Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14449 usuários registrados
O último usuário registrado atende pelo nome de wostemberg3

Os nossos membros postaram um total de 35202 mensagens em 3565 assuntos
Últimos assuntos
» alguém pode me ajudar?
por joram Dom 19 Nov 2017, 22:51

Quem está conectado
5 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 5 Visitantes :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Novembro 2017
SegTerQuaQuiSexSabDom
  12345
6789101112
13141516171819
20212223242526
27282930   

Calendário Calendário


PC infectado com vários tipos de virus

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

PC infectado com vários tipos de virus

Mensagem por Fuçador em Sex 29 Ago 2014, 09:53

OLá comprei esse pc e esta cheio de virus desde ja agradeço pelo apoio

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:14:30, on 01/01/2004
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\uTIPu\tipc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Arthur\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SaveSense - {71e129ff-6c2a-4984-818c-7e2c998b8d99} - C:\Users\Arthur\AppData\Local\SaveSense\SaveSenseIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [Baidu Antivirus] "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
O4 - HKLM\..\Run: [Baidu PC Faster 4.0.0.0] "C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe" -auto -start
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_F60E728FC0755B5DBDB7EA812CDE9796] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: TipCam.lnk = C:\Program Files (x86)\uTIPu\tipc.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: [Você precisa estar registrado e conectado para ver este link.]
O15 - ESC Trusted IP range: [Você precisa estar registrado e conectado para ver este link.]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Baidu PC App Store Service 4.6.1.6274 (PCAppStoreSvc_{PCAppStore_4.6.1.6274}) - Baidu Inc. - C:\Program Files (x86)\Baidu Security\PC App Store\4.6.1.6274\PCAppStoreSvc.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) - Baidu Inc. - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: SaveSenseLive Service (savesenselivem) (savesenselivem) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Spark Security Update (SparkSafeUpdater) - Baidu.com, Inc. - C:\Program Files (x86)\Baidu\SparkSafeUpdate\SparkUpdate.exe
O23 - Service: Spark Security Service (SparkSecuritySvc) - Baidu Inc. - C:\Program Files (x86)\baidu\SparkSafe\sparkservice.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TipCtrl - Utipu inc. - C:\Program Files (x86)\uTIPu\TipCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10948 bytes
avatar
Fuçador
Membro
Membro

Mensagens : 129
Reputação : 1
Data de inscrição : 30/09/2013

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por joram em Sex 29 Ago 2014, 10:36

Bom Dia! Fuçador

|- Baixe: < [Você precisa estar registrado e conectado para ver este link.] > ( ... par Xplode )

|- Ao acessar,clique em "Download Now".
|- Ps: Se utilizar o navegador IE9,desabilite o filtro "[Você precisa estar registrado e conectado para ver este link.]".
|- Salve-o no desktop!

< [Você precisa estar registrado e conectado para ver esta imagem.] >

|- Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Ps: Dê início ao scan,clicando em "Examinar".

< [Você precisa estar registrado e conectado para ver esta imagem.] >

|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
|- Copie o log ou clique "Relatório".
|- Poste: < C:\AdwCleaner\AdwCleaner[S0].txt >

|- Baixe: < [Você precisa estar registrado e conectado para ver este link.] >  < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Execute o ícone do pergaminho. ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "COMPLETA" e aguarde a conclusão!
|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Como o log será extenso,envie-o à [Você precisa estar registrado e conectado para ver este link.].

|- Ou acesse: < [Você precisa estar registrado e conectado para ver este link.] >

|- Maiores informações: < |[Você precisa estar registrado e conectado para ver este link.]| >

A+
avatar
joram
Administrador
Administrador

Mensagens : 3768
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por Fuçador em Sex 29 Ago 2014, 11:13

cara ta osso entrar nos sites da erro de ssl
aqui esta o relatorio do ADWCLEANER
# AdwCleaner v3.308 - Relatório criado 01/01/2004 às 01:04:12
# Atualizado 20/08/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Arthur - ARTHUR-PC
# Executando de : C:\Users\Arthur\Downloads\adwcleaner_3.308.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : Level Quality Watcher
[#] Serviço Deletada : savesenselive
[#] Serviço Deletada : savesenselivem

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\SaveSenseLive
Pasta Deletada : C:\Program Files (x86)\baidu
Pasta Deletada : C:\Program Files (x86)\orbitdownloader
Pasta Deletada : C:\Program Files (x86)\SaveSenseLive
Pasta Deletada : C:\Program Files (x86)\SavingsBull
Pasta Deletada : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Pasta Deletada : C:\Program Files\Level Quality Watcher
Pasta Deletada : C:\Program Files\SavingsBull
Pasta Deletada : C:\Users\Arthur\AppData\Local\genienext
Pasta Deletada : C:\Users\Arthur\AppData\Local\lollipop
Pasta Deletada : C:\Users\Arthur\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Arthur\AppData\Local\SaveSense
Pasta Deletada : C:\Users\Arthur\AppData\Local\SaveSenseLive
Pasta Deletada : C:\Users\Arthur\AppData\Local\Temp\baidu
Pasta Deletada : C:\Users\Arthur\AppData\LocalLow\Mysearchdial
Pasta Deletada : C:\Users\Arthur\AppData\Roaming\1H1Q
Pasta Deletada : C:\Users\Arthur\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Arthur\AppData\Roaming\Mysearchdial
Pasta Deletada : C:\Users\Arthur\AppData\Roaming\newnext.me
Pasta Deletada : C:\Users\Arthur\AppData\Roaming\SaveSense
Pasta Deletada : C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
Pasta Deletada : C:\Users\Arthur\Documents\Mobogenie
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb
Arquivo Deletada : C:\Windows\System32\drivers\netfilter64.sys
Arquivo Deletada : C:\Users\Arthur\daemonprocess.txt
Arquivo Deletada : C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tarefas ] *****

Tarefa Deletedo : SaveSense
Tarefa Deletedo : SaveSenseLiveUpdateTaskMachineCore
Tarefa Deletedo : SaveSenseLiveUpdateTaskMachineUA

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Você precisa estar registrado e conectado para ver este link.]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickCtrl.9
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.Update3WebControl.3
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{93D3100A-BBB6-456C-96FC-82CAC5F383AC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CDDAB3A4-E64D-4AE0-9E1D-F3132F5F913F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E66A759D-367F-433E-85C6-ED7F040BCC32}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\SaveSense
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\SavingsBull
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\AppDataLow\Software\Savings Bull
Chave Deletedo : HKCU\Software\AppDataLow\Software\SavingsBull
Chave Deletedo : HKLM\SOFTWARE\Conduit
Chave Deletedo : HKLM\SOFTWARE\DealPlyLive
Chave Deletedo : HKLM\SOFTWARE\InstallCore
Chave Deletedo : HKLM\SOFTWARE\SaveSenseLive
Chave Deletedo : HKLM\SOFTWARE\SavingsBullFilter
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Chave Deletedo : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Chave Deletedo : HKLM\SOFTWARE\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Chave Deletedo : HKLM\SOFTWARE\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD04033484A18CA4CAB3EE59D39D756E
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16518

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v35.0.1916.153

[ Arquivo : C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Startup_urls] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Homepage] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Extension] : ngaeinfoeljecnggcbonnohnjpepenmb

*************************

AdwCleaner[R0].txt - [16642 octets] - [01/01/2004 01:02:48]
AdwCleaner[S0].txt - [14285 octets] - [01/01/2004 01:04:12]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14346 octets] ##########
avatar
Fuçador
Membro
Membro

Mensagens : 129
Reputação : 1
Data de inscrição : 30/09/2013

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por joram em Sex 29 Ago 2014, 11:27

Bom Dia! Fuçador

|- Enquanto a desinfecção não for concluída,navegue com o Firefox e com o complemento NoScript.

< [Você precisa estar registrado e conectado para ver este link.] >

|- Baixe e instale este complemento ao Firefox.

A+
avatar
joram
Administrador
Administrador

Mensagens : 3768
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por Fuçador em Sex 29 Ago 2014, 14:16

relatorio do Zhpdialog
[Você precisa estar registrado e conectado para ver este link.]
avatar
Fuçador
Membro
Membro

Mensagens : 129
Reputação : 1
Data de inscrição : 30/09/2013

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por joram em Sex 29 Ago 2014, 14:47

Boa Tarde! Fuçador

|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.

script zhpfix
emptytemp
Ifeofix
SS - | Demand 10/07/1658 0 |  (SparkSafeUpdater) . (...) - C:\Program Files (x86)\Baidu\SparkSafeUpdate\SparkUpdate.exe    
SS - | Auto 10/07/1658 0 |  (SparkSecuritySvc) . (...) - C:\Program Files (x86)\baidu\SparkSafe\sparkservice.exe    
SR - | Auto 13/06/2014 2038248 |  (BAVSvc) . (.Baidu, Inc..) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe    
SR - | Auto 13/06/2014 481432 |  (BHipsSvc) . (.Baidu, Inc..) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe    
SR - | Auto 10/07/2014 550432 |  (PCAppStoreSvc_{PCAppStore_4.6.1.6274}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC App Store\4.6.1.6274\PCAppStoreSvc.exe    
SR - | Auto 31/12/2003 770032 |  (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe    
[MD5.25F14A383D92D576B19FC0BAF2B0A97C] - (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe   [1704296] [PID.3220]    
[MD5.D7F3C10428130DB60FF0318C975F12AB] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe   [1334976] [PID.3580]    
[MD5.0E05F6DABE6D5EDD25DDB0356A33AC98] - (.Baidu, Inc. - Baidu Antivirus Service.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe   [2038248] [PID.1724]    
[MD5.968CD4BF6A25C30CF66B9781587FD5D9] - (.Baidu, Inc. - Baidu Antivirus Hips Service.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe   [481432] [PID.1884]    
[MD5.3624F47B37C3F934E2F8E159BA00C8AF] - (.Baidu Inc. - Baidu PC App Store Service.) -- C:\Program Files (x86)\Baidu Security\PC App Store\4.6.1.6274\PCAppStoreSvc.exe   [550432] [PID.1944]    
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe   [770032] [PID.2224]    
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe   [770032] [PID.2864]    
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe   [770032] [PID.3164]    
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exe   [770032] [PID.3316]    
[MD5.4948D2268D2F2C6E4CAFC27F0F1FA241] [APT] [Baidu Antivirus Update] (.Baidu, Inc..) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUpdater.exe   [2883736]    
[MD5.933078FAEB8719E3E98A46F70D27095B] [APT] [Baidu PC Faster Service] (.Baidu Inc..) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe   [770032]    
[MD5.F01CEF89A1059F08877E9FA16970AF88] [APT] [Baidu PC Faster Update] (.Baidu Inc..) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Updater.exe   [1329648]    
[MD5.00000000000000000000000000000000] [APT] [SparkSafeUpdater] (...) -- C:\Program Files (x86)\baidu\SparkSafe\SparkUpdate.exe (.not file.)   [0]    
[MD5.00000000000000000000000000000000] [APT] [{9FC74599-7082-499D-9824-DD4E3336A860}] (...) --
C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.)   [0]
[MD5.5C8E2157333E1E6A2A5E24DA0BBB4091] [WIS][05/03/2014] (.SavingsBull - SavingsBull.) -- C:\Windows\Installer\a0cb60.msi   [3174400]  =>PUP.SavingsBull
O4 - HKLM\..\Wow6432Node\Run: [Baidu PC Faster 4.0.0.0] . (.Baidu Inc. - PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe    
O23 - Service: Baidu Antivirus Service (BAVSvc) . (.Baidu, Inc. - Baidu Antivirus Service.) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe    
O23 - Service: Baidu Hips Service (BHipsSvc) . (.Baidu, Inc. - Baidu Antivirus Hips Service.) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe    
O23 - Service: Baidu PC App Store Service 4.6.1.6274 (PCAppStoreSvc_{PCAppStore_4.6.1.6274}) . (.Baidu Inc. - Baidu PC App Store Service.) - C:\Program Files (x86)\Baidu Security\PC App Store\4.6.1.6274\PCAppStoreSvc.exe    
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe    
O23 - Service: Spark Security Service (SparkSecuritySvc) . (...) - C:\Program Files (x86)\baidu\SparkSafe\sparkservice.exe (.not file.)    
O42 - Logiciel: SavingsBull - (.SavingsBull.) [HKLM][64Bits] -- Level Quality Watcher  =>PUP.SavingsBull
O43 - CFD: 09/02/2015 - 10:35:05 - [] ----D C:\Program Files (x86)\Baidu Security    
O43 - CFD: 01/01/2004 - 00:01:22 - [] ----D C:\ProgramData\Baidu    
O43 - CFD: 01/01/2007 - 01:01:11 - [] ----D C:\ProgramData\Baidu Security    
O43 - CFD: 09/02/2015 - 08:47:10 - [] ----D C:\ProgramData\Log    
O43 - CFD: 09/02/2015 - 10:35:05 - [] ----D C:\Users\Arthur\AppData\Roaming\Baidu Security    
O45 - LFCP:[MD5.959A40D4DE86C0C793D4C507D859596D] - 28/02/2014 - 11:31:29 ---A- - C:\Windows\Prefetch\LEVELQUALITYWATCHER64.EXE-7E6F46C8.pf  =>PUP.LevelQualityWatcher
O45 - LFCP:[MD5.27062D449C8826362A6DED4FEF026C9A] - 28/02/2014 - 12:21:54 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-0F707B7F.pf  =>Adware.Lollipop
O45 - LFCP:[MD5.CF08C123FEAB9485F0A0411A7D1BE084] - 28/02/2014 - 11:30:45 ---A- - C:\Windows\Prefetch\LOLLIPOP_ANTIVIRUS_1302-27BC6-63CB2924.pf  =>Adware.Lollipop
O45 - LFCP:[MD5.36AB7589C02A511258EB5F90475F5C9E] - 28/02/2014 - 11:34:12 ---A- - C:\Windows\Prefetch\MELONDREA.FIRSTRUN.EXE-56B53026.pf  =>PUP.Melondrea
O45 - LFCP:[MD5.3F445BC9398BAA9E2315A557E14CD72A] - 28/02/2014 - 11:30:49 ---A- - C:\Windows\Prefetch\MELONDREA_0702-81CFB2EF.EXE-A5F0B33E.pf  =>PUP.Melondrea
O45 - LFCP:[MD5.8659415558748AC565AF5C87AAE5E15F] - 28/02/2014 - 11:33:28 ---A- - C:\Windows\Prefetch\MELONDREA_SETUP.EXE-960481A1.pf  =>PUP.Melondrea
O45 - LFCP:[MD5.C6607F810A040EB6B832C3195AAA8684] - 28/02/2014 - 12:15:51 ---A- - C:\Windows\Prefetch\MYSEARCHDIAL.EXE-A6AC01D5.pf  =>Adware.MyWebSearch
O45 - LFCP:[MD5.13D1A744D851182AC3596D761BED7CA1] - 28/02/2014 - 12:15:31 ---A- - C:\Windows\Prefetch\MYSEARCHDIALSRV.EXE-7589F3A6.pf  =>Adware.MyWebSearch
O45 - LFCP:[MD5.484353C37A27A926703B8CE18DCD80FE] - 28/02/2014 - 12:15:43 ---A- - C:\Windows\Prefetch\MYSEARCHDIALUPDATE.EXE-10D649EE.pf  =>Adware.MyWebSearch
O45 - LFCP:[MD5.EF2D4D58B1A7745E08F9C9595C7B17AA] - 28/02/2014 - 12:12:33 ---A- - C:\Windows\Prefetch\SAVESENSELIVE.EXE-A927BDEE.pf  =>PUP.SaveSense
O45 - LFCP:[MD5.4B81B6170AC2EB4769107DBE1E2464D3] - 28/02/2014 - 11:34:16 ---A- - C:\Windows\Prefetch\SAVINGSBULLFILTERSERVICE64.EX-A33C9C5D.pf  =>PUP.SavingsBull
O45 - LFCP:[MD5.9B21BF99C6EE373BE1B58EB1BC015988] - 28/02/2014 - 11:31:09 ---A- - C:\Windows\Prefetch\SAVINGSBULL_2102-9A9FD283.EXE-4E07AEA6.pf  =>PUP.SavingsBull
O45 - LFCP:[MD5.604D1C22B6F3E70EC2637EFDCAE0D9CC] - 28/02/2014 - 11:33:56 ---A- - C:\Windows\Prefetch\UPDATEMELONDREA.EXE-1A81DC1E.pf  =>PUP.Melondrea
O45 - LFCP:[MD5.C21AB528FA54911F0DF1BB3E0506F7F6] - 28/02/2014 - 12:14:20 ---A- - C:\Windows\Prefetch\WAJAM_VALIDATE.EXE-7F3F6147.pf  =>PUP.Wajam
O61 - LFC: 05/01/2014 - 00:39:20 ---A- . (.SaveSense.) -- C:\Users\Arthur\AppData\Local\Temp\{CA2EF0D8-B4A8-4AAD-9B4C-33D8AD4629F8}\o-update\SaveSenseLive.exe   [560104]  =>PUP.SaveSense
O61 - LFC: 12/08/2013 - 00:39:22 ---A- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK\0\Communication.dll   [298344]    
O61 - LFC: 12/08/2013 - 00:39:22 ---A- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK\0\InstallUtility.dll   [670568]    
O61 - LFC: 12/08/2013 - 00:39:22 ---A- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK\0\log.dll   [101568]    
O61 - LFC: 12/08/2013 - 00:39:22 ---A- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall\0\Communication.dll   [298344]    
O61 - LFC: 12/08/2013 - 00:39:22 ---A- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall\0\InstallUtility.dll   [670568]    
O61 - LFC: 12/08/2013 - 00:39:22 ---A- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall\0\log.dll   [101568]    
O61 - LFC: 14/01/2014 - 00:39:19 ----- . (.SaveSense.) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\5296700_stp\sas.exe   [1410824]  =>PUP.SaveSense
O61 - LFC: 15/08/2013 - 00:39:19 ----- . (...) -- C:\Users\Arthur\AppData\Local\Temp\is1242154493\8025895_stp\wajam_validate.exe   [11264]  =>PUP.Wajam
O61 - LFC: 17/12/2013 - 00:39:19 ----- . (...) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\2268482_stp\Mobogenie_Setup_UN.exe   [19212408]  =>PUP.Mobogenie
O61 - LFC: 22/08/2012 - 00:39:19 ---A- . (.OpenCandy, Inc..) -- C:\Users\Arthur\AppData\Local\Temp\is-VMPNB.tmp\OCSetupHlp.dll   [807280]  =>Adware.OpenCandy
O61 - LFC: 28/02/2014 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\n8615\melondrea_0702-81cfb2ef.exe   [233024]  =>PUP.Melondrea
O61 - LFC: 28/02/2014 - 00:39:19 ---A- . (.MySearchDial.) -- C:\Users\Arthur\AppData\Local\Temp\is8121084\mysearchdial.dll   [279960]  =>Adware.MyWebSearch
O64 - Services: CurCS - 13/06/2014 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys (BdApiUtil)  .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_BDAPIUTIL    
O64 - Services: CurCS - 27/05/2014 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys (BdCameraProtect)  .(.Baidu, Inc. - Baidu Antivirus Camera Protector Driver.) - LEGACY_BDCAMERAPROTECT    
O64 - Services: CurCS - 31/12/2003 - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys (PCFApiUtil)  .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_PCFAPIUTIL    
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (...) -- C:\Program Files (x86)\baidu\SparkSafe\Spark.exe    
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\baidu\SparkSafe\Spark.exe (.not file.)    
O69 - SBI: SearchScopes [HKCU] {86c83f9e-48a4-4cd2-a763-64fea5df35f7} [DefaultScope] - (Mysearchdial) - [Você precisa estar registrado e conectado para ver este link.]  =>Adware.MyWebSearch
O61 - LFC: 03/12/2014 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\i4jdel1.exe   [27411]
O61 - LFC: 07/01/2014 - 00:39:20 ----- . (...) -- C:\Users\Arthur\AppData\Local\Temp\{CA2EF0D8-B4A8-4AAD-9B4C-33D8AD4629F8}\files\uninst.exe   [964616]
O61 - LFC: 10/02/2015 - 00:39:20 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\spark_install.exe   [41173832]
O61 - LFC: 11/02/2015 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\SuperNodeCompressed.exe   [138816]
O61 - LFC: 13/01/2014 - 00:39:19 ---A- . (.Microsoft Corporation.) -- C:\Users\Arthur\AppData\Local\Temp\is-VMPNB.tmp\_isetup\_shfoldr.dll   [23312]
O61 - LFC: 13/07/2009 - 00:39:19 ---A- . (.Microsoft Corporation.) -- C:\Users\Arthur\AppData\Local\Temp\SDIAG_065ddecf-5c42-4e0c-be36-71c80c6438ab\DiagPackage.dll   [489472]
O61 - LFC: 13/07/2009 - 00:39:20 ---A- . (.Microsoft Corporation.) -- C:\Users\Arthur\AppData\Local\Temp\SDIAG_b6b797cb-c5c4-432f-a1c2-452552d49890\DiagPackage.dll   [489472]
O61 - LFC: 14/09/2012 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\is-VMPNB.tmp\saction.dll   [360448]
O61 - LFC: 15/01/2014 - 00:39:19 ----- . (.Baidu, Inc..) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\5296633_stp\BavPro_Setup_Mini_115_2.exe   [1211240]
O61 - LFC: 16/06/2014 - 00:39:19 ---A- . (.Reloaded Technologies.) -- C:\Users\Arthur\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\SuperNodeDownloadManager.exe   [4004904]
O61 - LFC: 16/12/2013 - 00:39:19 ----- . (.Baidu, Inc..) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\2268507_stp\BavPro_Setup_Mini_115_2.exe   [1169768]
O61 - LFC: 16/12/2013 - 00:39:19 ----- . (.Baidu, Inc..) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\6207365_stp\BavPro_Setup_Mini_115_2.exe   [1169768]
O61 - LFC: 17/10/2013 - 00:39:19 ----- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Local\Temp\is1242154493\8025952_stp\PC_Faster_Setup_Mini_B26_S.exe   [1484832]
O61 - LFC: 19/12/2013 - 00:39:19 ---A- . (.Oracle Corporation.) -- C:\Users\Arthur\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe   [921512]
O61 - LFC: 20/08/2014 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\Quarantine.exe   [377099]
O61 - LFC: 25/08/2013 - 00:39:19 ----- . (.Baidu, Inc..) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\2268539_stp\PCFaster-Baixaki.exe   [9751808]
O61 - LFC: 26/02/2014 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\libcef.dll   [20758016]
O61 - LFC: 26/02/2014 - 00:39:19 ---A- . (.The ICU Project.) -- C:\Users\Arthur\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\icudt.dll   [9956864]
O61 - LFC: 28/02/2014 - 00:39:18 ---A- . (.Baidu, Inc..) -- C:\Users\Arthur\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634.exe   [18605480]
O61 - LFC: 28/02/2014 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\is8121084\Sqlite3.dll   [599419]
O61 - LFC: 28/10/2012 - 00:39:19 ----- . (.sqlite.org.) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\2268394_stp\sqlite3.dll   [425928]
O61 - LFC: 28/10/2012 - 00:39:19 ----- . (.sqlite.org.) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\414314_stp\sqlite3.dll   [425928]
O61 - LFC: 28/10/2012 - 00:39:19 ----- . (.sqlite.org.) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\4164594_stp\sqlite3.dll   [425928]
O61 - LFC: 28/10/2012 - 00:39:19 ----- . (.sqlite.org.) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\6207347_stp\sqlite3.dll   [425928]
O61 - LFC: 29/12/2013 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R1.0-1-gf46bd58-b2793jnks.dll   [17408]
O61 - LFC: 29/12/2013 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\nspD1E0.tmp\BgWorker.dll   [2560]
O61 - LFC: 29/12/2013 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\nspD1E0.tmp\KillProcDLL.dll   [4096]
O61 - LFC: 29/12/2013 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\nspD1E0.tmp\SkinBtn.dll   [4608]
O61 - LFC: 29/12/2013 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\nspD1E0.tmp\System.dll   [11264]
O61 - LFC: 29/12/2013 - 00:39:19 ---A- . (.Igor Pavlov.) -- C:\Users\Arthur\AppData\Local\Temp\nspD1E0.tmp\nsis7z.dll   [175104]
O61 - LFC: 29/12/2013 - 00:39:20 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll   [541696]
O61 - LFC: 30/01/2013 - 00:39:18 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\17409305.Uninstall\uninstaller.exe   [1114624]
O61 - LFC: 30/01/2013 - 00:39:18 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\17449647.Uninstall\uninstaller.exe   [1114624]
O61 - LFC: 30/01/2013 - 00:39:19 ----- . (...) -- C:\Users\Arthur\AppData\Local\Temp\is1242154493\8026083_stp\uninstaller.exe   [1114624]
O61 - LFC: 31/12/2006 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\rcp_dcomnew_util_300.exe   [0]
[HKCU\Software\Baidu Security]    
[HKCU\Software\Baidu]    
[HKLM\Software\Baidu Security]    
[HKLM\Software\Wow6432Node\Baidu Security]    
[HKLM\Software\Wow6432Node\baidu]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified  
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32  =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS  =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32  =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS  =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASAPI32  =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASMANCS  =>PUP.Melondrea
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Level Quality Watcher]   =>PUP.SavingsBull^
C:\Windows\Installer\a0cb60.msi   =>PUP.SavingsBull^
C:\Users\Arthur\AppData\Local\Temp\GoogleToolbarInstaller1.log  =>PUP.Babylon
C:\Users\Arthur\AppData\Local\Temp\GoogleToolbarInstaller2.log  =>PUP.Babylon
ServiceStop:BAVSvc
ServiceStop:BHipsSvc
ServiceStop:PCAppStoreSvc_{PCAppStore_4.6.1.6274}
ServiceStop:SparkSecuritySvc
Firewallraz
shortcutfix
emptyclsid
emptyprefetch


|- Abra a ferramenta ZHPFix. < [Você precisa estar registrado e conectado para ver esta imagem.] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3768
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por Fuçador em Sex 29 Ago 2014, 15:53

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Arthur at 01/01/2004 05:04:35
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (05mn 03s)
Prefetcher vazio
Reparação de atalhos do navegador

========== Estado dos serviços ==========
BDAPIUTIL Parado
BDCAMERAPROTECT Parado
PCFAPIUTIL Parado
BAVSvc Parado
BHipsSvc Parado
PCAppStoreSvc_{PCAppStore_4.6.1.6274} Parado
SparkSecuritySvc Parado

========== Chaves do Registo ==========
Ramo Base de Registos IFEO não infetado !
ELIMINÉ: Service: SparkSafeUpdater
ELIMINÉ: Service: SparkSecuritySvc
ELIMINÉ: Service: BAVSvc
ELIMINÉ: Service: BHipsSvc
ELIMINÉ: Service: PCAppStoreSvc_{PCAppStore_4.6.1.6274}
ELIMINÉ:³ Service: PCFasterSvc_{PCFaster_4.0.0.0}
ELIMINÉ: SearchScopes :{86c83f9e-48a4-4cd2-a763-64fea5df35f7}
ELIMINÉ:³ HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\baidu
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASMANCS
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Level Quality Watcher

========== Valores do Registo ==========
ERRO RunValue: Baidu PC Faster 4.0.0.0
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Private) : {7B623895-74BC-4944-857C-45C72076241B}
ELIMINÉ: FirewallRaz (Private) : {4635DB03-D746-4332-9780-E5C332F3259B}
ELIMINÉ: FirewallRaz (Private) : {94C66089-897C-4F48-B5DB-582C3230BDC2}
ELIMINÉ: FirewallRaz (Private) : {B55B68D7-ED77-48C2-B3FD-70E08ACA2111}
ELIMINÉ: FirewallRaz (Private) : TCP Query User{01B1C98D-777F-4C5A-A097-DC348A958B3E}C:\program files (x86)\baidu\sparksafe\bdtray.exe
ELIMINÉ: FirewallRaz (Private) : UDP Query User{C0074BB3-8A5D-4AA5-841E-1444CD374043}C:\program files (x86)\baidu\sparksafe\bdtray.exe

========== Elementos dos dados do Registo ==========
SUBSTITUI Value NoActiveDesktopChanges : Good (0) - Bad (1)

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (1029) (486.240.590 octets)
ELIMINA REINICIAR: c:\program files (x86)\baidu security\baidu antivirus\bavsvc.exe
ELIMINÉ: c:\program files (x86)\baidu security\pc app store\4.6.1.6274\pcappstoresvc.exe
ELIMINÉ: c:\windows\prefetch\levelqualitywatcher64.exe-7e6f46c8.pf
ELIMINÉ: c:\windows\prefetch\lollipop.exe-0f707b7f.pf
ELIMINÉ: c:\windows\prefetch\lollipop_antivirus_1302-27bc6-63cb2924.pf
ELIMINÉ: c:\windows\prefetch\melondrea.firstrun.exe-56b53026.pf
ELIMINÉ: c:\windows\prefetch\melondrea_0702-81cfb2ef.exe-a5f0b33e.pf
ELIMINÉ: c:\windows\prefetch\melondrea_setup.exe-960481a1.pf
ELIMINÉ: c:\windows\prefetch\mysearchdial.exe-a6ac01d5.pf
ELIMINÉ: c:\windows\prefetch\mysearchdialsrv.exe-7589f3a6.pf
ELIMINÉ: c:\windows\prefetch\mysearchdialupdate.exe-10d649ee.pf
ELIMINÉ: c:\windows\prefetch\savesenselive.exe-a927bdee.pf
ELIMINÉ: c:\windows\prefetch\savingsbullfilterservice64.ex-a33c9c5d.pf
ELIMINÉ: c:\windows\prefetch\savingsbull_2102-9a9fd283.exe-4e07aea6.pf
ELIMINÉ: c:\windows\prefetch\updatemelondrea.exe-1a81dc1e.pf
ELIMINÉ: c:\windows\prefetch\wajam_validate.exe-7f3f6147.pf
ELIMINÉ: C:\Windows\Installer\a0cb60.msi

========== Tarefa planificada ==========
ELIMINÉ: Baidu Antivirus Update
ELIMINÉ: Baidu PC Faster Service
ELIMINÉ: Baidu PC Faster Update
ELIMINÉ: SparkSafeUpdater
ELIMINÉ: SparkSafeUpdater
ELIMINÉ: {9FC74599-7082-499D-9824-DD4E3336A860}


========== Recapitulativo ==========
20 : Chaves do Registo
9 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
18 : Ficheiros
7 : Estado dos serviços
6 : Tarefa planificada


End of clean in 15mn 36s

========== Caminho do ficheiro do relatório ==========
C:\Users\Arthur\AppData\Roaming\ZHP\ZHPFix[R1].txt - 01/01/2004 05:09:39 [4348]
avatar
Fuçador
Membro
Membro

Mensagens : 129
Reputação : 1
Data de inscrição : 30/09/2013

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por joram em Sex 29 Ago 2014, 15:59

Boa Tarde! Fuçador

|- Poste,novamente,outro relatório de ZHPDiag,na opção COMPLETA.

A+
avatar
joram
Administrador
Administrador

Mensagens : 3768
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por Fuçador em Sex 29 Ago 2014, 16:09

boa tarde aqi esta o link contendo o relatorio do ZHPDIAG
[Você precisa estar registrado e conectado para ver este link.]
avatar
Fuçador
Membro
Membro

Mensagens : 129
Reputação : 1
Data de inscrição : 30/09/2013

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por joram em Sex 29 Ago 2014, 16:42

Boa Tarde! Fuçador

|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.

script zhpfix
emptytemp
[MD5.25F14A383D92D576B19FC0BAF2B0A97C] - (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe   [1704296] [PID.3220]    
[MD5.D7F3C10428130DB60FF0318C975F12AB] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe   [1334976] [PID.3580]    
[MD5.968CD4BF6A25C30CF66B9781587FD5D9] - (.Baidu, Inc. - Baidu Antivirus Hips Service.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe   [481432] [PID.1884]    
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe   [770032] [PID.2224]    
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe   [770032] [PID.2864]    
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe   [770032] [PID.3164]    
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exe   [770032] [PID.3316]    
O4 - HKLM\..\Wow6432Node\Run: [Baidu PC Faster 4.0.0.0] . (.Baidu Inc. - PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe    
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe      
O43 - CFD: 01/01/2004 - 03:55:55 - [] ----D C:\Program Files (x86)\Baidu Security    
O43 - CFD: 01/01/2004 - 04:04:23 - [] ----D C:\ProgramData\Baidu Security    
O43 - CFD: 01/01/2004 - 04:05:03 - [] ----D C:\Users\Arthur\AppData\Roaming\Baidu Security    
O64 - Services: CurCS - 13/06/2014 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys (BdApiUtil)  .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_BDAPIUTIL    
O64 - Services: CurCS - 27/05/2014 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys (BdCameraProtect)  .(.Baidu, Inc. - Baidu Antivirus Camera Protector Driver.) - LEGACY_BDCAMERAPROTECT    
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (...) -- C:\Program Files (x86)\baidu\SparkSafe\Spark.exe    
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\baidu\SparkSafe\Spark.exe (.not file.)    
SR - | Auto 31/12/2003 770032 |  (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe    
[HKCU\Software\Baidu Security]    
[HKLM\Software\Wow6432Node\Baidu Security]
C:\Users\Arthur\AppData\Roaming\Baidu Security    
C:\Program Files (x86)\Baidu Security
C:\ProgramData\Baidu Security    
ServiceStop:PCFasterSvc_{PCFaster_4.0.0.0}
ServiceStop:BdApiUtil
ServiceStop:BdCameraProtect
Firewallraz
Emptyprefetch
Emptyclsid


|- Abra a ferramenta ZHPFix. < [Você precisa estar registrado e conectado para ver esta imagem.] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3768
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por Fuçador em Sex 29 Ago 2014, 18:20

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Arthur at 29/08/2014 18:19:04
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (01mn 05s)
Prefetcher vazio

========== Estado dos serviços ==========
BDAPIUTIL Parado
BDCAMERAPROTECT Parado
PCFasterSvc_{PCFaster_4.0.0.0} Parado
BdApiUtil Parado
BdCameraProtect Parado

========== Chaves do Registo ==========
ELIMINÉ:³ Service: PCFasterSvc_{PCFaster_4.0.0.0}
ELIMINÉ:³ HKCU\Software\Baidu Security
ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security

========== Valores do Registo ==========
ERRO RunValue: Baidu PC Faster 4.0.0.0
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (7) (1.198.810 octets)
ELIMINA REINICIAR: c:\program files (x86)\baidu security\pc faster\4.0.0.0\pcfaster.exe


========== Recapitulativo ==========
3 : Chaves do Registo
3 : Valores do Registo
1 : Pastas
2 : Ficheiros
5 : Estado dos serviços


End of clean in 15mn 45s

========== Caminho do ficheiro do relatório ==========
C:\Users\Arthur\AppData\Roaming\ZHP\ZHPFix[R1].txt - 01/01/2004 04:09:39 [4429]
C:\Users\Arthur\AppData\Roaming\ZHP\ZHPFix[R2].txt - 29/08/2014 18:20:09 [1374]
avatar
Fuçador
Membro
Membro

Mensagens : 129
Reputação : 1
Data de inscrição : 30/09/2013

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por joram em Sex 29 Ago 2014, 20:05

Boa Noite! Fuçador

|- Poste,pela última vez,novo log de ZHPDiag. Realizaremos seu script final...

A+
avatar
joram
Administrador
Administrador

Mensagens : 3768
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por Fuçador em Sex 29 Ago 2014, 20:33

[Você precisa estar registrado e conectado para ver este link.]
avatar
Fuçador
Membro
Membro

Mensagens : 129
Reputação : 1
Data de inscrição : 30/09/2013

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por joram em Sex 29 Ago 2014, 23:03

Fuçador escreveu:[Você precisa estar registrado e conectado para ver este link.]
Boa Noite! Fuçador

|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.

Script ZHPFix
emptytemp
Firewallraz
[MD5.D7F3C10428130DB60FF0318C975F12AB] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe   [1334976] [PID.1176]    
[MD5.610C67E69AD7F0265AEA4BF9074DEFCD] - (.Baidu Inc. - Baidu PC App Store Service.) -- C:\Program Files (x86)\Baidu Security\PC App Store\4.7.1.6925\PCAppStoreSvc.exe   [550944] [PID.1600]    
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe   [770032] [PID.1776]    
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe   [770032] [PID.1880]    
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe   [770032] [PID.2776]    
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exe   [770032] [PID.2940]    
[MD5.933078FAEB8719E3E98A46F70D27095B] [APT] [Baidu PC Faster Service] (.Baidu Inc..) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe   [770032]    
[MD5.F01CEF89A1059F08877E9FA16970AF88] [APT] [Baidu PC Faster Update] (.Baidu Inc..) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Updater.exe   [1329648]
O4 - HKLM\..\Wow6432Node\Run: [Baidu PC Faster 4.0.0.0] . (.Baidu Inc. - PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe    
O23 - Service: Baidu PC App Store Service 4.7.1.6925 (PCAppStoreSvc_{PCAppStore_4.7.1.6925}) . (.Baidu Inc. - Baidu PC App Store Service.) - C:\Program Files (x86)\Baidu Security\PC App Store\4.7.1.6925\PCAppStoreSvc.exe    
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
O43 - CFD: 01/01/2004 - 00:03:18 - [] ----D C:\Program Files (x86)\Baidu Security    
O43 - CFD: 01/01/2004 - 04:04:23 - [] ----D C:\ProgramData\Baidu Security    
O43 - CFD: 29/08/2014 - 18:13:16 - [] ----D C:\Users\Arthur\AppData\Roaming\Baidu Security    
O64 - Services: CurCS - 31/12/2003 - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys (PCFApiUtil)  .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_PCFAPIUTIL    
O67 - Shell Spawning: <.html> [HKLM\..\open\Command] (...) -- C:\Program Files (x86)\baidu\SparkSafe\Spark.exe    
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\baidu\SparkSafe\Spark.exe (.not file.)    
SR - | Auto 25/08/2014 550944 |  (PCAppStoreSvc_{PCAppStore_4.7.1.6925}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC App Store\4.7.1.6925\PCAppStoreSvc.exe    
SR - | Auto 31/12/2003 770032 |  (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe    
[HKCU\Software\Baidu Security]    
[HKLM\Software\Wow6432Node\Baidu Security]
C:\Users\Arthur\AppData\Roaming\Baidu Security
C:\Program Files (x86)\Baidu Security
C:\ProgramData\Baidu Security      
ServiceStop:PCAppStoreSvc_{PCAppStore_4.7.1.6925}
ServiceStop:PCFasterSvc_{PCFaster_4.0.0.0}
ServiceStop:PCFApiUtil
Emptyprefetch
Emptyclsid
Emptyflash
Ifeofix


|- Abra a ferramenta ZHPFix. < [Você precisa estar registrado e conectado para ver esta imagem.] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3768
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por Fuçador em Sab 30 Ago 2014, 15:05

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Arthur at 30/08/2014 14:52:23
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (02mn 36s)
Prefetcher vazio

========== Estado dos serviços ==========
PCFAPIUTIL Parado
PCAppStoreSvc_{PCAppStore_4.7.1.6925} Parado
PCFasterSvc_{PCFaster_4.0.0.0} Parado
PCFApiUtil Parado

========== Chaves do Registo ==========
ELIMINÉ: Service: PCAppStoreSvc_{PCAppStore_4.7.1.6925}
ELIMINÉ:³ Service: PCFasterSvc_{PCFaster_4.0.0.0}
ELIMINÉ:³ HKCU\Software\Baidu Security
ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security
Ramo Base de Registos IFEO não infetado !

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ERRO RunValue: Baidu PC Faster 4.0.0.0

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Flash Cookies (0)

========== Ficheiros ==========
ELIMINÉ Temporários windows (Cool (274.391 octets)
ELIMINA REINICIAR: c:\program files (x86)\baidu security\pc faster\4.0.0.0\pcfaster.exe
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: Baidu PC Faster Service
ELIMINÉ: Baidu PC Faster Update


========== Recapitulativo ==========
5 : Chaves do Registo
3 : Valores do Registo
2 : Pastas
3 : Ficheiros
4 : Estado dos serviços
2 : Tarefa planificada


End of clean in 14mn 34s

========== Caminho do ficheiro do relatório ==========
C:\Users\Arthur\AppData\Roaming\ZHP\ZHPFix[R1].txt - 01/01/2004 04:09:39 [4429]
C:\Users\Arthur\AppData\Roaming\ZHP\ZHPFix[R2].txt - 29/08/2014 18:20:09 [1455]
C:\Users\Arthur\AppData\Roaming\ZHP\ZHPFix[R3].txt - 30/08/2014 14:55:00 [1753]
avatar
Fuçador
Membro
Membro

Mensagens : 129
Reputação : 1
Data de inscrição : 30/09/2013

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por joram em Sab 30 Ago 2014, 15:36

Boa Tarde! Fuçador

|- Desinstalou o Avast?
|- Se foi o Avast,execute este utilitário!

|- Baixe: < [Você precisa estar registrado e conectado para ver este link.] >
|- Execute-o,em Modo de Segurança >> Clique em Remove.
|- Reinicie o computador ao concluir!

-/-

|- Baixe: |[Você precisa estar registrado e conectado para ver este link.]| ( ... de Xplode )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Estando na página,clique em Download Now.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Com as caixinhas marcadas,clique Executar!

< [Você precisa estar registrado e conectado para ver este link.] >

|- Leia este Tutorial e baixe o MBAM.
|- Configure-o a enviar suas detecções para a quarentena.
|- Poste o relatório ao concluir!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3768
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por Fuçador em Dom 31 Ago 2014, 11:42

aqui esta instalado o avg posso proceder do mesmo jeito?
avatar
Fuçador
Membro
Membro

Mensagens : 129
Reputação : 1
Data de inscrição : 30/09/2013

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por joram em Dom 31 Ago 2014, 12:03

Fuçador escreveu:aqui esta instalado o avg posso proceder do mesmo jeito?
Bom Dia! Fuçador

|- Não é a mesma coisa,pois pode ter tido permissões erradas e não detectar PUPs.

|- Portanto,realize o scan com o MBAMisso aí!

Abs!
avatar
joram
Administrador
Administrador

Mensagens : 3768
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por Fuçador em Ter 02 Set 2014, 19:05

ok valeu pela força ae o pc esta muito melhor! grato pela ajuda!
pode fechar o topico!
avatar
Fuçador
Membro
Membro

Mensagens : 129
Reputação : 1
Data de inscrição : 30/09/2013

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por joram em Ter 02 Set 2014, 19:35

CASO RESOLVIDO

Caso o autor do Tópico necessite de sua reabertura,o mesmo deverá entrar em contato com um dos membros da Equipe da Moderação,e solicitar o desbloqueio.
avatar
joram
Administrador
Administrador

Mensagens : 3768
Reputação : 416
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: PC infectado com vários tipos de virus

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum