Ir para conteúdo
  • Cadastre-se

Mensagem Recomendada

Olá, a uns dias atras baixei um arquivo portable e logo de cara meu Av detecto arquivo malicioso e neutralizou, porém depois que reiniciei reparei que não consigo mais abrir o explorer do Windows, ele fica carregando infinitamente e quando termina de carregar os arquivos estão com ícones brancos. ele também não me permiti iniciar alguns programas de segurança como malwarebyte.

 

LOG:
 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:52:53, on 11/12/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\InstallShield\setup.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Program Files (x86)\IObit\Driver Booster\6.0.2\Pub\PubMonitor.exe
C:\HijackThis.exe
C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\FileCoAuth.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=COSP&ptag=D120818-N0690A3904163984&form=CONMHP&conlogo=CT3335855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [WallpaperEngine] "C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" -silent
O4 - HKCU\..\Run: [Discord] C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net.exe" --autostarted
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12112018144051520\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
O4 - Startup: IQTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Unknown owner - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: MDdhZ - Unknown owner - rundll32.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing)

--
End of file - 10743 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o ZHPCleaner e salve no Desktop. (Área de Trabalho)

Usuários do Windows 7, 8, 8.1 ou 10: clique com o botão direito do mouse no ícone do Programa e selecione  executar-como-administrador.png

Dê um duplo-clique sobre o ZHPCleaner.exe.

Clique no botão Scanner.

A Ferramenta comecará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.

Ao final da Verificação, clique no botão Reparar.

Concluída a operação, um Log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o Log.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + um novo Log do HijackThis.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não foi encontrado nada no escaner, e não ouve necessidade de reparar.

 

Novo log HijackThis

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:14:01, on 11/12/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\InstallShield\setup.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Program Files (x86)\IObit\Driver Booster\6.0.2\Pub\PubMonitor.exe
C:\HijackThis.exe
C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\FileCoAuth.exe
C:\Program Files (x86)\Nox\bin\nox_adb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=COSP&ptag=D120818-N0690A3904163984&form=CONMHP&conlogo=CT3335855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [WallpaperEngine] "C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" -silent
O4 - HKCU\..\Run: [Discord] C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net.exe" --autostarted
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12112018144051520\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
O4 - Startup: IQTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Unknown owner - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: MDdhZ - Unknown owner - rundll32.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing)

--
End of file - 10787 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Não tenho certeza se é esse log:

ZHPCleaner, Quarantine Delete

DELETED File: C:\Users\Zer0_\AppData\Roaming\ZHP\ZHPQ_Files.txt
DELETED File: C:\Users\Zer0_\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
DELETED File: C:\Users\Zer0_\AppData\Roaming\ZHP\ZHPQ_Task.txt
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\aria-debug-9356.log
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb187F.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb1AD1.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb2FC.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb3E65.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb4067.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb435.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb6397.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb72BB.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb77A4.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evb8A62.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evbB232.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evbD228.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evbE81D.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\evbFEC4.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\LocalStorage.txt
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI1034.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI10D5.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI1180.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI13F6.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI14B8.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI1A72.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI1D16.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI1E67.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI1E81.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI1F36.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI20D0.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI2244.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI2813.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI32A5.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI4080.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI42B6.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI52B7.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI55D8.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI5C20.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI630F.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI6361.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI65D6.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI6BC1.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI7104.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI7307.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI7C48.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI7CAA.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI7D00.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI7E3C.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI7EB2.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI7F2A.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI7FB8.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI81CF.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI852F.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI8C44.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI8F84.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI93B2.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI9525.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI956.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSI9E85.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIA14D.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIA1A6.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIA2DB.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIA2E8.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIA688.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIBBED.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIBCB4.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIBDFC.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIBF4C.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIC1E.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIC822.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIC87.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIC8A4.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSICB2.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSICE21.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSICEB6.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSICFFA.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSID35B.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSID6D4.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSID764.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSID86E.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSID88F.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSID920.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSID92D.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSID967.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIDA77.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIDB68.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIDC79.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIDCCA.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIDDE0.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE08D.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE103.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE16.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE37A.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE3CD.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE446.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE6F.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE7.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE910.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE972.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIE9FD.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIEAC8.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIEB69.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIECAE.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIEDDB.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIF309.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIF319.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIF3AC.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIF838.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIF91.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIFA3.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\MSIFABC.tmp
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\SETUP_WINTHRUSTER_2018.TMP-4602F1DE.pf
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\SETUP_WINTHRUSTER_2018.TMP-FFBE1EDC.pf
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\wix{14D7E71E-ADA6-47B5-9164-36DCA8B4CEB7}.SchedServiceConfig.rmi
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\wix{9CBA860F-7437-4A75-941C-8EF559F2D145}.SchedServiceConfig.rmi
DELETED File/Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\\wix{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}.SchedServiceConfig.rmi
DELETED Folder: C:\Users\Zer0_\AppData\Roaming\ZHP\Quarantine\ZHPCleaner\

End of report, Quarantine Deleted 
 

Novo log:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:14:01, on 11/12/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\InstallShield\setup.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Program Files (x86)\IObit\Driver Booster\6.0.2\Pub\PubMonitor.exe
C:\HijackThis.exe
C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\FileCoAuth.exe
C:\Program Files (x86)\Nox\bin\nox_adb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=COSP&ptag=D120818-N0690A3904163984&form=CONMHP&conlogo=CT3335855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [WallpaperEngine] "C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" -silent
O4 - HKCU\..\Run: [Discord] C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net.exe" --autostarted
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12112018144051520\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
O4 - Startup: IQTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Unknown owner - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: MDdhZ - Unknown owner - rundll32.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing)

--
End of file - 10787 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites
1 hora atrás, Mr.Million disse:

Ao final da Verificação, clique no botão Reparar.

Concluída a operação, um Log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o Log.

Por favor refaça, este não é o Log. Veja em outros Tópicos na área RESOLVIDOS como ele é..


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Log ZHPCleaner:

~ ZHPCleaner v2018.12.8.204 by Nicolas Coolman (2018/12/08)
~ Run by Zer0_ (Administrator)  (11/12/2018 20:25:50)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scan
~ Report : C:\Users\Zer0_\OneDrive\Área de Trabalho\ZHPCleaner.txt
~ Quarantine : C:\Users\Zer0_\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 17134)

---\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found. (ADS)

---\  Services (0)
~ No malicious or unnecessary items found. (Service)

---\  Browser internet (0)
~ No malicious or unnecessary items found. (Browser)

---\  Hosts file (1)
~ The hosts file is legitimate (21)

---\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found. (Task)

---\  Explorer ( File, Folder) (7)
FOUND file: C:\Windows\Installer\MSI25A7.tmp    =>.SUP.MSIInstaller
FOUND file: C:\Users\Zer0_\AppData\Local\Temp\aria-debug-1444.log    =>.SUP.Temporary.OneDrive
FOUND file: C:\Users\Zer0_\AppData\Local\Temp\aria-debug-8644.log    =>.SUP.Temporary.OneDrive
FOUND file: C:\Users\Zer0_\AppData\Local\Temp\evbF79B.tmp    =>.SUP.Temporary.Empty
FOUND folder: C:\Program Files (x86)\Skillbrains\lightshot  =>.SUP.Skillbrains
FOUND folder: C:\Program Files (x86)\Skillbrains  =>.SUP.Skillbrains
FOUND folder: C:\Users\Zer0_\AppData\Local\Google\Chrome\User Data\Default\File System\000  =>.SUP.Temporary.Chrome

---\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found. (Register)

---\  Summary of the elements found (5)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.MSIInstaller
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.OneDrive
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Empty
https://www.anti-malware.top/2016/04/30/superfluous-skillbrains/  =>.SUP.Skillbrains
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Chrome

---\ Result of repair
~ Any repair made
~ Browser not found (Opera Software)

---\ Statistics
~ Items scanned : 91102
~ Items found : 7
~ Items cancelled : 0
~ Items options : 12/12
~ Space saving (bytes) : 470
~ End of search in 00h03mn13s

---\  Reports (6)
ZHPCleaner-[R]-11122018-17_22_57.txt
ZHPCleaner--11122018-16_10_40.txt
ZHPCleaner--11122018-16_11_02.txt
ZHPCleaner--11122018-16_13_27.txt
ZHPCleaner--11122018-17_19_22.txt
ZHPCleaner--11122018-20_29_03.txt


Log HijackThis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:14:01, on 11/12/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\InstallShield\setup.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Program Files (x86)\IObit\Driver Booster\6.0.2\Pub\PubMonitor.exe
C:\HijackThis.exe
C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\FileCoAuth.exe
C:\Program Files (x86)\Nox\bin\nox_adb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=COSP&ptag=D120818-N0690A3904163984&form=CONMHP&conlogo=CT3335855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [WallpaperEngine] "C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" -silent
O4 - HKCU\..\Run: [Discord] C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net.exe" --autostarted
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12112018144051520\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
O4 - Startup: IQTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Unknown owner - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: MDdhZ - Unknown owner - rundll32.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing)

--
End of file - 10787 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download Malwarebytes Anti-Malware (MBAM) e salve ou imprima estas instruções:

Execute o mbam-setup.exe para instalar o programa.

Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO (se houver).

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas. Clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Em Configurações, clique em Proteção, caso esteja desabilitado, marque Procura por Rootkits. Em Proteção contra ameaça em potencial, selecione Tratar PUPs e PUMs como Malware (recomendado).

Clique em Análise, em seguida Análise de Ameaça, por fim, clique em Iniciar Análise.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, se houver itens encontrados, clique no botão Exportar Resumo -> Arquivo texto (*.txt) e salve-o na sua Área de Trabalho (Desktop), se o Log da desinfecção não for salvo você  vai encontra-lo ali.

Clique em Aplicar Ações ou se não houver, clique em Enviar para a quarentena.

Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC.

O Log é automaticamente salvo pelo MBAM e será possível vê-lo clicando na aba Relatórios -> Relatórios de análise na Janela Principal do Programa após a desinfecção ter sido realizada.

NÃO USE O FORMATO ARQUIVO .XML PARA SALVAR O LOG.

Selecione, copie e cole todo o conteúdo do Log da desinfecção salvo pelo MBAM, na sua próxima resposta  e um novo Log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tentei instalar o MBAM só que travava assim que entro na pagina ou até mesmo coloco pra fazer uma busca pelo MBAM no google, tentei o  MBAM chamaleon e consegui instalar o MBAM só que assim que inicio ele, ele trava e não deixa eu fazer nada.

Assim que entro no explorer do Windows ele fica carregando e demora muito pra carregar as pastas e os arquivos ficam com o ícone branco.

Agora fica aparecendo essa mensagem do anexo a cada 5 minutos por ai...

 

 

Screenshot_4.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Depois de muitas tentativas consegui iniciar o MBAM e responder aqui, o problema do explorer esta lento e icones brancos continua.

Log MBAM:

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 12/12/2018
Hora da análise: 14:08
Arquivo de registro: 24e04f72-fe28-11e8-9798-74d435e08ccd.json

-Informação do software-
Versão: 3.6.1.2711
Versão de componentes: 1.0.463
Versão do pacote de definições: 1.0.8279
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 10 (Build 17134.471)
CPU: x64
Sistema de arquivos: NTFS
Usuário: DESKTOP-HM04AT7\Zer0_

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 282126
Ameaças detectadas: 44
Ameaças em quarentena: 42
Tempo decorrido: 2 min, 36 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 1
Adware.Zdengo.Generic, C:\Windows\EJFYPLTXLT.EJF, Quarentena, [9368], [608505],1.0.8279

Chave de registro: 14
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MGM1N, Quarentena, [475], [556539],1.0.8279
Adware.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\localNETService, Quarentena, [101], [603752],1.0.8279
PUP.Optional.Conduit, HKLM\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarentena, [215], [236865],1.0.8279
PUP.Optional.Conduit, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarentena, [215], [236865],1.0.8279
PUP.Optional.Conduit, HKU\S-1-5-21-3011543786-269527790-1036262397-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}, Quarentena, [215], [236865],1.0.8279
Adware.SearchAwesome, HKLM\SOFTWARE\WOW6432NODE\SrcAAAesom Browser Enhancer, Quarentena, [7193], [509886],1.0.8279
Adware.SearchAwesome, HKLM\SOFTWARE\SrcAAAesom Browser Enhancer, Quarentena, [7193], [509886],1.0.8279
Adware.Zdengo.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\MDdhZ, Quarentena, [9368], [608505],1.0.8279
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{D7C92569-5998-FE09-4364-E713D2C207DE}, Quarentena, [5994], [601190],1.0.8279
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{90FEEC9C-6D6A-44F4-ADE7-59F803C5485B}, Quarentena, [5994], [601190],1.0.8279
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\LOGON\{90FEEC9C-6D6A-44F4-ADE7-59F803C5485B}, Quarentena, [5994], [601190],1.0.8279
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\{5FBEE3B1-CCFB-25A5-93B4-0BB31B025305}, Quarentena, [5994], [601196],1.0.8279
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{4E7B055A-210A-4162-898C-1688EC16B90C}, Quarentena, [5994], [601196],1.0.8279
Trojan.BitCoinMiner.BatBitRst, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{4E7B055A-210A-4162-898C-1688EC16B90C}, Quarentena, [5994], [601196],1.0.8279

Valor de registro: 6
Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Falha ao remover, [475], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-3011543786-269527790-1036262397-1001\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Quarentena, [475], [-1],0.0.0
Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, Falha ao remover, [475], [-1],0.0.0
PUP.Optional.Conduit, HKU\S-1-5-21-3011543786-269527790-1036262397-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, Quarentena, [215], [236865],1.0.8279
PUP.Optional.Conduit, HKU\S-1-5-21-3011543786-269527790-1036262397-1001\SOFTWARE\MICROSOFT\Internet Explorer\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|TOPRESULTURL, Quarentena, [215], [236865],1.0.8279
Adware.Agent, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\LOCALNETSERVICE|IMAGEPATH, Quarentena, [101], [603754],1.0.8279

Dados de registro: 1
PUP.Optional.Conduit, HKU\S-1-5-21-3011543786-269527790-1036262397-1001\SOFTWARE\MICROSOFT\Internet Explorer\MAIN|START PAGE, Substituído, [215], [293058],1.0.8279

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 2
Adware.Wajam, C:\PROGRAM FILES\MGM1N, Quarentena, [475], [556539],1.0.8279
Adware.Agent, C:\PROGRAMDATA\LOCALNETSERVICE, Quarentena, [101], [603752],1.0.8279

Arquivo: 20
PUP.Optional.FFHijacker.Generic, C:\PROGRAM FILES\MOZILLA FIREFOX\DEFAULTS\PREF\SECURE_CERT.JS, Quarentena, [5342], [505085],1.0.8279
Adware.Wajam, C:\PROGRAM FILES\MGM1N\WBE_uninstall.dat, Quarentena, [475], [556539],1.0.8279
Adware.Wajam, C:\Program Files\MGM1N\MmJkNzk.ico, Quarentena, [475], [556539],1.0.8279
Adware.Wajam, C:\Program Files\MGM1N\mozcrt19.dll, Quarentena, [475], [556539],1.0.8279
Adware.Wajam, C:\Program Files\MGM1N\NjRhMzFjNzJ.exe, Quarentena, [475], [556539],1.0.8279
Adware.Wajam, C:\Program Files\MGM1N\nspr4.dll, Quarentena, [475], [556539],1.0.8279
Adware.Wajam, C:\Program Files\MGM1N\nss3.dll, Quarentena, [475], [556539],1.0.8279
Adware.Wajam, C:\Program Files\MGM1N\plc4.dll, Quarentena, [475], [556539],1.0.8279
Adware.Wajam, C:\Program Files\MGM1N\plds4.dll, Quarentena, [475], [556539],1.0.8279
Adware.Wajam, C:\Program Files\MGM1N\service.dat, Quarentena, [475], [556539],1.0.8279
Adware.Wajam, C:\Program Files\MGM1N\service_64.dat, Quarentena, [475], [556539],1.0.8279
Adware.Wajam, C:\Program Files\MGM1N\softokn3.dll, Quarentena, [475], [556539],1.0.8279
Adware.Wajam, C:\Program Files\MGM1N\YjdjYmFkYWEzNTc4.exe, Quarentena, [475], [556539],1.0.8279
Adware.Wajam, C:\Program Files\MGM1N\ZTE0MGQzMjc5MGYyOWM, Quarentena, [475], [556539],1.0.8279
Adware.Agent, C:\PROGRAMDATA\LOCALNETSERVICE\LOCALNETSERVICE.EXE, Quarentena, [101], [603752],1.0.8279
Adware.Zdengo.Generic, C:\Windows\EJFYPLTXLT.EJF, Quarentena, [9368], [608505],1.0.8279
Trojan.BitCoinMiner.BatBitRst, C:\Windows\SYSTEM32\TASKS\{D7C92569-5998-FE09-4364-E713D2C207DE}, Quarentena, [5994], [601190],1.0.8279
Trojan.BitCoinMiner.BatBitRst, C:\Windows\SYSTEM32\TASKS\{5FBEE3B1-CCFB-25A5-93B4-0BB31B025305}, Quarentena, [5994], [601196],1.0.8279
PUP.Optional.Trovigo, C:\USERS\ZER0_\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, Substituído, [376], [455258],1.0.8279
PUP.Optional.Trovigo, C:\USERS\ZER0_\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [376], [455258],1.0.8279

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)


Log HijackThis:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:14:01, on 11/12/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\svchost.exe
C:\Windows\SysWOW64\InstallShield\setup.exe
C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Program Files (x86)\IObit\Driver Booster\6.0.2\Pub\PubMonitor.exe
C:\HijackThis.exe
C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\18.212.1021.0008\FileCoAuth.exe
C:\Program Files (x86)\Nox\bin\nox_adb.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com/?PC=COSP&ptag=D120818-N0690A3904163984&form=CONMHP&conlogo=CT3335855
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [KeePass 2 PreLoad] "C:\Program Files (x86)\KeePass Password Safe 2\KeePass.exe" --preload
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Zer0_\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [WallpaperEngine] "C:\Program Files (x86)\Steam\steamapps\common\wallpaper_engine\wallpaper32.exe" -silent
O4 - HKCU\..\Run: [Discord] C:\Users\Zer0_\AppData\Local\Discord\app-0.0.301\Discord.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [Battle.net] "C:\Program Files (x86)\Battle.net\Battle.net.exe" --autostarted
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-12112018144051520\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User '?')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
O4 - Startup: IQTray.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.webcompanion.com
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Unknown owner - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: MDdhZ - Unknown owner - rundll32.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing)

--
End of file - 10787 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu Antivírus.

Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Installer. Salve-o em seu Desktop (Área de Trabalho).

Dê um duplo clique no seu ícone no Desktop.

Marque "YES, I accept the Terms of Use." Clique em Start.

Aceite qualquer Aviso de Segurança de seu Navegador

Marque as Opções abaixo:

Enable detection of potencially unwanted applications.

Clique em Hide advanced settings e marque:

Remove found threats

Scan archives

Scan for potentially unsafe applications

Enable Anti-Stealth technology 

Clique Change e marque também a caixa Computador.

Clique em Start.

Ele vai atualizar por conta própria, e escanear o Computador. Tenha paciência, o processo pode demorar horas. Quando o Scan terminar, clique em List Threats.

Clique em Export to text file e salve o Log na sua Área de Trabalho.

Copie e cole o conteúdo em sua próxima resposta.

Obs: Se nada for encontrado, nenhum Log será gerado.

Clique em Back.

Clique em Finish.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

×
×
  • Criar Novo...