Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

Ir para conteúdo
mutley2

Análise de Log

Mensagem Recomendada

Bom dia

    Meu Windows faz mais ou menos um mês está muito lento, ja pensei em até retornar a configuração de fábrica da Acer, mas não sei se tem, pois ja tentei todos comandos de inicio sem exito, então decidi pedir ajuda de voces para tentar identifica o que pode ter deixado ele lento, segue o log abaixo

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:34:47, on 19/01/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\Streaming Video Recorder 6.exe
C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe
C:\Users\muttley\AppData\Local\MEGAsync\MEGAsync.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\Apowersoft.Browser.exe
C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\rtmpsrv.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Users\muttley\Downloads\Programs\HijackThis_3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer15.msn.com/?PC=ACTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O4 - HKLM\..\Run: [abDocsDllLoader] C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Discord] C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall
O4 - HKLM\..\Run: [DSATray] C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\muttley\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C2A58C7EA14048D79EF16F8E3BBBDB4C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [StreamingVideoRecorder] C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\Streaming Video Recorder 6.exe /autoStart
O4 - HKCU\..\Run: [uTorrent] "C:\Users\muttley\Downloads\UTORRENT\uTorrentPortable\App\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [IDM trial reset] "C:\Program Files (x86)\Internet Download Manager\IDM Trial Reset\IDM_Trial_Reset.exe" /trial
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Lync] "C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe" /fromrunkey
O4 - HKCU\..\Run: [Discord] C:\Users\muttley\AppData\Local\Discord\app-0.0.301\Discord.exe
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_pepper.exe -update pepperplugin
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'SERVIÇO DE REDE')
O4 - Startup: MEGAsync.lnk = C:\Users\muttley\AppData\Local\MEGAsync\MEGAsync.exe
O4 - Startup: Shortcut to Primary output from Start (Active).lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Download all with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dlall.htm
O8 - Extra context menu item: Download selected with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dlselected.htm
O8 - Extra context menu item: Download with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: LastPass - file://C:\Users\muttley\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: Preenchimento de formulários LastPass - file://C:\Users\muttley\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.amazon.com
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O15 - Trusted Zone: www.google.com.br
O15 - Trusted Zone: www.itau.b.br
O15 - Trusted Zone: *.itau.b.br
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: banklineplus.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: www.itaupersonnalite.com.br
O15 - Trusted Zone: http://www.itaupersonnalite.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{138f45ae-6c19-4d78-9f63-7173a5cf7128}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7490d4e9-87c0-4207-ab65-8e273037e09f}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = synchro.com.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{138f45ae-6c19-4d78-9f63-7173a5cf7128}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = synchro.com.br
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Intel(R) Driver & Support Assistant (DSAService) - Intel - C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service: Intel(R) SUR QC Software Asset Manager (Intel(R) SUR QC SAM) - Intel Corporation - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: klvssbridge64_18.0.0 - Unknown owner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\x64\vssbridge64.exe (file missing)
O23 - Service: Serviço do Kaspersky Secure Connection 3.0.0 (KSDE3.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\CA_LIC\LogWatNT.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SAPSetup Automatic Workstation Update Service (NWSAPAutoWorkstationUpdateSvc) - SAP AG - C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
O23 - Service: NzcyNDNlOWU0 - Unknown owner - rundll32.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeraCopy Service (TeraCopyService) - Code Sector - C:\Program Files\TeraCopy\TeraCopyService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: User Experience Improvement Program (UEIPSvc) - acer - C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing)
O23 - Service: YWEyNWM2OTE4ZmU - Unknown owner - C:\Program Files\YWEyNWM2OTE4ZmU\YTI5YjhhZTRkNzV.exe

--
End of file - 16891 bytes


Fico antecipadamente agradecido


A benção de Deus enriquece e não acrescenta dores

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o ZHPCleaner e salve no Desktop. (Área de Trabalho)

Usuários do Windows 7, 8, 8.1 ou 10: clique com o botão direito do mouse no ícone do Programa e selecione  executar-como-administrador.png

Dê um duplo-clique sobre o ZHPCleaner.exe.

Clique no botão Scanner.

A Ferramenta comecará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.

Ao final da Verificação, clique no botão Reparar.

Concluída a operação, um Log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o Log.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + um novo Log do HijackThis.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites
Postado (editado)

Segue

 ZHPCleaner v2019.1.15.8 by Nicolas Coolman (2019/01/15)
~ Run by muttley (Administrator)  (19/01/2019 11:23:56)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Scan
~ Report : C:\Users\muttley\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\muttley\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Pro, 64-bit  (Build 17134)

---\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found. (ADS)

---\  Services (0)
~ No malicious or unnecessary items found. (Service)

---\  Browser internet (0)
~ No malicious or unnecessary items found. (Browser)

---\  Hosts file (1)
~ The hosts file is legitimate (25)

---\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found. (Task)

---\  Explorer ( File, Folder) (107)

---\  Registry ( Key, Value, Data) (97)
---\  Summary of the elements found (23)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.VkontakteDJ
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.ABTeam
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.MSIInstaller
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Obsolete.Adobe
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.OneDrive
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Office
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Other
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>BitTorrent (P2P)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Paretologic
https://nicolascoolman.eu/2017/03/03/superfluous-slimwareutilities/  =>.SUP.SlimWareUtilities
https://nicolascoolman.eu/2017/02/02/hacktool-autokms/  =>HackTool.AutoKMS
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Torch
https://nicolascoolman.eu/2017/01/15/riskware-quicktime/  =>Riskware.QuickTime
https://nicolascoolman.eu/2017/11/01/adware-mybrowser/  =>PUP.Optional.MyBrowser
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>PUP.Optional.DoRibble
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.TweakBit
https://nicolascoolman.eu/2017/09/24/adware-sambreel/  =>Adware.Sambreel
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.YahooDetect
https://www.nicolascoolman.com/fr/adware-metastream/  =>PUP.Optional.MetaStream
https://nicolascoolman.eu/2017/01/28/heuristic-suspect/  =>Heuristic.Suspect
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Obsolete.NoFolder

---\ Result of repair
~ Any repair made
~ Browser not found (Opera Software)

---\ Statistics
~ Items scanned : 133211
~ Items found : 215
~ Items cancelled : 0
~ Items options : 12/12
~ Space saving (bytes) : 27094
~ End of search in 00h39mn01s
ZHPCleaner-[S]-19012019-12_02_57.txt

----------------------------------------------

agora o log do   HijackThis

-----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:12:04, on 19/01/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\Streaming Video Recorder 6.exe
C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapSetupUserNotificationTool.exe
C:\Users\muttley\AppData\Local\MEGAsync\MEGAsync.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\Apowersoft.Browser.exe
C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\rtmpsrv.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Users\muttley\Desktop\ZHPCleaner.exe
C:\Users\muttley\Downloads\Programs\HijackThis_3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer15.msn.com/?PC=ACTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O4 - HKLM\..\Run: [abDocsDllLoader] C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Discord] C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall
O4 - HKLM\..\Run: [DSATray] C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\muttley\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C2A58C7EA14048D79EF16F8E3BBBDB4C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [StreamingVideoRecorder] C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\Streaming Video Recorder 6.exe /autoStart
O4 - HKCU\..\Run: [uTorrent] "C:\Users\muttley\Downloads\UTORRENT\uTorrentPortable\App\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [IDM trial reset] "C:\Program Files (x86)\Internet Download Manager\IDM Trial Reset\IDM_Trial_Reset.exe" /trial
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Lync] "C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe" /fromrunkey
O4 - HKCU\..\Run: [Discord] C:\Users\muttley\AppData\Local\Discord\app-0.0.301\Discord.exe
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_31_0_0_153_Plugin.exe -update plugin
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [WAB Migrate] %ProgramFiles%\Windows Mail\wab.exe /Upgrade (User 'SERVIÇO DE REDE')
O4 - Startup: MEGAsync.lnk = C:\Users\muttley\AppData\Local\MEGAsync\MEGAsync.exe
O4 - Startup: Shortcut to Primary output from Start (Active).lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Download all with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dlall.htm
O8 - Extra context menu item: Download selected with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dlselected.htm
O8 - Extra context menu item: Download with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: LastPass - file://C:\Users\muttley\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: Preenchimento de formulários LastPass - file://C:\Users\muttley\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.amazon.com
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O15 - Trusted Zone: www.google.com.br
O15 - Trusted Zone: www.itau.b.br
O15 - Trusted Zone: *.itau.b.br
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: banklineplus.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: www.itaupersonnalite.com.br
O15 - Trusted Zone: http://www.itaupersonnalite.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{138f45ae-6c19-4d78-9f63-7173a5cf7128}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7490d4e9-87c0-4207-ab65-8e273037e09f}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = synchro.com.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{138f45ae-6c19-4d78-9f63-7173a5cf7128}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = synchro.com.br
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Intel(R) Driver & Support Assistant (DSAService) - Intel - C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service: Intel(R) SUR QC Software Asset Manager (Intel(R) SUR QC SAM) - Intel Corporation - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: klvssbridge64_18.0.0 - Unknown owner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\x64\vssbridge64.exe (file missing)
O23 - Service: Serviço do Kaspersky Secure Connection 3.0.0 (KSDE3.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\CA_LIC\LogWatNT.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SAPSetup Automatic Workstation Update Service (NWSAPAutoWorkstationUpdateSvc) - SAP AG - C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
O23 - Service: NzcyNDNlOWU0 - Unknown owner - rundll32.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeraCopy Service (TeraCopyService) - Code Sector - C:\Program Files\TeraCopy\TeraCopyService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: User Experience Improvement Program (UEIPSvc) - acer - C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing)
O23 - Service: YWEyNWM2OTE4ZmU - Unknown owner - C:\Program Files\YWEyNWM2OTE4ZmU\YTI5YjhhZTRkNzV.exe

--
End of file - 16926 bytes

 

Editado por Mr.Million

A benção de Deus enriquece e não acrescenta dores

Compartilhar este post


Link para o post
Compartilhar em outros sites

Download Malwarebytes Anti-Malware (MBAM) e salve ou imprima estas instruções:

Execute o mb3-setup.exe para instalar o programa.

Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO (se houver).

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas. Clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Em Configurações, clique em Proteção, caso esteja desabilitado, marque Procura por Rootkits. Em Proteção contra ameaça em potencial, selecione Tratar PUPs e PUMs como Malware (recomendado).

Clique em Análise, em seguida Análise de Ameaça, por fim, clique em Iniciar Análise.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, se houver itens encontrados, clique no botão Exportar Resumo -> Arquivo texto (*.txt) e salve-o na sua Área de Trabalho (Desktop), se o Log da desinfecção não for salvo você  vai encontra-lo ali.

Clique em Aplicar Ações ou se não houver, clique em Enviar para a quarentena.

Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC.

O Log é automaticamente salvo pelo MBAM e será possível vê-lo clicando na aba Relatórios -> Relatórios de análise na Janela Principal do Programa após a desinfecção ter sido realizada.

NÃO USE O FORMATO ARQUIVO .XML PARA SALVAR O LOG.

Selecione, copie e cole todo o conteúdo do Log da desinfecção salvo pelo MBAM, na sua próxima resposta  e um novo Log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 1/19/19
Scan Time: 1:29 PM
Log File: 011f3590-1bff-11e9-8a0b-00ff7490d4e9.json

-Software Information-
Version: 3.6.1.2711
Components Version: 1.0.519
Update Package Version: 1.0.8868
License: Premium

-System Information-
OS: Windows 10 (Build 17134.523)
CPU: x64
File System: NTFS
User: LAPTOP-ISIQBI18\muttley

-Scan Summary-
Scan Type: Threat Scan
Scan Initiated By: Manual
Result: Completed
Objects Scanned: 401282
Threats Detected: 52
Threats Quarantined: 0
Time Elapsed: 22 min, 6 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Detect
PUM: Detect

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 11
PUP.Optional.Carambis, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\CarambisDriverUpdaterUACDisablingTask, No Action By User, [2038], [351307],1.0.8868
PUP.Optional.Carambis, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{61FB3629-6D12-44AD-B54D-1073D08CF1E0}, No Action By User, [2038], [351307],1.0.8868
PUP.Optional.Carambis, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\PLAIN\{61FB3629-6D12-44AD-B54D-1073D08CF1E0}, No Action By User, [2038], [351307],1.0.8868
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\YWEyNWM2OTE4ZmU, No Action By User, [489], [556539],1.0.8868
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NLASVC\PARAMETERS\INTERNET\MANUALPROXIES, No Action By User, [489], [-1],0.0.0
PUP.Optional.TweakBit, HKLM\SOFTWARE\CLASSES\DISKDOCTORCHECKER.DISKCHECKER, No Action By User, [1573], [338925],1.0.8868
PUP.Optional.TweakBit, HKLM\SOFTWARE\CLASSES\TMAGENTCOM.TMAGENT, No Action By User, [1573], [338926],1.0.8868
PUP.Optional.TweakBit, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DAD08C2F-FF6B-4189-8EA7-B7E5488D1497}, No Action By User, [1573], [340079],1.0.8868
Adware.Tuto4PC, HKU\S-1-5-21-358811352-3743733326-592822656-1001\SOFTWARE\MICROSOFT\EWMON, No Action By User, [2789], [411133],1.0.8868
Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NzcyNDNlOWU0, No Action By User, [4874], [580236],1.0.8868
Adware.Wajam, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Yzg4NjVjZWRiMTY2N, No Action By User, [489], [488914],1.0.8868

Registry Value: 8
Adware.Wajam, HKU\S-1-5-18\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [489], [-1],0.0.0
Adware.Wajam, HKU\S-1-5-21-358811352-3743733326-592822656-1001\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [489], [-1],0.0.0
Adware.Wajam, HKU\.DEFAULT\SOFTWARE\MICROSOFT\Windows\CURRENTVERSION\INTERNET SETTINGS|PROXYENABLE, No Action By User, [489], [-1],0.0.0
PUP.Optional.TweakBit, HKLM\SOFTWARE\CLASSES\DISKDOCTORCHECKER.DISKCHECKER|, No Action By User, [1573], [338925],1.0.8868
PUP.Optional.TweakBit, HKLM\SOFTWARE\CLASSES\TMAGENTCOM.TMAGENT|, No Action By User, [1573], [338926],1.0.8868
PUP.Optional.TweakBit, HKLM\SOFTWARE\MICROSOFT\Windows NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{DAD08C2F-FF6B-4189-8EA7-B7E5488D1497}|PATH, No Action By User, [1573], [340079],1.0.8868
Adware.Tuto4PC, HKU\S-1-5-21-358811352-3743733326-592822656-1001\SOFTWARE\MICROSOFT\EWMON|PARTNER, No Action By User, [2789], [411133],1.0.8868
Adware.Wajam.Generic, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NzcyNDNlOWU0|IMAGEPATH, No Action By User, [4874], [580236],1.0.8868

Registry Data: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 1
Adware.Wajam, C:\PROGRAM FILES\YWEyNWM2OTE4ZmU, No Action By User, [489], [556539],1.0.8868

File: 32
PUP.Optional.Carambis, C:\Windows\SYSTEM32\TASKS\CarambisDriverUpdaterUACDisablingTask, No Action By User, [2038], [351307],1.0.8868
Adware.Wajam, C:\PROGRAM FILES\YWEyNWM2OTE4ZmU\WBE_uninstall.dat, No Action By User, [489], [556539],1.0.8868
Adware.Wajam, C:\Program Files\YWEyNWM2OTE4ZmU\mozcrt19.dll, No Action By User, [489], [556539],1.0.8868
Adware.Wajam, C:\Program Files\YWEyNWM2OTE4ZmU\NGNmZjQxM.ico, No Action By User, [489], [556539],1.0.8868
Adware.Wajam, C:\Program Files\YWEyNWM2OTE4ZmU\nspr4.dll, No Action By User, [489], [556539],1.0.8868
Adware.Wajam, C:\Program Files\YWEyNWM2OTE4ZmU\nss3.dll, No Action By User, [489], [556539],1.0.8868
Adware.Wajam, C:\Program Files\YWEyNWM2OTE4ZmU\OGExMGQ2OTYzM, No Action By User, [489], [556539],1.0.8868
Adware.Wajam, C:\Program Files\YWEyNWM2OTE4ZmU\OWI1YTQyZjQxZD.exe, No Action By User, [489], [556539],1.0.8868
Adware.Wajam, C:\Program Files\YWEyNWM2OTE4ZmU\plc4.dll, No Action By User, [489], [556539],1.0.8868
Adware.Wajam, C:\Program Files\YWEyNWM2OTE4ZmU\plds4.dll, No Action By User, [489], [556539],1.0.8868
Adware.Wajam, C:\Program Files\YWEyNWM2OTE4ZmU\service.dat, No Action By User, [489], [556539],1.0.8868
Adware.Wajam, C:\Program Files\YWEyNWM2OTE4ZmU\service_64.dat, No Action By User, [489], [556539],1.0.8868
Adware.Wajam, C:\Program Files\YWEyNWM2OTE4ZmU\softokn3.dll, No Action By User, [489], [556539],1.0.8868
Adware.Wajam, C:\Program Files\YWEyNWM2OTE4ZmU\YTI5YjhhZTRkNzV.exe, No Action By User, [489], [556539],1.0.8868
PUP.Optional.VimeoDL, C:\USERS\MUTTLEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\60QYWOOJ.DEFAULT-1495178123788\EXTENSIONS\{0042F50C-7BCB-4349-8BA9-DB2FC901ABF2}.XPI, No Action By User, [4663], [610293],1.0.8868
PUP.Optional.VimeoDL, C:\USERS\MUTTLEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\84M8MPW7.DEFAULT-1537722347741\EXTENSIONS\{0042F50C-7BCB-4349-8BA9-DB2FC901ABF2}.XPI, No Action By User, [4663], [610293],1.0.8868
PUP.Optional.VimeoDL, C:\USERS\MUTTLEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N5N0OZ2Z.DEFAULT\EXTENSIONS\{0042F50C-7BCB-4349-8BA9-DB2FC901ABF2}.XPI, No Action By User, [4663], [610293],1.0.8868
Adware.Linkury.Generic, C:\USERS\MUTTLEY\APPDATA\LOCAL\SHAM.DB, No Action By User, [3730], [516191],1.0.8868
PUP.Optional.ForcedInstalledExtensionFF, C:\USERS\MUTTLEY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\N5N0OZ2Z.DEFAULT\EXTENSIONS\{E6A9A96E-4A08-4719-B9BD-0E91C35AAABC}.XPI, No Action By User, [1715], [547035],1.0.8868
Adware.Wajam.Generic, C:\Windows\PSMODIUBQPGIUFDCXA.PSMO, No Action By User, [4874], [580236],1.0.8868
MachineLearning/Anomalous.100%, C:\Windows\NMM1ZTQYODG.EXE, No Action By User, [0], [392687],1.0.8868
RiskWare.DontStealOurSoftware, C:\Windows\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [5323], [353142],1.0.8868
RiskWare.DontStealOurSoftware, C:\Windows\SYSTEM32\DRIVERS\ETC\HOSTS, No Action By User, [5323], [543391],1.0.8868
Adware.Wajam, C:\Windows\SYSTEM32\DRIVERS\YZG4NJVJZWRIMTY2N, No Action By User, [489], [488914],1.0.8868
Adware.Tuto4PC, C:\PROGRAM FILES (X86)\1ALWZ5LZEIW\1EP.EXE, No Action By User, [2789], [350731],1.0.8868
PUP.Optional.Delta, C:\USERS\MUTTLEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, No Action By User, [296], [455070],1.0.8868
PUP.Optional.Delta, C:\USERS\MUTTLEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [296], [455070],1.0.8868
PUP.Optional.Delta, C:\USERS\MUTTLEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [296], [455070],1.0.8868
PUP.Optional.Spigot, C:\USERS\MUTTLEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Sync Data\SyncData.sqlite3, No Action By User, [168], [454814],1.0.8868
PUP.Optional.Spigot, C:\USERS\MUTTLEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [168], [454814],1.0.8868
Adware.WhiteClick, C:\Windows\INSTALLER\E186DE2.MSI, No Action By User, [2685], [556015],1.0.8868
PUP.Optional.Delta, C:\USERS\MUTTLEY\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\Default\Web Data, No Action By User, [296], [455070],1.0.8868

Physical Sector: 0
(No malicious items detected)

WMI: 0
(No malicious items detected)

-------------------------------------------

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:56:59, on 19/01/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksdeui.exe
C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\Streaming Video Recorder 6.exe
C:\Users\muttley\AppData\Local\MEGAsync\MEGAsync.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\Apowersoft.Browser.exe
C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\rtmpsrv.exe
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe
C:\Users\muttley\Downloads\Programs\HijackThis_3.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer15.msn.com/?PC=ACTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\ssv.dll
O2 - BHO: LastPass Vault - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_191\bin\jp2ssv.dll
O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O4 - HKLM\..\Run: [abDocsDllLoader] C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Discord] C:\ProgramData\SquirrelMachineInstalls\Discord.exe --checkInstall
O4 - HKLM\..\Run: [DSATray] C:\Program Files (x86)\Intel Driver and Support Assistant\DsaTray.exe
O4 - HKCU\..\Run: [OneDrive] "C:\Users\muttley\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_C2A58C7EA14048D79EF16F8E3BBBDB4C] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window /prefetch:5
O4 - HKCU\..\Run: [StreamingVideoRecorder] C:\Program Files (x86)\Apowersoft\Streaming Video Recorder 6\Streaming Video Recorder 6.exe /autoStart
O4 - HKCU\..\Run: [uTorrent] "C:\Users\muttley\Downloads\UTORRENT\uTorrentPortable\App\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [IDM trial reset] "C:\Program Files (x86)\Internet Download Manager\IDM Trial Reset\IDM_Trial_Reset.exe" /trial
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [Lync] "C:\Program Files (x86)\Microsoft Office\Root\Office16\lync.exe" /fromrunkey
O4 - HKCU\..\Run: [Discord] C:\Users\muttley\AppData\Local\Discord\app-0.0.301\Discord.exe
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_32_0_0_101_pepper.exe -update pepperplugin
O4 - Startup: MEGAsync.lnk = C:\Users\muttley\AppData\Local\MEGAsync\MEGAsync.exe
O4 - Startup: Shortcut to Primary output from Start (Active).lnk = ?
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Download all with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dlall.htm
O8 - Extra context menu item: Download selected with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dlselected.htm
O8 - Extra context menu item: Download with FDM - file://C:/Program Files/FreeDownloadManager.ORG/Free Download Manager/dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: LastPass - file://C:\Users\muttley\AppData\LocalLow\LastPass\context.html?cmd=lastpass
O8 - Extra context menu item: Preenchimento de formulários LastPass - file://C:\Users\muttley\AppData\LocalLow\LastPass\context.html?cmd=fillforms
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra 'Tools' menuitem: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPToolbar.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.amazon.com
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: aapj.bb.com.br
O15 - Trusted Zone: seg.bb.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.caixa.gov.br
O15 - Trusted Zone: cloud.gastecnologia.com.br
O15 - Trusted Zone: www.google.com.br
O15 - Trusted Zone: www.itau.b.br
O15 - Trusted Zone: *.itau.b.br
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: banklineplus.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: www.itaupersonnalite.com.br
O15 - Trusted Zone: http://www.itaupersonnalite.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{138f45ae-6c19-4d78-9f63-7173a5cf7128}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7490d4e9-87c0-4207-ab65-8e273037e09f}: NameServer = 8.8.8.8,8.8.4.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = synchro.com.br
O17 - HKLM\System\CS1\Services\Tcpip\..\{138f45ae-6c19-4d78-9f63-7173a5cf7128}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = synchro.com.br
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Intel(R) Driver & Support Assistant (DSAService) - Intel - C:\Program Files (x86)\Intel Driver and Support Assistant\DSAService.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\hamachi-2.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\Windows\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Security Assist\isa.exe
O23 - Service: Intel(R) SUR QC Software Asset Manager (Intel(R) SUR QC SAM) - Intel Corporation - C:\Program Files\Intel\SUR\QUEENCREEK\Updater\bin\IntelSoftwareAssetManagerService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: klvssbridge64_18.0.0 - Unknown owner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 18.0.0\x64\vssbridge64.exe (file missing)
O23 - Service: Serviço do Kaspersky Secure Connection 3.0.0 (KSDE3.0.0) - AO Kaspersky Lab - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Secure Connection 3.0\ksde.exe
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\x64\LMIGuardianSvc.exe
O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\CA_LIC\LogWatNT.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SAPSetup Automatic Workstation Update Service (NWSAPAutoWorkstationUpdateSvc) - SAP AG - C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
O23 - Service: NzcyNDNlOWU0 - Unknown owner - rundll32.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender Advanced Threat Protection\MsSense.exe,-1001 (Sense) - Unknown owner - C:\Program Files (x86)\Windows Defender Advanced Threat Protection\MsSense.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeraCopy Service (TeraCopyService) - Code Sector - C:\Program Files\TeraCopy\TeraCopyService.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: User Experience Improvement Program (UEIPSvc) - acer - C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: Warsaw Technology - GAS Tecnologia LTDA - C:\Program Files\Diebold\Warsaw\core.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing)
O23 - Service: YWEyNWM2OTE4ZmU - Unknown owner - C:\Program Files\YWEyNWM2OTE4ZmU\YTI5YjhhZTRkNzV.exe

--
End of file - 16503 bytes

 


(end)


A benção de Deus enriquece e não acrescenta dores

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu Antivírus.

Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Installer. Salve-o em seu Desktop (Área de Trabalho).

Dê um duplo clique no seu ícone no Desktop.

Marque "YES, I accept the Terms of Use." Clique em Start.

Aceite qualquer Aviso de Segurança de seu Navegador

Marque as Opções abaixo:

Enable detection of potencially unwanted applications.

Clique em Hide advanced settings e marque:

Remove found threats

Scan archives

Scan for potentially unsafe applications

Enable Anti-Stealth technology 

Clique Change e marque também a caixa Computador.

Clique em Start.

Ele vai atualizar por conta própria, e escanear o Computador. Tenha paciência, o processo pode demorar horas. Quando o Scan terminar, clique em List Threats.

Clique em Export to text file e salve o Log na sua Área de Trabalho.

Copie e cole o conteúdo em sua próxima resposta.

Obs: Se nada for encontrado, nenhum Log será gerado.

Clique em Back.

Clique em Finish.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue

C:\AdwCleaner\quarantine\files\bvwnsubdfpwhambmaojgwyjkpbdgpsis\1.0.1_0\js\background.js    JS/Adware.OpenCleaner.A application    cleaned by deleting
C:\AdwCleaner\quarantine\files\yshyfvvgxpzbrgdhltwxjenqyyrzjfjy\2.0.1.5000183\WeatherEntryDll.dll    a variant of Win32/Toptools.H potentially unwanted application    cleaned by deleting
C:\AdwCleaner\quarantine\files\yshyfvvgxpzbrgdhltwxjenqyyrzjfjy\2.0.1.5000183\WeatherService.exe    a variant of Win32/Toptools.J potentially unwanted application    cleaned by deleting
C:\AdwCleaner\quarantine\frAQBc8Wsa\TorchInstaller.dll    Win32/Toolbar.SearchSuite.AH potentially unwanted application    cleaned by deleting
C:\AdwCleaner\quarantine\frAQBc8Wsa\Uninstall.exe    Win32/Toolbar.SearchSuite.AH potentially unwanted application    cleaned by deleting
C:\MARCELO\LOTERIAS\LOTECA\softs\Aplicativos para Ocr\VueScan 9.2.04.exe    NSIS/Adware.Agent.S trojan    cleaned by deleting
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\INTRODUÇÃO AO CRACKING COM OLLY EM PORTUGUÊS.zip    multiple threats    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\ollydbf_todos.zip    multiple threats    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\reverse_engine.zip    multiple threats    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\BYPASS\tools_crack.zip    a variant of Win32/NetTool.Netcut.A potentially unsafe application    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\MAIS_CASOS\345.zip    multiple threats    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\MAIS_CASOS\345\345\OllyDbg v1.10 Tk68 Edition.7z    a variant of Win32/HideProc.F potentially unsafe application    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\MAIS_CASOS\345\345\OllyDBG2.7z    a variant of Win32/Delf.OLM trojan    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\MAIS_CASOS\345\345\OllyDBG2I.7z    multiple threats    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\MAIS_CASOS\345\345\www.raymond.cc.7z    a variant of Win32/OpenCandy.A potentially unsafe application    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\ollydbf_todos\INTRODUÇÃO AO CRACKING COM OLLY EM PORTUGUÊS\50-INTRODUÇÃO AO CRACKING COM OLLY EM PORTUGUÊS.rar    a variant of Generik.HDBORYA trojan    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\ollydbf_todos\INTRODUÇÃO AO CRACKING COM OLLY EM PORTUGUÊS\52-INTRODUÇÃO AO CRACKING COM OLLY EM PORTUGUÊS.rar    a variant of Generik.FTGHPHT trojan    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\ollydbf_todos\INTRODUÇÃO AO CRACKING COM OLLY EM PORTUGUÊS\54-INTRODUÇÃO AO CRACKING COM OLLY EM PORTUGUÊS.rar    multiple threats    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\ollydbf_todos\INTRODUÇÃO AO CRACKING COM OLLY EM PORTUGUÊS\57-INTRODUÇÃO AO CRACKING COM OLLY EM PORTUGUÊS.rar    multiple threats    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\Outras versoes\OllyDBG v2.01 Final Version + Highlight theme + all latest compitable Plugins  (2013.10.01).rar    a variant of Win32/Delf.OLM trojan    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\reverse_engine\My 4shared\Cheat Engine 6.3.rar    a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\reverse_engine\My 4shared\DW Admin and Login Finder v1.1.exe    MSIL/HackTool.Agent.W potentially unsafe application    cleaned by deleting
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\reverse_engine\My 4shared\gmail_tool.iso    multiple threats    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\reverse_engine\My 4shared\havij 1.16 pro (nptrick).zip    Win32/HackTool.Crack.BF potentially unsafe application    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\reverse_engine\My 4shared\Pro.Final.Activ.rar    Win32/HackTool.WinActivator.L potentially unsafe application    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\reverse_engine\My 4shared\Shell_VipQBoy_VBF.rar    multiple threats    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\reverse_engine\My 4shared\Warbot VersaoSQL Tool v1.0 Alpha Build 6.rar    Win32/Qhost.PKO trojan    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\reverse_engine\My 4shared\4shared\My 4shared\Cheat Engine 6.3.rar    a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\reverse_engine\My 4shared\4shared\My 4shared\DW Admin and Login Finder v1.1.exe    MSIL/HackTool.Agent.W potentially unsafe application    cleaned by deleting
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\reverse_engine\My 4shared\4shared\My 4shared\gmail_tool.iso    multiple threats    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\reverse_engine\My 4shared\4shared\My 4shared\havij 1.16 pro (nptrick).zip    Win32/HackTool.Crack.BF potentially unsafe application    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\reverse_engine\My 4shared\4shared\My 4shared\Pro.Final.Activ.rar    Win32/HackTool.WinActivator.L potentially unsafe application    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\reverse_engine\My 4shared\4shared\My 4shared\Shell_VipQBoy_VBF.rar    multiple threats    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\reverse_engine\My 4shared\4shared\My 4shared\Warbot VersaoSQL Tool v1.0 Alpha Build 6.rar    Win32/Qhost.PKO trojan    deleted
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\reverse_engine\My 4shared\Cheat Engine 6.3\Cheat Engine 6.3\cheatengine-i386.exe    a variant of Win32/HackTool.CheatEngine.AB potentially unsafe application    cleaned by deleting
C:\MARCELO\LOTERIAS\LOTECA\softs\ollydbg\reverse_engine\My 4shared\Cheat Engine 6.3\Cheat Engine 6.3\standalonephase1.dat    a variant of Win32/HackTool.CheatEngine.AF potentially unsafe application    cleaned by deleting
C:\MARCELO\LOTERIAS\PENDRIVE_AMARELO\LOTECA\softs\NOVOS\La Red.exe    a variant of Win32/FirseriaInstaller.E potentially unwanted application    cleaned by deleting
C:\MARCELO\LOTERIAS\PENDRIVE_AMARELO\LOTECA\softs\NOVOS\megaquini_2.exe    a variant of Win32/FirseriaInstaller.E potentially unwanted application    cleaned by deleting
C:\MARCELO\LOTERIAS\PENDRIVE_AMARELO\LOTECA\softs\NOVOS\TEAW90.rar    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    deleted
C:\MARCELO\LOTERIAS\PENDRIVE_AMARELO\UTEIS\20131211\sploto pro(1).rar    a variant of Win32/HackTool.Patcher.CZ potentially unsafe application    deleted
C:\MARCELO\LOTERIAS\PENDRIVE_AMARELO\UTEIS\20131211\sploto pro.rar    a variant of Win32/HackTool.Patcher.CZ potentially unsafe application    deleted
C:\MARCELO\LOTERIAS\PENDRIVE_AMARELO\UTEIS\TOOLS\CheatEngine63.exe    Win32/OpenCandy potentially unsafe application    cleaned by deleting
C:\MARCELO\LOTERIAS\PENDRIVE_AMARELO\UTEIS\TOOLS\revo uninstaller pro 2.5.5 complete license + updates allowed  - [bringit].zip    Win32/Keygen.QR potentially unsafe application    deleted
C:\MARCELO\LOTERIAS\PENDRIVE_AMARELO\UTEIS\TOOLS\sploto pro(1).rar    a variant of Win32/HackTool.Patcher.CZ potentially unsafe application    deleted
C:\MARCELO\LOTERIAS\PENDRIVE_AMARELO\UTEIS\TOOLS\sploto pro.rar    a variant of Win32/HackTool.Patcher.CZ potentially unsafe application    deleted
C:\MARCELO\LOTERIAS\PENDRIVE_AMARELO\UTEIS\TOOLS\spy.zip    Win32/Hidcon.B potentially unsafe application    deleted
C:\MARCELO\LOTERIAS\PENDRIVE_AMARELO\UTEIS\TOOLS\TOOLS.rar    multiple threats    deleted
C:\MARCELO\LOTERIAS\varias loterias\tools_lottery.zip    a variant of Win32/HackTool.Patcher.CZ potentially unsafe application    deleted
C:\MARCELO\LOTERIAS\varias loterias\tools_lottery\My 4shared\LotoFacil.Pro.1.09.zip    a variant of Win32/HackTool.Patcher.CZ potentially unsafe application    deleted
C:\MARCELO\tools\IDM JUN2018\IDM 631 Build 2 Full by cozano20.rar    BAT/HostsChanger.A potentially unsafe application    deleted
C:\Program Files\Nitro\Pro 11\x64.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    cleaned by deleting
C:\Program Files\YWEyNWM2OTE4ZmU\OWI1YTQyZjQxZD.exe    a variant of Win32/Adware.Zdengo.CFE application    cleaned by deleting
C:\Program Files\YWEyNWM2OTE4ZmU\YTI5YjhhZTRkNzV.exe    a variant of Win32/Adware.Zdengo.CFE application    cleaned by deleting
C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe    a variant of Win32/Freemake.A potentially unwanted application    cleaned by deleting
C:\Program Files (x86)\MacroToolworks\Patch.exe    a variant of Win32/HackTool.Crack.FQ.gen potentially unsafe application    deleted
C:\Program Files (x86)\Nitro\Pro 11\x64.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    cleaned by deleting
C:\Program Files (x86)\Nitro\Pro 11\x64\x64.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    cleaned by deleting
C:\Users\muttley\Downloads\CHESS201712\Kit Screen Recording LordSoftware\Kit Screen Recording LordSoftware - 2.1 Build 19.07.2015 FINAL.[LordRock].rar    Win32/Keygen.KL potentially unsafe application    deleted
C:\Users\muttley\Downloads\CHESS201712\TOOLS\TD_softa_TubeDigger_Install.rar    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    deleted
C:\Users\muttley\Downloads\CHESS201712\TOOLS\Air Squirrels Reflector 2.7.7\anlyf.A.S.R.2.7.7.s.s.tut2u.rar    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    deleted
C:\Users\muttley\Downloads\CHESS201712\TOOLS\Air Squirrels Reflector 2.7.7\anlyf.A.S.R.2.7.7.x64.s.s.tut2u.rar    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    deleted
C:\Users\muttley\Downloads\CHESS201712\TOOLS\AnyToISO Professional 3.9.1 Build 610 Multilingual + Portable\j5igk.ATISO.P.3.9.1.rar    a variant of Win32/HackTool.Patcher.A potentially unsafe application    deleted
C:\Users\muttley\Downloads\CHESS201712\TOOLS\Apeaksoft Screen Recorder 1.0.6 Multilingual\mquqe.Apeaksoft.Screen.Recorder.1.0.6.Multilingual.rar    a variant of Win32/Keygen.AHH potentially unsafe application    deleted
C:\Users\muttley\Downloads\CHESS201712\TOOLS\Bigasoft Video Downloader Pro 3.15.4.6600 Multilingual\qrdws.Bigasoft.Video.Downloader.Pro.3.15.4.6600.Multilingual.rar    a variant of Win32/Keygen.AD potentially unsafe application    deleted
C:\Users\muttley\Downloads\CHESS201712\TOOLS\Bigasoft Video Downloader Pro 3.15.4.6600 Multilingual\v81x9.Bigasoft.Video.Downloader.Pro.3.15.4.6600.Multilingual.rar    a variant of Win32/Keygen.AD potentially unsafe application    deleted
C:\Users\muttley\Downloads\CHESS201712\TOOLS\IDM JUN2018\IDM 631 Build 2 Full by cozano20.rar    BAT/HostsChanger.A potentially unsafe application    deleted
C:\Users\muttley\Downloads\CHESS201712\TOOLS\TechSmith Camtasia 2018.0.3 Build 3747 (x64)\n9wd3.TechSmith.Camtasia.2018.0.3.Build.3747.x64-LOL.rar    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\desinstaladores_e_utilitarios\aeo3d.W.10.Mana.2.0.8.Portable.rar    a variant of MSIL/HackTool.Crack.Y potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\desinstaladores_e_utilitarios\kyg2l.Yamicsoft.Windows.10.Manager.2.0.8.Portable.tut2u.rar    a variant of MSIL/HackTool.Crack.Y potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\desinstaladores_e_utilitarios\nx8sq.A.U.2017.6.00.14.DC.07.04.2017.M.P04.2017.rar    a variant of Generik.NTPPAHS trojan    deleted
C:\Users\muttley\Downloads\Compressed\FILME\Paul, Apostle of Christ 2018 720p BrRip x264 - SiNNERS\CodecFix\Xvid-2.1.2-20181305.exe    Win32/Indiloadz.AD trojan    cleaned by deleting
C:\Users\muttley\Downloads\Compressed\FILME\Paul, Apostle of Christ 2018 720p BrRip x264 - SiNNERS\CodecFix\Xvid-2.1.2-20181305.z    Win32/Indiloadz.AD trojan    deleted
C:\Users\muttley\Downloads\Compressed\MISC_201705\mh0bk.DVDFab.10.0.4.3.Multilingual..Portable.rar    a variant of Win32/HackTool.Loader.I potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\MISC_201705\onja4.I.D.M.6.28.B.15.M.rar    a variant of Win32/HackTool.Patcher.T potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\MISC_201705\AAct 3.4 Portable\0bayn.AAct.3.4.Portable.tut2u.rar    a variant of Win64/HackKMS.I potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\MISC_201705\AAct 3.4 Portable\0bayn.AAct.3.4.Portable.tut2u\AAct.exe    a variant of Win64/HackKMS.I potentially unsafe application    cleaned by deleting
C:\Users\muttley\Downloads\Compressed\MISC_201705\DMSoft DBSync for Oracle and MSSQL 1.4.0\rkgi7.DMS.DBS.f.O.a.MSSQL.1.4.0.M06.2017.rar    a variant of Win32/Keygen.YA potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\MISC_201705\DMSoft DBSync for Oracle and MSSQL 1.4.0\rkgi7.DMS.DBS.f.O.a.MSSQL.1.4.0.M06.2017_2.rar    a variant of Win32/Keygen.YA potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\MISC_201705\FileSeek Pro v6.0.0 Multilingual + Portable\xixhw.FileSeek.Pro.v6.0.0.Multilingual..Portable.rar    MSIL/Keygen.AP potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\MISC_201705\IDM UltraEdit 24.10.0.24 (x86x64) + Portable\UltraEditPortable.exe    a variant of Win32/Keygen.AU potentially unsafe application    cleaned by deleting
C:\Users\muttley\Downloads\Compressed\MISC_201705\IDM UltraEdit 24.10.0.24 (x86x64) + Portable\w3eco.IDM.UltraEdit.24.10.0.24.tut2u.rar    a variant of Win32/Keygen.AU potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\MISC_201705\IDM UltraEdit 24.10.0.24 (x86x64) + Portable\w3eco.UltraEditPortable.24.10.0.24.tut2u.rar    a variant of Win32/Keygen.AU potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\MISC_201705\Internet Download Manager 6.28 Build 12 + Retail\wzr38.idman628build1206.2017.rar    a variant of Win32/HackTool.Patcher.DO potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\MISC_201705\Internet Download Manager 6.28 Build 12 + Retail\wzr38.idman628build12f06.2017.rar    a variant of Win32/HackTool.Patcher.DO potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\MISC_201705\Internet Download Manager 6.28 Build 12 + Retail\wzr38.idman628build1206.2017\idm.6.28.x-patch-pawel.rar    a variant of Win32/HackTool.Patcher.DO potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\MISC_201705\Internet Download Manager 6.28 Build 12 + Retail\wzr38.idman628build1206.2017\idm.6.28.x-patch-xanax.rar    a variant of Win32/HackTool.Patcher.T potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\MISC_201705\mh0bk.DVDFab.10.0.4.3.Multilingual..Portable\DVDFab v10.0.4.3 Portable.rar    a variant of Win32/HackTool.Loader.I potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\MISC_201705\mh0bk.DVDFab.10.0.4.3.Multilingual..Portable\DVDFab v10.0.4.3\ldrDVDFab_10043_beta.exe    a variant of Win32/HackTool.Loader.I potentially unsafe application    cleaned by deleting
C:\Users\muttley\Downloads\Compressed\MISC_201705\mh0bk.DVDFab.10.0.4.3.Multilingual..Portable\DVDFab v10.0.4.3 Portable\DVDFab v10.0.4.3 Portable\App\DVDFab\ldrDVDFab.exe    a variant of Win32/HackTool.Loader.I potentially unsafe application    cleaned by deleting
C:\Users\muttley\Downloads\Compressed\MISC_201705\misc201704\Install JDownloader.rar    a variant of Win32/Appwork.A potentially unwanted application    deleted
C:\Users\muttley\Downloads\Compressed\MISC_201705\Office 2013-2016 C2R Install 6.0.0\nz7li.Office.20132016.C2R.Install.6.0.008.2017.rar    a variant of Win32/HackTool.KMSAuto.E potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\MISC_201705\onja4.I.D.M.6.28.B.15.M\idm.6.28.x-patch-xanax.rar    a variant of Win32/HackTool.Patcher.T potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\DATABASE\Navicat Data Modeler 2.1.17\naq91.Navicat.Data.Modeler.2.1.17.rar    a variant of Win32/Packed.Obsidium.AS trojan    deleted
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\TOOLS\TD_softa_TubeDigger_Install.rar    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\TOOLS\Auslogics BoostSpeed 10.0.20.0 Multilingual + Portable\4v542.Auslogics.BoostSpeed.10.0.20.Portable.rar    Win32/HackTool.Crack.EI potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\TOOLS\Auslogics BoostSpeed 10.0.20.0 Multilingual + Portable\4v542.Auslogics.BoostSpeed.10.0.20.rar    a variant of Win32/HackTool.Crack.EI potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\TOOLS\FileSeek Pro 6.1.1 Multilingual\fkiex.FileSeek.Pro.6.1.1.Multilingual.rar    MSIL/Keygen.AP potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\TOOLS\Malwarebytes Anti-Exploit for Business 1.10.2.41\hwoj9.Malwarebytes.AntiExploit.for.Business.1.10.2.41.rar    Win32/Keygen.RM potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\TOOLS\Malwarebytes Anti-Malware Premium 3.4.4.2398 Final Repack\gwlvx.Malwarebytes.AntiMalware.Premium.3.4.4.2398.Final.Repack.tut2u.rar    a variant of Win32/HostsEditor.A potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\TOOLS\Malwarebytes Anti-Malware Premium 3.4.4.2398 Final Repack\Malwarebytes Anti-Malware 3.4.4.2398.exe    a variant of Win32/HostsEditor.A potentially unsafe application    cleaned by deleting
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\TOOLS\Sidify Spotify Music Converter v1.34 Multilingual\759m3.Sidify.Spotify.Music.Converter.v1.34.Multilingual.rar    a variant of Win32/HackTool.Patcher.DE potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\TOOLS\TD_softa_TubeDigger_Install\(x32.x64bit.).2016-patch.exe    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    cleaned by deleting
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\TOOLS\Wondershare AllMyTube 5.0.0.3\twtnr.Wondershare.AllMyTube.5.0.0.3.rar    BAT/HostsChanger.A potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\VB6\Super_DVD_VB6_2.zip    multiple threats    deleted
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\VB6\Super_DVD_VB6_5.zip    a variant of Win32/Server-Web.VB.B potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\VB6\2_Super_CD_ASP_Total\Criação de Sites\Site Express 1.0.zip    JS/Kryptik.AMG trojan    deleted
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\VB6\2_Super_CD_ASP_Total\hackers - por sua conta e risco usar os arquivos\dos\spingtar.gz    Linux/DDoS.SSPing.A trojan    deleted
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\VB6\2_Super_CD_ASP_Total\hackers - por sua conta e risco usar os arquivos\exploits\xcrush-20.gz    a variant of Linux/Flooder.Agent.EG trojan    deleted
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\VB6\2_Super_CD_ASP_Total\Site Express 1.0.3\site Express 1.0.3.zip    JS/Kryptik.AMG trojan    deleted
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\VB6\2_Super_CD_ASP_Total\solucoesphp - varias rotinas em php\mysqlwebinterface.php    PHP/Agent.NCD trojan    cleaned by deleting
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\VB6\2_Super_CD_ASP_Total\solucoesphp - varias rotinas em php\solucoesphp.zip    PHP/Agent.NCD trojan    deleted
C:\Users\muttley\Downloads\Compressed\OUTUBRO2018\VB6\5_DiversosProgramasFontes_Zipados\personal web server - cgi - vb code.zip    a variant of Win32/Server-Web.VB.B potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\TOOLS\IDM\IDM 6 25 build 25 (Chinchila Man)\IDM 6.25 build 25 (Chinchila Man).rar    BAT/HostsChanger.A potentially unsafe application    deleted
C:\Users\muttley\Downloads\Compressed\TOOLS\IDM\IDM 6 25 build 25 (Chinchila Man)\IDM 6.25 build 25 (Chinchila Man)\Registro\disable_activation.cmd    BAT/HostsChanger.A potentially unsafe application    cleaned by deleting
C:\Users\muttley\Downloads\misc_geral\formatfactory-3-6-0-0-multi-win.exe    a variant of Win32/Bundled.Toolbar.Ask.D potentially unsafe application    cleaned by deleting
C:\Users\muttley\Downloads\Programs\asc9-setup-aff.exe    a variant of Win32/IObit.G potentially unwanted application    cleaned by deleting
C:\Users\muttley\Downloads\Programs\ccsetup532.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\muttley\Downloads\Programs\FileZilla_3.32.0_win64-setup_bundled.exe    a variant of Win32/FusionCore.W potentially unwanted application    cleaned by deleting
C:\Users\muttley\Downloads\Programs\FreeAudioCDBurner_2.0.73.823_d.exe    a variant of Win32/FusionCore.I potentially unwanted application    cleaned by deleting
C:\Users\muttley\Downloads\Programs\FreeFileSync_9.3_Windows_Setup.exe    a variant of Win32/FusionCore.P potentially unwanted application    cleaned by deleting
C:\Users\muttley\Downloads\Programs\ParetoLogic PC Health Advisor_pt.exe    a variant of Win32/RegCure.A potentially unwanted application    cleaned by deleting
C:\Users\muttley\Downloads\Programs\rcsetup153.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\muttley\Downloads\Programs\rcsetup153_2.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
C:\Users\muttley\Downloads\Programs\SlimDrivers-setup.exe    a variant of Win32/Slimware.A potentially unwanted application    cleaned by deleting
C:\Users\muttley\Downloads\Programs\TorchSetup-r0-n-bf.exe    Win32/Toolbar.SearchSuite.AH potentially unwanted application    cleaned by deleting
C:\Users\muttley\Downloads\Programs\TorchSetup-r0-n-bf_2.exe    Win32/Toolbar.SearchSuite.AH potentially unwanted application    cleaned by deleting
C:\Users\muttley\Downloads\Programs\TorchSetup-r20-n-bf.exe    Win32/Toolbar.SearchSuite.AH potentially unwanted application    cleaned by deleting
C:\Users\muttley\Downloads\torrents_completos\TOOLS\IDM 6.29 Build 2 incl Patch [32bit + 64bit] + Crack Fake Serial Fixed [CrackingPatching].zip    a variant of Win32/RiskWare.HackTool.Agent.K application    deleted
C:\Users\muttley\Downloads\torrents_completos\TOOLS\TextPad 8.0.2.zip    a variant of Win32/HackTool.Patcher.AD potentially unsafe application    deleted
C:\Users\muttley\Downloads\torrents_completos\TOOLS\IDM 6.29 Build 2 incl Patch [32bit + 64bit] + Crack Fake Serial Fixed [CrackingPatching]\Patch\32bit Patch build 2.exe    a variant of Win32/RiskWare.HackTool.Agent.K application    cleaned by deleting
C:\Users\muttley\Downloads\torrents_completos\TOOLS\IDM 6.29 Build 2 incl Patch [32bit + 64bit] + Crack Fake Serial Fixed [CrackingPatching]\Patch\64bit Patch build 2.exe    a variant of Win32/RiskWare.HackTool.Agent.K application    cleaned by deleting
C:\Users\muttley\Downloads\torrents_completos\TOOLS\Internet Download Manager (IDM) 6.29 Build 2 + Patch [CracksNow]\Patch\Patch IDM.rar    a variant of Win32/HackTool.Patcher.T potentially unsafe application    deleted
C:\Users\muttley\Downloads\torrents_completos\TOOLS\programasmultmedia\Apowersoft Video Download Capture v4.9.8 Multilanguage + Serials {B@tman}\hosts_patch.cmd    BAT/HostsChanger.A potentially unsafe application    cleaned by deleting
C:\Users\muttley\Downloads\torrents_completos\TOOLS\programasmultmedia\Apowersoft Video Download Capture v5.0.9 Build (28-09-2015) + Key {B4tman}\hosts_patch.cmd    BAT/HostsChanger.A potentially unsafe application    cleaned by deleting
C:\Users\muttley\Downloads\UTORRENT\uTorrentPortable\App\uTorrent\uTorrent.exe    Win32/OpenCandy.J potentially unsafe application    deleted
C:\Users\muttley\Downloads\UTORRENT\uTorrentPortable\App\uTorrent\updates\3.4.7_42330.exe    Win32/OpenCandy.J potentially unsafe application    deleted
C:\Users\TEMP.LAPTOP-ISIQBI18\AppData\Roaming\uTorrent\uTorrent.exe    Win32/OpenCandy.J potentially unsafe application    deleted
C:\Users\TEMP.LAPTOP-ISIQBI18\AppData\Roaming\uTorrent\updates\3.4.7_42330.exe    Win32/OpenCandy.J potentially unsafe application    deleted
C:\Windows\NmM1ZTQyODg.exe    a variant of Win32/Adware.Zdengo.CEN application    cleaned by deleting
C:\Windows\psmodiubqpgiufdcxa.psmo    a variant of Win32/Adware.Zdengo.CEY application    cleaned by deleting
C:\Windows\Installer\e186de2.msi    a variant of MSIL/Adware.FotopApps.A application    deleted
C:\Windows\Microsoft.NET\assembly\GAC_MSIL\WhiteClick\v4.0_2.0.0.0__57272e7a64c25751\WhiteClick.dll    a variant of MSIL/Adware.FotopApps.A application    cleaned by deleting
C:\Windows\ServiceProfiles\LocalService\winhttp\1208511191.cache    JS/ProxyChanger.EF trojan    cleaned by deleting
C:\Windows\ServiceProfiles\LocalService\winhttp\4178618791.cache    JS/ProxyChanger.EF trojan    cleaned by deleting
C:\Windows\System32\drivers\Yzg4NjVjZWRiMTY2N    a variant of Win64/Riskware.NetFilter.AA application    cleaned by deleting

 


A benção de Deus enriquece e não acrescenta dores

Compartilhar este post


Link para o post
Compartilhar em outros sites

×
×
  • Criar Novo...