Fórum PC Brasil
Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.

Implementa recursos de segurança e limpeza ao computador!

Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14810 usuários registrados
O último membro registrado é Josevinil

Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Últimos assuntos
» Problema no disco rígido do Windows 11
por joram Seg 01 Abr 2024, 06:35

Quem está conectado?
21 usuários online :: 0 registrados, 0 invisíveis e 21 visitantes

Nenhum

O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
 
 

Resultados por:
 

Rechercher Pesquisa avançada

Top dos mais postadores
Power Max
pc infectado Vote_lcappc infectado Voting_barpc infectado Vote_rcap 
joram
pc infectado Vote_lcappc infectado Voting_barpc infectado Vote_rcap 
Wings [In Memoriam]
pc infectado Vote_lcappc infectado Voting_barpc infectado Vote_rcap 
caedurodrigues
pc infectado Vote_lcappc infectado Voting_barpc infectado Vote_rcap 
Amigo Brasileiro
pc infectado Vote_lcappc infectado Voting_barpc infectado Vote_rcap 
luizvilarinho
pc infectado Vote_lcappc infectado Voting_barpc infectado Vote_rcap 
Danii
pc infectado Vote_lcappc infectado Voting_barpc infectado Vote_rcap 
Admin
pc infectado Vote_lcappc infectado Voting_barpc infectado Vote_rcap 
Danilo Marsaro
pc infectado Vote_lcappc infectado Voting_barpc infectado Vote_rcap 
Andreata
pc infectado Vote_lcappc infectado Voting_barpc infectado Vote_rcap 

abril 2024
SegTerQuaQuiSexSábDom
1234567
891011121314
15161718192021
22232425262728
2930     

Calendário Calendário

Palavras-chaves

notebook  2025  excluir  2013  desinstalar  placa  windows  video  mcafee  impressora  SOFTWARE  popup  vídeos  pessoas  instalação  adobe  virus  PARA  player  SISPNCD  teclado  deletar  2015  flash  áudio  game  


pc infectado

2 participantes

Fórum PC Brasil :: Segurança da Informação :: Tópicos Arquivados

Ir para baixo

pc infectado Empty pc infectado

Mensagem por lucasbitt Sex 26 Set 2014, 11:43

Somente o log do hijack é suficiente?

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:39:52, on 26/09/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\Users\Alice\AppData\Roaming\uTorrent\uTorrent.exe
C:\Program Files (x86)\Ares\Ares.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Alice\Downloads\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\coIEPlg.dll
O4 - HKLM\..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\RunOnce: [network_adsafiliadosllhs_1] "C:\Users\Alice\AppData\Local\Temp\BI_RunOnce.exe" /initurl [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] /affid "-" /id "0" /name " " /uniqid 3sz7PYVz /uuid 456EE724-95D5-11E2-823D-407DB4380900 /biosserial 1234567 /biosversion CCEInf - 1072009 /csname NM70-TI
O4 - HKCU\..\Run: [uTorrent] "C:\Users\Alice\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
O4 - HKCU\..\Run: [ares] "C:\Program Files (x86)\Ares\Ares.exe" -h
O4 - Startup: Monitorar alertas de tinta - HP Deskjet 2050 J510 series.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Se&nd to OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office 15\root\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Tecnologia de armazenamento Intel(R) Rapid (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Update Manager (iumsvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\NIS.exe
O23 - Service: PriceMeterLiveUpdate Service (pricemeterliveUpdate) (pricemeterliveUpdate) - PriceMeter - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
O23 - Service: PriceMeterLiveUpdate Service (pricemeterliveUpdatem) (pricemeterliveUpdatem) - PriceMeter - C:\Program Files (x86)\PriceMeterLiveUpdate\Update\PriceMeterLiveUpdate.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Baidu Spark Service (SparkSvc) - Baidu Inc. - C:\Program Files (x86)\baidu\Spark\sparkservice.exe
O23 - Service: Baidu Spark Updater (SparkUpdater) - Baidu.com, Inc. - C:\Program Files (x86)\Baidu\SparkUpdate\Sparkupdate.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: WindowsMangerProtect Service (WindowsMangerProtect) - Fuyu LIMITED - C:\ProgramData\WindowsMangerProtect\ProtectWindowsManager.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: XGVnLpcl - Acute Angle Solutions - C:\ProgramData\keeBKslsIjJ\XGVnLpcl.exe

--
End of file - 11431 bytes
lucasbitt
lucasbitt
Membro
Membro

Mensagens : 91
Reputação : 0
Data de inscrição : 15/01/2014

Ir para o topo Ir para baixo

pc infectado Empty Re: pc infectado

Mensagem por joram Sex 26 Set 2014, 12:26

Boa Tarde! lucasbitt

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )

> Ou aqui! < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Salve-o e descompacte-o para o desktop!
> Estarão disponíveis: zoek.com, zoek.scr, zoek.pif e zoek.exe
> Desabilite seu antivírus!
> Para Windows 7,execute zoek.exe como administrador.

iedefaults;
emptyCHRcache;
chromelook;
firefoxlook; 
iStartsurf;a
iStartsurf;z

> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.
> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
> Poste o relatório,que estará em C:\zoek-results.txt << 

A+
joram
joram
Administrador
Administrador

Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

pc infectado Empty Re: pc infectado

Mensagem por lucasbitt Dom 28 Set 2014, 23:37

Zoek.exe v5.0.0.0 Updated 27-09-2014
Tool run by Alice on 28/09/2014 at 23:26:51,71.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Alice\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-09-28-220609.log 269 bytes

==== Folders Found ======================

2014-09-23 02:33:32 2014-09-23 02:33:35 -------- d-----w- C:\Users\Alice\AppData\Roaming\istartsurf

==== Files Found ======================


--- C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 564
Created time: 2014-09-23 02:31:07
Modified time: 2014-09-23 02:31:07
MD5: E565677345614DCB895BF370AF03ADE5
SHA1: 4028C898F60F6E23466BF7F1BAC2B83A6CA8A3AD


--- C:\Users\Alice\AppData\Local\Temp\smt_istartsurf.exe ---
Company: File Syn
File Description: FileWork
File Version: 6.1.7602.748
Product Name: 1261_smt_istartsurf
Copyright: SynWork
Original Filename: SynWork.exe
File type: ----a-w-
File size: 665976
Created time: 2014-09-23 02:29:44
Modified time: 2014-09-23 02:29:44
MD5: 7735F167C05D5CD61D19F96C8D16BDE8
SHA1: 5021E16F87DFB66CA70A1F022ABC5A03E1DB1EC4


--- C:\Users\Alice\AppData\Local\Temp\smt_istartsurf.exe.0 ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 83247
Created time: 2014-09-23 02:36:50
Modified time: 2014-09-23 02:36:56
MD5: 871A6A0F834070535995976895F196AB
SHA1: D95602ECAD994363296449A205859F1FA98A37FC


--- C:\Users\Alice\AppData\Local\Temp\smt_istartsurf.exe.1 ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 83247
Created time: 2014-09-23 02:36:50
Modified time: 2014-09-23 02:36:56
MD5: 60F93A25644B9413141FC5E3EF05A33A
SHA1: 8DE92EAA758AE0390E2E11144AE60A88D60721B9


--- C:\Users\Alice\AppData\Local\Temp\smt_istartsurf.exe.2 ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 83247
Created time: 2014-09-23 02:36:50
Modified time: 2014-09-23 02:36:57
MD5: 5AAC575AC1DE28B7F147DEC06C074C59
SHA1: 2C4ACA2CF5F2BFA56CA88945080FB0C577F5F2D1


--- C:\Users\Alice\AppData\Local\Temp\smt_istartsurf.exe.3 ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 83247
Created time: 2014-09-23 02:36:50
Modified time: 2014-09-23 02:36:56
MD5: F54110A67C45AFC60956029CA0968293
SHA1: 421449C1C34B0A7113B2D29FDA7D5CD13B9B51A8


--- C:\Users\Alice\AppData\Local\Temp\smt_istartsurf.exe.4 ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 83247
Created time: 2014-09-23 02:36:50
Modified time: 2014-09-23 02:36:57
MD5: 6243CBEECF8B8AB40713DAD453251192
SHA1: D9977482E7E1EE1A1245FD1040371E30FCCA9DCD


--- C:\Users\Alice\AppData\Local\Temp\smt_istartsurf.exe.5 ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 83247
Created time: 2014-09-23 02:36:50
Modified time: 2014-09-23 02:36:56
MD5: FF235862560BF2D78B8E2BD41BFFAEDD
SHA1: E0017149C2F9529F06E3346684CE099B94742F22


--- C:\Users\Alice\AppData\Local\Temp\smt_istartsurf.exe.6 ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 83247
Created time: 2014-09-23 02:36:50
Modified time: 2014-09-23 02:36:56
MD5: 002F9E9BAEB522244E2A70393A0552D3
SHA1: 49CA905F1C2A4143FC1CE2CB937DF36D4C0DCE45


--- C:\Users\Alice\AppData\Local\Temp\smt_istartsurf.exe.7 ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File type: ----a-w-
File size: 83247
Created time: 2014-09-23 02:36:50
Modified time: 2014-09-23 02:36:56
MD5: 7B8A6BDFCA5A1DDBB70595234C78B0FA
SHA1: 494BD92C60D7BC0A406C608B200BBC32E65DDD44


==== Registry Search Results for "iStartsurf" ======================


[HKEY_LOCAL_MACHINE\SOFTWARE\istartsurfSoftware]

[HKEY_LOCAL_MACHINE\SOFTWARE\istartsurfSoftware\istartsurfhp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814&q={searchTerms}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.istartsurf.com/?type=hp&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814&q={searchTerms}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName"="istartsurf"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"="http://www.istartsurf.com/web/?type=ds&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814&q={searchTerms}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall]
"DisplayName"="istartsurf uninstall"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall]
"UninstallString"="C:\\Users\\Alice\\AppData\\Roaming\\istartsurf\\UninstallManager.exe -ptid=smt"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall]
"DisplayIcon"="C:\\Users\\Alice\\AppData\\Roaming\\istartsurf\\UninstallManager.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall]
"Publisher"="istartsurf"

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command]
@="\"C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe\" [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

[HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command]
@="C:\\Program Files\\Internet Explorer\\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

[HKEY_USERS\S-1-5-21-4220754591-940918275-2920168959-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.istartsurf.com/?type=hp&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814"

[HKEY_USERS\S-1-5-21-4220754591-940918275-2920168959-1001\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814"

[HKEY_USERS\S-1-5-21-4220754591-940918275-2920168959-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"DisplayName"="istartsurf"

[HKEY_USERS\S-1-5-21-4220754591-940918275-2920168959-1001\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}]
"URL"="http://www.istartsurf.com/web/?type=ds&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814&q={searchTerms}"

[HKEY_USERS\S-1-5-21-4220754591-940918275-2920168959-1001\Software\SupHpUISoft]
"url"="http://www.istartsurf.com/?type=hppp&ts=1411439807&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814"

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"faststartff@gmail.com"="C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\15ga0r7n.default\extensions\faststartff@gmail.com" [22/09/2014 23:33]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Alice\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [18/09/2014 21:25]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\15ga0r7n.default
- Fast Start - %ProfilePath%\extensions\faststartff@gmail.com

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\15ga0r7n.default
DFC9460CC37E5C414DC4680B10C19E7A - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll - Shockwave Flash
BFD1CDA328C83054154DD05EA233F79B - C:\Users\Alice\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
FF7BE908352D36D50E308F49162FEA32 - C:\Users\Alice\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
iikflkcanblccfahdhdonehdalibjnif - No path found[]
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.5.0.19\Exts\Chrome.crx[31/07/2014 02:47]
pelmeidfhdlhlbjimpabfcbnnojbboma - C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx[27/07/2014 22:12]

Google Docs - Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Norton Security Toolbar - Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Google Wallet - Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
undetermined - Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.istartsurf.com/?type=hp&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814"
"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814&q={searchTerms}"
"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814"
"Start Page"="http://www.istartsurf.com/?type=hp&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814"
"Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814&q={searchTerms}"
"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814"
"Start Page"="http://www.istartsurf.com/?type=hp&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814"
"Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{33BB0A4E-99AF-4226-BDF6-49120163DE86} istartsurf Url="http://www.istartsurf.com/web/?type=ds&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814&q={searchTerms}"
{77AA745B-F4F8-45DA-9B14-61D2D95054C8} Unknown Url="Not_Found"

==== Empty Chrome Cache ======================

C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=0 folders=0 0 bytes)

==== EOF on 28/09/2014 at 23:30:38,81 ======================
lucasbitt
lucasbitt
Membro
Membro

Mensagens : 91
Reputação : 0
Data de inscrição : 15/01/2014

Ir para o topo Ir para baixo

pc infectado Empty Re: pc infectado

Mensagem por joram Seg 29 Set 2014, 07:54

Bom Dia! lucasbitt

> A ferramenta Zoek está em diretório errado!

C:\Users\Alice\Downloads <<

> Estabeleça ou crie uma pasta no desktop,e dê o nome de ZA.
> Renomeie a ferramenta Zoek com o nome ZA-Scan.
> Mova-a para a pasta ZA,e deixe-a aí mesmo.
>
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )
>
> Ou daqui: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ao acessar,clique em "Download Now".
>
> Salve-o no desktop!


< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >


> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.


[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]


> Ps: Dê início ao scan,clicando em "Examinar". 


< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >


> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatório".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt > 

A+
joram
joram
Administrador
Administrador

Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

pc infectado Empty Re: pc infectado

Mensagem por lucasbitt Sex 03 Out 2014, 20:26

# AdwCleaner v3.310 - Relatório criado 30/09/2014 às 16:35:07
# Atualizado 12/09/2014 por Xplode
# Sistema Operacional : Windows 8 Single Language (64 bits)
# Usuário : Alice - TALITA
# Executando de : C:\Users\Alice\Desktop\adwcleaner_3.310.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : pricemeterliveUpdate
[#] Serviço Deletada : pricemeterliveUpdatem
Serviço Deletada : WindowsMangerProtect

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\Browser
Pasta Deletada : C:\ProgramData\Meteoroids
[!] Pasta Deletada : C:\ProgramData\PriceMeterLiveUpdate
Pasta Deletada : C:\ProgramData\WindowsMangerProtect
Pasta Deletada : C:\Program Files (x86)\baidu
Pasta Deletada : C:\Program Files (x86)\iMesh Applications
[!] Pasta Deletada : C:\Program Files (x86)\PriceMeterLiveUpdate
Pasta Deletada : C:\Program Files (x86)\SupTab
Pasta Deletada : C:\Users\Alice\AppData\Local\iMesh
Pasta Deletada : C:\Users\Alice\AppData\Local\Meteoroids
Pasta Deletada : C:\Users\Alice\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Alice\AppData\Local\PriceMeterLiveUpdate
Pasta Deletada : C:\Users\Alice\AppData\Local\Temp\baidu
Pasta Deletada : C:\Users\Alice\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Alice\AppData\Roaming\istartsurf
Pasta Deletada : C:\Users\Alice\AppData\Roaming\Mysearchdial
Pasta Deletada : C:\Users\Alice\AppData\Roaming\PC TEKNIX
Pasta Deletada : C:\Users\Alice\AppData\Roaming\PriceMeterUpdater
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\15ga0r7n.default\Extensions\faststartff@gmail.com
Pasta Deletada : C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
[!] Pasta Deletada : C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Arquivo Deletada : C:\Users\Alice\daemonprocess.txt
Arquivo Deletada : C:\Users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iMesh.lnk
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml
Arquivo Deletada : C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
Arquivo Deletada : C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
Arquivo Deletada : C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Tarefas ] *****

Tarefa Deletedo : MySearchDial
Tarefa Deletedo : pricemeterdownloader
Tarefa Deletedo : PriceMeterLiveUpdateUpdateTaskMachineCore
Tarefa Deletedo : PriceMeterLiveUpdateUpdateTaskMachineUA
Tarefa Deletedo : PriceMeterUpdater

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\Public\Desktop\Mozilla Firefox.lnk
Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
Atalho Desinfectada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Alice\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\Alice\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
Atalho Desinfectada : C:\Users\Alice\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\Alice\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registro ] *****

Valor Deletedo : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\iMesh.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\Launcher.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\PriceMeterLiveUpdate.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery
Chave Deletedo : HKLM\SOFTWARE\Classes\DiscoveryHelper.iMesh6Discovery.1
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\iMesh.AudioCD
Chave Deletedo : HKLM\SOFTWARE\Classes\iMesh.Device
Chave Deletedo : HKLM\SOFTWARE\Classes\iMesh.file
Chave Deletedo : HKLM\SOFTWARE\Classes\imweb.imwebcontrol
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickCtrl.9
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdate.Update3WebControl.3
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\PriceMeterLiveUpdateUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMPlayCDAudioOnArrival
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMRipCDAudioOnArrival
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowCDAudioOnArrival
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\IMShowVolumeOnArrival
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updatepm.com/PriceMeterLiveUpdate Update;version=9
Chave Deletedo : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{126C78A0-36E7-4697-A3AB-32706144398B}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{969D2C61-9B16-407C-86B7-397BF4579BE6}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00A154AE-6C33-4F1E-9057-242350540936}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{126C78A0-36E7-4697-A3AB-32706144398B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{27BF8F8D-58B8-D41C-F913-B7EEB57EF6F6}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{41C35ADE-DEDA-439F-8140-D53F2C76C963}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4211E851-747F-4470-923D-6EF683EE79CA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{45F8961E-1314-421E-9F00-BDDE18CF8EA0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4825ACAD-F495-4CDD-9603-9C91BABB2B88}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5B60D1C0-453A-485D-AE91-61FAC9203719}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{74930D00-2198-46FE-B6BC-FEEC60C666C9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8D73A258-9787-4AE7-9232-41036673FD0E}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9D24562E-40EC-4E46-B57C-700352059B55}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B1F29F0C-2EC8-487B-97C2-8B8FEA6CEF14}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C0756D99-64A1-4332-B783-A5A1B571D431}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CF0A778A-DDA0-4492-9804-EF38C9A9F1A5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D1C6444C-CC06-4060-A486-736DEAFD9C16}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D8746A3A-A372-4C8B-96E5-B58F6474EB19}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{55C1727F-5535-4C2A-9601-8C2458608B48}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{969D2C61-9B16-407C-86B7-397BF4579BE6}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{96F7FABC-5789-EFA4-B6ED-1272F4C1D27B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{EC96F516-51B2-4B46-8451-8665F5A6BA2B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{F07FBD3E-2048-44A4-9065-71BF551E2672}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{30D1E30D-B7F5-4C7A-8EDA-9F02966538A8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{89449F37-4AB2-46ED-A566-BB3A7797701B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F509ADC2-B40E-470F-A7B7-45191486B5CB}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{2C353E32-B8AC-4B82-B988-4C2D3394388A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{69D3F709-9DE2-479F-980F-532D46895703}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F42C7B47-5234-4BF5-8882-DAAC0D64870D}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{F7BEBBB1-7E6B-4561-9444-6F4866D60C7C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Chave Deletedo : HKCU\Software\Adorika
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\PriceMeterLiveUpdate
Chave Deletedo : HKCU\Software\PriceMeterUpdater
Chave Deletedo : HKCU\Software\SupHpUISoft
Chave Deletedo : HKCU\Software\AppDataLow\Software\DynConIE
Chave Deletedo : HKLM\SOFTWARE\DealPlyLive
Chave Deletedo : HKLM\SOFTWARE\Imesh
Chave Deletedo : HKLM\SOFTWARE\istartsurfSoftware
Chave Deletedo : HKLM\SOFTWARE\PriceMeterLiveUpdate
Chave Deletedo : HKLM\SOFTWARE\SupDp
Chave Deletedo : HKLM\SOFTWARE\supWindowsMangerProtect
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Imesh
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\istartsurf uninstall
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WindowsMangerProtect
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\PriceMeterLiveUpdate.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v29.0.1 (pt-BR)

[ Arquivo : C:\Users\Alice\AppData\Roaming\Mozilla\Firefox\Profiles\15ga0r7n.default\prefs.js ]

Linha deletada : user_pref("browser.newtab.url", "hxxp://www.istartsurf.com/newtab/?type=nt&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814");
Linha deletada : user_pref("browser.search.defaultenginename", "istartsurf");
Linha deletada : user_pref("browser.search.selectedEngine", "istartsurf");
Linha deletada : user_pref("browser.startup.homepage", "hxxp://www.istartsurf.com/?type=hp&ts=1411439464&from=smt&uid=ST500LM012XHN-M500MBB_S2SKJ5CD729814");

-\\ Google Chrome v37.0.2062.124

[ Arquivo : C:\Users\Alice\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [19971 octets] - [30/09/2014 13:14:13]
AdwCleaner[R1].txt - [19969 octets] - [30/09/2014 13:15:01]
AdwCleaner[R2].txt - [20030 octets] - [30/09/2014 16:32:22]
AdwCleaner[S0].txt - [17894 octets] - [30/09/2014 16:35:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [17955 octets] ##########
lucasbitt
lucasbitt
Membro
Membro

Mensagens : 91
Reputação : 0
Data de inscrição : 15/01/2014

Ir para o topo Ir para baixo

pc infectado Empty Re: pc infectado

Mensagem por joram Sex 03 Out 2014, 20:37

Boa Noite! lucasbitt

> Renomeou a Zoek para ZA-Scan?
> Criou a pasta ZA,no desktop,e moveu ZA-Scan para ela?

A+
joram
joram
Administrador
Administrador

Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

pc infectado Empty Re: pc infectado

Mensagem por lucasbitt Sex 03 Out 2014, 23:58

Sim, mas não fiz o scan pelo o Zoek. Tem que fazer novamente agora na nova pasta?
lucasbitt
lucasbitt
Membro
Membro

Mensagens : 91
Reputação : 0
Data de inscrição : 15/01/2014

Ir para o topo Ir para baixo

pc infectado Empty Re: pc infectado

Mensagem por joram Sáb 04 Out 2014, 07:29

lucasbitt escreveu:Sim, mas não fiz o scan pelo o Zoek. Tem que fazer novamente agora na nova pasta?
Bom Dia! lucasbitt

> Faça na nova pasta,mas com este script em seu interior.
>
> Copie e cole ao Bloco de Notas,estas informações que estão em vermelho.

%SystemDrive%\Program Files (x86)\Mozilla Firefox\browser\searchplugins\istartsurf.xml;f
%AppData%\Local\Temp\smt_istartsurf.exe;f
%AppData%\Local\Temp\smt_istartsurf.exe.*;f
[-HKEY_LOCAL_MACHINE\SOFTWARE\istartsurfSoftware];r
[-HKEY_LOCAL_MACHINE\SOFTWARE\istartsurfSoftware\istartsurfhp];r
{33BB0A4E-99AF-4226-BDF6-49120163DE86};c
{77AA745B-F4F8-45DA-9B14-61D2D95054C8};c
chromelook;
firefoxlook;
istartsurf;a
istartsurf;z
emptytemp;

> Salve-as na pasta ZA,com o nome ZAScript. ( texto )
> Execute a ferramenta ZA-Scan.
> Aguarde sua conclusão!
> Haverá reboot!
> Poste o relatório! ( C:\zoek-results.txt )

A+
joram
joram
Administrador
Administrador

Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

pc infectado Empty Re: pc infectado

Mensagem por lucasbitt Dom 05 Out 2014, 23:26

Ola nao consigo fazer a analise com o Zoek, tentei mudar para pasta ZA mas não consigo fazer tentei baixar novamente e passar para a pasta mas nao vai, percebi que quando baixo o programa não vem 4 programas como descrito e apenas tres na pasta do zip e acredito que o arquivo que nao vem é o .exe, o que faço?
lucasbitt
lucasbitt
Membro
Membro

Mensagens : 91
Reputação : 0
Data de inscrição : 15/01/2014

Ir para o topo Ir para baixo

pc infectado Empty Re: pc infectado

Mensagem por joram Dom 05 Out 2014, 23:37

lucasbitt escreveu:Ola nao consigo fazer a analise com o Zoek, tentei mudar para pasta ZA mas não consigo fazer tentei baixar novamente e passar para a pasta mas nao vai, percebi que quando baixo o programa não vem 4 programas como descrito e apenas tres na pasta do zip e acredito que o arquivo que nao vem é o .exe, o que faço?
Boa Noite! lucasbitt

< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Neste link o executável está àcima e a esquerda.
> Neste caso,pode colar o script no campo da Zoek.

A+
joram
joram
Administrador
Administrador

Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

pc infectado Empty Re: pc infectado

Mensagem por joram Seg 10 Nov 2014, 09:53

Tópico Arquivado

Como o autor não respondeu por mais de 30 dias, o tópico foi arquivado. Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
joram
joram
Administrador
Administrador

Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

pc infectado Empty Re: pc infectado

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Ir para o topo Ir para baixo

Ir para o topo

- Tópicos semelhantes

Fórum PC Brasil :: Segurança da Informação :: Tópicos Arquivados

 
Permissões neste sub-fórum
Não podes responder a tópicos