Ir para conteúdo
Entre para seguir isso  
FRAN SANTOS

Analise de logs

Mensagem Recomendada

Olá, bom dia!

Segue meu Log para análise.

Tive o acesso a conta bancária bloqueado.  Me informaram que pode ser vírus.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:10:34, on 11/08/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\hale.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\User\Downloads\HijackThis.exe
C:\Windows\system32\find.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Energy Manager] C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [Diebold - Warsaw] "C:\Program Files\Diebold\Warsaw\core.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.caixa.gov.br
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 7174 bytes

Grato,
 

AdwCleaner[S0].txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia!

Download Malwarebytes Anti-Malware (MBAM) e salve ou imprima estas instruções:

Execute o mbam-setup.exe para instalar o programa.

Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO (se houver).

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas. Clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Em Configurações, clique em Proteção, caso esteja desabilitado, marque Procura por Rootkits. Em Proteção contra ameaça em potencial, selecione Tratar PUPs e PUMs como Malware (recomendado).

Clique em Análise, em seguida Análise de Ameaça, por fim, clique em Iniciar Análise.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, se houver itens encontrados, clique no botão Exportar Resumo -> Arquivo texto (*.txt) e salve-o na sua Área de Trabalho (Desktop), se o Log da desinfecção não for salvo você  vai encontra-lo ali.

Clique em Aplicar Ações ou se não houver, clique em Enviar para a quarentena.

Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC.

O Log é automaticamente salvo pelo MBAM e será possível vê-lo clicando na aba Relatórios -> Relatórios de análise na Janela Principal do Programa após a desinfecção ter sido realizada.

NÃO USE O FORMATO ARQUIVO .XML PARA SALVAR O LOG.

Selecione, copie e cole todo o conteúdo do Log da desinfecção salvo pelo MBAM, na sua próxima resposta  e um novo Log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:20:17, on 12/08/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\System32\hale.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\cmd.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\User\Downloads\HijackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\cmd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Energy Manager] C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [Diebold - Warsaw] "C:\Program Files\Diebold\Warsaw\core.exe"
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe -update pepperplugin
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.caixa.gov.br
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 7319 bytes
 

relatorio.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites
Em 11/08/2017 at 11:07 AM, Mr.Million disse:

Selecione, copie e cole todo o conteúdo do Log da desinfecção salvo pelo MBAM, na sua próxima resposta  e um novo Log do HijackThis.

Não é para anexar e sim copiar e colar o Log do Malwarebytes..


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa, desculpe-me!    Abaixo os dois:

Malwarebytes

www.malwarebytes.com

-Detalhes de registro-
Data da análise: 12/08/17
Hora da análise: 09:50
Arquivo de registro: relatorio.txt
Administrador: Sim

-Informação do software-
Versão: 3.1.2.1733
Versão de componentes: 1.0.160
Versão do pacote de definições: 1.0.2567
Licença: Versão de avaliação

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x86
Sistema de arquivos: NTFS
Usuário: User-PC\User

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Resultado: Concluído
Objetos verificados: 235975
Ameaças detectadas: 62
Ameaças em quarentena: 0
(Nenhum item malicioso detectado)
Tempo decorrido: 8 min, 44 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 20
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings\partner, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings\common, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\_metadata, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\revert, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BAFKGJNGHBJBGDMJEEBOIFEGNKOEMDDG, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings\partner, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings\common, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\content_script, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\_metadata, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\newtab, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\revert, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JPIOIJKAJEEALMBPLNMLABGFMIDJJMAO, Nenhuma ação do usuário, [503], [302503],1.0.2567

Arquivo: 42
PUP.Optional.Reimage, C:\USERS\USER\DOWNLOADS\REIMAGEREPAIR.EXE, Nenhuma ação do usuário, [1040], [331559],1.0.2567
PUP.Optional.MySearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BAFKGJNGHBJBGDMJEEBOIFEGNKOEMDDG\28.11_0\MANIFEST.JSON, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\browseraction.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\config.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\feed.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\utils.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\winner.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_128x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_16x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_19x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_24x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_32x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_48x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\newtablogo.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\toolbar-icon-ask.ico, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\toolbar-icons.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\revert\index.css, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\revert\index.html, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\revert\index.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings\common\redirect.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings\partner\Reporting.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\_metadata\computed_hashes.json, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\_metadata\verified_contents.json, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JPIOIJKAJEEALMBPLNMLABGFMIDJJMAO\28.2_0\MANIFEST.JSON, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\browseraction.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\config.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\feed.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\utils.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\winner.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\content_script\overlayer.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo\logo_128x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo\logo_16x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo\logo_19x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo\logo_48x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\newtab\newtab.html, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\revert\index.css, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\revert\index.html, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\revert\index.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings\common\redirect.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings\partner\Reporting.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\_metadata\computed_hashes.json, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\_metadata\verified_contents.json, Nenhuma ação do usuário, [503], [302503],1.0.2567

Setor físico: 0
(Nenhum item malicioso detectado)


(end)

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:20:17, on 12/08/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\System32\hale.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\cmd.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\User\Downloads\HijackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\cmd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Energy Manager] C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [Diebold - Warsaw] "C:\Program Files\Diebold\Warsaw\core.exe"
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe -update pepperplugin
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.caixa.gov.br
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 7319 bytes
 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

1. Desabilite o seu Antivírus e AntiSpyware para não haver conflitos e Mantenha-os desativados até terminar as instruções.

2. Faça download do AdwCleaner e salve-o na sua Área de Trabalho (desktop)

3. Execute o adwcleaner.exe

Usuários do Windows 7, 8, 8.1 ou 10: clique com o botão direito do mouse no ícone do adwcleaner.exe e selecione  executar-como-administrador.png

adwcleaner.png

4. Clique no botão Verificar e depois em Limpar

5. Salve o Log criado

6. Faça download do JRT (Junkware Removal Tool) e salve-o na sua Área de Trabalho

7. Dê um duplo-clique no arquivo JRT para executá-lo

Usuários do Windows 7, 8, 8.1, ou 10: clique com o botão direito do mouse no ícone do JRT.exe e selecione  executar-como-administrador.png

8. O JRT começará o exame do seu Sistema. Tenha paciência pois pode demorar alguns minutos dependendo da quantidades de itens examinados

9. No final um novo arquivo JRT.txt aparecerá na sua Área de Trabalho e uma janela se abrirá com o conteúdo deste arquivo (log do JRT)

10. Selecione todo o conteúdo desse log (tecle CTRL+A), copie-o (CTRL+C) e cole-o (CTRL+V) na sua próxima resposta juntamente com o Log do AdwCleaner (item 5 acima) e o novo log do HijackThis


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Opa, desculpe-me!    Abaixo os dois:

Malwarebytes

www.malwarebytes.com

-Detalhes de registro-
Data da análise: 12/08/17
Hora da análise: 09:50
Arquivo de registro: relatorio.txt
Administrador: Sim

-Informação do software-
Versão: 3.1.2.1733
Versão de componentes: 1.0.160
Versão do pacote de definições: 1.0.2567
Licença: Versão de avaliação

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x86
Sistema de arquivos: NTFS
Usuário: User-PC\User

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Resultado: Concluído
Objetos verificados: 235975
Ameaças detectadas: 62
Ameaças em quarentena: 0
(Nenhum item malicioso detectado)
Tempo decorrido: 8 min, 44 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 20
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings\partner, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings\common, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\_metadata, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\revert, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BAFKGJNGHBJBGDMJEEBOIFEGNKOEMDDG, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings\partner, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings\common, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\content_script, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\_metadata, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\newtab, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\revert, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JPIOIJKAJEEALMBPLNMLABGFMIDJJMAO, Nenhuma ação do usuário, [503], [302503],1.0.2567

Arquivo: 42
PUP.Optional.Reimage, C:\USERS\USER\DOWNLOADS\REIMAGEREPAIR.EXE, Nenhuma ação do usuário, [1040], [331559],1.0.2567
PUP.Optional.MySearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BAFKGJNGHBJBGDMJEEBOIFEGNKOEMDDG\28.11_0\MANIFEST.JSON, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\browseraction.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\config.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\feed.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\utils.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\common\winner.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_128x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_16x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_19x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_24x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_32x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\logo_48x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\newtablogo.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\toolbar-icon-ask.ico, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\logo\toolbar-icons.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\revert\index.css, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\revert\index.html, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\revert\index.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings\common\redirect.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\settings\partner\Reporting.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\_metadata\computed_hashes.json, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bafkgjnghbjbgdmjeeboifegnkoemddg\28.11_0\_metadata\verified_contents.json, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\JPIOIJKAJEEALMBPLNMLABGFMIDJJMAO\28.2_0\MANIFEST.JSON, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\browseraction.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\config.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\feed.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\utils.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\common\winner.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\content_script\overlayer.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo\logo_128x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo\logo_16x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo\logo_19x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\logo\logo_48x.png, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\newtab\newtab.html, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\revert\index.css, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\revert\index.html, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\revert\index.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings\common\redirect.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\settings\partner\Reporting.js, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\_metadata\computed_hashes.json, Nenhuma ação do usuário, [503], [302503],1.0.2567
PUP.Optional.MySearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpioijkajeealmbplnmlabgfmidjjmao\28.2_0\_metadata\verified_contents.json, Nenhuma ação do usuário, [503], [302503],1.0.2567

Setor físico: 0
(Nenhum item malicioso detectado)


(end)

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:20:17, on 12/08/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\System32\hale.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\cmd.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Users\User\Downloads\HijackThis.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\cmd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Energy Manager] C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [Diebold - Warsaw] "C:\Program Files\Diebold\Warsaw\core.exe"
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil32_25_0_0_171_pepper.exe -update pepperplugin
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.caixa.gov.br
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 7319 bytes
 

 

 

Boa tarde!

# AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 13 14:19:57 2017
# Updated on 2017/05/08 by Malwarebytes 
# Database: 07-31-2017.1
# Running on Windows 7 Ultimate (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services found.

***** [ Folders ] *****

PUP.Optional.Legacy, C:\ProgramData\AVG Security Toolbar
PUP.Optional.Legacy, C:\ProgramData\Application Data\AVG Security Toolbar
PUP.Optional.Legacy, C:\Users\All Users\AVG Security Toolbar
PUP.Optional.Legacy, C:\Users\Todos os Usuários\AVG Security Toolbar
PUP.Optional.Legacy, C:\Windows\System32\config\systemprofile\AppData\Local\YSearchUtil
PUP.Optional.Legacy, C:\Users\User\AppData\Local\YSearchUtil


***** [ Files ] *****

No malicious files found.

***** [ DLL ] *****

No malicious DLLs found.

***** [ WMI ] *****

No malicious WMI found.

***** [ Shortcuts ] *****

No malicious shortcuts found.

***** [ Tasks ] *****

No malicious tasks found.

***** [ Registry ] *****

No malicious registry entries found.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries.

*************************

C:/AdwCleaner/AdwCleaner[S0].txt - [1516 B] - [2017/8/11 1:7:56]


########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.4 (07.09.2017)
Operating System: Windows 7 Ultimate x86 
Ran by User (Administrator) on 13/08/2017 at 15:37:09,64
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 0 


Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/08/2017 at 16:17:41,86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:43:26, on 13/08/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\User\Downloads\JRT.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\DllHost.exe
C:\Users\User\Downloads\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Energy Manager] C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [Diebold - Warsaw] "C:\Program Files\Diebold\Warsaw\core.exe"
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.caixa.gov.br
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 7206 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites
5 minutos atrás, FRAN SANTOS disse:

# AdwCleaner 7.0.1.0 - Logfile created on Sun Aug 13 14:19:57 2017
# Updated on 2017/05/08 by Malwarebytes 
# Database: 07-31-2017.1
# Running on Windows 7 Ultimate (X86)
# Mode: scan
# Support: https://www.malwarebytes.com/support

O Modo solicitado é CLEAN (LIMPAR)

Por favor refaça e poste o novo resultado.........................


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Mr Million, bom dia!

Estou enviando os Logs AdwCleaner e Hijack.  

O JRT  está emperrado no Shortcuts há horas (ontem o dia td e hj desde

bem cedo)  e não conclui.  Tem  alguma outra maneira para fazê-lo? 

 

# AdwCleaner 7.0.0.0 - Logfile created on Sun Aug 13 21:30:46 2017
# Updated on 2017/17/07 by Malwarebytes 
# Running on Windows 7 Ultimate (X86)
# Mode: clean
# Support: https://www.malwarebytes.com/support

***** [ Services ] *****

No malicious services deleted.

***** [ Folders ] *****

No malicious folders deleted.

***** [ Files ] *****

No malicious files deleted.

***** [ DLL ] *****

No malicious DLLs cleaned.

***** [ WMI ] *****

No malicious WMI cleaned.

***** [ Shortcuts ] *****

No malicious shortcuts cleaned.

***** [ Tasks ] *****

No malicious tasks deleted.

***** [ Registry ] *****

No malicious registry entries deleted.

***** [ Firefox (and derivatives) ] *****

No malicious Firefox entries deleted.

***** [ Chromium (and derivatives) ] *****

No malicious Chromium entries deleted.

*************************

::Tracing keys deleted
::Winsock settings cleared
::Additional Actions: 0

*************************

C:/AdwCleaner/AdwCleaner[C0].txt - [1650 B] - [2017/8/13 20:42:26]
C:/AdwCleaner/AdwCleaner[S0].txt - [1516 B] - [2017/8/11 1:7:56]
C:/AdwCleaner/AdwCleaner[S1].txt - [1404 B] - [2017/8/13 14:19:57]
C:/AdwCleaner/AdwCleaner[S2].txt - [1658 B] - [2017/8/13 20:39:33]
C:/AdwCleaner/AdwCleaner[S3].txt - [1218 B] - [2017/8/13 21:29:17]


########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt ##########

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:49:52, on 13/08/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\ctfmon.exe
C:\Users\User\Downloads\JRT.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\DllHost.exe
C:\Users\User\AppData\Local\Temp\jrt\SHORTCUT.DAT
C:\Windows\system32\findstr.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\User\Downloads\HijackThis.exe
C:\Windows\system32\sfc.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Energy Manager] C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [Diebold - Warsaw] "C:\Program Files\Diebold\Warsaw\core.exe"
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.caixa.gov.br
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 7014 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites
20 horas atrás, FRAN SANTOS disse:

Scan was completed on 13/08/2017 at 16:17:41,86
End of JRT log

Olá, boa tarde!

O JRT já foi executado e não encontrou nada, vide o Log acima...

Aborte essa nova execução.

1. Desabilite o seu Antivírus e AntiSpyware para não haver conflitos e Mantenha-os desativados até terminar as instruções.

2. Faça download do Zoek e execute-o.

3. Copie as linhas abaixo (selecione-as e tecle CTRL+C) e cole (CTRL+V) no espaço do Zoek:

createsrpoint;
autoclean;
resetieproxy;
resethosts;
iedefaults;
chrdefaults;
emptyCHRcache;
ffdefaults;
firefoxlook;
emptyalltemp;
shortcutfix;

4. Feche todos os navegadores e clique em Run Script:

zoek-run.png

Durante o Scan a mensagem abaixo será apresentada. Seja paciente e aguarde o término da execução do script pois a análise pode demorar alguns minutos..

zoek-executando.PNG

5. Caso seja solicitada a reinicialização do computador, faça isso clicando em OK

6.  O Zoek abrirá uma janela com o resultado da análise. Poste o conteúdo dessa janela e também um novo Log do HijackThis.


assinatura-mrmillion.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Nada feito com o Zoek.  Coloco pra executar como administrador, o Windows pergunta se quero permitir que o programa faça alterações no computador e eu clico em 'sim', mas ainda assim o Zoek não abre. A rodinha azul (antiga ampulheta) do cursor roda por segundos e para, sem abrir o Zoek.

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:53:45, on 14/08/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17840)
Boot mode: Normal

Running processes:
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\hale.exe
C:\Windows\system32\cmd.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Users\User\AppData\Local\Temp\2B34.tmp\bump.exe
C:\Windows\system32\find.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Users\User\Downloads\zoek.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\cmd.exe
C:\Users\User\AppData\Local\Temp\sed.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\User\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://br.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - (no file)
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Chew7Hale] "C:\Windows\System32\hale.exe" /nolog
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Energy Manager] C:\Program Files\Lenovo\Energy Manager\Energy Manager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [Diebold - Warsaw] "C:\Program Files\Diebold\Warsaw\core.exe"
O4 - HKLM\..\Run: [Malwarebytes TrayApp] C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - Global Startup: TP-LINK Wireless Configuration Utility.lnk = C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://www.caixa.gov.br
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: aswbIDSAgent - AVAST Software s.r.o. - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

--
End of file - 7751 bytes


Compartilhar este post


Link para o post
Compartilhar em outros sites
Entre para seguir isso  

×