Conteúdo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Fundo: Default Ardósia Uva Barbie Morango Pôr do sol Banana Folha Chocolate Madeira
Desenho: Liso Onda Linha Retalho Madeira Rocha Couro Colméia Vertical Triângulo
Bem-vindo ao Fórum do BABOO!

Desde 2000 o Fórum do BABOO tem ajudado milhões de internautas de Windows a resolverem seus problemas e dúvidas, além de ajudar na remoção de vírus e malwares de seus computadores. Somos o único fórum brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows, então se você tem uma dúvida ou problema que nenhum outro fórum resolve, poste-a aqui pois o MVP Babooadora desafios!
  

O Fórum do BABOO também conta com a participação exclusiva do administrador da área de Segurança MVP Mr.Million que tem reconhecimento internacional da Microsoft pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Se o seu computador está infectado por algum vírus, ele te ajudará a removê-lo!
  

Nosso time de especialistas também inclui Patropi  Osvaldomp  Caze  Ciro-Mota  XERLOUCO ROUMS  Tatha que responderão suas dúvidas sobre diversos assuntos.
 

Participe da nossa comunidade! 

 

Entre para seguir isso  
Seguidores 0
FRAN SANTOS

Analise de logs

19 posts neste tópico

Olá, bom dia!

Segue meu Log para análise.

Tive o acesso a conta bancária bloqueado.  Me informaram que pode ser vírus.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:10:34, on 11/08/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\hale.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\User\Downloads\HijackThis.exe
C:\Windows\system32\find.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Energy Manager] C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [Diebold - Warsaw] "C:\Program Files\Diebold\Warsaw\core.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.caixa.gov.br
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 7174 bytes

Grato,
 

AdwCleaner[S0].txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia!

Download Malwarebytes Anti-Malware (MBAM) e salve ou imprima estas instruções:

Execute o mbam-setup.exe para instalar o programa.

Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO (se houver).

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas. Clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Em Configurações, clique em Proteção, caso esteja desabilitado, marque Procura por Rootkits. Em Proteção contra ameaça em potencial, selecione Tratar PUPs e PUMs como Malware (recomendado).

Clique em Análise, em seguida Análise de Ameaça, por fim, clique em Iniciar Análise.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, se houver itens encontrados, clique no botão Exportar Resumo -> Arquivo texto (*.txt) e salve-o na sua Área de Trabalho (Desktop), se o Log da desinfecção não for salvo você  vai encontra-lo ali.

Clique em Aplicar Ações ou se não houver, clique em Enviar para a quarentena.

Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC.

O Log é automaticamente salvo pelo MBAM e será possível vê-lo clicando na aba Relatórios -> Relatórios de análise na Janela Principal do Programa após a desinfecção ter sido realizada.

NÃO USE O FORMATO ARQUIVO .XML PARA SALVAR O LOG.

Selecione, copie e cole todo o conteúdo do Log da desinfecção salvo pelo MBAM, na sua próxima resposta  e um novo Log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:20:17, on 12/08/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\System32\hale.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\cmd.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\User\Downloads\HijackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\cmd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Energy Manager] C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [Diebold - Warsaw] "C:\Program Files\Diebold\Warsaw\core.exe"
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe -update pepperplugin
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.caixa.gov.br
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 7319 bytes
 

relatorio.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa, desculpe-me!    Abaixo os dois:

Malwarebytes

www.malwarebytes.com

-Detalhes de registro-
Data da análise: 12/08/17
Hora da análise: 09:50
Arquivo de registro: relatorio.txt
Administrador: Sim

-Informação do software-
Versão: 3.1.2.1733
Versão de componentes: 1.0.160
Versão do pacote de definições: 1.0.2567
Licença: Versão de avaliação

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x86
Sistema de arquivos: NTFS
Usuário: User-PC\User

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Resultado: Concluído
Objetos verificados: 235975
Ameaças detectadas: 62
Ameaças em quarentena: 0
(Nenhum item malicioso detectado)
Tempo decorrido: 8 min, 44 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 20
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings\partner, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings\common, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\_metadata, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\revert, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BAFKGJNGHBJBGDMJEEBOIFEGNKOEMDDG, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings\partner, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings\common, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\content_script, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\_metadata, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\newtab, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\revert, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JPIOIJKAJEEALMBPLNMLABGFMIDJJMAO, Nenhuma ação do usuário, [503], [302503],1.0.2567

Arquivo: 42
PUP.Optional.Reimage, C:\USERS\USER\DOWNLOADS\REIMAGEREPAIR.EXE, Nenhuma ação do usuário, [1040], [331559],1.0.2567
PUP.Optional.MySearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BAFKGJNGHBJBGDMJEEBOIFEGNKOEMDDG\28.11_0\MANIFEST.JSON, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\browseraction.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\config.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\feed.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\utils.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\winner.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_128x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_16x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_19x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_24x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_32x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_48x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\newtablogo.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\toolbar-icon-ask.ico, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\toolbar-icons.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\revert\index.css, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\revert\index.html, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\revert\index.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings\common\redirect.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings\partner\Reporting.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\_metadata\computed_hashes.json, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\_metadata\verified_contents.json, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JPIOIJKAJEEALMBPLNMLABGFMIDJJMAO\28.2_0\MANIFEST.JSON, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\browseraction.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\config.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\feed.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\utils.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\winner.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\content_script\overlayer.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo\logo_128x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo\logo_16x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo\logo_19x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo\logo_48x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\newtab\newtab.html, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\revert\index.css, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\revert\index.html, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\revert\index.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings\common\redirect.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings\partner\Reporting.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\_metadata\computed_hashes.json, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\_metadata\verified_contents.json, Nenhuma ação do usuário, [503], [302503],1.0.2567

Setor físico: 0
(Nenhum item malicioso detectado)


(end)

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:20:17, on 12/08/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\System32\hale.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\cmd.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\User\Downloads\HijackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\cmd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Energy Manager] C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [Diebold - Warsaw] "C:\Program Files\Diebold\Warsaw\core.exe"
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe -update pepperplugin
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.caixa.gov.br
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 7319 bytes
 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

1. Desabilite o seu Antivírus e AntiSpyware para não haver conflitos e Mantenha-os desativados até terminar as instruções.

2. Faça download do AdwCleaner e salve-o na sua Área de Trabalho (desktop)

3. Execute o adwcleaner.exe

Usuários do Windows 7, 8, 8.1 ou 10: clique com o botão direito do mouse no ícone do adwcleaner.exe e selecione  executar-como-administrador.png

adwcleaner.png

4. Clique no botão Verificar e depois em Limpar

5. Salve o Log criado

6. Faça download do JRT (Junkware Removal Tool) e salve-o na sua Área de Trabalho

7. Dê um duplo-clique no arquivo JRT para executá-lo

Usuários do Windows 7, 8, 8.1, ou 10: clique com o botão direito do mouse no ícone do JRT.exe e selecione  executar-como-administrador.png

8. O JRT começará o exame do seu Sistema. Tenha paciência pois pode demorar alguns minutos dependendo da quantidades de itens examinados

9. No final um novo arquivo JRT.txt aparecerá na sua Área de Trabalho e uma janela se abrirá com o conteúdo deste arquivo (log do JRT)

10. Selecione todo o conteúdo desse log (tecle CTRL+A), copie-o (CTRL+C) e cole-o (CTRL+V) na sua próxima resposta juntamente com o Log do AdwCleaner (item 5 acima) e o novo log do HijackThis


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa, desculpe-me!    Abaixo os dois:

Malwarebytes

www.malwarebytes.com

-Detalhes de registro-
Data da análise: 12/08/17
Hora da análise: 09:50
Arquivo de registro: relatorio.txt
Administrador: Sim

-Informação do software-
Versão: 3.1.2.1733
Versão de componentes: 1.0.160
Versão do pacote de definições: 1.0.2567
Licença: Versão de avaliação

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x86
Sistema de arquivos: NTFS
Usuário: User-PC\User

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Resultado: Concluído
Objetos verificados: 235975
Ameaças detectadas: 62
Ameaças em quarentena: 0
(Nenhum item malicioso detectado)
Tempo decorrido: 8 min, 44 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 20
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings\partner, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings\common, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\_metadata, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\revert, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BAFKGJNGHBJBGDMJEEBOIFEGNKOEMDDG, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings\partner, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings\common, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\content_script, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\_metadata, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\newtab, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\revert, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JPIOIJKAJEEALMBPLNMLABGFMIDJJMAO, Nenhuma ação do usuário, [503], [302503],1.0.2567

Arquivo: 42
PUP.Optional.Reimage, C:\USERS\USER\DOWNLOADS\REIMAGEREPAIR.EXE, Nenhuma ação do usuário, [1040], [331559],1.0.2567
PUP.Optional.MySearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BAFKGJNGHBJBGDMJEEBOIFEGNKOEMDDG\28.11_0\MANIFEST.JSON, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\browseraction.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\config.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\feed.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\utils.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\winner.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_128x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_16x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_19x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_24x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_32x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_48x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\newtablogo.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\toolbar-icon-ask.ico, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\toolbar-icons.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\revert\index.css, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\revert\index.html, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\revert\index.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings\common\redirect.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings\partner\Reporting.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\_metadata\computed_hashes.json, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\_metadata\verified_contents.json, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JPIOIJKAJEEALMBPLNMLABGFMIDJJMAO\28.2_0\MANIFEST.JSON, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\browseraction.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\config.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\feed.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\utils.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\winner.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\content_script\overlayer.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo\logo_128x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo\logo_16x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo\logo_19x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo\logo_48x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\newtab\newtab.html, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\revert\index.css, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\revert\index.html, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\revert\index.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings\common\redirect.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings\partner\Reporting.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\_metadata\computed_hashes.json, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\_metadata\verified_contents.json, Nenhuma ação do usuário, [503], [302503],1.0.2567

Setor físico: 0
(Nenhum item malicioso detectado)


(end)

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:20:17, on 12/08/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\System32\hale.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\cmd.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\User\Downloads\HijackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\cmd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Energy Manager] C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [Diebold - Warsaw] "C:\Program Files\Diebold\Warsaw\core.exe"
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe -update pepperplugin
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.caixa.gov.br
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 7319 bytes
 

 

 

Boa tarde!

# AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 13 14:19:57 2017
# Updated on 2017/05/08 by Malwarebytes 
# Database: 07-31-2017.1
# Running on Windows 7 Ultimate (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\ProgramData\AVG Security Toolbar
PUP.Optional.Legacy, C:\ProgramData\Application Data\AVG Security Toolbar
PUP.Optional.Legacy, C:\Users\All Users\AVG Security Toolbar
PUP.Optional.Legacy, C:\Users\Todos os Usuários\AVG Security Toolbar
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil
PUP.Optional.Legacy, C:\Users\User\AppData\Local\YSearchUtil


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1516 B] - [2017/8/11 1:7:56]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x86 
Ran by User (Administrator) on 13/08/2017 at 15:37:09,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 0 


Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/08/2017 at 16:17:41,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:43:26, on 13/08/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\User\Downloads\JRT.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Users\User\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Energy Manager] C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [Diebold - Warsaw] "C:\Program Files\Diebold\Warsaw\core.exe"
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.caixa.gov.br
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 7206 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

5 minutos atrás, FRAN SANTOS disse:

# AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 13 14:19:57 2017
# Updated on 2017/05/08 by Malwarebytes 
# Database: 07-31-2017.1
# Running on Windows 7 Ultimate (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support

O Modo solicitado é CLEAN (LIMPAR)

Por favor refaça e poste o novo resultado.........................


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Mr Million, bom dia!

Estou enviando os Logs AdwCleaner e Hijack.  

O JRT  está emperrado no Shortcuts há horas (ontem o dia td e hj desde

bem cedo)  e não conclui.  Tem  alguma outra maneira para fazê-lo? 

 

# AdwCleaner 7.0.0.0 - Logfile created on Sun Aug 13 21:30:46 2017
# Updated on 2017/17/07 by Malwarebytes 
# Running on Windows 7 Ultimate (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1650 B] - [2017/8/13 20:42:26]
C:/AdwCleaner/AdwCleaner[S0].txt - [1516 B] - [2017/8/11 1:7:56]
C:/AdwCleaner/AdwCleaner[S1].txt - [1404 B] - [2017/8/13 14:19:57]
C:/AdwCleaner/AdwCleaner[S2].txt - [1658 B] - [2017/8/13 20:39:33]
C:/AdwCleaner/AdwCleaner[S3].txt - [1218 B] - [2017/8/13 21:29:17]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:49:52, on 13/08/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\ctfmon.exe
C:\Users\User\Downloads\JRT.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\DllHost.exe
C:\Users\User\AppData\Local\Temp\jrt\SHORTCUT.DAT
C:\Windows\system32\findstr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User\Downloads\HijackThis.exe
C:\Windows\system32\sfc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Energy Manager] C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [Diebold - Warsaw] "C:\Program Files\Diebold\Warsaw\core.exe"
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.caixa.gov.br
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 7014 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

20 horas atrás, FRAN SANTOS disse:

Scan was completed on 13/08/2017 at 16:17:41,86
End of JRT log

Olá, boa tarde!

O JRT já foi executado e não encontrou nada, vide o Log acima...

Aborte essa nova execução.

1. Desabilite o seu Antivírus e AntiSpyware para não haver conflitos e Mantenha-os desativados até terminar as instruções.

2. Faça download do Zoek e execute-o.

3. Copie as linhas abaixo (selecione-as e tecle CTRL+C) e cole (CTRL+V) no espaço do Zoek:

createsrpoint;
autoclean;
resetieproxy;
resethosts;
iedefaults;
chrdefaults;
emptyCHRcache;
ffdefaults;
firefoxlook;
emptyalltemp;
shortcutfix;

4. Feche todos os navegadores e clique em Run Script:

zoek-run.png

Durante o Scan a mensagem abaixo será apresentada. Seja paciente e aguarde o término da execução do script pois a análise pode demorar alguns minutos..

zoek-executando.PNG

5. Caso seja solicitada a reinicialização do computador, faça isso clicando em OK

6.  O Zoek abrirá uma janela com o resultado da análise. Poste o conteúdo dessa janela e também um novo Log do HijackThis.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Nada feito com o Zoek.  Coloco pra executar como administrador, o Windows pergunta se quero permitir que o programa faça alterações no computador e eu clico em 'sim', mas ainda assim o Zoek não abre. A rodinha azul (antiga ampulheta) do cursor roda por segundos e para, sem abrir o Zoek.

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:53:45, on 14/08/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\hale.exe
C:\Windows\system32\cmd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\User\AppData\Local\Temp\2B34.tmp\bump.exe
C:\Windows\system32\find.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Users\User\Downloads\zoek.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\cmd.exe
C:\Users\User\AppData\Local\Temp\sed.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\User\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Energy Manager] C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [Diebold - Warsaw] "C:\Program Files\Diebold\Warsaw\core.exe"
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.caixa.gov.br
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 7751 bytes


Compartilhar este post


Link para o post
Compartilhar em outros sites

Entre para seguir isso  
Seguidores 0

  • Vídeos do BABOO no YouTube

  • Posts

    • Solicito mais uma analise do PC via HijackThis. Rodei e limpei via ccleaner previamente.  Dessa vez ocorreu que a maquina parou de ter conexao, tentei ate dar ping e falhava.  Dai o antivírus McAfee deu um aviso que houve 43mil tentativas de conexao na maquina, e o antivírus barrou a internet. Tive que iniciar o Windows em modo de segurança p entao desinstalar o antivírus McAfee. Rodei o Malwarebytes tb... nao consigo entender o motivo disso obs.: a maquina é do meu pai....  Segue::  Logfile of Trend Micro HijackThis v2.0.4
      Scan saved at 01:59:53, on 18/08/2017
      Platform: Unknown Windows (WinNT 6.02.1008)
      MSIE: Internet Explorer v11.0 (11.00.15063.0000)
      Boot mode: Normal Running processes:
      C:\PROGRA~2\GbPlugin\GbpSv.exe
      C:\Program Files (x86)\Dell Update\DellUpTray.exe
      C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
      C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
      C:\Users\Celso\AppData\Local\Microsoft\OneDrive\OneDrive.exe
      C:\Program Files (x86)\AVG\antivírus\AVGUI.exe
      C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
      C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
      C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
      C:\Program Files (x86)\Google\Drive\googledrivesync.exe
      C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
      C:\Users\Celso\Downloads\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://dell17win10.msn.com/?PC=DCTE
      R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
      R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
      O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
      O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_141\bin\ssv.dll
      O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - (no file)
      O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
      O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
      O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
      O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_141\bin\jp2ssv.dll
      O4 - HKLM\..\Run: [Dropbox] "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
      O4 - HKLM\..\Run: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
      O4 - HKCU\..\Run: [OneDrive] "C:\Users\Celso\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
      O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
      O4 - HKCU\..\Run: [EPLTarget\P0000000000000001] C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIRCE.EXE /EPT "EPLTarget\P0000000000000001" /M "XP-240 Series"
      O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
      O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
      O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
      O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
      O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
      O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
      O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
      O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
      O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
      O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
      O15 - Trusted Zone: www.bancobrasil.com.br
      O15 - Trusted Zone: www14.bancobrasil.com.br
      O15 - Trusted Zone: www2.bancobrasil.com.br
      O15 - Trusted Zone: aapj.bb.com.br
      O15 - Trusted Zone: seg.bb.com.br
      O15 - Trusted Zone: www.bb.com.br
      O15 - Trusted Zone: http://www.bb.com.br
      O15 - Trusted Zone: http://www.caixa.gov.br
      O15 - Trusted Zone: cloud.gastecnologia.com.br
      O15 - Trusted Zone: www.google.com.br
      O15 - Trusted Zone: www.itau.b.br
      O15 - Trusted Zone: *.itau.b.br
      O15 - Trusted Zone: bankline.itau.com.br
      O15 - Trusted Zone: banklineplus.itau.com.br
      O15 - Trusted Zone: clickbanking.itau.com.br
      O15 - Trusted Zone: guardiao.itau.com.br
      O15 - Trusted Zone: internet.itau.com.br
      O15 - Trusted Zone: www.itau.com.br
      O15 - Trusted Zone: http://www.itau.com.br
      O15 - Trusted Zone: *.itau.com.br
      O15 - Trusted Zone: www.itaupersonnalite.com.br
      O15 - Trusted Zone: http://www.itaupersonnalite.com.br
      O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
      O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
      O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
      O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
      O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
      O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
      O20 - Winlogon Notify:  GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
      O20 - Winlogon Notify:  GbPluginuni - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
      O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
      O23 - Service: AtherosSvc - Windows (R) Win 7 DDK provider - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
      O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
      O23 - Service: AVG antivírus - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\antivírus\AVGSvc.exe
      O23 - Service: avgbIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\antivírus\x64\aswidsagenta.exe
      O23 - Service: AVG Service (avgsvc) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
      O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
      O23 - Service: Serviço Atualização do Dropbox (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      O23 - Service: Serviço Atualização do Dropbox (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
      O23 - Service: DbxSvc - Unknown owner - C:\Windows\system32\DbxSvc.exe (file missing)
      O23 - Service: Dell Data Vault Service API (DDVCollectorSvcApi) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DDVCollectorSvcApi.exe
      O23 - Service: Dell Data Vault Collector (DDVDataCollector) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DDVDataCollector.exe
      O23 - Service: Dell Data Vault Processor (DDVRulesProcessor) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DDVRulesProcessor.exe
      O23 - Service: Dell Customer Connect - Dell Inc. - C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
      O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
      O23 - Service: Dell Help & Support - Dell Inc. - C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
      O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
      O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
      O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
      O23 - Service: EpsonCustomerResearchParticipation - SEIKO EPSON CORPORATION - C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
      O23 - Service: Epson Scanner Service (EpsonScanSvc) - Unknown owner - C:\Windows\system32\EscSvc64.exe (file missing)
      O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
      O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
      O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
      O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
      O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
      O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
      O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
      O23 - Service: Intel(R) Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isaHelperService.exe
      O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
      O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
      O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
      O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
      O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: Product Registration - Dell - C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
      O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - CyberLink - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
      O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
      O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
      O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
      O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
      O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
      O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
      O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
      O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
      O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
      O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
      O23 - Service: Waves Audio Services (WavesSysSvc) - Waves Audio Ltd. - C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
      O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
      O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
      O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
      O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --
      End of file - 15571 bytes
       
    • Estou gravando vídeos em streaming com a captura de tela do Camtasia, mas tenho de ficar em frente ao PC esperando acabar o vídeo para dar stop. Tem como configurar a gravação por um tempo pré-definido, assim colocaria o tempo de gravação igual ao tempo do vídeo.
    • Continua lento e o desktop tá estranho 
    • Login banco de dados pelo Windows Authentication → Server Secuity →Logins→ Clique no nome de usuário que deseja acessar → Alter Login → Server Roles→ Choose public and sysadmin. Se estes passos são inúteis você pode tentar https://sql.recoverytoolbox.com/pt/

      Saudações
      Espero que isto ajude.
    • Alguém sabe se é possível fazer a troca de ícones de apps Windows 10? Estou personalizando os atalhos na minha barra de tarefas mas justo o Microsoft Edge n é possível alterar pois n aparece a opção propriedades em cima do atalho, criando um novo atalho também não executa o programa, alguém sabe uma solução?  
    • Boa Tarde, isto quer dizer que não é possível pelo pendrive, dei uma lida no link que você mandou, pelo que entendi, não é possível.  
    • pessoal, o que quero saber eh o seguinte. num intervalo , digamos, a1:a30, eh percorrido as celulas e testa se esta vazio. se tiver valor, executa uma intruçao. se nao, para o programa. pesquisei alguns exemplos, mas achei mt confusos pro que eu quero, que eh percorrer um intervalo numa coluna apenas. ha alguma forma facil de  fazer isso?
    • Na conta que está com problemas, abra uma janela PowerShell Admin, cole este comando abaixo e execute: Get-AppXPackage | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register "$($_.InstallLocation)\AppXManifest.xml"} Reinicie e veja se o problema persiste.
    • Boa tarde. Se o Inglês não for problema, veja: https://msdn.microsoft.com/pt-br/library/windows/desktop/cc144200(v=vs.85).aspx Entenda que por ser um recurso que gera problemas de segurança ao Windows, ele poderá não estar ativo e funcional em todos os PCs.
    • Boa tarde. Provavelmente o slide não é formatado com caixas de texto de "Título e conteúdo", por isso os tópicos acabam aparecendo em branco.
O site BABOO está no ar para informar e ajudar o internauta de Windows. Este site foi publicado em 1999 por Aurélio "Baboo", engenheiro e um dos maiores especialistas brasileiros em Windows, que trabalha profissionalmente com esse sistema operacional desde 1987. Desde 2004 ele é premiado anualmente pela Microsoft como MVP (Most Valuable Professional) pela sua contribuição e ajuda à comunidade de usuários de Windows.

Em 2001 foi criado o
Fórum do BABOO para ajudar o internauta brasileiro a solucionar problemas e dúvidas sobre Windows, Segurança, Office, Hardware e outros temas. Desde 2010 a Microsoft também tem premiado o Mr.Million, administrador da área de Segurança do Fórum do BABOO, pelo seu incansável trabalho ajudando os internautas a remover vírus e malwares dos seus computadores. Atualmente ele é o único MVP brasileiro de Segurança em desktop.

O BABOO é o único site brasileiro coordenado por um especialista com reconhecimento internacional pela sua competência em Windows e que participa diariamente e ativamente nos comentários e discussões do site e fórum BABOO.