32/Keygen.BC potentially unsafe application cleaned by deleting G:\Cursos, livros e Tutorias\Area Hacker\Programas\Unsecure\Uns12.exe a variant of Win32/HackTool.Unsecure.A potentially unsafe application cleaned by deleting G:\Fontes Famosas\vegas.pro.12.-patch.rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted
  3. Adrianow

    Análise de Logs

    Depois de muitas tentativas consegui iniciar o MBAM e responder aqui, o problema do explorer esta lento e icones brancos continua. Log MBAM: Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 12/12/2018 Hora da análise: 14:08 Arquivo de registro: 24e04f72-fe28-11e8-9798-74d435e08ccd.json -Informação do software- Versão: 3.6.1.2711 Versão de componentes: 1.0.463 Versão do pacote de definições: 1.0.8279 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 10 (Build 17134.471) CPU: x64 Sistema de arquivos: NTFS Usuário: DESKTOP-HM04AT7\Zer0_ -Resumo da análise- Tipo de análise: Análise de Ameaças Análise Iniciada Por: Manual Resultado: Concluído Objetos verificados: 282126 Ameaças detectadas: 44 Ameaças em quarentena: 42 Tempo decorrido: 2 min, 36 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Desabilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 1 Adware.Zdengo.Generic, C:\Windows\EJFYPLTXLT.EJF, Quarentena, [9368], [608505],1.0.8279 Chave de registro: 14 Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MGM1N, Quarentena, [475], [556539],1.0.8279 Adware.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\localNETService, Quarentena, [101], [603752],1.0.8279 PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarentena, [215], [236865],1.0.8279 PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarentena, [215], [236865],1.0.8279 PUP.Optional.Conduit, HKU\S-1-5-21-3011543786-269527790-1036262397-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarentena, [215], [236865],1.0.8279 Adware.SearchAwesome, HKLM\SOFTWARE\WOW6432NODE\SrcAAAesom Browser Enhancer, Quarentena, [7193], [509886],1.0.8279 Adware.SearchAwesome, HKLM\SOFTWARE\SrcAAAesom Browser Enhancer, Quarentena, [7193], [509886],1.0.8279 Adware.Zdengo.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MDdhZ, Quarentena, [9368], [608505],1.0.8279 Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{D7C92569-5998-FE09-4364-E713D2C207DE}, Quarentena, [5994], [601190],1.0.8279 Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{90FEEC9C-6D6A-44F4-ADE7-59F803C5485B}, Quarentena, [5994], [601190],1.0.8279 Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{90FEEC9C-6D6A-44F4-ADE7-59F803C5485B}, Quarentena, [5994], [601190],1.0.8279 Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{5FBEE3B1-CCFB-25A5-93B4-0BB31B025305}, Quarentena, [5994], [601196],1.0.8279 Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4E7B055A-210A-4162-898C-1688EC16B90C}, Quarentena, [5994], [601196],1.0.8279 Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{4E7B055A-210A-4162-898C-1688EC16B90C}, Quarentena, [5994], [601196],1.0.8279 Valor de registro: 6 Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Falha ao remover, [475], [-1],0.0.0 Adware.Wajam, HKU\S-1-5-21-3011543786-269527790-1036262397-1001\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0 Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Falha ao remover, [475], [-1],0.0.0 PUP.Optional.Conduit, HKU\S-1-5-21-3011543786-269527790-1036262397-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarentena, [215], [236865],1.0.8279 PUP.Optional.Conduit, HKU\S-1-5-21-3011543786-269527790-1036262397-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, Quarentena, [215], [236865],1.0.8279 Adware.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LOCALNETSERVICE|IMAGEPATH, Quarentena, [101], [603754],1.0.8279 Dados de registro: 1 PUP.Optional.Conduit, HKU\S-1-5-21-3011543786-269527790-1036262397-1001\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|START PAGE, Substituído, [215], [293058],1.0.8279 Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 2 Adware.Wajam, C:\PROGRAM FILES\MGM1N, Quarentena, [475], [556539],1.0.8279 Adware.Agent, C:\PROGRAMDATA\LOCALNETSERVICE, Quarentena, [101], [603752],1.0.8279 Arquivo: 20 PUP.Optional.FFHijacker.Generic, C:\PROGRAM FILES\MOZILLA FIREFOX\DEFAULTS\PREF\SECURE_CERT.JS, Quarentena, [5342], [505085],1.0.8279 Adware.Wajam, C:\PROGRAM FILES\MGM1N\WBE_uninstall.dat, Quarentena, [475], [556539],1.0.8279 Adware.Wajam, C:\Program Files\MGM1N\MmJkNzk.ico, Quarentena, [475], [556539],1.0.8279 Adware.Wajam, C:\Program Files\MGM1N\mozcrt19.dll, Quarentena, [475], [556539],1.0.8279 Adware.Wajam, C:\Program Files\MGM1N\NjRhMzFjNzJ.exe, Quarentena, [475], [556539],1.0.8279 Adware.Wajam, C:\Program Files\MGM1N\nspr4.dll, Quarentena, [475], [556539],1.0.8279 Adware.Wajam, C:\Program Files\MGM1N\nss3.dll, Quarentena, [475], [556539],1.0.8279 Adware.Wajam, C:\Program Files\MGM1N\plc4.dll, Quarentena, [475], [556539],1.0.8279 Adware.Wajam, C:\Program Files\MGM1N\plds4.dll, Quarentena, [475], [556539],1.0.8279 Adware.Wajam, C:\Program Files\MGM1N\service.dat, Quarentena, [475], [556539],1.0.8279 Adware.Wajam, C:\Program Files\MGM1N\service_64.dat, Quarentena, [475], [556539],1.0.8279 Adware.Wajam, C:\Program Files\MGM1N\softokn3.dll, Quarentena, [475], [556539],1.0.8279 Adware.Wajam, C:\Program Files\MGM1N\YjdjYmFkYWEzNTc4.exe, Quarentena, [475], [556539],1.0.8279 Adware.Wajam, C:\Program Files\MGM1N\ZTE0MGQzMjc5MGYyOWM, Quarentena, [475], [556539],1.0.8279 Adware.Agent, C:\PROGRAMDATA\LOCALNETSERVICE\LOCALNETSERVICE.EXE, Quarentena, [101], [603752],1.0.8279 Adware.Zdengo.Generic, C:\Windows\EJFYPLTXLT.EJF, Quarentena, [9368], [608505],1.0.8279 Trojan.BitCoinMiner.BatBitRst, C:\Windows\SYSTEM32\TASKS\{D7C92569-5998-FE09-4364-E713D2C207DE}, Quarentena, [5994], [601190],1.0.8279 Trojan.BitCoinMiner.BatBitRst, C:\Windows\SYSTEM32\TASKS\{5FBEE3B1-CCFB-25A5-93B4-0BB31B025305}, Quarentena, [5994], [601196],1.0.8279 PUP.Optional.Trovigo, C:\USERS\ZER0_\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Substituído, [376], [455258],1.0.8279 PUP.Optional.Trovigo, C:\USERS\ZER0_\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [376], [455258],1.0.8279 Setor físico: 0 (Nenhum item malicioso detectado) Instrumentação do Windows (WMI): 0 (Nenhum item malicioso detectado) (end) Log HijackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:14:01, on 11/12/2018 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\InstallShield\setup.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Program Files (x86)\IObit\Driver Booster\6.0.2\Pub\PubMonitor.exe C:\HijackThis.exe C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\FileCoAuth.exe C:\Program Files (x86)\Nox\bin\nox_adb.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=COSP&ptag=D120818-N0690A3904163984&form=CONMHP&conlogo=CT3335855 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe, O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [WallpaperEngine] "C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" -silent O4 - HKCU\..\Run: [Discord] C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net.exe" --autostarted O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12112018144051520\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O4 - Startup: IQTray.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.webcompanion.com O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Unknown owner - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (file missing) O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: MDdhZ - Unknown owner - rundll32.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing) -- End of file - 10787 bytes
  4. Adrianow

    Análise de Logs

    Tentei instalar o MBAM só que travava assim que entro na pagina ou até mesmo coloco pra fazer uma busca pelo MBAM no google, tentei o MBAM chamaleon e consegui instalar o MBAM só que assim que inicio ele, ele trava e não deixa eu fazer nada. Assim que entro no explorer do Windows ele fica carregando e demora muito pra carregar as pastas e os arquivos ficam com o ícone branco. Agora fica aparecendo essa mensagem do anexo a cada 5 minutos por ai...
  5. Adrianow

    Análise de Logs

    Log ZHPCleaner: ~ ZHPCleaner v2018.12.8.204 by Nicolas Coolman (2018/12/08) ~ Run by Zer0_ (Administrator) (11/12/2018 20:25:50) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Scan ~ Report : C:\Users\Zer0_\OneDrive\Área de Trabalho\ZHPCleaner.txt ~ Quarantine : C:\Users\Zer0_\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 17134) ---\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. (ADS) ---\ Services (0) ~ No malicious or unnecessary items found. (Service) ---\ Browser internet (0) ~ No malicious or unnecessary items found. (Browser) ---\ Hosts file (1) ~ The hosts file is legitimate (21) ---\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. (Task) ---\ Explorer ( File, Folder) (7) FOUND file: C:\Windows\Installer\MSI25A7.tmp =>.SUP.MSIInstaller FOUND file: C:\Users\Zer0_\AppData\Local\Temp\aria-debug-1444.log =>.SUP.Temporary.OneDrive FOUND file: C:\Users\Zer0_\AppData\Local\Temp\aria-debug-8644.log =>.SUP.Temporary.OneDrive FOUND file: C:\Users\Zer0_\AppData\Local\Temp\evbF79B.tmp =>.SUP.Temporary.Empty FOUND folder: C:\Program Files (x86)\Skillbrains\lightshot =>.SUP.Skillbrains FOUND folder: C:\Program Files (x86)\Skillbrains =>.SUP.Skillbrains FOUND folder: C:\Users\Zer0_\AppData\Local\Google\Chrome\User Data\Default\File System\000 =>.SUP.Temporary.Chrome ---\ Registry ( Key, Value, Data) (0) ~ No malicious or unnecessary items found. (Register) ---\ Summary of the elements found (5) https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.MSIInstaller https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.OneDrive https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Empty https://www.anti-malware.top/2016/04/30/superfluous-skillbrains/ =>.SUP.Skillbrains https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Chrome ---\ Result of repair ~ Any repair made ~ Browser not found (Opera Software) ---\ Statistics ~ Items scanned : 91102 ~ Items found : 7 ~ Items cancelled : 0 ~ Items options : 12/12 ~ Space saving (bytes) : 470 ~ End of search in 00h03mn13s ---\ Reports (6) ZHPCleaner-[R]-11122018-17_22_57.txt ZHPCleaner--11122018-16_10_40.txt ZHPCleaner--11122018-16_11_02.txt ZHPCleaner--11122018-16_13_27.txt ZHPCleaner--11122018-17_19_22.txt ZHPCleaner--11122018-20_29_03.txt Log HijackThis: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:14:01, on 11/12/2018 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\InstallShield\setup.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Program Files (x86)\IObit\Driver Booster\6.0.2\Pub\PubMonitor.exe C:\HijackThis.exe C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\FileCoAuth.exe C:\Program Files (x86)\Nox\bin\nox_adb.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=COSP&ptag=D120818-N0690A3904163984&form=CONMHP&conlogo=CT3335855 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe, O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [WallpaperEngine] "C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" -silent O4 - HKCU\..\Run: [Discord] C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net.exe" --autostarted O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12112018144051520\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O4 - Startup: IQTray.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.webcompanion.com O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Unknown owner - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (file missing) O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: MDdhZ - Unknown owner - rundll32.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing) -- End of file - 10787 bytes
  6. Adrianow

    Análise de Logs

    Não tenho certeza se é esse log: ZHPCleaner, Quarantine Delete DELETED File: C:\Users\Zer0_\AppData\Roaming\ZHP\ZHPQ_Files.txt DELETED File: C:\Users\Zer0_\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt DELETED File: C:\Users\Zer0_\AppData\Roaming\ZHP\ZHPQ_Task.txt DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\aria-debug-9356.log DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb187F.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb1AD1.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb2FC.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb3E65.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb4067.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb435.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb6397.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb72BB.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb77A4.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb8A62.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evbB232.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evbD228.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evbE81D.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evbFEC4.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\LocalStorage.txt DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI1034.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI10D5.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI1180.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI13F6.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI14B8.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI1A72.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI1D16.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI1E67.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI1E81.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI1F36.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI20D0.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI2244.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI2813.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI32A5.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI4080.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI42B6.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI52B7.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI55D8.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI5C20.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI630F.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI6361.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI65D6.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI6BC1.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI7104.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI7307.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI7C48.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI7CAA.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI7D00.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI7E3C.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI7EB2.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI7F2A.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI7FB8.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI81CF.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI852F.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI8C44.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI8F84.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI93B2.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI9525.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI956.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI9E85.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIA14D.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIA1A6.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIA2DB.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIA2E8.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIA688.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIBBED.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIBCB4.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIBDFC.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIBF4C.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIC1E.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIC822.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIC87.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIC8A4.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSICB2.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSICE21.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSICEB6.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSICFFA.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSID35B.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSID6D4.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSID764.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSID86E.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSID88F.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSID920.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSID92D.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSID967.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIDA77.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIDB68.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIDC79.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIDCCA.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIDDE0.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE08D.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE103.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE16.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE37A.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE3CD.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE446.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE6F.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE7.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE910.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE972.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE9FD.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIEAC8.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIEB69.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIECAE.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIEDDB.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIF309.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIF319.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIF3AC.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIF838.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIF91.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIFA3.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIFABC.tmp DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\SETUP_WINTHRUSTER_2018.TMP-4602F1DE.pf DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\SETUP_WINTHRUSTER_2018.TMP-FFBE1EDC.pf DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\wix{14D7E71E-ADA6-47B5-9164-36DCA8B4CEB7}.SchedServiceConfig.rmi DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\wix{9CBA860F-7437-4A75-941C-8EF559F2D145}.SchedServiceConfig.rmi DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\wix{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}.SchedServiceConfig.rmi DELETED Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\ End of report, Quarantine Deleted Novo log: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:14:01, on 11/12/2018 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\InstallShield\setup.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Program Files (x86)\IObit\Driver Booster\6.0.2\Pub\PubMonitor.exe C:\HijackThis.exe C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\FileCoAuth.exe C:\Program Files (x86)\Nox\bin\nox_adb.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=COSP&ptag=D120818-N0690A3904163984&form=CONMHP&conlogo=CT3335855 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe, O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [WallpaperEngine] "C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" -silent O4 - HKCU\..\Run: [Discord] C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net.exe" --autostarted O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12112018144051520\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O4 - Startup: IQTray.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.webcompanion.com O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Unknown owner - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (file missing) O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: MDdhZ - Unknown owner - rundll32.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing) -- End of file - 10787 bytes
  7. Adrianow

    Análise de Logs

    Não foi encontrado nada no escaner, e não ouve necessidade de reparar. Novo log HijackThis Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 16:14:01, on 11/12/2018 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\InstallShield\setup.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Program Files (x86)\IObit\Driver Booster\6.0.2\Pub\PubMonitor.exe C:\HijackThis.exe C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\FileCoAuth.exe C:\Program Files (x86)\Nox\bin\nox_adb.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=COSP&ptag=D120818-N0690A3904163984&form=CONMHP&conlogo=CT3335855 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe, O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [WallpaperEngine] "C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" -silent O4 - HKCU\..\Run: [Discord] C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net.exe" --autostarted O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12112018144051520\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O4 - Startup: IQTray.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.webcompanion.com O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Unknown owner - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (file missing) O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: MDdhZ - Unknown owner - rundll32.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing) -- End of file - 10787 bytes
  8. Adrianow

    Análise de Logs

    Olá, a uns dias atras baixei um arquivo portable e logo de cara meu Av detecto arquivo malicioso e neutralizou, porém depois que reiniciei reparei que não consigo mais abrir o explorer do Windows, ele fica carregando infinitamente e quando termina de carregar os arquivos estão com ícones brancos. ele também não me permiti iniciar alguns programas de segurança como malwarebyte. LOG: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 15:52:53, on 11/12/2018 Platform: Unknown Windows (WinNT 6.02.1008) MSIE: Internet Explorer v11.0 (11.00.17134.0001) Boot mode: Normal Running processes: C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\svchost.exe C:\Windows\SysWOW64\InstallShield\setup.exe C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe C:\Program Files (x86)\IObit\Driver Booster\6.0.2\Pub\PubMonitor.exe C:\HijackThis.exe C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\FileCoAuth.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=COSP&ptag=D120818-N0690A3904163984&form=CONMHP&conlogo=CT3335855 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe, O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe O4 - HKCU\..\Run: [OneDrive] "C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKCU\..\Run: [WallpaperEngine] "C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" -silent O4 - HKCU\..\Run: [Discord] C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart O4 - HKCU\..\Run: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net.exe" --autostarted O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12112018144051520\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?') O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE') O4 - Startup: IQTray.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000 O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://*.webcompanion.com O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing) O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: MBAMScheduler - Unknown owner - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (file missing) O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: MDdhZ - Unknown owner - rundll32.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing) O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing) O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing) O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing) -- End of file - 10743 bytes
×