Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14412 usuários registrados
O último usuário registrado atende pelo nome de LucasDrBr

Os nossos membros postaram um total de 35075 mensagens em 3551 assuntos
Quem está conectado
4 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 4 Visitantes

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Julho 2017
SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
24252627282930
31      

Calendário Calendário

Palavras chave


se malweres invadiram como resolve-los ?

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

se malweres invadiram como resolve-los ?

Mensagem por Aldemir007 em Dom 30 Nov 2014, 11:46

como não consigo acessar meu e-mail estou entrando por uma nova conta!

estava eu lá a vontade querendo assistir filmes
bem, pensei eu: vou baixa-los
tudo bem, ignorei aviso de ante-vírus
pior ainda  baixei, aliás as instalei

pensei existem ferramentas que só podem ser usadas sem antvitus  
para ele não as detectar como ferramentas maliciosas

isto não se aplica neste caso pois:  

paginas começaram  abrindo sem parar
istanstwebsearch sem parar
todos os arquivos pdf e jpg se tornaram Bobrowser

e bobrowser tambem tornou-se meu navegador

estou num exercício pesado    arrancando cabelos affraid


oque fazer agora?! scratch
avatar
Aldemir007
Iniciante
Iniciante

Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014

Voltar ao Topo Ir em baixo

Re: se malweres invadiram como resolve-los ?

Mensagem por joram em Dom 30 Nov 2014, 15:55

Boa Tarde! Aldemir007

> Baixe: < ZHPDiag2.exe >  < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... de Nicolas Coolman )
> Ou aqui! << Link!
> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

[Você precisa estar registrado e conectado para ver esta imagem.]

> Execute o ícone do pergaminho. ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt
> Ps: Como o log será extenso,envie-o à Pjjoint.malekal.

> Ou acesse: < [Você precisa estar registrado e conectado para ver esta imagem.]

> Ou acesse: < MyFile.tk >

> Ou anexe-o |Aqui!| << Link!

> Maiores informações: < |Link| > << Hospedagem!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: se malweres invadiram como resolve-los ?

Mensagem por Aldemir007 em Dom 30 Nov 2014, 17:47

Joram, Muito obrigado por responder!

[Você precisa estar registrado e conectado para ver este link.]
avatar
Aldemir007
Iniciante
Iniciante

Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014

Voltar ao Topo Ir em baixo

Re: se malweres invadiram como resolve-los ?

Mensagem por joram em Dom 30 Nov 2014, 18:03

Boa Tarde! Aldemir007

> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.

Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyCLSID
EmptyTemp
EmptyFlash
[MD5.00000000000000000000000000000000] [APT] [Run_Bobby_Browser] (...) -- C:\Users\Aldemir\AppData\Local\BoBrowser\Application\bobrowser.exe (.not file.)   [0]
O41 - Driver:  (mosfilterdrv) . (. - .) - C:\Windows\System32\drivers\mosfilterdrv.sys (.not file.)
O43 - CFD: 30/11/2014 - 11:14:47 - [0] ----D C:\Program Files\NJax
O45 - LFCP:[MD5.2FF43C5789C5B3BBD290C1D5A7AE2690] - 28/11/2014 - 20:02:12 ---A- - C:\Windows\Prefetch\PENNYBEE.EXE-D7F00502.pf
O45 - LFCP:[MD5.57CA9B12F530E8208019553F270F278E] - 28/11/2014 - 20:02:36 ---A- - C:\Windows\Prefetch\SUPIEPLUGINSERVICEUPDATE.EXE-82CE61E6.pf
O45 - LFCP:[MD5.34157CD22CAB131B1DDF3F9CC439ADA9] - 28/11/2014 - 20:02:35 ---A- - C:\Windows\Prefetch\SUPTAB_V5.8.8.777_NOBLANK_AMY-F33C6925.pf
O45 - LFCP:[MD5.A0F686442A05CA18DB271438D40FA3D3] - 28/11/2014 - 21:03:49 ---A- - C:\Windows\Prefetch\VOPACKAGE.EXE-596B033D.pf
O45 - LFCP:[MD5.307BBF6F0A2C0195FBEC3FFB580523DD] - 28/11/2014 - 20:02:23 ---A- - C:\Windows\Prefetch\WPM_V20.0.0.1277.EXE-DB5CF181.pf
O61 - LFC: 28/11/2014 - 17:31:42 ---A- . (...) -- C:\Users\Aldemir\AppData\Local\Temp\~nsu.tmp\Au_.exe   [33902]
O68 - StartMenuInternet: <BoBrowser.SOZB4B3ATLMK5OEYN2YWYDUQ34> <BoBrowser>[HKLM\..\Shell\open\Command] (...) -- C:\Users\Aldemir\AppData\Local\BoBrowser\Application\bobrowser.exe (.not file.)
sysrestore


> Abra a ferramenta ZHPFix. < [Você precisa estar registrado e conectado para ver esta imagem.] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: se malweres invadiram como resolve-los ?

Mensagem por Aldemir007 em Dom 30 Nov 2014, 18:16

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Aldemir at 30/11/2014 18:28:21
High Elevated Privileges : OK
Windows 7 Business Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (Cancelado pelo utilizador)
Prefetcher vazio

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :

========== Elementos dos dados do Registo ==========
ELIMINÉ: StartMenuInternet: C:\Users\Aldemir\AppData\Local\BoBrowser\Application\bobrowser.exe

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (0)
ELIMINÉ Flash Cookies (0)

========== Ficheiros ==========
ELIMINÉ Temporários windows (1) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
2 : Valores do Registo
1 : Elementos dos dados do Registo
3 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 17s

========== Caminho do ficheiro do relatório ==========
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/11/2014 17:12:24 [1965]
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R2].txt - 30/11/2014 17:26:51 [1442]
C:\Users\Aldemir\AppData\Roaming\ZHP\ZHPFix[R3].txt - 30/11/2014 18:28:32 [1342]
avatar
Aldemir007
Iniciante
Iniciante

Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014

Voltar ao Topo Ir em baixo

Re: se malweres invadiram como resolve-los ?

Mensagem por joram em Dom 30 Nov 2014, 18:42

Boa Noite! Aldemir007

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... by Smeenk )

< [Você precisa estar registrado e conectado para ver esta imagem.] zoek.exe >

> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute zoek.exe como administrador.

autoclean;
emptytemp;
shortcutfix;
chrdefaults;
reset chrome;
emptyCHRcache;
resethosts; 
resetieproxy;
emptyfolderscheck;delete
 

> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script". 

Zoek.exe is running now. 
Do not start any browser windows, they will be closed automatically. 
Please wait! This window will close when finished. 
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

[Você precisa estar registrado e conectado para ver esta imagem.]

> Confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.
> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
> Poste o relatório,que estará em C:\zoek-results.txt << 

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: se malweres invadiram como resolve-los ?

Mensagem por Aldemir007 em Dom 30 Nov 2014, 19:32

Olá Joram, boa noite!

aqui está o relatório:


Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Aldemir on 30/11/2014 at 19:15:57,08.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Aldemir\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-11-30-210928.log 18951 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Users\Aldemir\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [30/11/2014 10:17]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[04/12/2013 19:30]
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[04/12/2013 19:30]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx[04/12/2013 19:26]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx[04/12/2013 19:26]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[04/12/2013 19:30]

WOT - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
AdBlock - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Reset Google Chrome ======================

C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Aldemir\Desktop\AIDA64 Extreme.lnk - C:\Program Files\FinalWire\AIDA64 Extreme\aida64.exe
C:\Users\Aldemir\Desktop\EVEREST Ultimate Edition.lnk - C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Users\Aldemir\Desktop\Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Aldemir\Desktop\Safe Money.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe -hidden safebanking
C:\Users\Aldemir\Desktop\Spotify.lnk - C:\Users\Aldemir\AppData\Roaming\Spotify\spotify.exe
C:\Users\Aldemir\Desktop\Watchtower Library 2013 - Português.lnk -
C:\Users\Aldemir\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\Aldemir\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Avira.lnk - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\Users\Public\Desktop\CPUID CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\Users\Public\Desktop\Find Drivers with DriverAgent.lnk - C:\Program Files\eSupport.com\driveragent\DriverAgent.exe
C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\Aldemir\AppData\Roaming\Spotify\spotify.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\Uninstall.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk - C:\Program Files\DVD Maker\DVDMaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk - C:\Windows\system32\mblctr.exe /open
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk - C:\Windows\system32\NetProj.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\Windows\system32\SnippingTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk - C:\Program Files\Windows Journal\Journal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk - C:\Windows\system32\secpol.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira.lnk - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\CCCP Settings.lnk - C:\Program Files\Combined Community Codec Pack\CCCP-Settings.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\CCCP Uninstall.lnk - C:\Program Files\Combined Community Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Media Player Classic Home Cinema.lnk - C:\Program Files\Combined Community Codec Pack\MPC\mpc-hc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\Haali Media Splitter Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\Haali\Splitter.ax",Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Audio Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVAudio.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Splitter Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVSplitter.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Video Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVVideo.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\VSFilter Configuration.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\vsfilter.dll",DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Edit CPU-Z Config File.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Ajuda do Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\Doc\pt-BR\PURE\context.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Contrato de Licença do Usuário Final.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Remover o Kaspersky PURE 3.0.lnk - C:\Windows\System32\msiexec.exe /i{D0702EE9-9DE4-419A-9C6C-4730B1C985BA} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Visitar a Kaspersky Lab na Web.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\kl.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Universal Print Driver 2.lnk - C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Uninstall Samsung Printer Software.lnk - C:\Windows\TotalUninstaller.exe /REMOVE_ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2013\Watchtower Library 2013 - Português.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe --profile-directory=Default
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=177 folders=38 10745612 bytes)

==== Empty Temp Folders ======================

C:\Users\Aldemir\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Aldemir\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 30/11/2014 at 19:25:36,91 ======================


avatar
Aldemir007
Iniciante
Iniciante

Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014

Voltar ao Topo Ir em baixo

Re: se malweres invadiram como resolve-los ?

Mensagem por Aldemir007 em Dom 30 Nov 2014, 19:39

Oi Joram
lhe enviei o relatório errado

acredito que seja este;


Zoek.exe v5.0.0.0 Updated 29-11-2014
Tool run by Aldemir on 30/11/2014 at 19:15:57,08.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Aldemir\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-11-30-210928.log 18951 bytes

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Empty Folders Check ======================

C:\Users\Aldemir\AppData\Local\VirtualStore deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [30/11/2014 10:17]

==== Firefox Extensions ======================

==== Firefox Plugins ======================


==== Chromium Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[04/12/2013 19:30]
flliilndjeohchalpbbcdekjklbdgfkk - No path found[]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[04/12/2013 19:30]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx[04/12/2013 19:26]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx[04/12/2013 19:26]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[04/12/2013 19:30]

WOT - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp
AdBlock - Aldemir\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}"

==== Reset Google Chrome ======================

C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Aldemir\Desktop\AIDA64 Extreme.lnk - C:\Program Files\FinalWire\AIDA64 Extreme\aida64.exe
C:\Users\Aldemir\Desktop\EVEREST Ultimate Edition.lnk - C:\Program Files\Lavalys\EVEREST Ultimate Edition\everest.exe
C:\Users\Aldemir\Desktop\Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Aldemir\Desktop\Safe Money.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe -hidden safebanking
C:\Users\Aldemir\Desktop\Spotify.lnk - C:\Users\Aldemir\AppData\Roaming\Spotify\spotify.exe
C:\Users\Aldemir\Desktop\Watchtower Library 2013 - Português.lnk -
C:\Users\Aldemir\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\Users\Aldemir\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Avira.lnk - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\Users\Public\Desktop\CPUID CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\Users\Public\Desktop\Find Drivers with DriverAgent.lnk - C:\Program Files\eSupport.com\driveragent\DriverAgent.exe
C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk - C:\Users\Aldemir\AppData\Roaming\Spotify\spotify.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\node-webkit\Popcorn Time.exe .
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Popcorn Time\Uninstall Popcorn Time.lnk - C:\Users\Aldemir\AppData\Local\Popcorn Time\Uninstall.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk - C:\Program Files\DVD Maker\DVDMaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\mip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Mobility Center.lnk - C:\Windows\system32\mblctr.exe /open
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\NetworkProjection.lnk - C:\Windows\system32\NetProj.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk - C:\Windows\system32\SnippingTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk - C:\Windows\system32\StikyNot.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\ShapeCollector.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\ShapeCollector.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\TabTip.lnk - C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk - C:\Program Files\Windows Journal\Journal.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Print Management.lnk - C:\Windows\system32\printmanagement.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Security Configuration Management.lnk - C:\Windows\system32\secpol.msc /s
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira\Avira.lnk - C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe /showMiniGui
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\CCCP Settings.lnk - C:\Program Files\Combined Community Codec Pack\CCCP-Settings.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\CCCP Uninstall.lnk - C:\Program Files\Combined Community Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Media Player Classic Home Cinema.lnk - C:\Program Files\Combined Community Codec Pack\MPC\mpc-hc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\Haali Media Splitter Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\Haali\Splitter.ax",Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Audio Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVAudio.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Splitter Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVSplitter.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\LAV Video Settings.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\LAVFilters\LAVVideo.ax",OpenConfiguration
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Combined Community Codec Pack\Filters\VSFilter Configuration.lnk - C:\Windows\System32\rundll32.exe "C:\Program Files\Combined Community Codec Pack\Filters\vsfilter.dll",DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Edit CPU-Z Config File.lnk - C:\Program Files\CPUID\CPU-Z\cpuz.ini
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID\CPU-Z\Uninstall CPU-Z.lnk - C:\Program Files\CPUID\CPU-Z\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Ajuda do Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\Doc\pt-BR\PURE\context.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Contrato de Licença do Usuário Final.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Kaspersky PURE 3.0.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Remover o Kaspersky PURE 3.0.lnk - C:\Windows\System32\msiexec.exe /i{D0702EE9-9DE4-419A-9C6C-4730B1C985BA} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Visitar a Kaspersky Lab na Web.lnk - C:\Program Files\Kaspersky Lab\Kaspersky PURE 3.0\kl.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Samsung Universal Print Driver 2.lnk - C:\Program Files\Samsung\Samsung Universal Print Driver 2\PrinterSelector\SUPDApp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Printers\Uninstall Samsung Printer Software.lnk - C:\Windows\TotalUninstaller.exe /REMOVE_ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Watchtower Library 2013\Watchtower Library 2013 - Português.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\5d696d521de238c3\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe --profile-directory=Default
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Aldemir\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Aldemir\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Aldemir\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=177 folders=38 10745612 bytes)

==== Empty Temp Folders ======================

C:\Users\Aldemir\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Aldemir\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 30/11/2014 at 19:25:36,91 ======================
avatar
Aldemir007
Iniciante
Iniciante

Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014

Voltar ao Topo Ir em baixo

Re: se malweres invadiram como resolve-los ?

Mensagem por joram em Dom 30 Nov 2014, 19:55

Boa Noite! Aldemir007

[Você precisa estar registrado e conectado para ver esta imagem.]

> Abra a ferramenta AdwCleaner e clique em "Desinstalar".
> Confirme a solicitação!

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] >

> Salve-o no desktop!
> Desabilite seu antivírus e execute o arquivo esetsmartinstaller_enu.exe <<
> Aceite o contrato e marque: "YES, I accept the Terms of Use"
> Clique: "Start"

[Você precisa estar registrado e conectado para ver esta imagem.]


> Em "Computer scan settings",marque:

<*> Enable detection of potentially unwanted applications

> Em "Hide advanced settings",marque:

<1> Scan archives
<2> Scan for potentially unsafe applications
<3> Enable Anti-Stealth technology
<4> Remove found threats

> Clique em "Advanced settings".
> Clique "Change" e marque a caixa "Computador".
> Clique: "Start" >> Aguarde! ( Pode durar algumas horas,esse scan... )
> Ao concluir,clique em "List of found threats".
> Clique em "Export to text file" e salve o relatório no desktop.
> Clique "Back" >> "Finish".
> Poste o relatório!

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: se malweres invadiram como resolve-los ?

Mensagem por Aldemir007 em Dom 30 Nov 2014, 21:23

olá, boa noite Joram

eis o log

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=8f9c85e42f7e9f41b0818cd157fa818b
# engine=21335
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-11-30 11:04:12
# local_time=2014-11-30 09:04:12 (-0300, Horário brasileiro de verão)
# country="Brazil"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Kaspersky PURE 3.0'
# compatibility_mode=1289 16777214 100 100 0 108705920 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 168937043 0 0
# scanned=96397
# found=2
# cleaned=2
# scan_time=2032
sh=02A40E3489799CCA06F3793FFCB9225E65F53601 ft=1 fh=fdeeb0affd325f87 vn="MSIL/FakeTool.PS trojan (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Adware-Removal-Tool\ARTP3.exe"
sh=6C80960C1A22EAB46631C396FBC384B29851A96B ft=1 fh=2f90599b91622924 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Aldemir\Downloads\aida64extreme400.exe"
avatar
Aldemir007
Iniciante
Iniciante

Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014

Voltar ao Topo Ir em baixo

Re: se malweres invadiram como resolve-los ?

Mensagem por joram em Dom 30 Nov 2014, 21:49

Boa Noite! Aldemir007

> Vamos remover as ferramentas que foram utilizadas na desinfecção!

> Baixe: < [Você precisa estar registrado e conectado para ver esta imagem.] > ( ... de Xplode )

[Você precisa estar registrado e conectado para ver esta imagem.]

> Estando na página,clique em Download Now
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.

[Você precisa estar registrado e conectado para ver esta imagem.]

> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema

> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Tudo Ok?

A+
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: se malweres invadiram como resolve-los ?

Mensagem por Aldemir007 em Dom 30 Nov 2014, 22:57

Oi Joram! Boa noite
Meu Deus, EU acesso meu e-mail, imagens,  E-books

O e-mail está Ok!


não é boa noite
É Bela Noite


Segue o relatório para finalizar

Deus lhe pague

Caso resolvido parceiro
Valeu
sinta-se satisfeito com seu trabalho porque eu estou nas nuvens
abraços  
Muito Obrigado!

# DelFix v10.8 - Relatório criado 30/11/2014 às 22:00:40
# Atualizado 29/07/2014 por Xplode
# Usuário : Aldemir - ALDEMIR-PC
# Sistema Operacional : Windows 7 Professional Service Pack 1 (32 bits)

~ Removendo ferramentas de desinfecção ...

Removido : C:\zoek_backup
Removido : C:\Users\Aldemir\AppData\Roaming\ZHP
Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Removido : C:\Program Files\ZHPDiag
Removido : C:\PhysicalDisk0_MBR.bin
Removido : C:\zoek-results.log
Removido : C:\zoek-results2014-11-30-210928.log
Removido : C:\Users\Aldemir\Desktop\log 2.txt
Removido : C:\Users\Aldemir\Desktop\log.txt
Removido : C:\Users\Aldemir\Desktop\ZHPDiag.lnk
Removido : C:\Users\Aldemir\Desktop\ZHPDiag.txt
Removido : C:\Users\Aldemir\Desktop\ZHPFix.lnk
Removido : C:\Users\Aldemir\Desktop\ZHPFixReport.txt
Removido : C:\Users\Aldemir\Downloads\esetsmartinstaller_enu.exe
Removido : C:\Users\Aldemir\Downloads\remover-istart-webssearches-com-17143-neergc.pdf
Removido : C:\Users\Aldemir\Downloads\ZHPDiag2.exe
Removido : C:\Users\Aldemir\Downloads\zoek (1).zip
Removido : C:\Users\Aldemir\Downloads\zoek (2).zip
Removido : C:\Users\Aldemir\Downloads\zoek.exe
Removido : C:\Users\Aldemir\Downloads\zoek.zip
Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Criando backup do registro ... OK

~ Limpando pontos da restauração do sistema ...

Removido : RP #22 [Windows Update | 11/20/2014 17:30:48]
Removido : RP #23 [Ponto de Verificação Agendado | 11/28/2014 20:34:06]
Removido : RP #24 [Windows Update | 11/30/2014 13:42:45]
Removido : RP #26 [ZHPFix Restore System Point | 11/30/2014 20:11:58]
Removido : RP #28 [ZHPFix Restore System Point | 11/30/2014 20:26:40]
Removido : RP #30 [ZHPFix Restore System Point | 11/30/2014 20:28:15]
Removido : RP #31 [zoek.exe restore point | 11/30/2014 20:54:31]

Novo ponto de restauração criado !

########## - EOF - ##########
avatar
Aldemir007
Iniciante
Iniciante

Mensagens : 7
Reputação : 0
Data de inscrição : 30/11/2014

Voltar ao Topo Ir em baixo

Re: se malweres invadiram como resolve-los ?

Mensagem por joram em Dom 30 Nov 2014, 23:04

Caso Resolvido

Necessitando novo auxílio para este computador,basta abrir "Novo Tópico" e relatar o problema.

_________________
Fórum PC Brasil >> O que há de melhor,para desinfectar seu computador!
Fórum SecSecurity >> Não deixem de conhecer!
Fórum iMasters >> Tradição em informática!
avatar
joram
Administrador
Administrador

Mensagens : 3707
Reputação : 415
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro

Voltar ao Topo Ir em baixo

Re: se malweres invadiram como resolve-los ?

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum