Publicado em 13 de set.

[Arquivado] Pc Estranho suspeita de vírus.

Estou com uma suspeita de vírus meu pc bugo tudo ta todo bugado .

/applications/core/interface/imageproxy/imageproxy.php?img=http://i.imgur.com/MOgdv8w.jpg&key=7f12bbd4783e17e89a5a7471de514919f8b8028c79925348683ac981604886dc" alt="MOgdv8w.jpg" />

LOG

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:07:13, on 13/09/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16686)

Boot mode: Normal

Running processes:

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe

C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe

C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Program Files\NVIDIA Corporation\Display\nvtray.exe

C:\Program Files\Pando Networks\Media Booster\PMB.exe

C:\Program Files\NetLimiter 3\NLClientApp.exe

C:\Windows\System32\rundll32.exe

C:\Program Files\Google\Drive\googledrivesync.exe

C:\Users\Uw34\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Game_Maker8\Game_Maker.exe

C:\Users\Uw34\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Uw34\Downloads\avira_free_antivirus.exe

C:\Users\Uw34\AppData\Local\Temp\RarSFX1\avwebloader.exe

C:\Users\Uw34\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Program Files\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll

O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Nvtmru] "C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"

O4 - HKLM\..\Run: [baidu PC Faster 3.7.0.0] "C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFaster.exe" -auto -start

O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files\Google\Drive\googledrivesync.exe" /autostart

O4 - HKCU\..\Run: [Pando Media Booster] C:\Program Files\Pando Networks\Media Booster\PMB.exe

O4 - HKCU\..\Run: [NetLimiter] C:\Program Files\NetLimiter 3\NLClientApp.exe /tray

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-21-3640838350-204677502-3141077289-1001\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')

O4 - HKUS\S-1-5-21-3640838350-204677502-3141077289-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

O4 - Startup: Baidu PC Faster Uninstall 3.4.0.16.lnk = C:\Windows\System32\rundll32.exe

O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000

O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll

O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll

O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\windows\system32\sslsp104.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL

O20 - AppInit_DLLs: C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: CLHNServiceForPowerDVD - Unknown owner - C:\Program Files\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe

O23 - Service: CyberLink PowerDVD 11.0 Monitor Service - CyberLink - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe

O23 - Service: CyberLink PowerDVD 11.0 Service - CyberLink - C:\Program Files\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe

O23 - Service: DeviceMonitorService - Nero AG - C:\Program Files\Motorola Media Link\Lite\NServiceEntry.exe

O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbguard.exe

O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - Firebird Project - C:\Program Files\Firebird\Firebird_2_5\bin\fbserver.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe

O23 - Service: Hotspot Shield Service (hshld) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\bin\cmw_srv.exe

O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE

O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe

O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe

O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe

O23 - Service: MotoHelper Service (MotoHelper) - Unknown owner - C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe

O23 - Service: NetLimiter 3 Service (nlsvc) - Locktime Software - C:\Program Files\NetLimiter 3\nlsvc.exe

O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe

O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe

O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe

O23 - Service: Baidu PC Faster Service 3.7.0.0 (PCFasterSvc_{PCFaster_3.7.0.0}) - Baidu Inc. - C:\Program Files\Baidu Security\PC Faster\3.7.0.0\PCFasterSvc.exe

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Riverbed Technology, Inc. - C:\Program Files\WinPcap\rpcapd.exe

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

End of file - 10161 bytes

Discussão (4)

Entre ou cadastre-se para participar da discussão

Entrar Criar conta

DigRam· 13 de set.

Boa Tarde! DanielPadilha

|- Desinstale: < Baidu PC Faster >

-/-

|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Logo2_zps580bcd78.jpg&key=71530441ef1621c6398a69f0f5fae6f7f5c87897579baf8487ec306c4e109626" alt="AdwCleaner_Logo2_zps580bcd78.jpg" /> > ( ... par Xplode )

|- Ao acessar,clique na imagem: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Tlcharger.jpg&key=2319bbcd35144166c25768473f26c7f193a7ab5036b9479bd1465d8257d6f6b2" alt="AdwCleaner_Tlcharger.jpg" /> >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/advz4z8Y.jpg&key=d014b7c10974863cb53eb98c621165d7bed35f01f9fe6800257605fc7dc58eba" alt="advz4z8Y.jpg" />

|- Ps: Dê início à ferramenta,clicando em "Scan".
|- Clique "Clean",caso fique disponível,para cada guia acessada em "Results".

|- Clique nas setinhas laterais,para ter acesso às guias "Firefox" ou "Chrome". < /applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/adegUsFH.jpg&key=ef53dc375b32e51edfe8be3fb665ac1d1d329ed87e36faabbee8595cb37320b8" alt="adegUsFH.jpg" /> >
|- Ao concluir,clique "Report".

< C:\AdwCleaner\AdwCleaner[s0].txt > ou < C:\AdwCleaner\AdwCleaner[s1].txt > ;S2, S3;...

|- Poste todos os relatórios que estarão em C:\AdwCleaner <<

A+

DanielPadilha· 14 de set.

AdwCleaner v3.003 - Relatório criado 14/09/2013 no 09:14:52

Atualizado 07/09/2013 por Xplode

Sistema Operacional : Windows 7 Ultimate Service Pack 1 (32 bits)

Usuário : Uw34 - UW34-PC

Executando de : C:\Users\Uw34\Desktop\AdwCleaner.exe

Opção : Examinar

*** [ Serviços ] ***

*** [ Arquivos / Pastas ] ***

*** [ Atalhos ] ***

*** [ Registro ] ***

Chave Encontrada : HKCU\Software\Softonic

*** [ Navegadores ] ***

-\\ Internet Explorer v10.0.9200.16686

-\\ Mozilla Firefox v18.0.2 (pt-BR)

[ Arquivo : C:\Users\Uw34\AppData\Roaming\Mozilla\Firefox\Profiles\qtoffw9r.default\prefs.js ]

-\\ Google Chrome v

[ Arquivo : C:\Users\Uw34\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [13927 octets] - [13/09/2013 11:21:19]

AdwCleaner[R1].txt - [863 octets] - [14/09/2013 09:14:52]

AdwCleaner[s0].txt - [11642 octets] - [13/09/2013 11:22:30]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [983 octets] ##########

DigRam· 14 de set.

Boa Noite! DanielPadilha

|- Procure este relatório em seu PC: AdwCleaner[S0].txt - [11642 octets] - [13/09/2013 11:22:30]

|- Caso o encontre,poste-o em sua resposta.

|- Baixe: < ZHPDiag2.exe > < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/NicolasCoolman.jpg&key=31eaca9d787a5cb7b785eaca882cfe95bdd41bfffaf35086b6e7ecf044ef83cf" alt="NicolasCoolman.jpg" /> > ( ... de Nicolas Coolman )

|- Salve-o no disco local! ( C ou D )

|- Execute o ícone do pergaminho. ( ZHPDiag )

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/abynh7jv.jpg&key=ee7d09348473b69422ef5ab11ff0d2d086965ec987da7749e85df564d187958c" alt="abynh7jv.jpg" />

|- Clique: "CONFIGURE"

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPDiag_Options2_zps5a090bf7.jpg&key=269ede7850f894bdb202345a802babedd4bd051961394ac9c4b64b6e0cabe0fb" alt="ZHPDiag_Options2_zps5a090bf7.jpg" />

|- Clique: "Options" >> "All" >> OK

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPDiag_FullAnalysis_zps60157826.jpg&key=9a3e7b46c42cf532cd8868e36df357452e71710372d1c3194e82d5d315a29c4e" alt="ZHPDiag_FullAnalysis_zps60157826.jpg" />

|- Clique: "CONFIGURE" >> "Full Analysis"

|- Aguarde a conclusão!

|- Caso ocorra travamentos e não possa obter o log,aborte a verificação completa e faça a customizada.

|- Volte a janela principal da ferramenta.

/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/adcYraWj.jpg&key=b2552a4f5897e0c5956bacf7e42705af1284fe6525a19929f57781f15169a5f3" alt="adcYraWj.jpg" />

|- Clique "SEARCH" e aguarde a conclusão!

|- Ou clique "Options" >> "None".

/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/ZHPDiag_AdditionalScan_zps21f11520.jpg&key=bcab741827ec6a811f27dcac4f05e08cbb599ed6a4dae592add724dd43cc9ca5" alt="ZHPDiag_AdditionalScan_zps21f11520.jpg" />

|- Marque,apenas,a opção "Additional Scan (O88)".

~ Unselected Option:

O1,039,O40,O41,O42,O43,O44,O45,O46,O47,

O48,O49,O50,O51,O52,O53,O54,O55,O56,O57,

O58,O59,O60,O61,O62,O63,O64,O65,O66,O67,

O68,O69,O80,O81,O82,O83,O84,O85,O86,O87,

O89,O90,O91,O92

####

|- Desta forma,estas opções serão desabilitadas!

/applications/core/interface/imageproxy/imageproxy.php?img=http://i39.servimg.com/u/f39/11/05/93/83/zhpdia11.png&key=cd2bcbee7ecda71a202f64af97b2896faaf1bddc4af00b80af5b456d12007af6" alt="zhpdia11.png" />

|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )

|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> >

|- Maiores informações: < |Link| >

A+

DigRam· 14 de out.

Tópico Arquivado

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.