Ir para conteúdo
  • Cadastre-se
Roni Junior

Notebook abrindo popups adultos e travamentos

Mensagem Recomendada

Boa tarde, pessoal.

Estou com um notebook que está abrindo popups adultos enquanto navego pela internet e apresenta travamentos constantes. Passei o antivírus e encontrou 3 problemas, mas imagino que possam ter mais.

Já executei todas as etapas necessárias.

Segue abaixo o log do Hijack:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:33:17, on 14/12/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Users\tatiane amorim\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @oem11.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8600 bytes
 


RONI JORGE JUNIOR
Bacharel em Sistemas de Informação
@ronijunior1986

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o ZHPCleaner e salve no Desktop. (Área de Trabalho)

Usuários do Windows 7, 8, 8.1 ou 10: clique com o botão direito do mouse no ícone do Programa e selecione  executar-como-administrador.png

Dê um duplo-clique sobre o ZHPCleaner.exe.

Clique no botão Scanner.

A Ferramenta comecará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.

Ao final da Verificação, clique no botão Reparar.

Concluída a operação, um Log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o Log.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + um novo Log do HijackThis.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o relatório do ZHPCleaner:

ZHPCleaner Report

~ ZHPCleaner v2018.12.12.205 by Nicolas Coolman (2018/12/12)
~ Run by tatiane amorim (Administrator)  (14/12/2018 19:49:25)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scan
~ Report : C:\Users\tatiane amorim\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\tatiane amorim\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 8.1 Single Language, 64-bit  (Build 9600)

---\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found. (ADS)

---\  Services (0)
~ No malicious or unnecessary items found. (Service)

---\  Browser internet (0)
~ No malicious or unnecessary items found. (Browser)

---\  Hosts file (0)
~ No malicious or unnecessary items found. (Hosts)

---\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found. (Task)

---\  Explorer ( File, Folder) (0)
~ No malicious or unnecessary items found. (Explorer)

---\  Registry ( Key, Value, Data) (0)
~ No malicious or unnecessary items found. (Register)

---\  Other deletions. (31)
~ Registry Keys Tracing deleted (31)
~ Remove the old reports ZHPCleaner. (0)

---\ Result of repair
~ Any repair made
~ Browser not found (Mozilla Firefox)
~ Browser not found (Internet Explorer)
~ Browser not found (Opera Software)

---\ Statistics
~ Items scanned : 33
~ Items found : 0
~ Items cancelled : 0
~ Items options : 12/12
~ Space saving (bytes) : 0
~ End of search in 00h00mn00s

---\  Reports (2)
ZHPCleaner-[S]-14122018-19_49_00.txt
ZHPCleaner-[S]-14122018-19_49_25.txt

Items found by ZHPCleaner

 

Information about module

Segue novo log do Hijack:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:52:34, on 14/12/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Users\tatiane amorim\Downloads\HijackThis.exe
C:\Users\tatiane amorim\Desktop\ZHPCleaner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @oem11.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8648 bytes
 


RONI JORGE JUNIOR
Bacharel em Sistemas de Informação
@ronijunior1986

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download Malwarebytes Anti-Malware (MBAM) e salve ou imprima estas instruções:

Execute o mbam-setup.exe para instalar o programa.

Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO (se houver).

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas. Clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Em Configurações, clique em Proteção, caso esteja desabilitado, marque Procura por Rootkits. Em Proteção contra ameaça em potencial, selecione Tratar PUPs e PUMs como Malware (recomendado).

Clique em Análise, em seguida Análise de Ameaça, por fim, clique em Iniciar Análise.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, se houver itens encontrados, clique no botão Exportar Resumo -> Arquivo texto (*.txt) e salve-o na sua Área de Trabalho (Desktop), se o Log da desinfecção não for salvo você  vai encontra-lo ali.

Clique em Aplicar Ações ou se não houver, clique em Enviar para a quarentena.

Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC.

O Log é automaticamente salvo pelo MBAM e será possível vê-lo clicando na aba Relatórios -> Relatórios de análise na Janela Principal do Programa após a desinfecção ter sido realizada.

NÃO USE O FORMATO ARQUIVO .XML PARA SALVAR O LOG.

Selecione, copie e cole todo o conteúdo do Log da desinfecção salvo pelo MBAM, na sua próxima resposta  e um novo Log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue relatório do Malwarebyte:

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 14/12/2018
Hora da análise: 21:16
Arquivo de registro: 38ef5434-fff6-11e8-b31e-3c77e6d13eaa.json

-Informação do software-
Versão: 3.6.1.2711
Versão de componentes: 1.0.508
Versão do pacote de definições: 1.0.8327
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 8.1
CPU: x64
Sistema de arquivos: NTFS
Usuário: TATIANE\tatiane amorim

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 245790
Ameaças detectadas: 71
Ameaças em quarentena: 71
Tempo decorrido: 6 min, 28 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 2
PUP.Optional.ASK.Generic, HKU\S-1-5-21-3982891936-2003376637-84584624-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|bkbpfdkbpbckgkcelkfjjhepmdcdmahi, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.MySearch, HKU\S-1-5-21-3982891936-2003376637-84584624-1001\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Default\extensions.settings|aejbbphmahknpklbadpphhihclmhmkfk, Quarentena, [125], [443207],1.0.8327

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 20
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\_locales\en, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\_metadata, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\_locales, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\config, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\icons, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\libs, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\js, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\USERS\TATIANE AMORIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BKBPFDKBPBCKGKCELKFJJHEPMDCDMAHI, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\settings\partner, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\settings\common, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\content_script, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\_metadata, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\settings, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\common, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\newtab, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\revert, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\logo, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\USERS\TATIANE AMORIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AEJBBPHMAHKNPKLBADPPHHIHCLMHMKFK, Quarentena, [125], [443207],1.0.8327

Arquivo: 49
PUP.Optional.ASK.Generic, C:\USERS\TATIANE AMORIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\USERS\TATIANE AMORIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Substituído, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\USERS\TATIANE AMORIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\BKBPFDKBPBCKGKCELKFJJHEPMDCDMAHI\50.153.14.16407_0\MANIFEST.JSON, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\config\config.json, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\icons\icon128.png, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\icons\icon16.png, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\icons\icon19disabled.png, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\icons\icon19on.png, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\icons\icon48.png, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\js\ajax.js, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\js\background.js, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\js\chrome.js, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\js\content_script.js, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\js\dlp.js, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\js\dlpHelper.js, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\js\extension_detect.js, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\js\index.js, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\js\internationalSearchUtils.js, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\js\logger.js, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\js\settingsOverridesUtils.js, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\js\storageUtils.js, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\js\templateParser.js, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\js\ul.js, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\js\urlUtils.js, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\js\util.js, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\libs\PartnerId.js, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\_locales\en\messages.json, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.ASK.Generic, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkbpfdkbpbckgkcelkfjjhepmdcdmahi\50.153.14.16407_0\_metadata\verified_contents.json, Quarentena, [1985], [570839],1.0.8327
PUP.Optional.MySearch, C:\USERS\TATIANE AMORIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Secure Preferences, Substituído, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\USERS\TATIANE AMORIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Preferences, Substituído, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\USERS\TATIANE AMORIM\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\EXTENSIONS\AEJBBPHMAHKNPKLBADPPHHIHCLMHMKFK\28.2_0\MANIFEST.JSON, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\common\browseraction.js, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\common\config.js, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\common\feed.js, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\common\utils.js, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\common\winner.js, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\content_script\overlayer.js, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\logo\logo_128x.png, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\logo\logo_16x.png, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\logo\logo_19x.png, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\logo\logo_48x.png, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\newtab\newtab.html, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\revert\index.css, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\revert\index.html, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\revert\index.js, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\settings\common\redirect.js, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\settings\partner\Reporting.js, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\_metadata\computed_hashes.json, Quarentena, [125], [443207],1.0.8327
PUP.Optional.MySearch, C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aejbbphmahknpklbadpphhihclmhmkfk\28.2_0\_metadata\verified_contents.json, Quarentena, [125], [443207],1.0.8327

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

 

Segue log do Hijack:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:54:53, on 14/12/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.18123)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\tatiane amorim\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: @oem11.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: HP Support Solutions Framework Service (HPSupportSolutionsFrameworkService) - HP Inc. - C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService1.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8785 bytes
 


RONI JORGE JUNIOR
Bacharel em Sistemas de Informação
@ronijunior1986

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu Antivírus.

Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Installer. Salve-o em seu Desktop (Área de Trabalho).

Dê um duplo clique no seu ícone no Desktop.

Marque "YES, I accept the Terms of Use." Clique em Start.

Aceite qualquer Aviso de Segurança de seu Navegador

Marque as Opções abaixo:

Enable detection of potencially unwanted applications.

Clique em Hide advanced settings e marque:

Remove found threats

Scan archives

Scan for potentially unsafe applications

Enable Anti-Stealth technology 

Clique Change e marque também a caixa Computador.

Clique em Start.

Ele vai atualizar por conta própria, e escanear o Computador. Tenha paciência, o processo pode demorar horas. Quando o Scan terminar, clique em List Threats.

Clique em Export to text file e salve o Log na sua Área de Trabalho.

Copie e cole o conteúdo em sua próxima resposta.

Obs: Se nada for encontrado, nenhum Log será gerado.

Clique em Back.

Clique em Finish.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue o log do ESET:

C:\Users\tatiane amorim\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohjbfpdjeokcpejpgifiiackchgjgfdo\1.1_0\background.js    JS/Chromex.Submelius.H trojan    cleaned by deleting
C:\Users\tatiane amorim\Downloads\video2119.zip    JS/TrojanDownloader.Agent.QTH trojan    deleted
 


RONI JORGE JUNIOR
Bacharel em Sistemas de Informação
@ronijunior1986

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o PC está limpo. (Y)  

Download  DelFix, e salve no seu Desktop (Área de Trabalho). Dê um duplo-clique no delfix.exe para executá-lo.
 
No Windows 7, 8 e 10: Clique com o direito sobre o delfix.exe e selecione Executar como Administrador
 
Marque a caixa conforme a imagem.abaixo

DellFix.jpg

Clique no botão Executar. Isso removerá os Programas usados na desinfecção, Pastas e Arquivos criados por eles e o próprio DelFix.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

×
×
  • Criar Novo...