Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

Ir para conteúdo
Matheus S.

Analise Do Log

Mensagem Recomendada

Bom Dia , meu computador está um pouco lento , acredito que seja algum vírus ou Malware , segue o log para analise .

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:28:29, on 15/01/2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19236)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\User\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://login.latinamweb.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&PC=UE07&ocid=UE07DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [uTorrent] "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Opera Browser Assistant] C:\Users\User\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize  (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize  (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\Windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\Windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O15 - Trusted Zone: http://www.samsungsetup.com
O15 - Trusted Zone: http://*.webcompanion.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: WSWSVCUchrome - (no CLSID) - (no file)
O23 - Service: adaware antivírus service (adawareantivirusservice) - Unknown owner - C:\Program Files\adaware\adaware antivírus\adaware antivírus\12.4.942.11595\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\Alwil Software\Avast5\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: ISL Light Restart&Resume Service_0 (isl_desktop_restart_0) - Unknown owner - C:\Users\User\AppData\Local\ISL Online Cache\ISL Restart\s_0\ISLLightService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WC Assistant (WCAssistantService) - Unknown owner - C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11109 bytes
 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o ZHPCleaner e salve no Desktop. (Área de Trabalho)

Usuários do Windows 7, 8, 8.1 ou 10: clique com o botão direito do mouse no ícone do Programa e selecione  executar-como-administrador.png

Dê um duplo-clique sobre o ZHPCleaner.exe.

Clique no botão Scanner.

A Ferramenta comecará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.

Ao final da Verificação, clique no botão Reparar.

Concluída a operação, um Log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o Log.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + um novo Log do HijackThis.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

~ ZHPCleaner v2019.1.15.8 by Nicolas Coolman (2019/01/15)
~ Run by User (Administrator)  (17/01/2019 08:27:03)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\User\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\User\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (1)
DELETED data: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\zonemap\domains\webcompanion.com\\http [Bad : Sensitive Websites]  =>PUP.Optional.LavasoftWebCompanion


---\\  Hosts file (1)
~ The hosts file is legitimate (28)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (80)
MOVED file: C:\Users\User\Desktop\µTorrent.lnk  [Bad : C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe](.BitTorrent Inc..)  =>BitTorrent (P2P)
MOVED file: C:\Windows\Installer\MSI16C.tmp    =>.SUP.MSIInstaller
MOVED file: C:\Windows\Installer\MSI29C6.tmp    =>.SUP.MSIInstaller
MOVED file: C:\Windows\Installer\MSI4ADB.tmp    =>.SUP.MSIInstaller
MOVED file: C:\Windows\Installer\MSI5AB0.tmp    =>.SUP.MSIInstaller
MOVED file: C:\Windows\Installer\MSI6AAE.tmp    =>.SUP.MSIInstaller
MOVED file: C:\Windows\Installer\MSI7C7F.tmp    =>.SUP.MSIInstaller
MOVED file: C:\Windows\Installer\MSI7CBD.tmp    =>.SUP.MSIInstaller
MOVED file: C:\Windows\Installer\MSI822E.tmp    =>.SUP.MSIInstaller
MOVED file: C:\Windows\Installer\MSI8E89.tmp    =>.SUP.MSIInstaller
MOVED file: C:\Windows\Installer\MSI9272.tmp    =>.SUP.MSIInstaller
MOVED file: C:\Windows\Installer\MSIB55A.tmp    =>.SUP.MSIInstaller
MOVED file: C:\Windows\Installer\MSIBA6A.tmp    =>.SUP.MSIInstaller
MOVED file: C:\Windows\Installer\MSIC091.tmp    =>.SUP.MSIInstaller
MOVED file: C:\Windows\Installer\MSIC5AA.tmp    =>.SUP.MSIInstaller
MOVED file: C:\Windows\Installer\MSID6B9.tmp    =>.SUP.MSIInstaller
MOVED file: C:\Windows\Installer\MSIEC42.tmp    =>.SUP.MSIInstaller
MOVED file: C:\Windows\Installer\MSIEEFD.tmp    =>.SUP.MSIInstaller
MOVED file: C:\Windows\Installer\MSIFF81.tmp    =>.SUP.MSIInstaller
MOVED file: C:\Users\User\AppData\Local\Temp\CUsersUserAppDataLocalProgramsOpera57.0.3098.116opera_autoupdate.download.lock    =>.SUP.Temporary.Opera
MOVED file: C:\Users\User\AppData\Local\Temp\CUsersUserAppDataLocalProgramsOpera57.0.3098.116opera_autoupdate.metrics.lock    =>.SUP.Temporary.Opera
MOVED file^: C:\Program Files (x86)\Lavasoft\web companion    =>PUP.Optional.LavasoftWebCompanion
MOVED file*: C:\Users\User\AppData\Roaming\Lavasoft\web companion    =>PUP.Optional.LavasoftWebCompanion
MOVED file^: C:\ProgramData\Lavasoft\web companion    =>PUP.Optional.LavasoftWebCompanion
MOVED folder: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nladljmabboanhihfkjacnnkgjhnokhj  =>PUP.Optional.DefaultSearch
MOVED folder: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\File System\000  =>.SUP.Temporary.Chrome
MOVED folder: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft\WebCompanion  =>PUP.Optional.LavasoftWebCompanion
MOVED folder: C:\Windows\Installer\MSI1B8A.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI1F71.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI21DE.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI26A1.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI2777.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI2A27.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI2EB.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI3486.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI3922.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI3E61.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI3FFC.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI4413.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI46E1.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI4AE8.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI5EF6.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI63C7.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI6647.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI6D6.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI7219.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI7699.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI7955.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI8682.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI8DC0.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI911D.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI94C.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI9562.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIA2C7.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIA5B6.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIABF8.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIAE60.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIB44A.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIB6CA.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIBB2A.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIBD6D.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIC02B.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIC23E.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIC645.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIC6F1.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSICBA3.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSICEA0.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSICEAE.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSID362.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSID6ED.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSID9F0.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIE247.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIE2FA.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIE7F8.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIEA89.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSIFC98.tmp-  =>.SUP.Empty
MOVED folder: C:\Users\User\AppData\LocalLow\Adobe  =>.SUP.Empty
MOVED folder: C:\Users\User\AppData\LocalLow\EmieBrowserModeList  =>.SUP.Empty
MOVED folder: C:\Users\User\AppData\LocalLow\EmieSiteList  =>.SUP.Empty
MOVED folder: C:\Users\User\AppData\LocalLow\EmieUserList  =>.SUP.Empty


---\\  Registry ( Key, Value, Data) (9)
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\nladljmabboanhihfkjacnnkgjhnokhj []  =>PUP.Optional.DefaultSearch
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\uTorrent [BitTorrent Inc.]  =>BitTorrent (P2P)
DELETED key*: HKU\S-1-5-21-2658045831-1843489977-4273383148-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com []  =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKCU\Software\Lavasoft\Web Companion []  =>PUP.Optional.LavasoftWebCompanion
DELETED key: HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com []  =>PUP.Optional.LavasoftWebCompanion
DELETED key*: HKLM\SOFTWARE\Wow6432Node\Lavasoft\Web Companion []  =>PUP.Optional.LavasoftWebCompanion
DELETED key: HKLM\SOFTWARE\Lavasoft\Web Companion []  =>PUP.Optional.LavasoftWebCompanion
DELETED key*: [X64] HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{d1bf02f9-d959-4d20-9ff9-b3b2d3cf429d} [Lavasoft]  =>PUP.Optional.LavasoftWebCompanion
DELETED value: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Web Companion [C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize ]  =>PUP.Optional.LavasoftWebCompanion


---\\  Summary of the elements found (7)
https://nicolascoolman.eu/2017/03/12/superfluous-lavasoftwebcompanion/  =>PUP.Optional.LavasoftWebCompanion
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.MSIInstaller
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Opera
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.DefaultSearch
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Chrome
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Empty


---\\  Other deletions. (15)
~ Registry Keys Tracing deleted (13)
~ Remove the old reports ZHPCleaner. (2)


---\\ Result of repair
~ Repair carried out successfully
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 3441
~ Items found : 0
~ Items cancelled : 0
~ Items options : 12/12
~ Space saving (bytes) : 0


~ End of clean in 00h00mn58s

---\\  Reports (2)
ZHPCleaner--17012019-08_12_18.txt
ZHPCleaner-[R]-17012019-08_28_01.txt
 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:43:15, on 17/01/2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19236)
Boot mode: Normal

Running processes:
C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\User\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe
C:\Users\User\AppData\Roaming\uTorrent\updates\3.5.5_44994\utorrentie.exe
C:\Users\User\Downloads\HijackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://login.latinamweb.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&PC=UE07&ocid=UE07DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [uTorrent] "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Opera Browser Assistant] C:\Users\User\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize  (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize  (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\Windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\Windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O15 - Trusted Zone: http://www.samsungsetup.com
O15 - Trusted Zone: http://*.webcompanion.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: WSWSVCUchrome - (no CLSID) - (no file)
O23 - Service: adaware antivírus service (adawareantivirusservice) - Unknown owner - C:\Program Files\adaware\adaware antivírus\adaware antivírus\12.4.942.11595\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\Alwil Software\Avast5\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: ISL Light Restart&Resume Service_0 (isl_desktop_restart_0) - Unknown owner - C:\Users\User\AppData\Local\ISL Online Cache\ISL Restart\s_0\ISLLightService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WC Assistant (WCAssistantService) - Unknown owner - C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10858 bytes
 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download Malwarebytes Anti-Malware (MBAM) e salve ou imprima estas instruções:

Execute o mb3-setup.exe para instalar o programa.

Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO (se houver).

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas. Clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Em Configurações, clique em Proteção, caso esteja desabilitado, marque Procura por Rootkits. Em Proteção contra ameaça em potencial, selecione Tratar PUPs e PUMs como Malware (recomendado).

Clique em Análise, em seguida Análise de Ameaça, por fim, clique em Iniciar Análise.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, se houver itens encontrados, clique no botão Exportar Resumo -> Arquivo texto (*.txt) e salve-o na sua Área de Trabalho (Desktop), se o Log da desinfecção não for salvo você  vai encontra-lo ali.

Clique em Aplicar Ações ou se não houver, clique em Enviar para a quarentena.

Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC.

O Log é automaticamente salvo pelo MBAM e será possível vê-lo clicando na aba Relatórios -> Relatórios de análise na Janela Principal do Programa após a desinfecção ter sido realizada.

NÃO USE O FORMATO ARQUIVO .XML PARA SALVAR O LOG.

Selecione, copie e cole todo o conteúdo do Log da desinfecção salvo pelo MBAM, na sua próxima resposta  e um novo Log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 22/01/2019
Hora da análise: 11:16
Arquivo de registro: 55fee94a-1e50-11e9-9769-e06995854780.json

-Informação do software-
Versão: 3.6.1.2711
Versão de componentes: 1.0.519
Versão do pacote de definições: 1.0.8914
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: User-PC\User

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 251484
Ameaças detectadas: 83
Ameaças em quarentena: 0
Tempo decorrido: 10 min, 9 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 1
PUP.Optional.DefaultSearch, HKU\S-1-5-21-2658045831-1843489977-4273383148-1000\SOFTWARE\GOOGLE\CHROME\PREFERENCEMACS\Profile 1\extensions.settings|nladljmabboanhihfkjacnnkgjhnokhj, Nenhuma ação do usuário, [294], [475454],1.0.8914

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 14
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\img\browsericons, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\_locales\de, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\_locales\en, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\_locales\es, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\_locales\fr, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\fonts, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\_metadata, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\_locales, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\lib, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\img, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\NLADLJMABBOANHIHFKJACNNKGJHNOKHJ, Nenhuma ação do usuário, [294], [475454],1.0.8914

Arquivo: 68
PUP.Optional.DefaultSearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Preferences, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\PROFILE 1\EXTENSIONS\NLADLJMABBOANHIHFKJACNNKGJHNOKHJ\1.3.10.4_0\MANIFEST.JSON, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\fonts\adaware.eot, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\fonts\adaware.svg, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\fonts\adaware.ttf, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\fonts\adaware.woff, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\fonts\canaro-book.ttf, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\fonts\canaro-bookitalic.ttf, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\fonts\canaro-light.ttf, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\fonts\canaro-lightitalic.ttf, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\fonts\canaro-medium.ttf, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\fonts\canaro-mediumitalic.ttf, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\fonts\canaro-semibold.ttf, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\fonts\canaro-semibolditalic.ttf, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\fonts\fontawesome-webfont.ttf, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\fonts\segoeui.ttf, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\auto-complete.css, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\flexbox.css, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\new-tab.css, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\normalize.css, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\css\roboto.css, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\img\browsericons\icon19.png, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\img\browsericons\icon38.png, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\img\abstract_default.jpg, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\img\adaware_secure_search.png, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\img\animals_default.jpg, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\img\dot.png, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\img\dot_color.png, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\img\dropdown_arrow.png, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\img\icon_128.png, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\img\icon_16.png, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\img\icon_check.png, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\img\magnifier_icon.png, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\img\nature_default.jpg, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\img\settings_icon.png, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\img\urban_default.jpg, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\lib\auto-complete.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\lib\publicsuffixlist.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\adaware-telemetry.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\adaware-utils.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\background.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\contentscript.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\i18n.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\load-new.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\messaging.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\new-tab.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\pagestore.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\polyfill.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\start.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\storage.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\tab.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\traffic.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\uritools.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\vapi-background.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\vapi-client.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\js\vapi-common.js, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\_locales\de\messages.json, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\_locales\en\messages.json, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\_locales\es\messages.json, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\_locales\fr\messages.json, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\_metadata\verified_contents.json, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\background.html, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\LICENSE.txt, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\load-new.html, Nenhuma ação do usuário, [294], [475454],1.0.8914
PUP.Optional.DefaultSearch, C:\Users\User\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nladljmabboanhihfkjacnnkgjhnokhj\1.3.10.4_0\new-tab.html, Nenhuma ação do usuário, [294], [475454],1.0.8914
Adware.InstallCore, C:\$RECYCLE.BIN\S-1-5-21-2658045831-1843489977-4273383148-1000\$R7OUKYL.EXE, Nenhuma ação do usuário, [420], [597367],1.0.8914
PUP.Optional.DefaultSearch, C:\USERS\USER\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Profile 1\Secure Preferences, Nenhuma ação do usuário, [294], [469798],1.0.8914

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

 

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:42:38, on 22/01/2019
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.19236)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\User\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://login.latinamweb.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=619797&PC=UE07&ocid=UE07DHP
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\Alwil Software\Avast5\AvLaunch.exe" /gui
O4 - HKCU\..\Run: [uTorrent] "C:\Users\User\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\Run: [Opera Browser Assistant] C:\Users\User\AppData\Local\Programs\Opera\assistant\browser_assistant.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize  (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\Run: [Web Companion] C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize  (User 'Default user')
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra 'Tools' menuitem: SmartPrint - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\smartprintsetup.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\Windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\Windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O15 - Trusted Zone: http://www.samsungsetup.com
O15 - Trusted Zone: http://*.webcompanion.com
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Protocol: WSWSVCUchrome - (no CLSID) - (no file)
O23 - Service: adaware antivírus service (adawareantivirusservice) - Unknown owner - C:\Program Files\adaware\adaware antivírus\adaware antivírus\12.4.942.11595\AdAwareService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: aswbIDSAgent - AVAST Software - C:\Program Files\Alwil Software\Avast5\aswidsagent.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\71.0.3578.98\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: ISL Light Restart&Resume Service_0 (isl_desktop_restart_0) - Unknown owner - C:\Users\User\AppData\Local\ISL Online Cache\ISL Restart\s_0\ISLLightService.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: WC Assistant (WCAssistantService) - Unknown owner - C:\Program Files (x86)\Lavasoft\Web Companion\Application\Lavasoft.WCAssistant.WinService.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11068 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, o PC está limpo. (Y)  

Download  DelFix, e salve no seu Desktop (Área de Trabalho). Dê um duplo-clique no delfix.exe para executá-lo.
 
No Windows 7, 8 e 10: Clique com o direito sobre o delfix.exe e selecione Executar como Administrador
 
Marque a caixa conforme a imagem.abaixo

DellFix.jpg

Clique no botão Executar. Isso removerá os Programas usados na desinfecção, Pastas e Arquivos criados por eles e o próprio DelFix.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

×
×
  • Criar Novo...