Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

Ir para conteúdo
Claudio V.

Solicitação de Análise de Logs

Mensagem Recomendada

Bom dia pessoal, conto com a ajuda de vocês, acredito que algum Malware, vírus ou alguma outra coisa infectou meu notebook, ele está um pouco mais lento e a proteção em tempo real do Defender está desativada e não consigo ativar de novo, no Google Chrome apareceu um Gerenciado pela sua organização na aba Personalizar e Controlar o Google Chrome que não tinha antes, mas não sei se depois da última atualização do Chrome isso é normal...

Durante os procedimentos aconteceram algumas coisas, na limpeza do Ccleaner, ele só andou depois de desmarcar o Internet Explorer, pois ficou parado por mais de uma hora e quando desmarquei as opções foi até o fim.

No Log do highjackThis apareceu uma janela com a mensagem que por alguma razão o sistema negou o acesso ao arquivo Hosts.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:50:41, on 30/04/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17763.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files\Samsung\sService\sServiceKeyMonitor.exe
C:\Program Files (x86)\Samsung\PowerCtrlManager\PowerCtrlClient.exe
C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.0.4.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe
C:\Program Files (x86)\Samsung\SamsungPCCleaner\SamsungPCCleanerService.exe
D:\Bibliotecas\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "D:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #0] C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe  /RestartByRestartManager:68E26FFF-C74A-482d-87EA-43946CE1C4B0 (User 'SISTEMA')
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #1] C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe  /RestartByRestartManager:27D44ED1-80C0-4fcf-8BD7-062708D9BB9A (User 'SISTEMA')
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #2] C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe  /RestartByRestartManager:55FBF596-6A0C-4118-80B0-9D0910BCD098 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [Application Restart #0] C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe  /RestartByRestartManager:68E26FFF-C74A-482d-87EA-43946CE1C4B0 (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files (x86)\mcafee\msc\mcsniepl.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Unknown owner - C:\Windows\System32\drivers\AdminService.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: ClientAnalyticsService - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d2c8d700ceae61da\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d2c8d700ceae61da\IntelCpHDCPSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: SpyHunter 5 Kernel (EsgShKernel) - EnigmaSoft Limited - C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
O23 - Service: @oem36.inf,%ServiceDisplayName%;Intel(R) Dynamic Platform and Thermal Framework service (esifsvc) - Unknown owner - C:\Windows\System32\Intel\DPTF\esif_uf.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.108\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d2c8d700ceae61da\igfxCUIService.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe
O23 - Service: Intel(R) TPM Provisioning Service - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
O23 - Service: Intel(R) Audio Service (IntelAudioService) - Unknown owner - C:\Windows\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe (file missing)
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\VSCore_18_12\McApExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\3.1.160.0\\McCSPServiceHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, LLC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee, LLC - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: McAfee Module Core Service (ModuleCoreService) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: McAfee PEF Service (PEFService) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Settings Expansion Launcher - Unknown owner - C:\Program Files\Samsung\SamsungSettings\SamsungSettingsExpLauncher.exe
O23 - Service: Samsung Recovery Service (SamsungRecoveryService) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\Recovery\BulletService.exe
O23 - Service: SamsungSecurity Launcher - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\SamsungSecurity\CmdServer\SamsungSecurityLauncher.exe
O23 - Service: Samsung Update Service (SamsungUpdateService) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\SamsungUpdate\SUService.exe
O23 - Service: SecPowerCtrlService - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\PowerCtrlManager\PowerCtrlService.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: SpyHunter 5 Kernel Monitor (ShMonitor) - EnigmaSoft Limited - C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: sService Agent Launcher - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\sService\sServiceAgentLauncherSvc.exe
O23 - Service: sServiceLoopBack - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\sService\sServiceLoopBackSvc.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11676 bytes
 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde!

Desative temporariamente seu Antivírus.

Baixe o ZHPCleaner e salve no Desktop. (Área de Trabalho)

Usuários do Windows 7, 8, 8.1 ou 10: clique com o botão direito do mouse no ícone do Programa e selecione  executar-como-administrador.png

Dê um duplo-clique sobre o ZHPCleaner.exe.

Clique no botão Scanner.

A Ferramenta comecará o exame do seu Sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de itens a examinar.

Ao final da Verificação, clique no botão Reparar.

Concluída a operação, um Log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o Log.

Selecione, copie e cole o conteúdo deste Log na sua próxima resposta + um novo Log do HijackThis.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites
Postado (editado)

~ ZHPCleaner v2019.4.29.56 by Nicolas Coolman (2019/04/29)
~ Run by claudio (Administrator)  (30/04/2019 13:41:35)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\claudio\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\claudio\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit  (Build 17763)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (8)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (26)
MOVED file: C:\Windows\Prefetch\KMSPICO_SETUP.TMP-CD438FB0.pf    =>HackTool.KMSpico
MOVED file: C:\Windows\Prefetch\KMSPICO_SETUP.TMP-D9DED63B.pf    =>HackTool.KMSpico
MOVED file: C:\Windows\Installer\wix{62F029AB-85F2-0000-866A-9FC0DD99DDBC}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVED file: C:\Windows\Installer\wix{9CBA860F-7437-4A75-941C-8EF559F2D145}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVED file: C:\Windows\Installer\wix{C5FDDED7-DEC7-48B4-AFD8-DFB8A0FD199A}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVED file: C:\Windows\Installer\wix{C9552825-7BF2-4344-BA91-D3CD46F4C442}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVED file: C:\Windows\Installer\wix{C99F4AFA-B32C-4063-865C-D7B5CC0A78FB}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVED file: C:\Windows\Installer\wix{CB9926C7-051A-49F0-AC01-33C51342A7DF}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVED file: C:\Windows\Installer\wix{F814D094-197F-43C8-87FA-3210BB780486}.SchedServiceConfig.rmi    =>.SUP.Empty
MOVED file: C:\ProgramData\RogueKiller\quarantine\A51D1DCFD7DA2F08.vir\Bunifu_UI_v1.5.3.dll [Bunifu Technologies - Bunifu Framework - UI Lib]  =>.SUP.Various
MOVED file: C:\Users\claudio\AppData\Local\Temp\aria-debug-15452.log    =>.SUP.Temporary.OneDrive
MOVED file: C:\Users\claudio\AppData\Local\Temp\wctEA6A.tmp    =>.SUP.Temporary.Office
MOVED file: C:\Users\claudio\AppData\Local\Temp\wctF2EE.tmp    =>.SUP.Temporary.Office
MOVED file: C:\Users\claudio\AppData\Local\Temp\wctFAB6.tmp    =>.SUP.Temporary.Office
MOVED folder: C:\Users\claudio\AppData\Local\Akamai  =>.SUP.AkamaiHD
MOVED folder: C:\Users\claudio\AppData\Local\Google\Chrome\User Data\Default\File System\000  =>.SUP.Temporary.Chrome
MOVED folder: C:\Users\claudio\AppData\Local\Google\Chrome\User Data\Default\File System\001  =>.SUP.Temporary.Chrome
MOVED folder^: C:\Program Files\Windows nt\symsrv.exe  =>Riskware.Agent
MOVED folder: C:\Windows\Installer\MSI352A.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI3683.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI3D2A.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI40F6.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI4194.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI42FD.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI5F9A.tmp-  =>.SUP.Empty
MOVED folder: C:\Windows\Installer\MSI69F1.tmp-  =>.SUP.Empty


---\\  Registry ( Key, Value, Data) (6)
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a7b6f9eb-11b6-40c0-bab1-f60aaaa9e42e}\\DhcpNameServer [Bad : 179.233.224.31 179.233.224.36]  =>Hijacker.Browser
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 179.233.224.31 179.233.224.36]  =>Hijacker.Browser
DELETED key*: HKEY_USERS\S-1-5-21-2479708749-3913535991-1293633272-1002\SOFTWARE\Akamai []  =>.SUP.AkamaiHD
DELETED key**: HKCU\Software\Akamai []  =>.SUP.AkamaiHD
DELETED key*: HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Akamai [Akamai Technologies, Inc]  =>.SUP.AkamaiHD
DELETED value: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run\\Akamai NetSession Interface [0x020000000000000000000000]  =>.SUP.AkamaiHD


---\\  Summary of the elements found (9)
https://nicolascoolman.eu/2017/02/16/hacktool-kmspico/  =>HackTool.KMSpico
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Empty
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Various
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.OneDrive
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Office
https://nicolascoolman.eu/2017/12/26/sup-akamaihd/  =>.SUP.AkamaiHD
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.Chrome
https://nicolascoolman.eu/2017/01/27/repaquetage-et-infection/  =>Riskware.Agent
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser


---\\  Other deletions. (11)
~ Registry Keys Tracing deleted (11)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)
~ The system has been restarted.


---\\ Statistics
~ Items scanned : 477
~ Items found : 0
~ Items cancelled : 0
~ Items options : 12/12
~ Space saving (bytes) : 38654


~ End of clean in 00h00mn23s

---\\  Reports (2)
ZHPCleaner--30042019-13_37_10.txt
ZHPCleaner-[R]-30042019-13_41_58.txt
 

Editado por Claudio Vargas

Compartilhar este post


Link para o post
Compartilhar em outros sites
16 minutos atrás, Claudio Vargas disse:

--\\  Explorer ( File, Folder) (26)
MOVED file: C:\Windows\Prefetch\KMSPICO_SETUP.TMP-CD438FB0.pf    =>HackTool.KMSpico
MOVED file: C:\Windows\Prefetch\KMSPICO_SETUP.TMP-D9DED63B.pf    =>HackTool.KMSpico

 

Boa tarde! Seu "técnico" usou um Cracker chamado KMSPico para habilitar o Windows/Office... Isso é considerado pirataria e eu não posso ajudá-la desta forma, podendo até inutilizar seu PC com o uso de Ferramentas de desinfecção Boa sorte.

assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigado pela resposta, mas não pedi para alguém habilitar o office, esse vírus pode ter entrado através de outro? Se conseguir remover esse vírus, posso voltar para ter certeza que foi removido?

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:46:42, on 30/04/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17763.0001)
Boot mode: Normal

Running processes:
C:\Program Files\Samsung\sService\sServiceKeyMonitor.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.0.4.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe
C:\Program Files (x86)\Samsung\PowerCtrlManager\PowerCtrlClient.exe
C:\Program Files (x86)\Samsung\SamsungPCCleaner\SamsungPCCleanerService.exe
C:\Users\claudio\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "D:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #0] C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe  /RestartByRestartManager:2FEA0B81-BA9B-4e4d-8ACB-B8D050004DD9 (User 'SISTEMA')
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #1] C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe  /RestartByRestartManager:27D44ED1-80C0-4fcf-8BD7-062708D9BB9A (User 'SISTEMA')
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #2] C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe  /RestartByRestartManager:55FBF596-6A0C-4118-80B0-9D0910BCD098 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [Application Restart #0] C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe  /RestartByRestartManager:2FEA0B81-BA9B-4e4d-8ACB-B8D050004DD9 (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files (x86)\mcafee\msc\mcsniepl.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Unknown owner - C:\Windows\System32\drivers\AdminService.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: ClientAnalyticsService - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d2c8d700ceae61da\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d2c8d700ceae61da\IntelCpHDCPSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: SpyHunter 5 Kernel (EsgShKernel) - EnigmaSoft Limited - C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
O23 - Service: @oem36.inf,%ServiceDisplayName%;Intel(R) Dynamic Platform and Thermal Framework service (esifsvc) - Unknown owner - C:\Windows\System32\Intel\DPTF\esif_uf.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.108\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d2c8d700ceae61da\igfxCUIService.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe
O23 - Service: Intel(R) TPM Provisioning Service - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
O23 - Service: Intel(R) Audio Service (IntelAudioService) - Unknown owner - C:\Windows\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe (file missing)
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\VSCore_18_12\McApExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\3.1.160.0\\McCSPServiceHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, LLC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee, LLC - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: McAfee Module Core Service (ModuleCoreService) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: McAfee PEF Service (PEFService) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Settings Expansion Launcher - Unknown owner - C:\Program Files\Samsung\SamsungSettings\SamsungSettingsExpLauncher.exe
O23 - Service: Samsung Recovery Service (SamsungRecoveryService) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\Recovery\BulletService.exe
O23 - Service: SamsungSecurity Launcher - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\SamsungSecurity\CmdServer\SamsungSecurityLauncher.exe
O23 - Service: Samsung Update Service (SamsungUpdateService) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\SamsungUpdate\SUService.exe
O23 - Service: SecPowerCtrlService - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\PowerCtrlManager\PowerCtrlService.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: SpyHunter 5 Kernel Monitor (ShMonitor) - EnigmaSoft Limited - C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: sService Agent Launcher - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\sService\sServiceAgentLauncherSvc.exe
O23 - Service: sServiceLoopBack - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\sService\sServiceLoopBackSvc.exe
O23 - Service: symsrv service (symsrv) - Unknown owner - C:\Program Files\Windows nt\symsrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11789 bytes
 

~ ZHPCleaner v2019.4.29.56 by Nicolas Coolman (2019/04/29)
~ Run by claudio (Administrator)  (30/04/2019 17:54:20)
~ Web: https://www.nicolascoolman.com
~ Blog: https://nicolascoolman.eu/
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version KO
~ Certificate ZHPCleaner: Legal
~ Type : Repair
~ Report : C:\Users\claudio\Desktop\ZHPCleaner (R).txt
~ Quarantine : C:\Users\claudio\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt
~ UAC : Activate
~ Boot Mode : Normal (Normal boot)
Windows 10 Home Single Language, 64-bit  (Build 17763)


---\\  Alternate Data Stream (ADS). (0)
~ No malicious or unnecessary items found.


---\\  Services (0)
~ No malicious or unnecessary items found.


---\\  Browser internet (0)
~ No malicious or unnecessary items found.


---\\  Hosts file (1)
~ The hosts file is legitimate (8)


---\\  Scheduled automatic tasks. (0)
~ No malicious or unnecessary items found.


---\\  Explorer ( File, Folder) (1)
MOVED file: C:\Users\claudio\AppData\Local\Temp\aria-debug-7844.log    =>.SUP.Temporary.OneDrive


---\\  Registry ( Key, Value, Data) (2)
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a7b6f9eb-11b6-40c0-bab1-f60aaaa9e42e}\\DhcpNameServer [Bad : 179.233.224.31 179.233.224.36]  =>Hijacker.Browser
DELETED data: HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\\DhcpNameServer [Bad : 179.233.224.31 179.233.224.36]  =>Hijacker.Browser


---\\  Summary of the elements found (2)
https://nicolascoolman.eu/2017/01/20/logiciels-superflus/  =>.SUP.Temporary.OneDrive
https://nicolascoolman.eu/2017/11/10/hijacker-browser-3/  =>Hijacker.Browser


---\\  Other deletions. (8)
~ Registry Keys Tracing deleted (8)
~ Remove the old reports ZHPCleaner. (0)


---\\ Result of repair
~ Repair carried out successfully
~ Browser not found (Mozilla Firefox)
~ Browser not found (Opera Software)


---\\ Statistics
~ Items scanned : 477
~ Items found : 0
~ Items cancelled : 0
~ Items options : 12/12
~ Space saving (bytes) : 1806


~ End of clean in 00h00mn07s

---\\  Reports (6)
ZHPCleaner-[R]-30042019-13_41_58.txt
ZHPCleaner-[R]-30042019-17_21_25.txt
ZHPCleaner--30042019-13_37_10.txt
ZHPCleaner--30042019-17_20_39.txt
ZHPCleaner--30042019-17_54_08.txt
ZHPCleaner-[R]-30042019-17_54_27.txt
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, continuando...

Download Malwarebytes Anti-Malware (MBAM) e salve ou imprima estas instruções:

Execute o mbam-setup.exe para instalar o programa.

Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO (se houver).

Verifique se as caixas Atualizar Malwarebytes Anti-Malware e Executar Malwarebytes Anti-Malware estão marcadas. Clique então, em Concluir.

Se houver atualizações a serem feitas, serão baixadas e instaladas.

Em Configurações, clique em Proteção, caso esteja desabilitado, marque Procura por Rootkits. Em Proteção contra ameaça em potencial, selecione Tratar PUPs e PUMs como Malware (recomendado).

Clique em Análise, em seguida Análise de Ameaça, por fim, clique em Iniciar Análise.

Começará então o exame. Aguarde, pois pode demorar.

Ao acabar o exame, se houver itens encontrados, clique no botão Exportar Resumo -> Arquivo texto (*.txt) e salve-o na sua Área de Trabalho (Desktop), se o Log da desinfecção não for salvo você  vai encontra-lo ali.

Clique em Aplicar Ações ou se não houver, clique em Enviar para a quarentena.

Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC.

O Log é automaticamente salvo pelo MBAM e será possível vê-lo clicando na aba Relatórios -> Relatórios de análise na Janela Principal do Programa após a desinfecção ter sido realizada.

NÃO USE O FORMATO ARQUIVO .XML PARA SALVAR O LOG.

Selecione, copie e cole todo o conteúdo do Log da desinfecção salvo pelo MBAM, na sua próxima resposta  e um novo Log do HijackThis.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites
Postado (editado)

Desculpe a demora para responder,

O arquivo Hosts apesentou  mesmo comportamento no scan do HighjackThis, isso é normal? e o Windows Defender continua com a proteção em tempo real desabilitada

Malwarebytes
www.malwarebytes.com

-Detalhes de registro-
Data da análise: 02/05/2019
Hora da análise: 08:33
Arquivo de registro: 1fbb1bd4-6cce-11e9-b6ac-988389c6be6f.json

-Informação do software-
Versão: 3.7.1.2839
Versão de componentes: 1.0.586
Versão do pacote de definições: 1.0.10430
Licença: Versão de Avaliação

-Informação do sistema-
Sistema operacional: Windows 10 (Build 17763.437)
CPU: x64
Sistema de arquivos: NTFS
Usuário: LAPTOP-Q1B9N1T3\claudio

-Resumo da análise-
Tipo de análise: Análise de Ameaças
Análise Iniciada Por: Manual
Resultado: Concluído
Objetos verificados: 296895
Ameaças detectadas: 0
Ameaças em quarentena: 0
Tempo decorrido: 2 min, 13 seg

-Opções da análise-
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Detectar
PUM: Detectar

-Detalhes da análise-
Processo: 0
(Nenhum item malicioso detectado)

Módulo: 0
(Nenhum item malicioso detectado)

Chave de registro: 0
(Nenhum item malicioso detectado)

Valor de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Fluxo de dados: 0
(Nenhum item malicioso detectado)

Pasta: 0
(Nenhum item malicioso detectado)

Arquivo: 0
(Nenhum item malicioso detectado)

Setor físico: 0
(Nenhum item malicioso detectado)

Instrumentação do Windows (WMI): 0
(Nenhum item malicioso detectado)


(end)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 08:39:14, on 02/05/2019
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17763.0001)
Boot mode: Normal

Running processes:
C:\Program Files\Samsung\sService\sServiceKeyMonitor.exe
C:\Program Files (x86)\NVIDIA Corporation\NvNode\NVIDIA Web Helper.exe
C:\Program Files\WindowsApps\SAMSUNGELECTRONICSCoLtd.SamsungFlux_4.0.4.0_x64__wyx1vj98g3asy\DesktopApp\SamsungFlowDesktop.exe
C:\Program Files (x86)\Samsung\PowerCtrlManager\PowerCtrlClient.exe
C:\Program Files (x86)\Samsung\SamsungPCCleaner\SamsungPCCleanerService.exe
C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
C:\Users\claudio\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "D:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #0] C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe  /RestartByRestartManager:F9D13DBB-79BD-47aa-B72D-AABBBD3EFFDC (User 'SISTEMA')
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #1] C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe  /RestartByRestartManager:93E5C3D7-CC85-4c5a-BAFE-6BD4A16A34F6 (User 'SISTEMA')
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #2] C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe  /RestartByRestartManager:55FBF596-6A0C-4118-80B0-9D0910BCD098 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [Application Restart #0] C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe  /RestartByRestartManager:F9D13DBB-79BD-47aa-B72D-AABBBD3EFFDC (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\program files (x86)\mcafee\msc\mcsniepl.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Unknown owner - C:\Windows\System32\drivers\AdminService.exe (file missing)
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: ClientAnalyticsService - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ClientAnalytics\Legacy\McClientAnalytics.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d2c8d700ceae61da\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d2c8d700ceae61da\IntelCpHDCPSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: SpyHunter 5 Kernel (EsgShKernel) - EnigmaSoft Limited - C:\Program Files\EnigmaSoft\SpyHunter\ShKernel.exe
O23 - Service: @oem36.inf,%ServiceDisplayName%;Intel(R) Dynamic Platform and Thermal Framework service (esifsvc) - Unknown owner - C:\Windows\System32\Intel\DPTF\esif_uf.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FlexNet Licensing Service 64 - Flexera Software LLC - C:\Program Files\Common Files\Macrovision Shared\FlexNet Publisher\FNPLicensingService64.exe
O23 - Service: Google Chrome Elevation Service (GoogleChromeElevationService) - Google Inc. - C:\Program Files (x86)\Google\Chrome\Application\74.0.3729.108\elevation_service.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_d2c8d700ceae61da\igfxCUIService.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe
O23 - Service: Intel(R) TPM Provisioning Service - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
O23 - Service: Intel(R) Audio Service (IntelAudioService) - Unknown owner - C:\Windows\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe (file missing)
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\VSCore_18_12\McApExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\3.1.160.0\\McCSPServiceHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, LLC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee, LLC - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: McAfee Module Core Service (ModuleCoreService) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA LocalSystem Container (NvContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA NetworkService Container (NvContainerNetworkService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvContainer\nvcontainer.exe
O23 - Service: NVIDIA Display Container LS (NVDisplay.ContainerLocalSystem) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\Display.NvContainer\NVDisplay.Container.exe
O23 - Service: NVIDIA Telemetry Container (NvTelemetryContainer) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvTelemetry\NvTelemetryContainer.exe
O23 - Service: McAfee PEF Service (PEFService) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\PEF\CORE\PEFService.exe
O23 - Service: @%systemroot%\system32\PerceptionSimulation\PerceptionSimulationService.exe,-101 (perceptionsimulation) - Unknown owner - C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Settings Expansion Launcher - Unknown owner - C:\Program Files\Samsung\SamsungSettings\SamsungSettingsExpLauncher.exe
O23 - Service: Samsung Recovery Service (SamsungRecoveryService) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\Recovery\BulletService.exe
O23 - Service: SamsungSecurity Launcher - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\SamsungSecurity\CmdServer\SamsungSecurityLauncher.exe
O23 - Service: Samsung Update Service (SamsungUpdateService) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\SamsungUpdate\SUService.exe
O23 - Service: SecPowerCtrlService - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\PowerCtrlManager\PowerCtrlService.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: SpyHunter 5 Kernel Monitor (ShMonitor) - EnigmaSoft Limited - C:\Program Files\EnigmaSoft\SpyHunter\ShMonitor.exe
O23 - Service: @firewallapi.dll,-50323 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: sService Agent Launcher - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\sService\sServiceAgentLauncherSvc.exe
O23 - Service: sServiceLoopBack - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\sService\sServiceLoopBackSvc.exe
O23 - Service: symsrv service (symsrv) - Unknown owner - C:\Program Files\Windows nt\symsrv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11973 bytes
 

Editado por Claudio Vargas

Compartilhar este post


Link para o post
Compartilhar em outros sites
1 hora atrás, Claudio Vargas disse:

O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\VSCore_18_12\McApExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - C:\Program Files\Common Files\mcafee\actwiz\McAWFwk.exe
O23 - Service: McAfee CSP Service (mccspsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\CSP\3.1.160.0\\McCSPServiceHost.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, LLC - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
O23 - Service: McAfee Service Controller (mfemms) - McAfee, LLC - C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe

Você está usando este Antivírus......e não o Defender.

Algo modificado no seu hosts

1. Faça download do HostsXpert execute-o

2. Clique na opção Restore MS Hosts File e confirme clicando em OK

hostsxpert.png

3. Feche o programa e reinicie o Windows.

4

HostsXpert


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

×
×
  • Criar Novo...