Este fórum foi descontinuado. LEIA AQUI e participe da Comunidade BABOO :)

Ir para conteúdo
turca

Analise de log

Mensagem Recomendada

Peguei um virus que ficava abrindo varias paginas, mudou gerenciadores de busca, abrndo paginas, doidao

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:49:01, on 25/01/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\ThinkSky\iTools 3\iToolsDaemon.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\mmc.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ATENDIMENTO\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehuni.dll
O2 - BHO: iToolsBHO - {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Program Files\ThinkSky\iTools 3\Extensions\iToolsBHO.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Diebold - Warsaw] C:\Program Files\Diebold\Warsaw\core.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.google.com.br
O15 - Trusted Zone: www.itau.b.br
O15 - Trusted Zone: *.itau.b.br
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: banklineplus.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: www.itaupersonnalite.com.br
O15 - Trusted Zone: http://www.itaupersonnalite.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{48A1F1B0-D561-4334-84A5-EF13F8F83E62}: NameServer = 8.8.8.8,8.8.4.4
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe

--
End of file - 10852 bytes
 

Editado por turca

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá turca, baixe MbrScan.exe by Eric_71 > salve no desktop.

Dê um duplo-clique para executar a ferramenta. Clique no botão Scan. Ao final do exame clique no botão Report. Abrirá um bloco de notas com o resultado do exame. É salvo no desktop com o nome de MbrScan.log.

Selecione, copie e cole o seu conteúdo na próxima resposta.

Baixe Farbar Service Scanner e salve no desktop. Execute a ferramenta.

Além das checkboxes que já estão marcadas por padrão, marque as seguintes:

  • Windows Firewall
  • System Restore
  • Security Center/Action Center
  • Windows Update
  • Windows Defender


Clique em Scan e aguarde o exame acabar, Ao final será gerado um log chamado FSS.txt que é salvo no mesmo diretório que está o FSS, ou seja, no desktop.

Selecione, copie e cole o seu conteúdo na próxima resposta.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

	MBRScan v1.1.1




	OS             : Windows 7 Service Pack 1 (32 bit)
	PROCESSOR      : x86 Family 6 Model 15 Stepping 13, GenuineIntel
	BOOT           : Normal Boot
	DATE           : 2017/01/26 (ISO 8601) at 10:04:36
	________________________________________________________________________________




	DISK           : Device\Harddisk0\DR0 __ST500LM012 HN-M500MBB (2AR10001)
	BUS_TYPE       : (0x0B)  S-ATA
	USE_PIO        : NO
	MAX_TRANSFER   : 128 Kb
	ALIGNMENT_MASK : word aligned
	________________________________________________________________________________




	Device\Harddisk0\DR0    465.8 Go  [Fixed] ==> 7 MBR Code




	MBR_MD5   : B7238E8712A40BCCCD88ED375EA35363
	MBR_SHA1  : 1601DCB910288F9183EA8F30DE376730B88647B9




	Device\Harddisk0\Partition1    146.5 Go      0x07 NTFS / HPFS __ BOOTABLE __
	Device\Harddisk0\Partition2    319.3 Go      0x07 NTFS / HPFS
	________________________________________________________________________________




	############################### Additional scan ################################




	DRIVER  : C:\Windows\System32\Drivers\dump_dumpata.sys => Invisible on the disk
	ADDRESS : 0x9479C000
	SIZE    : 44.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\dump_msahci.sys => Invisible on the disk
	ADDRESS : 0x947A7000
	SIZE    : 40.0 Ko




	DRIVER  : C:\Windows\System32\Drivers\dump_dumpfve.sys => Invisible on the disk
	ADDRESS : 0x947B1000
	SIZE    : 68.0 Ko




	BCD EmsSettings {0CE4991B-E6B3-4B16-B23C-5E0D9250E5D9} => BcdLibraryBoolean_EmsEnabled (16000020)




	SystemStartOptions :  NOEXECUTE=OPTIN




	________________________________________________________________________________




	_______MBR   \Device\Harddisk0\DR0  




	0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.
	0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
	0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
	0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
	0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
	0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
	0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
	0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
	0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
	0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
	0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
	0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
	0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
	0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
	0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
	0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
	0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
	0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
	0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
	0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
	0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
	0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
	0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
	0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
	0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
	0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
	0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
	0x000001B0   65 6D 00 00 00 63 7B 9A 90 4A 57 15 00 00 80 20   em...c{..JW.... 
	0x000001C0   21 00 07 FE FF FF 00 08 00 00 00 80 4F 12 00 FE   !..þ........O..þ
	0x000001D0   FF FF 07 FE FF FF 00 88 4F 12 00 C8 E8 27 00 00   ...þ....O..Èè'..
	0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
	0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª
	

Compartilhar este post


Link para o post
Compartilhar em outros sites

Farbar Service Scanner Version: 27-01-2016
Ran by ATENDIMENTO (administrator) on 26-01-2017 at 10:05:26
Running from "C:\Users\ATENDIMENTO\Desktop"
Microsoft Windows 7 Ultimate  Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy: 
==================


System Restore:
============

System Restore Policy: 
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy: 
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => File is digitally signed
C:\Windows\system32\Drivers\nsiproxy.sys => File is digitally signed
C:\Windows\system32\dhcpcore.dll => File is digitally signed
C:\Windows\system32\Drivers\afd.sys => File is digitally signed
C:\Windows\system32\Drivers\tdx.sys => File is digitally signed
C:\Windows\system32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\system32\dnsrslvr.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\system32\mpssvc.dll => File is digitally signed
C:\Windows\system32\bfe.dll => File is digitally signed
C:\Windows\system32\Drivers\mpsdrv.sys => File is digitally signed
C:\Windows\system32\SDRSVC.dll => File is digitally signed
C:\Windows\system32\vssvc.exe => File is digitally signed
C:\Windows\system32\wscsvc.dll => File is digitally signed
C:\Windows\system32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\system32\wuaueng.dll => File is digitally signed
C:\Windows\system32\qmgr.dll => File is digitally signed
C:\Windows\system32\es.dll => File is digitally signed
C:\Windows\system32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed


**** End of log ****

 

perdao

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o Malwarebytes' Anti-Malware (MBAM).

Dê um duplo-clique no mbam-setup.exe para instalar o programa.

  • Desmarque a caixa Ativar trial gratuito do MalwareBytes Anti-Malware PRO.
  • A que deve estar marcada é a caixa Executar Malwarebytes Anti-Malware. Clique então, em Concluir.
  • Se houver atualizações a serem feitas, serão baixadas e instaladas.
  • Ao final da atualização, caso o programa tenha sido instalado em Inglês, com o programa aberto, clique em Settings e no campo Language mude para Portuguese (Brasil).
  • Em Configurações e depois em Detecção e proteção. Em Opções de detecção, marque Procurar rootkits e Verificar nos arquivos.
  • Em Proteção contra non-malware, nas opções Detecções PUP (programas potencialmente indesejados) e Detecções PUM (modificações potencialmente indesejadas), selecione Tratar detecções como malware.
  • Depois clique em Painel e no botão Verificar. Começará então o exame. Aguarde, pois pode demorar.
  • Ao acabar o exame, se houver ítens encontrados, clique em Salvar resultados. Escolha Arquivo de texto (*.txt) para salvar o log.
  • NÃO USE O FORMATO ARQUIVO .XML PARA SALVAR O LOG.
  • Depois de ter feito isso, clique agora no botão Remover selecionados.
  • Ao final da desinfecção, poderá aparecer um aviso se quer reiniciar o PC. (Ver Nota abaixo).
  • Selecione, copie e cole todo o conteúdo do log que salvou, na sua próxima resposta, juntamente com um novo log do HijackThis.


NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez). Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Data da verificação: 28/01/2017
Hora da verificação: 13:15
Arquivo de registro: verificação.txt
Administrador: Sim

Versão: 2.2.1.1043
Banco de dados de malware: v2017.01.28.07
Banco de dados de rootkit: v2016.11.20.01
Licença: Gratuita
Proteção contra malware: Desabilitado
Proteção contra website malicioso: Desabilitado
Autoproteção: Desabilitado

Sistema operacional: Windows 7 Service Pack 1
CPU: x86
Sistema de arquivos: NTFS
Usuário: ATENDIMENTO

Tipo de verificação: Verificação da ameaça
Resultado: Concluído
Objetos verificados: 442853
Tempo decorrido: 1 hr, 43 min, 4 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de registro: 0
(Nenhum item malicioso detectado)

Valores de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Pastas: 2
PUP.Optional.YTAdBlocker, C:\Program Files\Mozilla Firefox\browser\features\{95E84BD3-3604-4AAC-B2CA-D9AC3E55B64B}, Quarentena, [bc8badd47a2e8fa74ef7b9d8f30dec14], 
PUP.Optional.Linkury.ACMB1, C:\Program Files\Common Files\Ventolux, Quarentena, [1a2d5031c4e4f3438e4f967d768e0cf4], 

Arquivos: 19
Adware.Tuto4PC, C:\Users\ATENDIMENTO\AppData\Roaming\ZHP\Quarantine\5X6BQJIQ21.exe, Quarentena, [40072a57e9bf9d99c8bbb115857bdd23], 
Adware.Tuto4PC, C:\Users\ATENDIMENTO\AppData\Roaming\ZHP\Quarantine\diskpower-installer.exe, Quarentena, [ac9b5a270d9bab8b8039a225b14fd12f], 
Trojan.Agent, C:\Users\ATENDIMENTO\AppData\Roaming\ZHP\Quarantine\Geodex.exe, Quarentena, [7bcc97ead2d6043233ec2c9055abe719], 
Trojan.Agent, C:\Users\ATENDIMENTO\AppData\Roaming\ZHP\Quarantine\Lafind.exe, Quarentena, [1b2c166bccdcb58159c6a01c6a967a86], 
PUP.Optional.Tuto4PC, C:\Users\ATENDIMENTO\AppData\Roaming\ZHP\Quarantine\QT9Z6PFLHX.exe, Quarentena, [1631a2df099f50e6528286b3ba46ed13], 
Adware.Elex, C:\Users\ATENDIMENTO\AppData\Roaming\ZHP\Quarantine\trotux.exe, Quarentena, [df687f025652df57a1599f1916ea56aa], 
PUP.Optional.Linkury.Generic, C:\Users\ATENDIMENTO\AppData\Roaming\agent.dat, Quarentena, [1c2bb2cf990f5bdb34f31fb648b8a55b], 
PUP.Optional.Linkury, C:\Users\ATENDIMENTO\AppData\Roaming\md.xml, Quarentena, [b7907809b4f4f2442e88b9eded16f30d], 
PUP.Optional.Linkury, C:\Users\ATENDIMENTO\AppData\Roaming\noah.dat, Quarentena, [5bec235ebcec80b63087386ee3209f61], 
PUP.Optional.Linkury.Gen, C:\Users\ATENDIMENTO\AppData\Roaming\Geodex.tst, Quarentena, [b691661b1791033331e168b015efa25e], 
PUP.Optional.Linkury.Gen, C:\Users\ATENDIMENTO\AppData\Roaming\Lafind.tst, Quarentena, [4ff82b5674340d2952c057c1f80c52ae], 
PUP.Optional.Linkury.ACMB1, C:\Program Files\Common Files\Ventolux\InstallationConfiguration.xml, Quarentena, [1a2d5031c4e4f3438e4f967d768e0cf4], 
PUP.Optional.Linkury.ACMB1, C:\Program Files\Common Files\Ventolux\uninstall.dat, Quarentena, [1a2d5031c4e4f3438e4f967d768e0cf4], 
PUP.Optional.Linkury.ACMB1, C:\Program Files\Common Files\Ventolux\uninstall.exe, Quarentena, [1a2d5031c4e4f3438e4f967d768e0cf4], 
PUP.Optional.Linkury.ACMB1, C:\Program Files\Common Files\Ventolux\uninstall.ico, Quarentena, [1a2d5031c4e4f3438e4f967d768e0cf4], 
PUP.Optional.Linkury.ACMB1, C:\Users\ATENDIMENTO\AppData\Roaming\Config.xml, Quarentena, [7ccbf68b3f6956e0c5128a8929db34cc], 
PUP.Optional.Linkury.ACMB1, C:\Users\ATENDIMENTO\AppData\Roaming\InstallationConfiguration.xml, Quarentena, [75d292eff8b00b2b5b7d8b889c681ae6], 
PUP.Optional.Youndoo, C:\Users\ATENDIMENTO\AppData\Roaming\Mozilla\Firefox\Profiles\my0jwqzu.default-1472675051146\searchplugins\v6q9j7tw.xml, Quarentena, [da6d156c5b4d1323ac9a1bf906fe5ba5], 
PUP.Optional.Youndoo, C:\Users\ATENDIMENTO\AppData\Roaming\Profiles\Shocert.default\searchplugins\v6q9j7tw.xml, Quarentena, [4106aad7822656e05315b16dd62abc44], 

Setores físicos: 0
(Nenhum item malicioso detectado)


(end)

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:15:17, on 28/01/2017
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.18538)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\ThinkSky\iTools 3\iToolsDaemon.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\rundll32.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Windows\WindowsMobile\wmdcBase.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\CCleaner\CCleaner.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Windows\system32\wuauclt.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ATENDIMENTO\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-V5.44.exe
C:\Users\ATENDIMENTO\Desktop\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\AVAST Software\Avast\avBugReport.exe
C:\Windows\system32\conhost.exe
C:\Windows\SYSTEM32\cscript.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O1 - Hosts: ::1 localhost
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files\GbPlugin\gbiehuni.dll
O2 - BHO: iToolsBHO - {E1499FE7-129D-4B6E-B681-DDF21E14172C} - C:\Program Files\ThinkSky\iTools 3\Extensions\iToolsBHO.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Diebold - Warsaw] C:\Program Files\Diebold\Warsaw\core.exe
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdcBase.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner.exe" /MONITOR
O4 - HKCU\..\Run: [SH_AutoBackup] C:\SHARMAQ\SHOficina\SHRecovery.exe /BACKUP
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.google.com.br
O15 - Trusted Zone: www.itau.b.br
O15 - Trusted Zone: *.itau.b.br
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: banklineplus.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: www.itau.com.br
O15 - Trusted Zone: http://www.itau.com.br
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: www.itaupersonnalite.com.br
O15 - Trusted Zone: http://www.itaupersonnalite.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{48A1F1B0-D561-4334-84A5-EF13F8F83E62}: NameServer = 8.8.8.8,8.8.4.4
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Avast antivírus (avast! antivírus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: SAMSUNG Mobile Connectivity Service (ss_conn_service) - DEVGURU Co., LTD. - C:\Program Files\Samsung\USB Drivers\27_ssconn\conn\ss_conn_service.exe

--
End of file - 11712 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu AntiVirus.

Clique em esetsmartinstaller_enu.exe para baixar o ESET Smart Installer. Salve-o em seu desktop.

Dê um duplo clique no seu ícone no desktop.

  • Marque "YES, I accept the Terms of Use."
  • Clique em Start.
  • Aceite qualquer aviso de segurança de seu browser.
  • Marque as opções abaixo:
  • Enable detection of potencially unwanted applications.
  • Clique em Hide advanced settings e marque:
    • Remove found threats
    • Scan archives
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Clique Change e marque também a caixa Computador.
  • Clique em Start.
  • Ele vai atualizar por conta própria, e escanear o computador. Tenha paciência, o processo pode demorar horas.
  • Quando o scan terminar, clique em List Threats.
  • Clique em Export to text file e salve o log na sua área de trabalho.
  • Copie e cole o conteúdo em sua próxima resposta.
  • Obs: Se nada for encontrado, nenhum log será gerado.
  • Clique em Back.
  • Clique em Finish.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

C:\Inferno_Volcano_MTK\tools\Superuser.apk    Android/Spy.Agent.BK trojan    deleted
C:\Program Files\iRoot\AppCool.apk    a variant of Android/Spy.Agent.BN trojan    deleted
C:\Program Files\iRoot\kinguser.zip    a variant of Android/DroidRooter.AG potentially unsafe application    deleted
C:\Users\ATENDIMENTO\AppData\Roaming\mgyun\VRoot\AppCool.apk    a variant of Android/Spy.Agent.BN trojan    deleted
C:\Users\ATENDIMENTO\AppData\Roaming\mgyun\VRoot\CleanMaster.apk    a variant of Android/DroidRooter.AC potentially unsafe application    deleted
C:\Users\ATENDIMENTO\AppData\Roaming\mgyun\VRoot\kinguser.zip    a variant of Android/DroidRooter.AG potentially unsafe application    deleted
C:\Users\ATENDIMENTO\AppData\Roaming\ZHP\Quarantine\iFunboxDevTeamDIFX.dll    a variant of Win32/Adware.SoSoEasy.B application    cleaned by deleting
C:\Users\ATENDIMENTO\AppData\Roaming\ZHP\Quarantine\RockerTeamZip.dll    a variant of Win32/Adware.SoSoEasy.B application    cleaned by deleting
C:\Users\ATENDIMENTO\AppData\Roaming\ZHP\Quarantine\Rocker Team\RIFF JTAG Manager\UsefullPlugins\DirectProgramming.dll    a variant of Win32/Packed.Themida suspicious application    cleaned by deleting
C:\Users\ATENDIMENTO\AppData\Roaming\ZHP\Quarantine\Rocker Team\RIFF JTAG Manager\UsefullPlugins\eMMCDiskPartitions.dll    a variant of Win32/Packed.Themida suspicious application    cleaned by deleting
C:\Users\ATENDIMENTO\AppData\Roaming\ZHP\Quarantine\Rocker Team\RIFF JTAG Manager\UsefullPlugins\QualcommPartitionTool.dll    a variant of Win32/Packed.Themida suspicious application    cleaned by deleting
C:\Users\ATENDIMENTO\AppData\Roaming\ZHP\Quarantine\Rocker Team\RIFF JTAG Manager\UsefullPlugins\SomeGalaxyPartitionTool.dll    a variant of Win32/Packed.Themida suspicious application    cleaned by deleting
D:\ANDROID\iRoot_1.8.8.20465_cid1005_7337ba1e.exe    multiple threats    cleaned by deleting
D:\ANDROID\iRoot_160527.zip    multiple threats    deleted
D:\ANDROID\RECUPERAR DADOS\FonePaw_Android_Data_Recovery_1_9.zip    a variant of Win32/Kryptik.FNIK trojan    deleted
D:\ANDROID\RECUPERAR DADOS\rcsetup153.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
D:\ANDROID\RECUPERAR DADOS\FonePaw_Android_Data_Recovery_1_9\FonePaw_Android_Data_Recovery_1_9.exe    a variant of Win32/Kryptik.FNIK trojan    cleaned by deleting
D:\ANDROID\RECUPERAR DADOS\FonePaw_Android_Data_Recovery_1_9\FonePaw_Android_Data_Recovery_1_9.zip    a variant of Win32/Kryptik.FNIK trojan    deleted
D:\BOX\RIFFBOX\RIFF JTAG Manager_COMPLETO\Download\00000000.tmp    a variant of Win32/Packed.Themida suspicious application    cleaned by deleting
D:\BOX\RIFFBOX\RIFF JTAG Manager_COMPLETO\Download\00000001.tmp    a variant of Win32/Packed.Themida suspicious application    cleaned by deleting
D:\BOX\RIFFBOX\RIFF JTAG Manager_COMPLETO\Download\00000002.tmp    a variant of Win32/Packed.Themida suspicious application    cleaned by deleting
D:\BOX\RIFFBOX\RIFF JTAG Manager_COMPLETO\Download\00000003.tmp    a variant of Win32/Packed.Themida suspicious application    cleaned by deleting
D:\BOX\VOLCANO\InfernoTool_DataPro_Dongle v1.4.3.rar    a variant of Win32/Packed.VMProtect.ABO trojan    deleted
D:\BOX\VOLCANO\InfernoTool_MTK_Volcano_V1.1.4_20161209.rar    Android/Spy.Agent.BK trojan    deleted
D:\BOX\VOLCANO\InfernoTool_UniTool_Volcano_V1.0.4_20161202.rar    Android/Spy.Agent.BK trojan    deleted
D:\BOX\VOLCANO\InfernoTool_UniTool_Volcano_V1.0.5_20161209.rar    Android/Spy.Agent.BK trojan    deleted
D:\BOX\VOLCANO\InfernoTool_UniTool_Volcano_V1.0.6_20161223.rar    Android/Spy.Agent.BK trojan    deleted
D:\BOX\VOLCANO\Merapi Tool_1.4.7_20160313.rar    multiple threats    deleted
D:\BOX\VOLCANO\MerapiTool_v1.4.4_20160203.rar    multiple threats    deleted
D:\BOX\VOLCANO\DataPro\DataPro.exe    a variant of Win32/Packed.VMProtect.ABO trojan    cleaned by deleting
D:\BOX\VOLCANO\DataPro\DllBridge.dll    a variant of Win32/Packed.VMProtect.ABO trojan    cleaned by deleting
D:\BOX\VOLCANO\DataPro\DNetService.dll    a variant of Win32/Packed.VMProtect.ABO trojan    cleaned by deleting
D:\BOX\VOLCANO\Merapi Tool_1.4.7_20160313\MerapiTool.exe    a variant of Win32/Packed.VMProtect.ABO trojan    cleaned by deleting
D:\BOX\VOLCANO\Merapi Tool_1.4.7_20160313\FactoryTool\tools\Superuser.apk    a variant of Android/Spy.Agent.GR trojan    deleted
D:\BOX\VOLCANO\Merapi Tool_1.4.7_20160313\PImeiTool\AppBridge.dll    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting
D:\BOX\VOLCANO\Merapi Tool_1.4.7_20160313\PImeiTool\pimei_tool.exe    a variant of Win32/Packed.VMProtect.ABO trojan    cleaned by deleting
D:\BOX\VOLCANO\Merapi Tool_1.4.7_20160313\tools\HTCUnlocker.exe    a variant of Win32/RootGenius.C potentially unsafe application    cleaned by deleting
D:\BOX\VOLCANO\Merapi Tool_1.4.7_20160313\ViTool\ViTool.exe    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting
D:\BOX\VOLCANO\MerapiTool\MerapiTool.exe    a variant of Win32/Packed.VMProtect.ABO trojan    cleaned by deleting
D:\BOX\VOLCANO\MerapiTool\FactoryTool\tools\Superuser.apk    a variant of Android/Spy.Agent.GR trojan    deleted
D:\BOX\VOLCANO\MerapiTool\PImeiTool\AppBridge.dll    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting
D:\BOX\VOLCANO\MerapiTool\PImeiTool\pimei_tool.exe    a variant of Win32/Packed.VMProtect.ABO trojan    cleaned by deleting
D:\BOX\VOLCANO\MerapiTool\tools\HTCUnlocker.exe    a variant of Win32/RootGenius.C potentially unsafe application    cleaned by deleting
D:\BOX\VOLCANO\MerapiTool\ViTool\ViTool.exe    a variant of Win32/Packed.VMProtect.ABD trojan    cleaned by deleting
D:\BOX\VOLCANO\MTK_Vol\tools\Superuser.apk    Android/Spy.Agent.BK trojan    deleted
D:\BOX\VOLCANO\UniTool_Vol\tools\Superuser.apk    Android/Spy.Agent.BK trojan    deleted
D:\genesis\GT-7301\sk-mtek.gt-7301.zip    a variant of Android/AdDisplay.Kuguo.A potentially unwanted application    deleted
D:\genesis\GT-7301\SK-Mtek.GT-7301\FirmwareInstall\SK\data\app\TaskManager.apk    a variant of Android/AdDisplay.Kuguo.A potentially unwanted application    deleted
D:\MULTICELL\DADOS REDE\RECUPERAR DADOS\crack.zip    MSIL/Keygen.V potentially unsafe application    deleted
D:\MULTICELL\DADOS REDE\RECUPERAR DADOS\drfone-for-android_full1546.exe    multiple threats    cleaned by deleting
D:\MULTICELL\DADOS REDE\RECUPERAR DADOS\rcsetup153.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
D:\MULTICELL\DADOS REDE\RECUPERAR DADOS\Wondershare MobileTrans 7.2.1.327   Patch__7427_il92575.exe    a variant of Win32/Amonetize.LY potentially unwanted application    cleaned by deleting
D:\MULTICELL\DADOS REDE\RECUPERAR DADOS\Wondershare MobileTrans 7.2.1.327   Patch__7427_il92575.rar    a variant of Win32/Amonetize.LY potentially unwanted application    deleted
D:\MULTICELL\DADOS REDE\RECUPERAR DADOS\Wondershare MobileTrans v6.0.2.xxx Crack is Here     .rar    a variant of Win32/OutBrowse.BZ potentially unwanted application    deleted
D:\MULTICELL\DADOS REDE\RECUPERAR DADOS\Wondershare_MobileTrans_Serial_Key_Crack_Full_Download_downloader (1).exe    a variant of Win32/ExpressDownloader.S potentially unwanted application    cleaned by deleting
D:\MULTICELL\DADOS REDE\RECUPERAR DADOS\Wondershare_MobileTrans_Serial_Key_Crack_Full_Download_downloader.exe    a variant of Win32/ExpressDownloader.S potentially unwanted application    cleaned by deleting
D:\PROGRAMAS PC\disk-defrag-setup.exe    a variant of Win32/Auslogics.C potentially unwanted application    cleaned by deleting
D:\PROGRAMAS PC\REPARO REGISTRO\ccsetup526.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    cleaned by deleting
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos durante a execução das ferramentas abaixo.


1 - Baixe o AdwCleaner e salve no desktop.
http://www.bleepingcomputer.com/download/adwcleaner/dl/125/

Dê um duplo-clique sobre o adwcleaner.exe.

Clique no botão Examinar e aguarde o exame finalizar.

Clique no botão Limpar.

Abrirá um bloco de notas com o resultado. Selecione, copie e cole o seu conteúdo na próxima resposta.
 
NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.


2 - Baixe o JRT e salve no desktop.
http://downloads.malwarebytes.org/file/jrt

Dê um duplo-clique para executar o Junkware Removal Tool (JRT).

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final, um log se abrirá. É salvo no desktop com o nome de JRT.txt.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.


3 - Baixe ZHPCleaner e salve no desktop.
http://www.nicolascoolman.fr/download/zhpcleaner-2/?wpdmdl=2148

Dê um duplo-clique sobre o ZHPCleaner.exe.

Clique no botão Scanner.

A ferramenta comecará o exame do seu sistema. Tenha paciência pois pode demorar um pouco dependendo da quantidades de ítens a examinar.

Ao final da verificação, clique no botão Reparar.

Concluída a operação, um log se abrirá. Caso isso não aconteça, clique no botão Relatório e salve o log.

Selecione, copie e cole o conteúdo deste log na sua próxima resposta.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

# AdwCleaner v6.043 - Relatório criado 30/01/2017 às 11:27:24
# Atualizado em 27/01/2017 por Malwarebytes
# Banco de dados : 2017-01-30.2 [Servidor]
# Sistema operacional : Windows 7 Ultimate Service Pack 1 (X86)
# Usuário : ATENDIMENTO - NOT
# Executando de : C:\Users\ATENDIMENTO\Desktop\adwcleaner_6.043.exe
# Modo: Digitalizar
# Apoio : https://www.malwarebytes.com/support

***** [ Serviços ] *****

Não foram encontrados serviços maliciosos.


***** [ Pastas ] *****

Nenhuma pasta maliciosa encontrada.


***** [ Arquivos ] *****

Arquivo encontrado: C:\Users\ATENDIMENTO\AppData\Roaming\Installer.dat
Arquivo encontrado: C:\Users\ATENDIMENTO\AppData\Roaming\Main.dat


***** [ DLL ] *****

Não foram encontradas DLLs mal-intencionadas.


***** [ WMI ] *****

Nenhuma chave mal-intencionada encontrada.


***** [ Atalhos ] *****

Nenhum atalho infectado encontrado.


***** [ Atividades agendadas ] *****

Nenhuma tarefa maliciosa encontrada.


***** [ Registro ] *****

Nenhuma entrada de registro malicioso encontrada.


***** [ Navegadores ] *****

Nenhum item de navegador baseado em Firefox malicioso encontrado.
Nenhum item de navegador baseado em Chromo malicioso encontrado.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [1286 Bytes] - [30/01/2017 11:27:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1359 Bytes] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 7 Ultimate x86 
Ran by ATENDIMENTO (Limited) on 30/01/2017 at 12:28:58,57
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


File System: 0 


Registry: 0 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30/01/2017 at 12:30:02,69
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


~ ZHPCleaner v2017.1.29.20 by Nicolas Coolman (2017/01/29)
~ Run by ATENDIMENTO (Administrator)  (30/01/2017 12:56:51)
~ Web: https://www.nicolascoolman.com
~ Blog: https://www.anti-malware.top
~ Facebook : https://www.facebook.com/nicolascoolman1
~ State version : Version OK
~ Type : Scanner
~ Report : C:\Users\ATENDIMENTO\Desktop\ZHPCleaner.txt
~ Quarantine : C:\Users\ATENDIMENTO\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt
~ UAC : Deactivate
~ Boot Mode : Normal (Normal boot)
Windows 7 Ultimate, 32-bit Service Pack 1 (Build 7601)


---\\  Serviços (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Navegadores de Internet (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Arquivo hosts (1)
~ O arquivo hosts é legítimo (21)


---\\  Tarefas automáticas agendadas. (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Explorer ( Arquivos, Pastas) (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\  Registro ( Chaves, Valores, Dados ) (0)
~ Nenhum ítem malicioso o desnecessários foi encontrado.


---\\ Resultado de reparação
~ Eventuais reparações feita
~ Este navegador está faltando ! (Google Chrome)
~ Este navegador está faltando ! (Opera Software)


---\\ Estatísticas
~ Items scan : 56765
~ Items encontrado : 0
~ items cancelados : 0
~ Items réparo : 0


~ End of search in 00h09mn29s
~====================
ZHPCleaner-[R]-23012017-18_56_16.txt
ZHPCleaner--23012017-18_55_08.txt
ZHPCleaner--25012017-09_28_00.txt
ZHPCleaner--30012017-13_06_20.txt
 

 

eu estava vendo que ali disse: Este navegador está faltando ! (Google Chrome) mas é o meu principal, ele está estranho mesmo abrindo diferente tb, pesquisas diferente...  valeu desde já

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok, baixe Farbar Recovery Scan Tool 32-Bit (FRST) e salve na sua área de trabalho.

Dê um duplo-clique para executar a ferramenta. Aceite o contrato e depois clique no botão Examinar.

Aguarde e ao final, os logs FRST.txt e Addition.txt serão salvos no seu desktop.

Selecione, copie e cole o conteúdo destes 2 logs em sua próxima resposta.

ATENÇÃO: para o correto funcionamento da ferramenta, ela tem de estar diretamente na área de trabalho, não pode ficar em uma pasta.

 


 

 

xerl_roums_16.JPG

Compartilhar este post


Link para o post
Compartilhar em outros sites

×
×
  • Criar Novo...