Ir para conteúdo
  • Publicidade

Mensagem Recomendada

Já fiz todos os procedimentos solicitados no Tópico Oficial.

O meu problema: desde que fui infectada pelo vírus da tabela fipe, meus emails do outlook não funcionam.

Segue meu log para exame:  <

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:12:32, on 11/07/2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18616)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Iomega\Tools\imgicon.exe
C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\usuario\Links\mebinabuhabocobisebunobegubilibatibujo\mebinabuhabocobisebunobegubilibatibujo.exe
C:\Program Files\Diebold\Warsaw\core.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&PC=UE12&ocid=UE12DHP
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130881720268550838&GUID=7DFC4EE6-9DE6-4245-9E06-7DA9E5E67B07
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [unpkcs1132] C:\Program Files\Common Files\unpkcs11buf\BRZPKCS32.exe -install
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StatusAlerts] "C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\usuario\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: zobebibepubipebelubuhubocabocubudibumi.lnk = C:\Windows\System32\cmd.exe
O4 - Global Startup: FinishSetup.lnk = ?
O4 - Global Startup: Iomega Icons.lnk = ?
O4 - Global Startup: Iomega QuikSync.lnk = ?
O4 - Global Startup: Iomega Startup Options.lnk = ?
O4 - Global Startup: IomegaWare.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O15 - Trusted Zone: www.google.com.br
O15 - Trusted Zone: www.itau.b.br
O15 - Trusted Zone: *.itau.b.br
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: banklineplus.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: www.itaupersonnalite.com.br
O15 - Trusted Zone: http://www.itaupersonnalite.com.br
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: PDF Architect 5 Manager - © pdfforge GmbH. - C:\Program Files\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe

--
End of file - 8728 bytes

 

>

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desinstale completamente o Spybot. É um Software ultrapassado que mais prejudica a remoção de Malwares, do que ajuda.

Abra o HijackThis e clique em "Do a system scan only" e marque as Entradas listadas abaixo, em seguida clique em "Fix Checked"

O4 - Startup: zobebibepubipebelubuhubocabocubudibumi.lnk = C:\Windows\System32\cmd.exe
O4 - Global Startup: FinishSetup.lnk = ?
O4 - Global Startup: Iomega Icons.lnk = ?
O4 - Global Startup: Iomega QuikSync.lnk = ?
O4 - Global Startup: Iomega Startup Options.lnk = ?
O4 - Global Startup: IomegaWare.lnk = ?

Reinicie o PC.

Baixe o ZHPCleaner e salve no Desktop. (Área de Trabalho)

Dê um duplo-clique sobre o ZHPCleaner.exe.

Clique no botão Scanner.

A Ferramenta comecará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.

Ao final da Verificação, clique no botão Reparar.

Concluída a operação, um Log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o Log.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + um novo Log do HijackThis.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites


ZHPCleaner Report
~ ZHPCleaner v2018.7.10.148 by Nicolas Coolman (2018/07/10)
~ Run by usuario (Administrator)  (11/07/2018 10:26:08)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scan
~ Report : C:\Users\usuario\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\usuario\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Professional, 32-bit Service Pack 1 (Build 7601)

---\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found. (ADS)

---\  Services (0)
~ No malicious or unnecessary items found. (Service)

---\  Browser internet (0)
~ No malicious or unnecessary items found. (Browser)

---\  Hosts file (1)
~ The hosts file is legitimate (15656)

---\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found. (Task)

---\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found. (Explorer)

---\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found. (Register)

---\ Result of repair
~ Any repair made
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)

---\ Statistics
~ Items scanned : 90384
~ Items found : 0
~ Items cancelled : 0
~ Items options : 0/7
~ Space saving (bytes) : 0
~ End of search in 00h15mn11s

---\  Reports (5)
ZHPCleaner-[R]-11072018-10_20_17.txt
ZHPCleaner--11072018-08_22_16.txt
ZHPCleaner--11072018-08_44_16.txt
ZHPCleaner--11072018-10_12_02.txt
ZHPCleaner--11072018-10_41_19.txt


Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:48:56, on 11/07/2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18616)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Diebold\Warsaw\core.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&PC=UE12&ocid=UE12DHP
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130881720268550838&GUID=7DFC4EE6-9DE6-4245-9E06-7DA9E5E67B07
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [unpkcs1132] C:\Program Files\Common Files\unpkcs11buf\BRZPKCS32.exe -install
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StatusAlerts] "C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\usuario\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O15 - Trusted Zone: www.google.com.br
O15 - Trusted Zone: www.itau.b.br
O15 - Trusted Zone: *.itau.b.br
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: banklineplus.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: www.itaupersonnalite.com.br
O15 - Trusted Zone: http://www.itaupersonnalite.com.br
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: PDF Architect 5 Manager - © pdfforge GmbH. - C:\Program Files\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe

--
End of file - 6780 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download Malwarebytes Anti-Malware (MBAM) e salve ou imprima estas instruções:

Execute o mb3-setup.exe para instalar o programa.

Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO (se houver).

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas. Clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Em Configurações, clique em Proteção, caso esteja desabilitado, marque Procura por Rootkits. Em Proteção contra ameaça em potencial, selecione Tratar PUPs e PUMs como Malware (recomendado).

Clique em Análise, em seguida Análise de Ameaça, por fim, clique em Iniciar Análise.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, se houver itens encontrados, clique no botão Exportar Resumo -> Arquivo texto (*.txt) e salve-o na sua Área de Trabalho (Desktop), se o Log da desinfecção não for salvo você  vai encontra-lo ali.

Clique em Aplicar Ações ou se não houver, clique em Enviar para a quarentena.

Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC.

O Log é automaticamente salvo pelo MBAM e será possível vê-lo clicando na aba Relatórios -> Relatórios de análise na Janela Principal do Programa após a desinfecção ter sido realizada.

NÃO USE O FORMATO ARQUIVO .XML PARA SALVAR O LOG.

Selecione, copie e cole todo o conteúdo do Log da desinfecção salvo pelo MBAM, na sua próxima resposta  e um novo Log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá! Seguem os logs do MBAM e HijackThis após seguir os passos acima:

 

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 11/07/18
Hora da análise: 11:53
Arquivo de registro: 38f97fd8-851a-11e8-a5a0-6cf049f6e286.json
Administrador: Sim

-Informação do software-
Versão: 3.5.1.2522
Versão de componentes: 1.0.391
Versão do pacote de definições: 1.0.5869
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x86
Sistema de arquivos: NTFS
Usuário: usuario-PC\usuario

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 193637
Ameaças detectadas: 243
Ameaças em quarentena: 242
Tempo decorrido: 13 min, 25 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 2
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE, Quarentena, [7311], [252393],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, HKU\S-1-5-21-2380076136-2462001490-86626871-1001\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\lmjegmlicamnimmfhcmpkclmigmmcbeh, Quarentena, [14326], [443226],1.0.5869

Valor de registro: 4
PUM.Optional.DisableChromeUpdates, HKLM\SOFTWARE\POLICIES\GOOGLE\UPDATE|DISABLEAUTOUPDATECHECKSCHECKBOXVALUE, Quarentena, [7311], [252393],1.0.5869
Trojan.Floxif.Trace, HKLM\SOFTWARE\PIRIFORM\AGOMO|MUID, Quarentena, [7306], [436740],1.0.5869
Trojan.Floxif.Trace, HKLM\SOFTWARE\PIRIFORM\AGOMO|TCID, Nenhuma ação do usuário, [7306], [436739],1.0.5869
Trojan.BlockAV, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SHAREDACCESS\PARAMETERS\FIREWALLPOLICY\FIREWALLRULES|{8261D7D7-D93B-473E-9A85-865E9C534715}, Quarentena, [7376], [325171],1.0.5869

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 104
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\AOHGHMIGHLIEIAINNEGKCIJNFILOKAKE, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\es_419, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\en_GB, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\zh_CN, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pt_PT, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pt_BR, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\zh_TW, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fil, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ca, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\cs, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\da, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\de, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\el, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\en, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\es, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\et, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fi, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fr, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hi, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hr, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hu, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\id, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\it, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ja, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ko, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\lt, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\lv, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\nb, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\nl, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pl, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ro, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ru, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sk, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sl, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sr, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\th, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\tr, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\uk, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\vi, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sv, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\bg, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_metadata, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\html, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\css, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\NMMHKKEGCCAGDLDGIIMEDPICCMGMIEDA, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\_metadata, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\images, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\LMJEGMLICAMNIMMFHCMPKCLMIGMMCBEH, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\_locales\pt_BR, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\_locales\en, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\_locales\es, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\_metadata, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\_locales, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\EMBBOANAGKHDGHDNAEKPBPGFCKEEJMLO, Quarentena, [14326], [443226],1.0.5869

Arquivo: 133
PUP.Optional.CrossRider, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\LOCAL STORAGE\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, Quarentena, [395], [443427],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Substituído, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Preferences, Substituído, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\AOHGHMIGHLIEIAINNEGKCIJNFILOKAKE\0.9_0\MANIFEST.JSON, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ar\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\bg\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ca\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\cs\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\da\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\de\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\el\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_GB\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\en_US\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\es_419\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\et\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fi\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fil\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\fr\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\he\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hi\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\hu\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\id\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\it\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ja\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ko\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lt\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\lv\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ms\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\nl\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\no\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pl\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_BR\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\pt_PT\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ro\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\ru\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sk\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sl\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sr\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\sv\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\th\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\tr\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\uk\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\vi\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_CN\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_locales\zh_TW\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\computed_hashes.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\_metadata\verified_contents.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_128.png, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\icon_16.png, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.html, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0\main.js, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Substituído, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\NMMHKKEGCCAGDLDGIIMEDPICCMGMIEDA\0.1.0.0_0\MANIFEST.JSON, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\css\craw_window.css, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\html\craw_window.html, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\flapper.gif, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\icon_128.png, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\icon_16.png, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\topbar_floating_button.png, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\topbar_floating_button_close.png, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\topbar_floating_button_hover.png, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\topbar_floating_button_maximize.png, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\images\topbar_floating_button_pressed.png, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\bg\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ca\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\cs\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\da\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\de\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\el\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\en\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\en_GB\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\es\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\es_419\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\et\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fi\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fil\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\fr\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hi\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hr\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\hu\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\id\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\it\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ja\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ko\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\lt\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\lv\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\nb\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\nl\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pl\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pt_BR\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\pt_PT\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ro\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\ru\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sk\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sl\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sr\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\sv\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\th\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\tr\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\uk\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\vi\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\zh_CN\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_locales\zh_TW\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\_metadata\verified_contents.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\craw_background.js, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.1.0.0_0\craw_window.js, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Substituído, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Preferences, Substituído, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\LMJEGMLICAMNIMMFHCMPKCLMIGMMCBEH\3.2_0\MANIFEST.JSON, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\images\drive-sync16.png, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\images\drive-sync256.png, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\images\drive-sync64.png, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\_metadata\computed_hashes.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\_metadata\verified_contents.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh\3.2_0\background.js, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Substituído, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Preferences, Substituído, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\USERS\USUARIO\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\EMBBOANAGKHDGHDNAEKPBPGFCKEEJMLO\3.7.3_0\MANIFEST.JSON, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\_locales\en\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\_locales\es\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\_locales\pt_BR\messages.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\_metadata\computed_hashes.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\_metadata\verified_contents.json, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\128.png, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\16.png, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\48.png, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\bio.js, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\dc.js, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\events.html, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\events.js, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\ps.js, Quarentena, [14326], [443226],1.0.5869
PUP.Optional.ModifiedHijackedExtension.Generic, C:\Users\usuario\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\embboanagkhdghdnaekpbpgfckeejmlo\3.7.3_0\pta.js, Quarentena, [14326], [443226],1.0.5869

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:12:32, on 11/07/2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18616)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Iomega\Tools\imgicon.exe
C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\usuario\Links\mebinabuhabocobisebunobegubilibatibujo\mebinabuhabocobisebunobegubilibatibujo.exe
C:\Program Files\Diebold\Warsaw\core.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&PC=UE12&ocid=UE12DHP
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130881720268550838&GUID=7DFC4EE6-9DE6-4245-9E06-7DA9E5E67B07
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [unpkcs1132] C:\Program Files\Common Files\unpkcs11buf\BRZPKCS32.exe -install
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StatusAlerts] "C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\usuario\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: zobebibepubipebelubuhubocabocubudibumi.lnk = C:\Windows\System32\cmd.exe
O4 - Global Startup: FinishSetup.lnk = ?
O4 - Global Startup: Iomega Icons.lnk = ?
O4 - Global Startup: Iomega QuikSync.lnk = ?
O4 - Global Startup: Iomega Startup Options.lnk = ?
O4 - Global Startup: IomegaWare.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O15 - Trusted Zone: www.google.com.br
O15 - Trusted Zone: www.itau.b.br
O15 - Trusted Zone: *.itau.b.br
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: banklineplus.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: www.itaupersonnalite.com.br
O15 - Trusted Zone: http://www.itaupersonnalite.com.br
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: PDF Architect 5 Manager - © pdfforge GmbH. - C:\Program Files\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe

--
End of file - 8728 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites
52 minutos atrás, thatybortolani disse:

Rootkits: Desabilitado

Habilite conforme instruído acima execute o Malwarebytes e poste o novo resultado...


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue novo resultado após rootkits desabilitados:

 

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 11/07/18
Hora da análise: 14:38
Arquivo de registro: 2e13523b-8531-11e8-9491-6cf049f6e286.json
Administrador: Sim

-Informação do software-
Versão: 3.5.1.2522
Versão de componentes: 1.0.391
Versão do pacote de definições: 1.0.5871
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x86
Sistema de arquivos: NTFS
Usuário: usuario-PC\usuario

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 195657
Ameaças detectadas: 1
Ameaças em quarentena: 1
Tempo decorrido: 23 min, 1 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 1
Trojan.Floxif.Trace, HKLM\SOFTWARE\PIRIFORM\AGOMO|TCID, Quarentena, [7306], [436739],1.0.5871

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 0
(Nenhum item malicioso detectado)

Arquivo: 0
(Nenhum item malicioso detectado)

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:12:32, on 11/07/2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18616)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Iomega\Tools\imgicon.exe
C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\usuario\Links\mebinabuhabocobisebunobegubilibatibujo\mebinabuhabocobisebunobegubilibatibujo.exe
C:\Program Files\Diebold\Warsaw\core.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&PC=UE12&ocid=UE12DHP
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130881720268550838&GUID=7DFC4EE6-9DE6-4245-9E06-7DA9E5E67B07
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [unpkcs1132] C:\Program Files\Common Files\unpkcs11buf\BRZPKCS32.exe -install
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StatusAlerts] "C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\usuario\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: zobebibepubipebelubuhubocabocubudibumi.lnk = C:\Windows\System32\cmd.exe
O4 - Global Startup: FinishSetup.lnk = ?
O4 - Global Startup: Iomega Icons.lnk = ?
O4 - Global Startup: Iomega QuikSync.lnk = ?
O4 - Global Startup: Iomega Startup Options.lnk = ?
O4 - Global Startup: IomegaWare.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O15 - Trusted Zone: www.google.com.br
O15 - Trusted Zone: www.itau.b.br
O15 - Trusted Zone: *.itau.b.br
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: banklineplus.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: www.itaupersonnalite.com.br
O15 - Trusted Zone: http://www.itaupersonnalite.com.br
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: PDF Architect 5 Manager - © pdfforge GmbH. - C:\Program Files\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe

--
End of file - 8728 bytes

 

Testei o outlook e meus emails ainda não estão funcionando...

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu Antivírus.

Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Installer. Salve-o em seu Desktop (Área de Trabalho).

Dê um duplo clique no seu ícone no Desktop.

Marque "YES, I accept the Terms of Use." Clique em Start.

Aceite qualquer Aviso de Segurança de seu Navegador

Marque as Opções abaixo:

Enable detection of potencially unwanted applications.

Clique em Hide advanced settings e marque:

Remove found threats

Scan archives

Scan for potentially unsafe applications

Enable Anti-Stealth technology 

Clique Change e marque também a caixa Computador.

Clique em Start.

Ele vai atualizar por conta própria, e escanear o Computador. Tenha paciência, o processo pode demorar horas. Quando o Scan terminar, clique em List Threats.

Clique em Export to text file e salve o Log na sua Área de Trabalho.

Copie e cole o conteúdo em sua próxima resposta.

Obs: Se nada for encontrado, nenhum Log será gerado.

Clique em Back.

Clique em Finish.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia!

 

Seguem logs conforme solicitado:

 

 

 

C:\AdwCleaner\Quarantine\C\Program Files\bestadblocker\IRlZ9rniRlItTL.dll.vir    a variant of Win32/Adware.MultiPlug.FL application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\bestadblocker\IRlZ9rniRlItTL.exe.vir    a variant of Win32/Adware.MultiPlug.JY application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\SalePllus\SalePllus.exe.vir    a variant of Win32/Adware.MultiPlug.JY application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\SalePlus\SGTSyrZ3hISt0C.dll.vir    a variant of Win32/Adware.MultiPlug.FL application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\SalePlus\SGTSyrZ3hISt0C.exe.vir    a variant of Win32/Adware.MultiPlug.JY application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\Program Files\SectionSubs\SectionSubs.dll.vir    a variant of Win32/Adware.MultiPlug.NA application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\hgdefcdeajdkbfjpkebbonbjkbkknbmm\content.js.vir    JS/Adware.MultiPlug.M application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\hgdefcdeajdkbfjpkebbonbjkbkknbmm\lsdb.js.vir    JS/Adware.MultiPlug.N application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\NoMore Ads\NoMore Ads.exe.vir    Win32/Adware.MultiPlug.OY application    cleaned by deleting
C:\AdwCleaner\Quarantine\C\ProgramData\{90529932-21e9-a2b9-9052-2993221e64c8}\Download.exe.vir    a variant of Win32/Adware.MultiPlug.JH application    cleaned by deleting
C:\Program Files\CCleaner\Lang\ccsetup414.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\usuario\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6EC465BBFA7616B4D92EDC2DFB804F49    VBS/TrojanDownloader.Agent.NMQ trojan    cleaned by deleting
C:\Users\usuario\Links\mebinabuhabocobisebunobegubilibatibujo\IVIEWERS.dll    a variant of Win32/Spy.Banker.ADPU trojan    cleaned by deleting
C:\Users\usuario\Links\zobebibepubipebelubuhubocabocubudibumi\IVIEWERS.dll    a variant of Win32/Spy.Banker.ADPU trojan    cleaned by deleting
 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 09:12:32, on 11/07/2018
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18616)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Iomega\Tools\imgicon.exe
C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Users\usuario\Links\mebinabuhabocobisebunobegubilibatibujo\mebinabuhabocobisebunobegubilibatibujo.exe
C:\Program Files\Diebold\Warsaw\core.exe
C:\Program Files\TeamViewer\Version8\TeamViewer.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&PC=UE12&ocid=UE12DHP
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkID=617911&ResetID=130881720268550838&GUID=7DFC4EE6-9DE6-4245-9E06-7DA9E5E67B07
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_171\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_171\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKLM\..\Run: [unpkcs1132] C:\Program Files\Common Files\unpkcs11buf\BRZPKCS32.exe -install
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvLaunch.exe" /gui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StatusAlerts] "C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on /appData:on /tmcp:on
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [Dropbox Update] "C:\Users\usuario\AppData\Local\Dropbox\Update\DropboxUpdate.exe" /c
O4 - HKCU\..\Run: [Spybot-S&D Cleaning] "C:\Program Files\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe" (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\usuario\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: zobebibepubipebelubuhubocabocubudibumi.lnk = C:\Windows\System32\cmd.exe
O4 - Global Startup: FinishSetup.lnk = ?
O4 - Global Startup: Iomega Icons.lnk = ?
O4 - Global Startup: Iomega QuikSync.lnk = ?
O4 - Global Startup: Iomega Startup Options.lnk = ?
O4 - Global Startup: IomegaWare.lnk = ?
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O15 - Trusted Zone: www.google.com.br
O15 - Trusted Zone: www.itau.b.br
O15 - Trusted Zone: *.itau.b.br
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: banklineplus.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: www.itaupersonnalite.com.br
O15 - Trusted Zone: http://www.itaupersonnalite.com.br
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\AVAST Software\Avast\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: PDF Architect 5 Manager - © pdfforge GmbH. - C:\Program Files\PDF Architect 5 Manager\PDF Architect 5\Architect Manager.exe
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe

--
End of file - 8728 bytes
 

 

Respondendo à pergunta, aparentemente o PC está normal mas o outkook não está enviando nem recebendo emails.

 

Editado por thatybortolani

Não estou mais conseguindo responder, o campo não aparece... já abri o fórum em outro PC mas o campo "responder" também não apareceu... Respondendo

Compartilhar este post


Link para o post
Compartilhar em outros sites

Coloque um Antivírus confiável neste PC.

Veja neste meu Tópico Pinado as indicações: Kits de Segurança Free para sua maior proteção 

  Ok, o PC está limpo. (Y)  

Download  DelFix, e salve no seu Desktop (Área de Trabalho). Dê um duplo-clique no delfix.exe para executá-lo.
 
No Windows 7, 8 e 10: Clique com o direito sobre o delfix.exe e selecione Executar como Administrador
 
Marque a caixa conforme a imagem.abaixo

DellFix.jpg

Clique no botão Executar. Isso removerá os Programas usados na desinfecção, Pastas e Arquivos criados por eles e o próprio DelFix.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

×