Ir para conteúdo

A partir do dia 19/11/2018, o foco do Fórum do BABOO é apenas Windows e Segurança Digital conforme informado no início de 2018.
As áreas que não têm relação com esses dois assuntos foram arquivadas e seus tópicos estão disponíveis para consulta na área Tópicos Antigos.

horozitta

Infecção por vírus após instalado um programa fake

Mensagem Recomendada

Boa noite galera,

Fui instalar um programa no meu computador, mas logo vi que o mesmo era fake (falso) e ele acabou instalando vários malwares, adwares, PUP's e cavalos de tróia no meu PC (muitos mesmo), inclusive aqueles que alteram o registro do sistema, tantos que eu nem sei como remover.

Descobri a detecção pois utilizo o antivírus Panda Security Pro.

Não sei o que faço, sou um pouco leiga em segurança, mas entendo o necessário para seguir vossas dicas

me ajudem pfv :(

edit 1: meu chrome está cheio de propagandas e pop-ups indesejados, já reseitei ele e também verifiquei as extensões e nada. Também dei uma olhada nos programas instalados no painel de controle e já desinstalei o que estava de anormal com o Revo Unistaller pro

Link de onde baixei: http://www.jyvsoft.com/2018/06/18/voicemod-v1131-x64/

Editado por horozitta

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite!

 Para podermos ajudá-la, siga integralmente o estabelecido neste "Tópico de procedimento padrão obrigatório do Fórum".  Logs do HijackThis ** leia antes de postar **  Após feitos os procedimentos, postar o Log do HijackThis para exame, aqui mesmo neste Tópico, clicando no "BOTÃO RESPONDER", logo abaixo, e aguarde novas instruções.

 


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:56:51, on 04/12/2018
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.17134.0001)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Users\Andressa\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Users\Andressa\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Users\Andressa\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Users\Andressa\AppData\Local\Discord\app-0.0.301\Discord.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Program Files (x86)\Skillbrains\lightshot\5.4.0.35\Lightshot.exe
C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe
C:\Users\Andressa\Downloads\HijackThis (1).exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung17win10.msn.com/?PC=SMTE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:NewsFeed
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\userinit.exe,
O1 - Hosts: ::1 localhost
O4 - HKLM\..\Run: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAMain.exe" /LaunchSysTray
O4 - HKLM\..\Run: [Lightshot] C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe
O4 - HKLM\..\Run: [Adobe Creative Cloud] "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
O4 - HKCU\..\Run: [OneDrive] "C:\Users\Andressa\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Andressa\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [Discord] C:\Users\Andressa\AppData\Local\Discord\app-0.0.301\Discord.exe
O4 - HKCU\..\Run: [CCleaner Smart Cleaning] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #1] C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe  /RestartByRestartManager:8902FDF9-AEB9-4d39-B3D7-D0E2EC54D9DD (User 'SISTEMA')
O4 - HKUS\S-1-5-18\..\RunOnce: [Application Restart #0] C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe  /RestartByRestartManager:F4EC75CB-6063-4aa0-83A4-1C97B85BF5F5 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [Application Restart #1] C:\Program Files\Samsung\SamsungSettings\WlanAniControl.exe  /RestartByRestartManager:8902FDF9-AEB9-4d39-B3D7-D0E2EC54D9DD (User 'Default user')
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{c127b507-c526-45c9-b16c-dd7e6ff4f0d7}: NameServer = 82.163.143.146,82.163.142.148
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: Windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O23 - Service: AdobeUpdateService - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
O23 - Service: Adobe Genuine Monitor Service (AGMService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGMService.exe
O23 - Service: Adobe Genuine Software Integrity Service (AGSService) - Adobe Systems, Incorporated - C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Unknown owner - C:\Windows\system32\DRIVERS\AdminService.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fd63a73c8c937d34\IntelCpHeciSvc.exe
O23 - Service: Intel(R) Content Protection HDCP Service (cplspcon) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fd63a73c8c937d34\IntelCpHDCPSvc.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @oem43.inf,%ServiceDisplayName%;Intel(R) Dynamic Platform and Thermal Framework service (esifsvc) - Unknown owner - C:\Windows\System32\Intel\DPTF\esif_uf.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Intel Corporation - C:\Windows\System32\DriverStore\FileRepository\igdlh64.inf_amd64_fd63a73c8c937d34\igfxCUIService.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\SocketHeciServer.exe
O23 - Service: Intel(R) TPM Provisioning Service - Intel(R) Corporation - C:\Program Files\Intel\Intel(R) Management Engine Components\iCLS\TPMProvisioningService.exe
O23 - Service: Intel(R) Audio Service (IntelAudioService) - Unknown owner - C:\Windows\system32\cAVS\Intel(R) Audio Service\IntelAudioService.exe (file missing)
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MGE0N - Unknown owner - rundll32.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Panda Protection Service (NanoServiceMain) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSANHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Panda Devices Agent (PandaAgent) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Devices Agent\AgentSvc.exe
O23 - Service: Panda Product Service (PSUAService) - Panda Security, S.L. - C:\Program Files (x86)\Panda Security\Panda Security Protection\PSUAService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Samsung Settings Expansion Launcher - Unknown owner - C:\Program Files\Samsung\SamsungSettings\SamsungSettingsExpLauncher.exe
O23 - Service: Samsung Recovery Service (SamsungRecoveryService) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\Recovery\BulletService.exe
O23 - Service: SamsungSecurity Launcher - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\SamsungSecurity\CmdServer\SamsungSecurityLauncher.exe
O23 - Service: Samsung Update Service (SamsungUpdateService) - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\SamsungUpdate\\SUService.exe
O23 - Service: SecPowerCtrlService - Samsung Electronics Co., Ltd. - C:\Program Files (x86)\Samsung\PowerCtrlManager\PowerCtrlService.exe
O23 - Service: @%systemroot%\system32\SecurityHealthAgent.dll,-1002 (SecurityHealthService) - Unknown owner - C:\Windows\system32\SecurityHealthService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\Windows\System32\SensorDataService.exe (file missing)
O23 - Service: Service KMSELDI - @ByELDI - C:\Program Files\KMSpico\Service_KMS.exe
O23 - Service: @%SystemRoot%\System32\SgrmBroker.exe,-100 (SgrmBroker) - Unknown owner - C:\Windows\system32\SgrmBroker.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spectrum.exe,-101 (spectrum) - Unknown owner - C:\Windows\system32\spectrum.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: sService Agent Launcher - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\sService\sServiceAgentLauncherSvc.exe
O23 - Service: sServiceLoopBack - Samsung Electronics Co., Ltd. - C:\Program Files\Samsung\sService\sServiceLoopBackSvc.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\Windows\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache64 - Apache Software Foundation - c:\wamp64\bin\apache\apache2.4.35\bin\httpd.exe
O23 - Service: wampmariadb64 - Unknown owner - c:\wamp64\bin\mariadb\mariadb10.3.9\bin\mysqld.exe
O23 - Service: wampmysqld64 - Unknown owner - c:\wamp64\bin\mysql\mysql5.7.23\bin\mysqld.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%systemroot%\system32\xbgmsvc.exe,-100 (xbgm) - Unknown owner - C:\Windows\system32\xbgmsvc.exe (file missing)
O23 - Service: ZjJmOTVhMWNjOTEzODUx - Unknown owner - C:\Program Files\ZjJmOTVhMWNjOTEzODUx\M2ViOWFl.exe

--
End of file - 11606 bytes
 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Seu "técnico" usou um Cracker chamado KMSELDI para habilitar o Windows/Office. Sugiro que remova este crack  e regularize seu software com uma cópia ORIGINAL". 

Isso é considerado pirataria e eu não posso ajudá-lo desta forma, podendo até inutilizar seu PC com o uso de Ferramentas de desinfecção.
 Sugiro que você entre em contato com a Microsoft ou com um revendedor autorizado. 

Central de Atendimento Microsoft:
 0800 761-7454
 Atendimento ao Cliente
http://support.microsoft.com/contactus

Boa sorte!


assinatura-mrmillion.png65301516_windows-insider-mvp-logo(Custom).png.36263cb7b506cc6935fb37f39e504cec.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

×