Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Andre Daumas

[Resolvido] &nbspBytes Enviados

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

Andre Daumas    0

Andre Daumas
Postado

Tem 2 Lá..

 

 

========== OTL ==========
Use Chrome's Settings page to remove the default_search_provider items.
C:\Windows\zoek-delete.exe moved successfully.
C:\Users\André\AppData\Roaming\Baidu\Baidu Antivirus folder moved successfully.
C:\Users\André\AppData\Roaming\Baidu folder moved successfully.
C:\Users\André\AppData\Roaming\Baidu Security\PC Faster\3.2.0.21\Uninstall\Baidu PC Faster Uninstall HK\0 folder moved successfully.
C:\Users\André\AppData\Roaming\Baidu Security\PC Faster\3.2.0.21\Uninstall\Baidu PC Faster Uninstall HK folder moved successfully.
C:\Users\André\AppData\Roaming\Baidu Security\PC Faster\3.2.0.21\Uninstall\Baidu PC Faster Uninstall\0 folder moved successfully.
C:\Users\André\AppData\Roaming\Baidu Security\PC Faster\3.2.0.21\Uninstall\Baidu PC Faster Uninstall folder moved successfully.
C:\Users\André\AppData\Roaming\Baidu Security\PC Faster\3.2.0.21\Uninstall folder moved successfully.
C:\Users\André\AppData\Roaming\Baidu Security\PC Faster\3.2.0.21\Run\Disable folder moved successfully.
C:\Users\André\AppData\Roaming\Baidu Security\PC Faster\3.2.0.21\Run folder moved successfully.
C:\Users\André\AppData\Roaming\Baidu Security\PC Faster\3.2.0.21\RpData folder moved successfully.
C:\Users\André\AppData\Roaming\Baidu Security\PC Faster\3.2.0.21\PopMsg folder moved successfully.
C:\Users\André\AppData\Roaming\Baidu Security\PC Faster\3.2.0.21 folder moved successfully.
C:\Users\André\AppData\Roaming\Baidu Security\PC Faster\1.18.0.25\RpData folder moved successfully.
C:\Users\André\AppData\Roaming\Baidu Security\PC Faster\1.18.0.25 folder moved successfully.
C:\Users\André\AppData\Roaming\Baidu Security\PC Faster folder moved successfully.
C:\Users\André\AppData\Roaming\Baidu Security folder moved successfully.
C:\Users\André\AppData\Roaming\BANDISOFT\BANDICAM folder moved successfully.
C:\Users\André\AppData\Roaming\BANDISOFT folder moved successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 07272013_201901

 

 

 

 

========== OTL ==========
Use Chrome's Settings page to remove the default_search_provider items.
File C:\Windows\zoek-delete.exe not found.
Folder C:\Users\André\AppData\Roaming\Baidu\ not found.
Folder C:\Users\André\AppData\Roaming\Baidu Security\ not found.
Folder C:\Users\André\AppData\Roaming\BANDISOFT\ not found.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 07272013_202219


Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

:seta: Baixe o http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix'>DelFix (...de Xplode) e salve-o no Desktop (Área de Trabalho)

*Execute-o e clique [Run]

*Cole o relatório apresentado

 

 

:seta: Baixe o http://dl.surfright.nl/HitmanPro_x64.exe'>HitmanPro

*Clique com o botão direito do mouse no HitmanPro e selecione Executar como administrador

*Clique [Próximo], aceite o contrato, clique [Próximo] > [Próximo] e aguarde o término

*Clique [Próximo] > Guardar Relatório e salve no Desktop

*Feche o programa e cole o relatório

Compartilhar este post

Link para o post
Compartilhar em outros sites

Andre Daumas    0

Andre Daumas
Postado

Cole o relatório apresentado

 

 

# DelFix v10.4 - Logfile created 27/07/2013 at 20:44:46
# Updated 19/07/2013 by Xplode
# Username : André - ANDRÉ-PC
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\_OTL
Deleted : C:\Users\André\Downloads\AdwCleaner.exe
Deleted : C:\Users\André\Downloads\Extras.Txt
Deleted : C:\Users\André\Downloads\HiJackThis.exe
Deleted : C:\Users\André\Downloads\OTL.Txt
Deleted : C:\Users\André\Downloads\OTL.exe
Deleted : HKLM\SOFTWARE\OldTimer Tools

########## - EOF - ##########

 

 

 

 

*Feche o programa e cole o relatório

 

 

HitmanPro 3.7.6.201
www.hitmanpro.com

   Computer name . . . . : ANDRÉ-PC
   Windows . . . . . . . : 6.1.1.7601.X64/2
   User name . . . . . . : André-PC\André
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Trial (30 days left)

   Scan date . . . . . . : 2013-07-27 20:50:18
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 2m 16s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No

   Threats . . . . . . . : 10
   Traces  . . . . . . . : 203

   Objects scanned . . . : 1.020.114
   Files scanned . . . . : 15.470
   Remnants scanned  . . : 267.368 files / 737.276 keys

Malware _____________________________________________________________________

   C:\Users\André\Downloads\CheatEngine63.exe -> Quarantined
      Size . . . . . . . : 158.168 bytes
      Age  . . . . . . . : 1.9 days (2013-07-25 22:40:40)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : 35625FA5DC918201A0A5C82CC32E5BC0B7E52656CC074F56A8803E352AFEDE8D
      RSA Key Size . . . : 2048
      Authenticode . . . : Valid
    > Emsisoft . . . . . : Adware.Win32.Somoto.AMN!A2
      Fuzzy  . . . . . . : 109.0
      Forensic Cluster
         -2.7s C:\Users\André\Downloads\CheatEngine63.exe
         -2.7s C:\Users\André\Downloads\CheatEngine63.exe
         -2.7s C:\Users\André\Downloads\CheatEngine63.exe
         -2.7s C:\Users\André\Downloads\CheatEngine63.exe
         -2.7s C:\Users\André\Downloads\CheatEngine63.exe
         -2.7s C:\Users\André\Downloads\CheatEngine63.exe
         -2.7s C:\Users\André\Downloads\CheatEngine63.exe


Suspicious files ____________________________________________________________

   C:\Program Files (x86)\Ares\Ares.exe
      Size . . . . . . . : 916.480 bytes
      Age  . . . . . . . : 58.4 days (2013-05-30 11:43:48)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : DC482DF429390340922618591693647786FC0823699CD38309066C4D81313F5B
      Product  . . . . . : Ares p2p for windows
      Publisher  . . . . : Ares Development Group
      Description  . . . : Ares p2p for windows
      Version  . . . . . : 2.2.4.3048
      Copyright  . . . . : GPL product
      Parent Name  . . . : C:\Windows\Explorer.EXE
      Running processes  : 2392
      Fuzzy  . . . . . . : 23.0
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         This program is actively listening for inbound network connections.
         Program is running but currently exposes no human-computer interface (GUI).
         Uses the Windows Registry to run each time the user logs on.
         Program starts automatically without user intervention.
         The file is in use by one or more active processes.
      Startup
         HKU\S-1-5-21-2660630844-4226241019-1987444963-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ares
      References
         C:\Users\André\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Ares.lnk
         C:\Users\Public\Desktop\Ares.lnk
         HKU\S-1-5-21-2660630844-4226241019-1987444963-1000\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache\C:\program files (x86)\ares\ares.exe
      Network Ports
         0.0.0.0:45292    


Potential Unwanted Programs _________________________________________________

   HKU\S-1-5-21-2660630844-4226241019-1987444963-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)

Cookies _____________________________________________________________________

   C:\Users\André\AppData\Roaming\Microsoft\Windows\Cookies\4037R84F.txt
   C:\Users\André\AppData\Roaming\Microsoft\Windows\Cookies\48V4YDHD.txt
   C:\Users\André\AppData\Roaming\Microsoft\Windows\Cookies\4EARIM9G.txt
   C:\Users\André\AppData\Roaming\Microsoft\Windows\Cookies\9OSIP32R.txt
   C:\Users\André\AppData\Roaming\Microsoft\Windows\Cookies\AG3HEV2B.txt
   C:\Users\André\AppData\Roaming\Microsoft\Windows\Cookies\MVU0V7KJ.txt
   C:\Users\André\AppData\Roaming\Microsoft\Windows\Cookies\S8O5T576.txt
   C:\Users\André\AppData\Roaming\Microsoft\Windows\Cookies\XQGC8QL9.txt
   C:\Users\André\AppData\Roaming\Microsoft\Windows\Cookies\ZAFMGZ3E.txt

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

O PC está limpo.

 

Caso o problema persista, não tem relação com malwares. Porém, poderemos fazer um teste de DNS.

 

 

:seta: Delete o DelFix e o arquivo C:\DelFix.txt

 

 

:seta: Desinstale o HitmanPro e delete seu relatório

 

 

Informe

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

:seta: Baixe o DNS Angel e extraia para o Desktop

 

*Execute-o e clique [Open DNS Family]

 

 

Veja se consegue.

 

Caso não seja possível, pode ser problema no servidor.

 

O PC está limpo.

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

:seta: Execute o DNS Angel e clique [Restore DNS]

 

 

Um abraço...:bye:

Compartilhar este post

Link para o post
Compartilhar em outros sites

wings    22

wings
Postado

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito