Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14806 usuários registradosO último membro registrado é King empero
Os nossos membros postaram um total de 36043 mensagens em 3684 assuntos
Quem está conectado?
Há 21 usuários online :: 0 registrados, 0 invisíveis e 21 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
Malware poluindo páginas da internet com anúncios.
3 participantes
Página 1 de 1
Malware poluindo páginas da internet com anúncios.
Boa tarde!
meu notebook está infectado com algum malware que se instalou, poluiu as paginas da internet com anuncios e executa downloads automatiocos de um falso arquivo de update do flash player.
Segue log para análise, obrigado!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:55:39, on 29/08/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16506)
Boot mode: Normal
Running processes:
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\leandro\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\leandro\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: Dropbox.lnk = leandro\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.itau.com.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C85AD22-F2EE-42E8-9E56-23AD927B39E8}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{269A4255-5432-48EC-93DF-A4E8D6856AC0}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{33C2B5E3-D565-44E4-8E85-357EF813D05A}: NameServer = 200.169.117.221 200.169.117.222
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Claro. OUC (Claro. RunOuc) - Unknown owner - (no file)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 10332 bytes
meu notebook está infectado com algum malware que se instalou, poluiu as paginas da internet com anuncios e executa downloads automatiocos de um falso arquivo de update do flash player.
Segue log para análise, obrigado!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:55:39, on 29/08/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16506)
Boot mode: Normal
Running processes:
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\leandro\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\leandro\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: Dropbox.lnk = leandro\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.itau.com.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C85AD22-F2EE-42E8-9E56-23AD927B39E8}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{269A4255-5432-48EC-93DF-A4E8D6856AC0}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{33C2B5E3-D565-44E4-8E85-357EF813D05A}: NameServer = 200.169.117.221 200.169.117.222
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Claro. OUC (Claro. RunOuc) - Unknown owner - (no file)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 10332 bytes
euler.reis- Iniciante
- Mensagens : 12
Reputação : 1
Data de inscrição : 29/08/2014
Re: Malware poluindo páginas da internet com anúncios.
Boa Tarde! euler.reis
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )
|- Ao acessar,clique em "Download Now".
|- Ps: Se utilizar o navegador IE9,desabilite o filtro "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]".
|- Salve-o no desktop!
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique direito em adwcleaner.exe,e escolha sua execução como administrador.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Ps: Dê início ao scan,clicando em "Examinar".
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
|- Copie o log ou clique "Relatório".
|- Poste: < C:\AdwCleaner\AdwCleaner[S0].txt >
Abs!
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )
|- Ao acessar,clique em "Download Now".
|- Ps: Se utilizar o navegador IE9,desabilite o filtro "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]".
|- Salve-o no desktop!
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique direito em adwcleaner.exe,e escolha sua execução como administrador.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Ps: Dê início ao scan,clicando em "Examinar".
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
|- Copie o log ou clique "Relatório".
|- Poste: < C:\AdwCleaner\AdwCleaner[S0].txt >
Abs!
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Malware poluindo páginas da internet com anúncios.
Amigo, segue o log do AdwCleaner.
# AdwCleaner v3.308 - Report created 29/08/2014 at 14:45:09
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : leandro - LEANDRO-PC
# Running from : C:\Users\leandro\Desktop\adwcleaner_3.308.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\Program Files (x86)\Adblocker
Folder Deleted : C:\Program Files (x86)\iSafe
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\leandro\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\leandro\AppData\Local\Temp\iSafeRightKeyScan
Folder Deleted : C:\Users\leandro\AppData\Roaming\eCyber
Folder Deleted : C:\Users\leandro\AppData\Roaming\iSafe
Folder Deleted : C:\Users\leandro\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
File Deleted : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\Users\leandro\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\leandro\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
Task Deleted : pricemeterdownloader
Task Deleted : UpdaterEX
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pricemeterd_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pricemeterd_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\PC_Booster
Key Deleted : HKLM\SOFTWARE\PriceMeterLiveUpdate
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16506
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v36.0.1985.125
[ File : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Extension] : cjpglkicenollcignonpgiafdgfeehoj
Deleted [Extension] : gngkdgaafcgfejnpkcjbhodgkdklddcc
Deleted [Extension] : oipcmmbcnmnpifgepodaonleclfdgjmo
*************************
AdwCleaner[R0].txt - [10170 octets] - [29/08/2014 14:39:24]
AdwCleaner[R1].txt - [10231 octets] - [29/08/2014 14:44:02]
AdwCleaner[S0].txt - [10146 octets] - [29/08/2014 14:45:09]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10207 octets] ##########
# AdwCleaner v3.308 - Report created 29/08/2014 at 14:45:09
# Updated 20/08/2014 by Xplode
# Operating System : Windows 7 Ultimate (64 bits)
# Username : leandro - LEANDRO-PC
# Running from : C:\Users\leandro\Desktop\adwcleaner_3.308.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Trusted Publisher
Folder Deleted : C:\Program Files (x86)\Adblocker
Folder Deleted : C:\Program Files (x86)\iSafe
Folder Deleted : C:\Users\Administrator\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\torch
Folder Deleted : C:\Users\Guest\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Guest\AppData\Local\torch
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\torch
Folder Deleted : C:\Users\leandro\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\leandro\AppData\Local\Temp\iSafeRightKeyScan
Folder Deleted : C:\Users\leandro\AppData\Roaming\eCyber
Folder Deleted : C:\Users\leandro\AppData\Roaming\iSafe
Folder Deleted : C:\Users\leandro\AppData\Roaming\UpdaterEX
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Chromatic Browser
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\gngkdgaafcgfejnpkcjbhodgkdklddcc
[!] Folder Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\HomeGroupUser$\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
[!] Folder Deleted : C:\Users\UpdatusUser\AppData\Local\Google\Chrome\User Data\Default\Extensions\oipcmmbcnmnpifgepodaonleclfdgjmo
File Deleted : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\Users\leandro\AppData\Roaming\LiveSupport.exe_log.txt
File Deleted : C:\Users\leandro\AppData\Roaming\regsvr32.exe_log.txt
File Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Scheduled Tasks ] *****
Task Deleted : pricemeterdownloader
Task Deleted : UpdaterEX
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Lollipop_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pricemeterd_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\pricemeterd_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKCU\Software\RegisteredApplicationsEx
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKLM\SOFTWARE\{77D46E27-0E41-4478-87A6-AABE6FBCF252}
Key Deleted : HKLM\SOFTWARE\PC_Booster
Key Deleted : HKLM\SOFTWARE\PriceMeterLiveUpdate
***** [ Browsers ] *****
-\\ Internet Explorer v9.0.8112.16506
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Google Chrome v36.0.1985.125
[ File : C:\Users\leandro\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted [Extension] : cjpglkicenollcignonpgiafdgfeehoj
Deleted [Extension] : gngkdgaafcgfejnpkcjbhodgkdklddcc
Deleted [Extension] : oipcmmbcnmnpifgepodaonleclfdgjmo
*************************
AdwCleaner[R0].txt - [10170 octets] - [29/08/2014 14:39:24]
AdwCleaner[R1].txt - [10231 octets] - [29/08/2014 14:44:02]
AdwCleaner[S0].txt - [10146 octets] - [29/08/2014 14:45:09]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [10207 octets] ##########
euler.reis- Iniciante
- Mensagens : 12
Reputação : 1
Data de inscrição : 29/08/2014
Re: Malware poluindo páginas da internet com anúncios.
Boa Tarde! euler.reis
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Oleg N. Scherbakov )
|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,clique direito em JRT.exe e execute-o ... [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "COMPLETA" e aguarde a conclusão!
|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
|- Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| >
A+
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Oleg N. Scherbakov )
|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,clique direito em JRT.exe e execute-o ... [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "COMPLETA" e aguarde a conclusão!
|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
|- Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| >
A+
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Malware poluindo páginas da internet com anúncios.
Amigo, seguem os logs conforme solicitado.
link do log do ZHdiag: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Log do JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by leandro on 29/08/2014 at 15:35:57,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/08/2014 at 15:44:09,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
link do log do ZHdiag: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Log do JRT:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by leandro on 29/08/2014 at 15:35:57,14
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/08/2014 at 15:44:09,40
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
euler.reis- Iniciante
- Mensagens : 12
Reputação : 1
Data de inscrição : 29/08/2014
Re: Malware poluindo páginas da internet com anúncios.
Boa Tarde! euler.reis
|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.
script zhpfix
Ifeofix
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
[MD5.169180F02ABCECA5DE72FC5EEBC861BB] [SPRF][01/10/2013] (.No owner - Setup/Uninstall.) -- C:\Users\leandro\AppData\Roaming\unins000.exe [730322]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [SPRF][19/03/2014] (.No owner - Setup/Uninstall.) -- C:\Users\leandro\AppData\Roaming\unins001.exe [720082]
[MD5.14BF59D9687F453D209F7780D14F3E17] [SPRF][11/07/2014] (.No owner - Setup/Uninstall.) -- C:\Users\leandro\AppData\Roaming\unins002.exe [720082]
O2 - BHO: ExplorerWnd Helper [64Bits] - {10921475-03CE-4E04-90CE-E2E7EF20C814} Chave orfã
O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Chave orfã
O43 - CFD: 09/03/2014 - 22:18:16 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 09/03/2014 - 21:02:16 - [] ----D C:\ProgramData\Log
O43 - CFD: 09/03/2014 - 21:02:20 - [] ----D C:\Users\leandro\AppData\Roaming\Baidu Security
O43 - CFD: 17/08/2014 - 19:15:21 - [] ----D C:\Users\leandro\AppData\Roaming\computer software market
O43 - CFD: 27/08/2014 - 13:31:42 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
O44 - LFC:[MD5.D5275132AA5A8C7473B841F032480C7E] - 28/08/2014 - 11:23:00 ---A- . (...) -- C:\zoek-results2014-08-28-142300.log [20137]
O51 - MPSK:{0d689393-cc64-11e3-94dd-90a4dea7ad8d}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{58ff0c14-bf08-11e3-9b58-90a4dea7ad8d}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{79064dcf-b8be-11e3-bde4-90a4dea7ad8d}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{79064ddc-b8be-11e3-bde4-90a4dea7ad8d}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{79064de7-b8be-11e3-bde4-90a4dea7ad8d}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{573d565d-aaca-11e3-8062-90a4dea7ad8d}\AutoRun\command. (...) -- F:\SISetup.exe (.not file.)
O61 - LFC: 29/08/2014 - 15:50:35 ---A- . (...) -- C:\Users\leandro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwmemmv.dll [43008]
O61 - LFC: 29/08/2014 - 15:50:37 ---A- . (...) -- C:\Users\leandro\Downloads\Setup.exe [1465064]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\dlLogic_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\dlLogic_RASMANCS =>Toolbar.Conduit
[HKCU\Software\Baidu Security]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Computer Software Market]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeSvc2_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeSvc2_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafe_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafe_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_antivirus_1302-27bc6a41_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_antivirus_1302-27bc6a41_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_Setup_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_Setup_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-4_RASAPI32 =>Adware.PlusHD
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-4_RASMANCS =>Adware.PlusHD
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_v5_RASAPI32 =>PUP.SupTab
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_v5_RASMANCS =>PUP.SupTab
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS =>PUP.Melondrea
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
C:\Users\leandro\AppData\Roaming\Baidu Security
C:\ProgramData\Baidu Security
emptytemp
emptyclsid
emptyprefetch
|- Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!
A+
|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.
script zhpfix
Ifeofix
R1 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
[MD5.169180F02ABCECA5DE72FC5EEBC861BB] [SPRF][01/10/2013] (.No owner - Setup/Uninstall.) -- C:\Users\leandro\AppData\Roaming\unins000.exe [730322]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [SPRF][19/03/2014] (.No owner - Setup/Uninstall.) -- C:\Users\leandro\AppData\Roaming\unins001.exe [720082]
[MD5.14BF59D9687F453D209F7780D14F3E17] [SPRF][11/07/2014] (.No owner - Setup/Uninstall.) -- C:\Users\leandro\AppData\Roaming\unins002.exe [720082]
O2 - BHO: ExplorerWnd Helper [64Bits] - {10921475-03CE-4E04-90CE-E2E7EF20C814} Chave orfã
O3 - Toolbar: (no name) - [HKLM]{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} Chave orfã
O43 - CFD: 09/03/2014 - 22:18:16 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 09/03/2014 - 21:02:16 - [] ----D C:\ProgramData\Log
O43 - CFD: 09/03/2014 - 21:02:20 - [] ----D C:\Users\leandro\AppData\Roaming\Baidu Security
O43 - CFD: 17/08/2014 - 19:15:21 - [] ----D C:\Users\leandro\AppData\Roaming\computer software market
O43 - CFD: 27/08/2014 - 13:31:42 - [0] ----D C:\ProgramData\{3C5CBD7B-3D1D-411E-96C2-513FFCA84D2D}
O44 - LFC:[MD5.D5275132AA5A8C7473B841F032480C7E] - 28/08/2014 - 11:23:00 ---A- . (...) -- C:\zoek-results2014-08-28-142300.log [20137]
O51 - MPSK:{0d689393-cc64-11e3-94dd-90a4dea7ad8d}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{58ff0c14-bf08-11e3-9b58-90a4dea7ad8d}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{79064dcf-b8be-11e3-bde4-90a4dea7ad8d}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{79064ddc-b8be-11e3-bde4-90a4dea7ad8d}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{79064de7-b8be-11e3-bde4-90a4dea7ad8d}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{573d565d-aaca-11e3-8062-90a4dea7ad8d}\AutoRun\command. (...) -- F:\SISetup.exe (.not file.)
O61 - LFC: 29/08/2014 - 15:50:35 ---A- . (...) -- C:\Users\leandro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwmemmv.dll [43008]
O61 - LFC: 29/08/2014 - 15:50:37 ---A- . (...) -- C:\Users\leandro\Downloads\Setup.exe [1465064]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\dlLogic_RASAPI32 =>Toolbar.Conduit
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\dlLogic_RASMANCS =>Toolbar.Conduit
[HKCU\Software\Baidu Security]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Computer Software Market]
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeSvc2_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeSvc2_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafe_RASAPI32 =>Trojan.Staser
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafe_RASMANCS =>Trojan.Staser
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_antivirus_1302-27bc6a41_RASAPI32 =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_antivirus_1302-27bc6a41_RASMANCS =>Adware.Lollipop
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_Setup_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_Setup_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-4_RASAPI32 =>Adware.PlusHD
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-4_RASMANCS =>Adware.PlusHD
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_v5_RASAPI32 =>PUP.SupTab
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_v5_RASMANCS =>PUP.SupTab
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS =>PUP.Melondrea
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
C:\Users\leandro\AppData\Roaming\Baidu Security
C:\ProgramData\Baidu Security
emptytemp
emptyclsid
emptyprefetch
|- Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!
A+
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Malware poluindo páginas da internet com anúncios.
Boa tarde,
seuge o log, conforme solicitado:
Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by leandro at 29/08/2014 16:27:58
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit (Build 7600)
Reciclagem vazia (00mn 03s)
Prefetcher vazio
========== Chaves do Registo ==========
Ramo Base de Registos IFEO não infetado !
ELIMINÉ CLSID MPSK: {0d689393-cc64-11e3-94dd-90a4dea7ad8d}
ELIMINÉ CLSID MPSK: {58ff0c14-bf08-11e3-9b58-90a4dea7ad8d}
ELIMINÉ CLSID MPSK: {79064dcf-b8be-11e3-bde4-90a4dea7ad8d}
ELIMINÉ CLSID MPSK: {79064ddc-b8be-11e3-bde4-90a4dea7ad8d}
ELIMINÉ CLSID MPSK: {79064de7-b8be-11e3-bde4-90a4dea7ad8d}
ELIMINÉ CLSID MPSK: {573d565d-aaca-11e3-8062-90a4dea7ad8d}
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\dlLogic_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\dlLogic_RASMANCS
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Computer Software Market
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeSvc2_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeSvc2_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafe_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafe_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_antivirus_1302-27bc6a41_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_antivirus_1302-27bc6a41_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_Setup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_Setup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-4_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-4_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_v5_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_v5_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page = about:blank
ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
SUBSTITUI Value NoActiveDesktopChanges : Good (0) - Bad (1)
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\zoek-results2014-08-28-142300.log
ELIMINA REINICIAR: c:\users\leandro\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwmemmv.dll
ELIMINÉ: c:\users\leandro\downloads\setup.exe
ELIMINÉ Temporários windows (261) (16.031.557 octets)
========== Recapitulativo ==========
30 : Chaves do Registo
1 : Valores do Registo
3 : Elementos dos dados do Registo
1 : Pastas
4 : Ficheiros
End of clean in 00mn 11s
========== Caminho do ficheiro do relatório ==========
C:\Users\leandro\AppData\Roaming\ZHP\ZHPFix[R1].txt - 29/08/2014 16:28:03 [3382]
seuge o log, conforme solicitado:
Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by leandro at 29/08/2014 16:27:58
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit (Build 7600)
Reciclagem vazia (00mn 03s)
Prefetcher vazio
========== Chaves do Registo ==========
Ramo Base de Registos IFEO não infetado !
ELIMINÉ CLSID MPSK: {0d689393-cc64-11e3-94dd-90a4dea7ad8d}
ELIMINÉ CLSID MPSK: {58ff0c14-bf08-11e3-9b58-90a4dea7ad8d}
ELIMINÉ CLSID MPSK: {79064dcf-b8be-11e3-bde4-90a4dea7ad8d}
ELIMINÉ CLSID MPSK: {79064ddc-b8be-11e3-bde4-90a4dea7ad8d}
ELIMINÉ CLSID MPSK: {79064de7-b8be-11e3-bde4-90a4dea7ad8d}
ELIMINÉ CLSID MPSK: {573d565d-aaca-11e3-8062-90a4dea7ad8d}
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\dlLogic_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\dlLogic_RASMANCS
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Computer Software Market
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeSvc2_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafeSvc2_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafe_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\iSafe_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_antivirus_1302-27bc6a41_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Lollipop_antivirus_1302-27bc6a41_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_0702-81cfb2ef_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_Setup_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_Setup_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-4_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Plus-HD-4_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_v5_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\SupTab_v5_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5}
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page = about:blank
ELIMINÉ: R0 - Main,Start Page = KLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page
SUBSTITUI Value NoActiveDesktopChanges : Good (0) - Bad (1)
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ: c:\zoek-results2014-08-28-142300.log
ELIMINA REINICIAR: c:\users\leandro\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwmemmv.dll
ELIMINÉ: c:\users\leandro\downloads\setup.exe
ELIMINÉ Temporários windows (261) (16.031.557 octets)
========== Recapitulativo ==========
30 : Chaves do Registo
1 : Valores do Registo
3 : Elementos dos dados do Registo
1 : Pastas
4 : Ficheiros
End of clean in 00mn 11s
========== Caminho do ficheiro do relatório ==========
C:\Users\leandro\AppData\Roaming\ZHP\ZHPFix[R1].txt - 29/08/2014 16:28:03 [3382]
euler.reis- Iniciante
- Mensagens : 12
Reputação : 1
Data de inscrição : 29/08/2014
Re: Malware poluindo páginas da internet com anúncios.
Boa Tarde! euler.reis
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Siga as orientações deste Tutorial e poste o log do MBAM.
Abs!
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Siga as orientações deste Tutorial e poste o log do MBAM.
Abs!
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Malware poluindo páginas da internet com anúncios.
Olá!
segue log do malwarebytes, não houve nenhuma ameaça detectada.
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Scan Date: 29/08/2014
Scan Time: 17:08:13
Logfile: malwarebytes.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.29.05
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7
CPU: x64
File System: NTFS
User: leandro
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 518555
Time Elapsed: 59 min, 56 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
segue log do malwarebytes, não houve nenhuma ameaça detectada.
Malwarebytes Anti-Malware
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Scan Date: 29/08/2014
Scan Time: 17:08:13
Logfile: malwarebytes.txt
Administrator: Yes
Version: 2.00.2.1012
Malware Database: v2014.08.29.05
Rootkit Database: v2014.08.21.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
OS: Windows 7
CPU: x64
File System: NTFS
User: leandro
Scan Type: Custom Scan
Result: Completed
Objects Scanned: 518555
Time Elapsed: 59 min, 56 sec
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
Processes: 0
(No malicious items detected)
Modules: 0
(No malicious items detected)
Registry Keys: 0
(No malicious items detected)
Registry Values: 0
(No malicious items detected)
Registry Data: 0
(No malicious items detected)
Folders: 0
(No malicious items detected)
Files: 0
(No malicious items detected)
Physical Sectors: 0
(No malicious items detected)
(end)
euler.reis- Iniciante
- Mensagens : 12
Reputação : 1
Data de inscrição : 29/08/2014
Estou com esse mesmo problema, sigo os mesmos passos?
euler.reis escreveu:Boa tarde!
meu notebook está infectado com algum malware que se instalou, poluiu as paginas da internet com anuncios e executa downloads automatiocos de um falso arquivo de update do flash player.
Segue log para análise, obrigado!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:55:39, on 29/08/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16506)
Boot mode: Normal
Running processes:
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Users\leandro\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\leandro\Downloads\HijackThis.exe
C:\Windows\SysWOW64\DllHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - (no file)
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Advanced SystemCare Browser Protection - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~2\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: Dropbox.lnk = leandro\AppData\Roaming\Dropbox\bin\Dropbox.exe
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: *.itau.com.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O17 - HKLM\System\CCS\Services\Tcpip\..\{1C85AD22-F2EE-42E8-9E56-23AD927B39E8}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{269A4255-5432-48EC-93DF-A4E8D6856AC0}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{33C2B5E3-D565-44E4-8E85-357EF813D05A}: NameServer = 200.169.117.221 200.169.117.222
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 7 (AdvancedSystemCareService7) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Content Service - Unknown owner - C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Claro. OUC (Claro. RunOuc) - Unknown owner - (no file)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Flexera Software, Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: HP SI Service (HPSIService) - Unknown owner - C:\Windows\system32\HPSIsvc.exe (file missing)
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LiveUpdate (LiveUpdateSvc) - IObit - C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
--
End of file - 10332 bytes
Juliana Bischoff- Iniciante
- Mensagens : 15
Reputação : 1
Data de inscrição : 29/08/2014
Re: Malware poluindo páginas da internet com anúncios.
Juliana, sugiro que você crie um novo tópico e especifique o seu problema.
Por mais que seu problema seja parecido, os arquivos e pastas infectadas podem ser diferentes e o Script de limpeza passado pelo analista é exclusivo para cada máquina.
Além disso, ao entrar no meu e postar uma resposta antes de um analista, você faz com que meu tópico se torne mais dificil de ser visto por ele, por já possuir um número ímpar de respostas
Obrigado
Att.,
Euler Reis
Por mais que seu problema seja parecido, os arquivos e pastas infectadas podem ser diferentes e o Script de limpeza passado pelo analista é exclusivo para cada máquina.
Além disso, ao entrar no meu e postar uma resposta antes de um analista, você faz com que meu tópico se torne mais dificil de ser visto por ele, por já possuir um número ímpar de respostas
Obrigado
Att.,
Euler Reis
euler.reis- Iniciante
- Mensagens : 12
Reputação : 1
Data de inscrição : 29/08/2014
Re: Malware poluindo páginas da internet com anúncios.
Boa Noite! euler.reiseuler.reis escreveu:Juliana, sugiro que você crie um novo tópico e especifique o seu problema.
Por mais que seu problema seja parecido, os arquivos e pastas infectadas podem ser diferentes e o Script de limpeza passado pelo analista é exclusivo para cada máquina.
Além disso, ao entrar no meu e postar uma resposta antes de um analista, você faz com que meu tópico se torne mais dificil de ser visto por ele, por já possuir um número ímpar de respostas
Obrigado
Att.,
Euler Reis
|- Repita o scan com a ferramenta ZHPDiag,na opção COMPLETA,e poste o relatório.
|- Hospede-o em Cjoint.com e envie-nos o link.
A+
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Malware poluindo páginas da internet com anúncios.
Boa noite!
segue o link com o log do ZDiag: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Obrigado!
segue o link com o log do ZDiag: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Obrigado!
euler.reis- Iniciante
- Mensagens : 12
Reputação : 1
Data de inscrição : 29/08/2014
Re: Malware poluindo páginas da internet com anúncios.
Boa Noite! euler.reis
|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.
Script ZHPFix
emptytemp
[MD5.169180F02ABCECA5DE72FC5EEBC861BB] [SPRF][01/10/2013] (.No owner - Setup/Uninstall.) -- C:\Users\leandro\AppData\Roaming\unins000.exe [730322]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [SPRF][19/03/2014] (.No owner - Setup/Uninstall.) -- C:\Users\leandro\AppData\Roaming\unins001.exe [720082]
[MD5.14BF59D9687F453D209F7780D14F3E17] [SPRF][11/07/2014] (.No owner - Setup/Uninstall.) -- C:\Users\leandro\AppData\Roaming\unins002.exe [720082]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: ExplorerWnd Helper [64Bits] - {10921475-03CE-4E04-90CE-E2E7EF20C814} Chave orfã
O61 - LFC: 29/08/2014 - 22:34:15 ---A- . (...) -- C:\Users\leandro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwmemmv.dll [43008]
Emptyprefetch
Emptyclsid
Emptyflash
|- Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!
A+
|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.
Script ZHPFix
emptytemp
[MD5.169180F02ABCECA5DE72FC5EEBC861BB] [SPRF][01/10/2013] (.No owner - Setup/Uninstall.) -- C:\Users\leandro\AppData\Roaming\unins000.exe [730322]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [SPRF][19/03/2014] (.No owner - Setup/Uninstall.) -- C:\Users\leandro\AppData\Roaming\unins001.exe [720082]
[MD5.14BF59D9687F453D209F7780D14F3E17] [SPRF][11/07/2014] (.No owner - Setup/Uninstall.) -- C:\Users\leandro\AppData\Roaming\unins002.exe [720082]
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
O2 - BHO: ExplorerWnd Helper [64Bits] - {10921475-03CE-4E04-90CE-E2E7EF20C814} Chave orfã
O61 - LFC: 29/08/2014 - 22:34:15 ---A- . (...) -- C:\Users\leandro\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwmemmv.dll [43008]
Emptyprefetch
Emptyclsid
Emptyflash
|- Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!
A+
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Malware poluindo páginas da internet com anúncios.
Boa noite!
segue o log:
Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by leandro at 29/08/2014 23:38:40
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit (Build 7600)
Reciclagem vazia (00mn 02s)
Prefetcher vazio
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page = about:blank
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Flash Cookies (0)
========== Ficheiros ==========
ELIMINÉ Temporários windows (15) (114.304 octets)
ELIMINA REINICIAR: c:\users\leandro\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwmemmv.dll
ELIMINÉ Flash Cookies (0) (0 octets)
========== Recapitulativo ==========
1 : Elementos dos dados do Registo
2 : Pastas
3 : Ficheiros
End of clean in 00mn 04s
========== Caminho do ficheiro do relatório ==========
C:\Users\leandro\AppData\Roaming\ZHP\ZHPFix[R1].txt - 29/08/2014 16:28:03 [3464]
C:\Users\leandro\AppData\Roaming\ZHP\ZHPFix[R2].txt - 29/08/2014 23:38:43 [996]
segue o log:
Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by leandro at 29/08/2014 23:38:40
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit (Build 7600)
Reciclagem vazia (00mn 02s)
Prefetcher vazio
========== Elementos dos dados do Registo ==========
ELIMINÉ: R1 Search Page = about:blank
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Flash Cookies (0)
========== Ficheiros ==========
ELIMINÉ Temporários windows (15) (114.304 octets)
ELIMINA REINICIAR: c:\users\leandro\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwmemmv.dll
ELIMINÉ Flash Cookies (0) (0 octets)
========== Recapitulativo ==========
1 : Elementos dos dados do Registo
2 : Pastas
3 : Ficheiros
End of clean in 00mn 04s
========== Caminho do ficheiro do relatório ==========
C:\Users\leandro\AppData\Roaming\ZHP\ZHPFix[R1].txt - 29/08/2014 16:28:03 [3464]
C:\Users\leandro\AppData\Roaming\ZHP\ZHPFix[R2].txt - 29/08/2014 23:38:43 [996]
euler.reis- Iniciante
- Mensagens : 12
Reputação : 1
Data de inscrição : 29/08/2014
Re: Malware poluindo páginas da internet com anúncios.
Boa Noite! euler.reis
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Nicolas Coolman )
|- Estando na página,clique [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Salve-a no desktop!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Marque todas as opções disponíveis.
|- Clique Réparer.
|- Clique Rapport.
|- Poste o relatório!
Abs!
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Nicolas Coolman )
|- Estando na página,clique [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Salve-a no desktop!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Marque todas as opções disponíveis.
|- Clique Réparer.
|- Clique Rapport.
|- Poste o relatório!
Abs!
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Malware poluindo páginas da internet com anúncios.
Amigo, neste programa só consigo marcar a primeira opção, o restante eu não consigo marcar. Esta situação é normal?
euler.reis- Iniciante
- Mensagens : 12
Reputação : 1
Data de inscrição : 29/08/2014
Re: Malware poluindo páginas da internet com anúncios.
Olá! euler.reiseuler.reis escreveu:Amigo, neste programa só consigo marcar a primeira opção, o restante eu não consigo marcar. Esta situação é normal?
|- Abriu a ferramenta como administrador? Clique direito e executar como administrador?
A+
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Malware poluindo páginas da internet com anúncios.
sim, o note sempre executa todas as tarefas como admin
euler.reis- Iniciante
- Mensagens : 12
Reputação : 1
Data de inscrição : 29/08/2014
Re: Malware poluindo páginas da internet com anúncios.
Olá! euler.reiseuler.reis escreveu:sim, o note sempre executa todas as tarefas como admin
|- Ela foi baixada,diretamente,para o desktop? Sem o uso de atalhos?
-/-
|- Baixe: |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| ( ... de Xplode )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Estando na página,clique em Download Now.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Com as caixinhas marcadas,clique Executar!
A+
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Malware poluindo páginas da internet com anúncios.
boa noite!
Sim, fiz o download direto pro desktop.
Segue o log do outro programa:
# DelFix v10.8 - Logfile created 30/08/2014 at 00:36:01
# Updated 29/07/2014 by Xplode
# Username : leandro - LEANDRO-PC
# Operating System : Windows 7 Ultimate (64 bits)
~ Activating UAC ... OK
~ Removing disinfection tools ...
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\Users\leandro\AppData\Roaming\ZHP
Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Deleted : C:\Program Files (x86)\ZHPDiag
Deleted : C:\PhysicalDisk0_MBR.bin
Deleted : C:\ZA-Scan.txt
Deleted : C:\Users\leandro\Desktop\ZHPCleaner.exe
Deleted : C:\Users\leandro\Desktop\ZHPDiag.lnk
Deleted : C:\Users\leandro\Desktop\ZHPDiag.txt
Deleted : C:\Users\leandro\Desktop\ZHPFix.lnk
Deleted : C:\Users\leandro\Desktop\ZHPFixReport.txt
Deleted : C:\Users\leandro\Downloads\HijackThis.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #60 [Device Driver Package Install: Avast Network Service | 07/27/2014 13:54:01]
Deleted : RP #61 [avast! antivirus system restore point | 08/17/2014 18:42:04]
Deleted : RP #62 [Instalador de Módulos do Windows | 08/27/2014 16:51:06]
Deleted : RP #63 [Instalado Microsoft Visual C++ 2005 Redistributable | 08/27/2014 17:09:05]
Deleted : RP #64 [Installed Java 7 Update 67 | 08/28/2014 13:53:23]
New restore point created !
~ Resetting system settings ... OK
########## - EOF - ##########
Sim, fiz o download direto pro desktop.
Segue o log do outro programa:
# DelFix v10.8 - Logfile created 30/08/2014 at 00:36:01
# Updated 29/07/2014 by Xplode
# Username : leandro - LEANDRO-PC
# Operating System : Windows 7 Ultimate (64 bits)
~ Activating UAC ... OK
~ Removing disinfection tools ...
Deleted : C:\zoek_backup
Deleted : C:\AdwCleaner
Deleted : C:\Users\leandro\AppData\Roaming\ZHP
Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Deleted : C:\Program Files (x86)\ZHPDiag
Deleted : C:\PhysicalDisk0_MBR.bin
Deleted : C:\ZA-Scan.txt
Deleted : C:\Users\leandro\Desktop\ZHPCleaner.exe
Deleted : C:\Users\leandro\Desktop\ZHPDiag.lnk
Deleted : C:\Users\leandro\Desktop\ZHPDiag.txt
Deleted : C:\Users\leandro\Desktop\ZHPFix.lnk
Deleted : C:\Users\leandro\Desktop\ZHPFixReport.txt
Deleted : C:\Users\leandro\Downloads\HijackThis.exe
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1
~ Creating registry backup ... OK
~ Cleaning system restore ...
Deleted : RP #60 [Device Driver Package Install: Avast Network Service | 07/27/2014 13:54:01]
Deleted : RP #61 [avast! antivirus system restore point | 08/17/2014 18:42:04]
Deleted : RP #62 [Instalador de Módulos do Windows | 08/27/2014 16:51:06]
Deleted : RP #63 [Instalado Microsoft Visual C++ 2005 Redistributable | 08/27/2014 17:09:05]
Deleted : RP #64 [Installed Java 7 Update 67 | 08/28/2014 13:53:23]
New restore point created !
~ Resetting system settings ... OK
########## - EOF - ##########
euler.reis- Iniciante
- Mensagens : 12
Reputação : 1
Data de inscrição : 29/08/2014
Re: Malware poluindo páginas da internet com anúncios.
BomDia! euler.reis
|- Tudo Ok? O Note está sem problemas?
A+
|- Tudo Ok? O Note está sem problemas?
A+
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Malware poluindo páginas da internet com anúncios.
Bom dia!
Sim, os problemas não aparecem mais, muito obrigado!
Se pelas suas ultimas análises os registros estiverem limpos e sem mais ameaças, podemos encerrar o atendimento.
Mais uma vez, muito obrigado!
Sim, os problemas não aparecem mais, muito obrigado!
Se pelas suas ultimas análises os registros estiverem limpos e sem mais ameaças, podemos encerrar o atendimento.
Mais uma vez, muito obrigado!
euler.reis- Iniciante
- Mensagens : 12
Reputação : 1
Data de inscrição : 29/08/2014
Re: Malware poluindo páginas da internet com anúncios.
CASO RESOLVIDO
Caso o autor do Tópico necessite de sua reabertura,o mesmo deverá entrar em contato com um dos membros da Equipe da Moderação,e solicitar o desbloqueio.
Caso o autor do Tópico necessite de sua reabertura,o mesmo deverá entrar em contato com um dos membros da Equipe da Moderação,e solicitar o desbloqueio.
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Tópicos semelhantes
» Malware poluindo paginas da internet com anuncios maliciosos.
» Videos e páginas travando!
» Páginas da internet estão desconfiguradas
» dificuldade p abrir as paginas
» Redirecionamento de páginas!
» Videos e páginas travando!
» Páginas da internet estão desconfiguradas
» dificuldade p abrir as paginas
» Redirecionamento de páginas!
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos
|
|