Ir para conteúdo



Este tópico foi arquivado e está fechado para novas respostas.


[Resolvido] Agremove.exe - vírus ou falso postivo? + e-mail vampi

Recommended Posts

meu PC estava meio lento e resolvi submeter alguns arquivos ao VIRSCAN e ao VIRUSTOTAL e um arquivo foi indicado como infectado. Queria saber se estou infectada mesmo ou é apenas um falso positivo. Segue logs do HJT, VIRSCAN e VIRUS TOTAL.
Além disso, tenho recebido e-mails de mim mesma. Alguém conseguiu pegar meus dados e está se travestindo com meu e-mail para mandar e-mails para outros e pra mim mesma, além de estar recebendo vários e-mails de "Regularização cadastral" de Banco Itaú-Bradesco-Banco do Brasil etc. mas o hotmail não permite bloquear o ID dos remetentes, apenas o e-mail ou domínio ( o que não adianta muito já que eles pegam inúmeros e-mails diferentes ou se "transvestem" do e-mail de outras pessoas.
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:00:22, on 14/11/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.10240.16412)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll
O4 - HKLM\..\Run: [backupManagerTray] "C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe" -h -k
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [uSB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Annareis\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Annareis\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~2\MICROS~4\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~4\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone:
O15 - Trusted Zone:
O15 - Trusted Zone:
O15 - Trusted Zone:
O15 - Trusted Zone:
O15 - Trusted Zone:
O15 - Trusted Zone:
O15 - Trusted Zone:
O15 - Trusted Zone:
O15 - Trusted Zone:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: Dritek WMI Service (DsiWMIService) - Dritek System Inc. - C:\Program Files (x86)\Launch Manager\dsiwmis.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ePower Service (ePowerSvc) - Acer Incorporated - C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Live Updater Service - Acer Incorporated - C:\Program Files\Acer\Acer Updater\UpdaterService.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\System32\ngcsvc.dll,-100 (NgcSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: NTI IScheduleSvc - NTI Corporation - C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - IBM Corp. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SynTPEnh Caller Service (SynTPEnhService) - Synaptics Incorporated - C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WtuSystemSupport - Unknown owner - C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
End of file - 11642 bytes Scanned Report :
Scanned time : 2015-11-14 21:19:55
Scanner results: 7%???(3/39)??????
File Name : agremove.exe
File Size : 49536 byte
File Type : application/x-dosexec
MD5 : 8019fc18a530f78017b8b1b2686e1df0
SHA1 : d17e5f304b074355aa4ddd597b96ddf43ae210a1
Scanner Engine Ver Sig Ver Sig Date Time Scan result
ahnlab 9.9.9 9.9.9 2013-05-28 4 Found nothing
antivir 17 Found nothing
antiy AVL SDK 2.0 1970-01-01 59 Engine oversweep4
arcavir 1.0 2011 2014-05-30 8 Found nothing
asquared 2015-03-08 1 Found nothing
avast 151113-0 4.7.4 2015-11-13 4 Found nothing
avg 2109/10483 10.0.1405 2015-11-12 1 Found nothing
baidu 4 Found nothing
baidusd 1.0 1.0 2014-04-02 1 Found nothing
bitdefender 7.58879 7.90123 2015-01-16 1 Found nothing
clamav 21060 0.97.5 2015-11-13 1 PUA.Win32.Packer.Exebundle-1
comodo 15023 5.1 2015-11-13 3 Found nothing
ctch 4.6.5 5.3.14 2013-12-01 1 Found nothing
drweb 2015-10-20 35 Found nothing
fortinet 29.399, 29.399,5.1.158 2015-11-12 1 Found nothing
fprot 2015-11-09 1 W32/Felix:EX:001!Eldorado
fsecure 2015-08-01-02 9.13 2015-08-01 5 Found nothing
gdata 25.3997 25.3997 2015-10-22 8 Found nothing
hauri 2.73 2.73 2015-01-30 1 Found nothing
ikarus 1.06.01 V1.32.31.0 2015-11-10 16 Found nothing
jiangmin 16.0.100 2015-11-12 1 Found nothing
kaspersky 5.5.33 5.5.33 2014-04-01 19 Found nothing
kingsoft 2.1 2.1 2013-09-22 10 Found nothing
mcafee 7879 5400.1158 2015-07-31 8 Found nothing
nod32 1777 3.0.21 2015-06-12 1 Found nothing
panda 9.05.01 9.05.01 2015-11-13 5 Found nothing
pcc 12.144.06 9.500-1005 2015-11-11 1 Found nothing
qh360 1.0.1 1.0.1 1.0.1 6 Found nothing
qqphone 2015-11-12 2 Found nothing
quickheal 14.00 14.00 2015-11-07 2 Found nothing
rising 2015-11-13 4 Found nothing
sophos 5.17 3.60.0 2015-08-01 7 Found nothing
sunbelt 3.9.2671.2 3.9.2671.2 2015-11-13 1 Found nothing
symantec 20151109.004 2015-11-09 1 Found nothing
tachyon 9.9.9 9.9.9 2013-12-27 3 Found nothing
thehacker 2015-11-12 1 Posible_Worm32
tws 17.47.17308 2015-11-13 6 Found nothing
vba 2015-11-10 4 Found nothing
virusbuster 15.0.985.0 2014-12-05 15 Found nothing
File identification
File identification
MD5 8019fc18a530f78017b8b1b2686e1df0
SHA1 d17e5f304b074355aa4ddd597b96ddf43ae210a1
SHA256 0f158ef6e34f38fd2a10e914ef66cec563c2f3a944e3b909ade1e1164e4d45d0
authentihash 9d0aeb13af2443a96cda991779100e424fcd310c72a84d4f523219e2ee8121cb
imphash 544770ff4ac6e590ab11697c7dc43cf1
File size 48.4 KB ( 49536 bytes )
File type Win32 EXE
Magic literalPE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID UPX compressed Win32 Executable (42.3%)
Win32 EXE Yoda's Crypter (36.7%)
Win32 Dynamic Link Library (generic) (9.1%)
Win32 Executable (generic) (6.2%)
Generic Win/DOS Executable (2.7%)
VirusTotal metadata
First submission 2014-09-04 19:01:46 UTC ( 1 ano, 2 meses atrás )
Last submission 2015-11-14 13:17:14 UTC ( 8 minutos atrás )
Nomes do arquivo 8019FC18A530F78017B8B1B2686E1DF0
1 (266).exe
Advanced heuristic and reputation engines
ClamAV Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: .
Antivírus Resultado Atualização
TheHacker Posible_Worm32 20151113
ALYac 20151114
AVG 20151114
AVware 20151114
AegisLab 20151114
Agnitum 20151113
AhnLab-V3 20151113
Alibaba 20151114
Antiy-AVL 20151114
Arcabit 20151114
Avast 20151114
Avira 20151114
Baidu-International 20151114
BitDefender 20151114
Bkav 20151114
ByteHero 20151114
CAT-QuickHeal 20151114
CMC 20151113
ClamAV 20151113
Comodo 20151114
Cyren 20151114
DrWeb 20151114
ESET-NOD32 20151114
Emsisoft 20151114
F-Prot 20151114
F-Secure 20151114
Fortinet 20151114
GData 20151114
Ikarus 20151114
Jiangmin 20151113
K7AntiVirus 20151114
K7GW 20151114
Kaspersky 20151114
Malwarebytes 20151114
McAfee 20151114
McAfee-GW-Edition 20151114
MicroWorld-eScan 20151114
Microsoft 20151114
NANO-Antivirus 20151114
Panda 20151114
Qihoo-360 20151114
Rising 20151113
SUPERAntiSpyware 20151114
Sophos 20151114
Symantec 20151113
TrendMicro 20151114
TrendMicro-HouseCall 20151114
VBA32 20151113
VIPRE 20151114
ViRobot 20151114
Zillya 20151114
Zoner 20151114
nProtect 20151113


Compartilhar este post

Link para o post
Compartilhar em outros sites

Caro caedurodrigues, segue log do MBAM.


Malwarebytes Anti-Malware
Data da verificação: 18/11/2015
Hora da verificação: 20:28
Arquivo de registro: MBAM 20151118.txt
Administrador: Sim
Banco de dados de malware: v2015.11.18.07
Banco de dados de rootkit: v2015.11.14.01
Licença: Gratuita
Proteção contra malware: Desabilitado
Proteção contra website malicioso: Desabilitado
Autoproteção: Desabilitado
Sistema operacional: Windows 10
CPU: x64
Sistema de arquivos: NTFS
Usuário: Annareis
Tipo de verificação: Verificação da ameaça
Resultado: Concluído
Objetos verificados: 410249
Tempo decorrido: 2 hr, 25 min, 5 seg
Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado
Processos: 0
(Nenhum item malicioso detectado)
Módulos: 0
(Nenhum item malicioso detectado)
Chaves de registro: 0
(Nenhum item malicioso detectado)
Valores de registro: 0
(Nenhum item malicioso detectado)
Dados de registro: 0
(Nenhum item malicioso detectado)
Pastas: 0
(Nenhum item malicioso detectado)
Arquivos: 0
(Nenhum item malicioso detectado)
Setores físicos: 0
(Nenhum item malicioso detectado)

Compartilhar este post

Link para o post
Compartilhar em outros sites



tudo ok! Pc zeradinho.

Acho que meu e-mail deve ter caído em alguma lista de SPAM, enfim, nossos dados estão expostos o tempo todo nessa internet nossa de cada dia.

Super obrigada! Grande abraço!

Compartilhar este post

Link para o post
Compartilhar em outros sites
Este tópico está impedido de receber novos posts.


Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.