Este fórum ficará ativo até 15/Jun/2019. LEIA AQUI.

Ir para conteúdo
  • Cadastre-se

turca

Participante
  • Postagens

    287
  • Desde

  • Última visita

Mídias Sociais

1 Seguidor

Perfil

  • Estado
    Mato Grosso
  • Sexo
    masculino
  • Escolaridade
    2º grau incompleto
  • Área Profissional
    Telecomunicações
  • Nível Profissional
    Autônomo

Últimos Visitantes

4.551 visualizações
  1. Obrigado, acredito em você, mas é que pesquisamos na net e falam que é tipo virus isso do aliexpress, mas obrigado, mas agora analisando no Internet Explorer abrindo as mesmas paginas no link nao fica best, somente no google chrome, não é estranho?
  2. C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00084b Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting D:\BOX\IMEI Cleaner\Demo.zip a variant of Win32/Packed.NoobyProtect.S suspicious application deleted D:\BOX\IMEI Cleaner\Demo\IMEI Cleaner Demo.exe a variant of Win32/Packed.NoobyProtect.S suspicious application cleaned by deleting D:\BOX\IPOWER X\FILE_21D167-B2EB69-38C88F-7706EE-7F9A78-BC82CE.rar a variant of Win32/Packed.VMProtect.AB trojan deleted D:\BOX\IPOWER X\iREWORK_&_iPOWER_X_V3.0_EN_Installer.exe a variant of Win32/Packed.VMProtect.AB trojan cleaned by deleting D:\BOX\IPOWER X\iREWORK_&_iPOWER_X_V3.0_EN_Installer.rar a variant of Win32/Packed.VMProtect.AB trojan deleted D:\BOX\IPOWER X\IRW_CN.exe a variant of Win32/Packed.VMProtect.AB trojan cleaned by deleting D:\BOX\IPOWER X\IRW_EN.exe a variant of Win32/Packed.VMProtect.AB trojan cleaned by deleting D:\BOX\IPOWER X\IRW_V3.1.rar a variant of Win32/Packed.VMProtect.AB trojan deleted D:\BOX\RIFFBOX\RiffBoxDealerAdminClient_1.08_8080.exe Win32/Virut.NBP virus cleaned D:\BOX\VOLCANO\VolcanoUtility_v2.8.3_Volcano Yellowstone.rar multiple threats deleted D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module.rar a variant of Win32/Packed.VMProtect.ABO trojan deleted D:\BOX\VOLCANO\VolcanoUtility_v3.1.0_Volcano Module.rar a variant of Win32/Packed.VMProtect.ABO trojan deleted D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\VolcanoTool.exe a variant of Win32/Packed.VMProtect.ABO trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\VolcanoUtility.exe a variant of Win32/Packed.VMProtect.ABO trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin\FlashTool.exe a variant of Win32/Packed.Themida.CSH trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin\HTCCALC.exe a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin\XESevice.exe a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin2\FlashTool.exe a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin3\MtkAndroid.exe a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin4\android_mtk.exe a variant of Win32/Packed.Themida.AAN trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin6\FlashTool.exe a variant of Win32/Packed.Themida.CSH trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\bin8\SamsungModule.exe a variant of Win32/Packed.VMProtect.ABO trojan cleaned by deleting D:\BOX\VOLCANO\VolcanoUtility_v3.0.9_Volcano Module\rootfiles\Superuser.apk Android/Spy.Agent.BK trojan deleted D:\PROGRAMAS PC\dfsetup222.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting D:\PROGRAMAS PC\driver_booster_setup.exe a variant of Win32/IObit.U potentially unwanted application cleaned by deleting D:\PROGRAMAS PC\Sketchup+Pro+2016+++Crack[filewarez.tv].rar a variant of Win32/HackTool.Patcher.AD potentially unsafe application deleted D:\PROGRAMAS PC\DRIVER PC\driverdr_for_tl-wn321g_100324.exe a variant of MSIL/DriverNavigator.A potentially unwanted application cleaned by deleting D:\PROGRAMAS PC\REPARO REGISTRO\ccsetup556.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application cleaned by deleting D:\PROGRAMAS PC\REPARO REGISTRO\delfix_1.010.exe Win32/Virut.NBP virus cleaned D:\PROGRAMAS PC\REPARO REGISTRO\FRST.exe Win32/Virut.NBP virus cleaned D:\TABLET\Android Multi Tools v1.02b AzimBahar\Android Multi Tools v1.02b Azim Bahar.exe Win32/Virut.NBP virus cleaned D:\TABLET\Android Multi Tools v1.02b AzimBahar\fastboot.exe Win32/Virut.NBP virus cleaned D:\TABLET\ORANGE\TB755+\PhoenixCard_V3.0.9_20121211\PhoenixCard.exe Win32/Virut.NBP virus cleaned D:\TABLET\ORANGE\TB755+\PhoenixCard_V3.0.9_20121211\UpdateVer.exe Win32/Virut.NBP virus cleaned D:\TURCATTO\10-09-18\Download\DriverDr_for_TL-WN321G_100324.exe a variant of MSIL/DriverNavigator.A potentially unwanted application cleaned by deleting Pagina best.aliexpress ainda continua, vou usa rum PC para ver travamentos, mas o quue me deixa preocupado essa pagina do aliexpress que nao fica normal
  3. Malwarebytes www.malwarebytes.com -Detalhes de registro- Data da análise: 02/05/2019 Hora da análise: 20:28 Arquivo de registro: 6ad6b710-6d3a-11e9-9d71-14dae9bc5ab7.json -Informação do software- Versão: 3.7.1.2839 Versão de componentes: 1.0.586 Versão do pacote de definições: 1.0.10440 Licença: Versão de Avaliação -Informação do sistema- Sistema operacional: Windows 7 Service Pack 1 CPU: x64 Sistema de arquivos: NTFS Usuário: TURCA-PC\TURCA -Resumo da análise- Tipo de análise: Análise de Ameaças Análise Iniciada Por: Manual Resultado: Concluído Objetos verificados: 242044 Ameaças detectadas: 0 Ameaças em quarentena: 0 Tempo decorrido: 2 min, 38 seg -Opções da análise- Memória: Habilitado Inicialização: Habilitado Sistema de arquivos: Habilitado Arquivos compactados: Habilitado Rootkits: Habilitado Heurística: Habilitado PUP: Detectar PUM: Detectar -Detalhes da análise- Processo: 0 (Nenhum item malicioso detectado) Módulo: 0 (Nenhum item malicioso detectado) Chave de registro: 0 (Nenhum item malicioso detectado) Valor de registro: 0 (Nenhum item malicioso detectado) Dados de registro: 0 (Nenhum item malicioso detectado) Fluxo de dados: 0 (Nenhum item malicioso detectado) Pasta: 0 (Nenhum item malicioso detectado) Arquivo: 0 (Nenhum item malicioso detectado) Setor físico: 0 (Nenhum item malicioso detectado) Instrumentação do Windows (WMI): 0 (Nenhum item malicioso detectado) (end) Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 20:32:29, on 02/05/2019 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.19326) Boot mode: Normal Running processes: C:\Program Files (x86)\TeamViewer\TeamViewer.exe C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe C:\Windows\SysWOW64\NOTEPAD.EXE C:\Users\TURCA\Desktop\HijackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O4 - HKCU\..\Run: [Google Update] C:\Users\TURCA\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 6517 bytes
  4. ~ ZHPCleaner v2019.5.2.58 by Nicolas Coolman (2019/05/02) ~ Run by TURCA (Administrator) (02/05/2019 12:19:28) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Scan ~ Report : C:\Users\TURCA\Desktop\ZHPCleaner (S).txt ~ Quarantine : C:\Users\TURCA\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (14) FOUND file: C:\Windows\Installer\wix{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI43A4.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI4B61.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI69D9.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIB71E.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIB837.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIB980.tmp =>.SUP.Temporary.Empty FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\000 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\001 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\002 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\003 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\004 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\005 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Update =>Heuristic.Suspect ---\\ Registry ( Key, Value, Data) (0) ~ No malicious or unnecessary items found. ---\\ Summary of the elements found (4) https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Chrome https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect ---\\ Result of repair ~ Any repair made ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 60081 ~ Items found : 14 ~ Items cancelled : 0 ~ Items options : 12/12 ~ Space saving (bytes) : 0 ~ End of search in 00h04mn12s ---\\ Reports (0) ZHPCleaner--02052019-12_23_40.txt ~ ZHPCleaner v2019.5.2.58 by Nicolas Coolman (2019/05/02) ~ Run by TURCA (Administrator) (02/05/2019 12:19:28) ~ Web: https://www.nicolascoolman.com ~ Blog: https://nicolascoolman.eu/ ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Certificate ZHPCleaner: Legal ~ Type : Scan ~ Report : C:\Users\TURCA\Desktop\ZHPCleaner (S).txt ~ Quarantine : C:\Users\TURCA\AppData\Roaming\ZHP\ZHPCleaner_Reg.txt ~ UAC : Deactivate ~ Boot Mode : Normal (Normal boot) Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601) ---\\ Alternate Data Stream (ADS). (0) ~ No malicious or unnecessary items found. ---\\ Services (0) ~ No malicious or unnecessary items found. ---\\ Browser internet (0) ~ No malicious or unnecessary items found. ---\\ Hosts file (1) ~ The hosts file is legitimate (21) ---\\ Scheduled automatic tasks. (0) ~ No malicious or unnecessary items found. ---\\ Explorer ( File, Folder) (14) FOUND file: C:\Windows\Installer\wix{BA2A6DBB-B09A-43D8-84F3-21C1537B47D9}.SchedServiceConfig.rmi =>.SUP.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI43A4.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI4B61.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMI69D9.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIB71E.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIB837.tmp =>.SUP.Temporary.Empty FOUND file: C:\Users\TURCA\AppData\Local\Temp\DMIB980.tmp =>.SUP.Temporary.Empty FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\000 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\001 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\002 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\003 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\004 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Chrome\User Data\Default\File System\005 =>.SUP.Temporary.Chrome FOUND folder: C:\Users\TURCA\AppData\Local\Google\Update =>Heuristic.Suspect ---\\ Registry ( Key, Value, Data) (0) ~ No malicious or unnecessary items found. ---\\ Summary of the elements found (4) https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Empty https://nicolascoolman.eu/2017/01/20/logiciels-superflus/ =>.SUP.Temporary.Chrome https://nicolascoolman.eu/2017/01/28/heuristic-suspect/ =>Heuristic.Suspect ---\\ Result of repair ~ Any repair made ~ Browser not found (Mozilla Firefox) ~ Browser not found (Opera Software) ---\\ Statistics ~ Items scanned : 60081 ~ Items found : 14 ~ Items cancelled : 0 ~ Items options : 12/12 ~ Space saving (bytes) : 0 ~ End of search in 00h04mn12s ---\\ Reports (0) ZHPCleaner--02052019-12_23_40.txt Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 12:27:27, on 02/05/2019 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.19326) Boot mode: Normal Running processes: C:\Program Files (x86)\TeamViewer\TeamViewer.exe C:\Users\TURCA\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O4 - HKCU\..\Run: [Google Update] C:\Users\TURCA\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser') O4 - HKUS\S-1-5-21-3868506572-1098764017-3779832037-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 6214 bytes
  5. Direciona para essa pagina: https://www.nicolascoolman.com/fr/wp-updates/ZHPCleaner.exe e da isso aqui: 403 Forbidden nginx tentei pelo internent explorer tb mersmo erro
  6. turca

    best.aliexpress.com

    Formatei PC e ta lento travando, abro a pagina do aliexpress e abre essa best.aliexpress.com, pesquisando ouvi falar que é vírus, me ajudem desde já agradeço Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 21:20:00, on 01/05/2019 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17840) Boot mode: Normal Running processes: C:\Users\TURCA\Desktop\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe O4 - HKCU\..\Run: [Google Update] C:\Users\TURCA\AppData\Local\Google\Update\1.3.34.7\GoogleUpdateCore.exe O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing) O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TeamViewer 14 (TeamViewer) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 5720 bytes
×
×
  • Criar Novo...