Fórum PC Brasil
Gostaria de reagir a esta mensagem? Crie uma conta em poucos cliques ou inicie sessão para continuar.
Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking reddit      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14807 usuários registrados
O último membro registrado é Costa24

Os nossos membros postaram um total de 36044 mensagens em 3685 assuntos
Últimos assuntos
» Problema no disco rígido do Windows 11
por Costa24 Hoje à(s) 10:19

Quem está conectado?
23 usuários online :: 0 registrados, 0 invisíveis e 23 visitantes :: 1 motor de busca

Nenhum

O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
 
 

Resultados por:
 


Rechercher Pesquisa avançada

março 2024
SegTerQuaQuiSexSábDom
    123
45678910
11121314151617
18192021222324
25262728293031

Calendário Calendário


se malweres invadiram como resolve-los ?

2 participantes

Ir para baixo

se malweres invadiram como resolve-los ? Empty se malweres invadiram como resolve-los ?

Mensagem por Aldemir007 Dom 30 Nov 2014, 11:46

como não consigo acessar meu e-mail estou entrando por uma nova conta!

estava eu lá a vontade querendo assistir filmes
bem, pensei eu: vou baixa-los
tudo bem, ignorei aviso de ante-vírus
pior ainda  baixei, aliás as instalei

pensei existem ferramentas que só podem ser usadas sem antvitus  
para ele não as detectar como ferramentas maliciosas

isto não se aplica neste caso pois:  

paginas começaram  abrindo sem parar
istanstwebsearch sem parar
todos os arquivos pdf e jpg se tornaram Bobrowser

e bobrowser tambem tornou-se meu navegador

estou num exercício pesado  se malweres invadiram como resolve-los ? 204478  arrancando cabelos affraid


oque fazer agora?! scratch
Aldemir007
Aldemir007
Iniciante
Iniciante

Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014

Ir para o topo Ir para baixo

se malweres invadiram como resolve-los ? Empty Re: se malweres invadiram como resolve-los ?

Mensagem por joram Dom 30 Nov 2014, 15:55

Boa Tarde! Aldemir007

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >  < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
> Ou [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] << Link!
> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Execute o ícone do pergaminho. ( ZHPDiag )

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt
> Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].

> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Ou anexe-o |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| << Link!

> Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| > << Hospedagem!

A+
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

se malweres invadiram como resolve-los ? Empty Re: se malweres invadiram como resolve-los ?

Mensagem por Aldemir007 Dom 30 Nov 2014, 17:47

Joram, Muito obrigado por responder!

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Aldemir007
Aldemir007
Iniciante
Iniciante

Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014

Ir para o topo Ir para baixo

se malweres invadiram como resolve-los ? Empty Re: se malweres invadiram como resolve-los ?

Mensagem por joram Dom 30 Nov 2014, 18:03

Boa Tarde! Aldemir007

> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyCLSID
EmptyTemp
EmptyFlash
[MD5.00000000000000000000000000000000] [APT] [Run_Bobby_Browser] (...) -- C:\Users\Aldemir\AppData\Local\BoBrowser\Application\bobrowser.exe (.not file.)   [0]
O41 - Driver:  (mosfilterdrv) . (. - .) - C:\Windows\System32\drivers\mosfilterdrv.sys (.not file.)
O43 - CFD: 30/11/2014 - 11:14:47 - [0] ----D C:\Program Files\NJax
O45 - LFCP:[MD5.2FF43C5789C5B3BBD290C1D5A7AE2690] - 28/11/2014 - 20:02:12 ---A- - C:\Windows\Prefetch\PENNYBEE.EXE-D7F00502.pf
O45 - LFCP:[MD5.57CA9B12F530E8208019553F270F278E] - 28/11/2014 - 20:02:36 ---A- - C:\Windows\Prefetch\SUPIEPLUGINSERVICEUPDATE.EXE-82CE61E6.pf
O45 - LFCP:[MD5.34157CD22CAB131B1DDF3F9CC439ADA9] - 28/11/2014 - 20:02:35 ---A- - C:\Windows\Prefetch\SUPTAB_V5.8.8.777_NOBLANK_AMY-F33C6925.pf
O45 - LFCP:[MD5.A0F686442A05CA18DB271438D40FA3D3] - 28/11/2014 - 21:03:49 ---A- - C:\Windows\Prefetch\VOPACKAGE.EXE-596B033D.pf
O45 - LFCP:[MD5.307BBF6F0A2C0195FBEC3FFB580523DD] - 28/11/2014 - 20:02:23 ---A- - C:\Windows\Prefetch\WPM_V20.0.0.1277.EXE-DB5CF181.pf
O61 - LFC: 28/11/2014 - 17:31:42 ---A- . (...) -- C:\Users\Aldemir\AppData\Local\Temp\~nsu.tmp\Au_.exe   [33902]
O68 - StartMenuInternet: <BoBrowser.SOZB4B3ATLMK5OEYN2YWYDUQ34> <BoBrowser>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Aldemir\AppData\Local\BoBrowser\Application\bobrowser.exe (.not file.)
sysrestore


> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!

A+
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

se malweres invadiram como resolve-los ? Empty Re: se malweres invadiram como resolve-los ?

Mensagem por Aldemir007 Dom 30 Nov 2014, 18:16

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Aldemir at 30/11/2014 18:28:21
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (Cancelado pelo utilizador)
Prefetcher vazio

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :

========== Elementos dos dados do Registo ==========
ELIMINÉ: StartMenuInternet: C:\Users\Aldemir\AppData\Local\BoBrowser\Application\bobrowser.exe

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (0)
ELIMINÉ Flash Cookies (0)

========== Ficheiros ==========
ELIMINÉ Temporários windows (1) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
2 : Valores do Registo
1 : Elementos dos dados do Registo
3 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 17s

========== Caminho do ficheiro do relatório ==========
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/11/2014 17:12:24 [1965]
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R2].txt - 30/11/2014 17:26:51 [1442]
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R3].txt - 30/11/2014 18:28:32 [1342]
Aldemir007
Aldemir007
Iniciante
Iniciante

Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014

Ir para o topo Ir para baixo

se malweres invadiram como resolve-los ? Empty Re: se malweres invadiram como resolve-los ?

Mensagem por joram Dom 30 Nov 2014, 18:42

Boa Noite! Aldemir007

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Smeenk )

< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute zoek.exe como administrador.

autoclean;
emptytemp;
shortcutfix;
chrdefaults;
reset chrome;
emptyCHRcache;
resethosts; 
resetieproxy;
emptyfolderscheck;delete
 

> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script". 

Zoek.exe is running now. 
Do not start any browser windows, they will be closed automatically. 
Please wait! This window will close when finished. 
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.
> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
> Poste o relatório,que estará em C:\zoek-results.txt << 

A+
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

se malweres invadiram como resolve-los ? Empty Re: se malweres invadiram como resolve-los ?

Mensagem por Aldemir007 Dom 30 Nov 2014, 19:32

Olá Joram, boa noite!

aqui está o relatório:


Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Aldemir on 30/11/2014 at 19:15:57,08.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Aldemir\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-11-30-210928.log 18951 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Users\Aldemir\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [30/11/2014 10:17]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[04/12/2013 19:30]
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[04/12/2013 19:30]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx[04/12/2013 19:26]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx[04/12/2013 19:26]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[04/12/2013 19:30]

WOT - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
AdBlock - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Reset Google Chrome ======================

C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Aldemir\Desktop\AIDA64 Extreme.lnk - C:\Program Files\FinalWire\AIDA64 Extreme\aida64.exe
C:\Users\Aldemir\Desktop\EVEREST Ultimate Edition.lnk - C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Users\Aldemir\Desktop\Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Aldemir\Desktop\Safe Money.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe -hidden safebanking
C:\Users\Aldemir\Desktop\Spotify.lnk - C:\Users\Aldemir\AppData\Roaming\Spotify\spotify.exe
C:\Users\Aldemir\Desktop\Watchtower Library 2013 - Português.lnk -
C:\Users\Aldemir\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\Aldemir\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Avira.lnk - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\Users\Public\Desktop\CPUID CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\Users\Public\Desktop\Find Drivers with DriverAgent.lnk - C:\Program Files\eSupport.com\driveragent\DriverAgent.exe
C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\Aldemir\AppData\Roaming\Spotify\spotify.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\Uninstall.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk - C:\Program Files\DVD Maker\DVDMaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk - C:\Windows\system32\mblctr.exe /open
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk - C:\Windows\system32\NetProj.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\Windows\system32\SnippingTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk - C:\Program Files\Windows Journal\Journal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk - C:\Windows\system32\secpol.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira.lnk - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\CCCP Settings.lnk - C:\Program Files\Combined Community Codec Pack\CCCP-Settings.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\CCCP Uninstall.lnk - C:\Program Files\Combined Community Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Media Player Classic Home Cinema.lnk - C:\Program Files\Combined Community Codec Pack\MPC\mpc-hc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\Haali Media Splitter Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\Haali\Splitter.ax",Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Audio Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVAudio.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Splitter Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVSplitter.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Video Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVVideo.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\VSFilter Configuration.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\vsfilter.dll",DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Edit CPU-Z Config File.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Ajuda do Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\Doc\pt-BR\PURE\context.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Contrato de Licença do Usuário Final.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Remover o Kaspersky PURE 3.0.lnk - C:\Windows\System32\msiexec.exe /i{D0702EE9-9DE4-419A-9C6C-4730B1C985BA} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Visitar a Kaspersky Lab na Web.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\kl.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Universal Print Driver 2.lnk - C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Uninstall Samsung Printer Software.lnk - C:\Windows\TotalUninstaller.exe /REMOVE_ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2013\Watchtower Library 2013 - Português.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe --profile-directory=Default
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=177 folders=38 10745612 bytes)

==== Empty Temp Folders ======================

C:\Users\Aldemir\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Aldemir\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 30/11/2014 at 19:25:36,91 ======================


Aldemir007
Aldemir007
Iniciante
Iniciante

Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014

Ir para o topo Ir para baixo

se malweres invadiram como resolve-los ? Empty Re: se malweres invadiram como resolve-los ?

Mensagem por Aldemir007 Dom 30 Nov 2014, 19:39

Oi Joram
lhe enviei o relatório errado

acredito que seja este;


Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Aldemir on 30/11/2014 at 19:15:57,08.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Aldemir\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-11-30-210928.log 18951 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Users\Aldemir\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [30/11/2014 10:17]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[04/12/2013 19:30]
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[04/12/2013 19:30]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx[04/12/2013 19:26]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx[04/12/2013 19:26]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[04/12/2013 19:30]

WOT - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
AdBlock - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Reset Google Chrome ======================

C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Aldemir\Desktop\AIDA64 Extreme.lnk - C:\Program Files\FinalWire\AIDA64 Extreme\aida64.exe
C:\Users\Aldemir\Desktop\EVEREST Ultimate Edition.lnk - C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Users\Aldemir\Desktop\Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Aldemir\Desktop\Safe Money.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe -hidden safebanking
C:\Users\Aldemir\Desktop\Spotify.lnk - C:\Users\Aldemir\AppData\Roaming\Spotify\spotify.exe
C:\Users\Aldemir\Desktop\Watchtower Library 2013 - Português.lnk -
C:\Users\Aldemir\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\Aldemir\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Avira.lnk - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\Users\Public\Desktop\CPUID CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\Users\Public\Desktop\Find Drivers with DriverAgent.lnk - C:\Program Files\eSupport.com\driveragent\DriverAgent.exe
C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\Aldemir\AppData\Roaming\Spotify\spotify.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\Uninstall.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk - C:\Program Files\DVD Maker\DVDMaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk - C:\Windows\system32\mblctr.exe /open
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk - C:\Windows\system32\NetProj.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\Windows\system32\SnippingTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk - C:\Program Files\Windows Journal\Journal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk - C:\Windows\system32\secpol.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira.lnk - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\CCCP Settings.lnk - C:\Program Files\Combined Community Codec Pack\CCCP-Settings.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\CCCP Uninstall.lnk - C:\Program Files\Combined Community Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Media Player Classic Home Cinema.lnk - C:\Program Files\Combined Community Codec Pack\MPC\mpc-hc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\Haali Media Splitter Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\Haali\Splitter.ax",Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Audio Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVAudio.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Splitter Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVSplitter.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Video Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVVideo.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\VSFilter Configuration.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\vsfilter.dll",DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Edit CPU-Z Config File.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Ajuda do Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\Doc\pt-BR\PURE\context.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Contrato de Licença do Usuário Final.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Remover o Kaspersky PURE 3.0.lnk - C:\Windows\System32\msiexec.exe /i{D0702EE9-9DE4-419A-9C6C-4730B1C985BA} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Visitar a Kaspersky Lab na Web.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\kl.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Universal Print Driver 2.lnk - C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Uninstall Samsung Printer Software.lnk - C:\Windows\TotalUninstaller.exe /REMOVE_ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2013\Watchtower Library 2013 - Português.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe --profile-directory=Default
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=177 folders=38 10745612 bytes)

==== Empty Temp Folders ======================

C:\Users\Aldemir\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Aldemir\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 30/11/2014 at 19:25:36,91 ======================
Aldemir007
Aldemir007
Iniciante
Iniciante

Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014

Ir para o topo Ir para baixo

se malweres invadiram como resolve-los ? Empty Re: se malweres invadiram como resolve-los ?

Mensagem por joram Dom 30 Nov 2014, 19:55

Boa Noite! Aldemir007

[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]

> Abra a ferramenta AdwCleaner e clique em "Desinstalar".
> Confirme a solicitação!

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >

> Salve-o no desktop!
> Desabilite seu antivírus e execute o arquivo esetsmartinstaller_enu.exe <<
> Aceite o contrato e marque: "YES, I accept the Terms of Use"
> Clique: "Start"

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]


> Em "Computer scan settings",marque:

<*> Enable detection of potentially unwanted applications

> Em "Hide advanced settings",marque:

<1> Scan archives
<2> Scan for potentially unsafe applications
<3> Enable Anti-Stealth technology
<4> Remove found threats

> Clique em "Advanced settings".
> Clique "Change" e marque a caixa "Computador".
> Clique: "Start" >> Aguarde! ( Pode durar algumas horas,esse scan... )
> Ao concluir,clique em "List of found threats".
> Clique em "Export to text file" e salve o relatório no desktop.
> Clique "Back" >> "Finish".
> Poste o relatório!

A+
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

se malweres invadiram como resolve-los ? Empty Re: se malweres invadiram como resolve-los ?

Mensagem por Aldemir007 Dom 30 Nov 2014, 21:23

olá, boa noite Joram

eis o log

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8f9c85e42f7e9f41b0818cd157fa818b
# engine=21335
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-30 11:04:12
# local_time=2014-11-30 09:04:12 (-0300, Horário brasileiro de verão)
# country="Brazil"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky PURE 3.0'
# compatibility_mode=1289 16777214 100 100 0 108705920 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 168937043 0 0
# scanned=96397
# found=2
# cleaned=2
# scan_time=2032
sh=02A40E3489799CCA06F3793FFCB9225E65F53601 ft=1 fh=fdeeb0affd325f87 vn="MSIL/FakeTool.PS trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Adware-Removal-Tool\ARTP3.exe"
sh=6C80960C1A22EAB46631C396FBC384B29851A96B ft=1 fh=2f90599b91622924 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Aldemir\Downloads\aida64extreme400.exe"
Aldemir007
Aldemir007
Iniciante
Iniciante

Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014

Ir para o topo Ir para baixo

se malweres invadiram como resolve-los ? Empty Re: se malweres invadiram como resolve-los ?

Mensagem por joram Dom 30 Nov 2014, 21:49

Boa Noite! Aldemir007

> Vamos remover as ferramentas que foram utilizadas na desinfecção!

> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... de Xplode )

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Estando na página,clique em Download Now
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.

[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]

> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema

> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Tudo Ok?

A+
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

se malweres invadiram como resolve-los ? Empty Re: se malweres invadiram como resolve-los ?

Mensagem por Aldemir007 Dom 30 Nov 2014, 22:57

Oi Joram! Boa noite
Meu Deus, EU acesso meu e-mail, imagens,  E-books

O e-mail está Ok!


não é boa noite
É Bela Noite


Segue o relatório para finalizar

Deus lhe pague

Caso resolvido parceiro
Valeu
sinta-se satisfeito com seu trabalho porque eu estou nas nuvens
abraços   se malweres invadiram como resolve-los ? 547673
Muito Obrigado!

# DelFix v10.8 - Relatório criado 30/11/2014 às 22:00:40
# Atualizado 29/07/2014 por Xplode
# Usuário : Aldemir - ALDEMIR-PC
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)

~ Removendo ferramentas de desinfecção ...

Removido : C:\zoek_backup
Removido : C:\Users\Aldemir\AppData\Roaming\ZHP
Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Removido : C:\Program Files\ZHPDiag
Removido : C:\PhysicalDisk0_MBR.bin
Removido : C:\zoek-results.log
Removido : C:\zoek-results2014-11-30-210928.log
Removido : C:\Users\Aldemir\Desktop\log 2.txt
Removido : C:\Users\Aldemir\Desktop\log.txt
Removido : C:\Users\Aldemir\Desktop\ZHPDiag.lnk
Removido : C:\Users\Aldemir\Desktop\ZHPDiag.txt
Removido : C:\Users\Aldemir\Desktop\ZHPFix.lnk
Removido : C:\Users\Aldemir\Desktop\ZHPFixReport.txt
Removido : C:\Users\Aldemir\Downloads\esetsmartinstaller_enu.exe
Removido : C:\Users\Aldemir\Downloads\remover-istart-webssearches-com-17143-neergc.pdf
Removido : C:\Users\Aldemir\Downloads\ZHPDiag2.exe
Removido : C:\Users\Aldemir\Downloads\zoek (1).zip
Removido : C:\Users\Aldemir\Downloads\zoek (2).zip
Removido : C:\Users\Aldemir\Downloads\zoek.exe
Removido : C:\Users\Aldemir\Downloads\zoek.zip
Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Criando backup do registro ... OK

~ Limpando pontos da restauração do sistema ...

Removido : RP #22 [Windows Update | 11/20/2014 17:30:48]
Removido : RP #23 [Ponto de Verificação Agendado | 11/28/2014 20:34:06]
Removido : RP #24 [Windows Update | 11/30/2014 13:42:45]
Removido : RP #26 [ZHPFix Restore System Point | 11/30/2014 20:11:58]
Removido : RP #28 [ZHPFix Restore System Point | 11/30/2014 20:26:40]
Removido : RP #30 [ZHPFix Restore System Point | 11/30/2014 20:28:15]
Removido : RP #31 [zoek.exe restore point | 11/30/2014 20:54:31]

Novo ponto de restauração criado !

########## - EOF - ##########
Aldemir007
Aldemir007
Iniciante
Iniciante

Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014

Ir para o topo Ir para baixo

se malweres invadiram como resolve-los ? Empty Re: se malweres invadiram como resolve-los ?

Mensagem por joram Dom 30 Nov 2014, 23:04

Caso Resolvido

Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.

_________________
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> O que há de melhor,para desinfectar seu computador!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> Não deixem de conhecer!
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >> Tradição em informática!
joram
joram
Administrador
Administrador

Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Ir para o topo Ir para baixo

se malweres invadiram como resolve-los ? Empty Re: se malweres invadiram como resolve-los ?

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Ir para o topo Ir para baixo

Ir para o topo

- Tópicos semelhantes

 
Permissões neste sub-fórum
Não podes responder a tópicos