[Resolvido] Computador cheio daqueles vírus padrões de internet.

1sefirot1 · Maio 25, 2014

Larguei meu notebook sem senha por uma semana aqui em casa, para utilização pela parte da família, e o resultado nao poderia ser outro: Está infestado de malwares. Browser travando a todo tempo, páginas de busca padrão, etc etc etc..

Gostaria de postar o log aqui para os senhores me ajudassem a ver o q esta acontecendo. Segue o log:

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 12:38:03, on 25/05/2014

Platform: Unknown Windows (WinNT 6.02.1008)

MSIE: Internet Explorer v10.0 (10.00.9200.16537)

Boot mode: Normal

Running processes:

C:\Users\Gustavo\Downloads\BitTorrent.exe

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe

C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites02_14_20_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0CtDtAyE0A0E0DyCtD0FtN0D0Tzu0SzzyCtAtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0CtDtCzz0DyDzztG0DyByCtBtG0A0C0B0BtGtDtByD0DtGyC0B0EzyzytBzyyC0A0F0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0EyE0EtB0A0CtCtG0ByByEyDtGtD0D0B0DtGtAzz0E0FtGtAzzyEyEtB0F0E0FzztAtCzz2Q&cr=1171445982&ir=

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearchdial.com/?f=1&a=dsites02_14_20_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0CtDtAyE0A0E0DyCtD0FtN0D0Tzu0SzzyCtAtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0CtDtCzz0DyDzztG0DyByCtBtG0A0C0B0BtGtDtByD0DtGyC0B0EzyzytBzyyC0A0F0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0EyE0EtB0A0CtCtG0ByByEyDtGtD0D0B0DtGtAzz0E0FtGtAzzyEyEtB0F0E0FzztAtCzz2Q&cr=1171445982&ir=

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Quiknowledge - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files (x86)\Quiknowledge\IE\QuiknowledgeClientIE.dll

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O2 - BHO: webget - {dc264a72-fa75-4948-b881-ea8eff8e5dd2} - C:\Program Files (x86)\webget\webgetbho.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [baidu Antivirus] "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" -auto

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\daemon\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - Startup: GameRanger.lnk = Gustavo\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe

O23 - Service: Baidu Hips Service (BHipsSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Quiknowledge Client Service (qksvc) - Quiknowledge - C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--

End of file - 9770 bytes

DigRam · Maio 26, 2014

Boa Noite! Gsbad

|- Baixe: <

> ( ... by Oleg N. Scherbakov )

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Para Windows 7 e 8,clique direito em JRT.exe e execute-o ...

|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

-/-

|- Baixe: <

> ( ... par Xplode )

|- Ao acessar,clique na imagem: <

>

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como

|- Ps: Dê início ao scan,clicando em "Examinar".

|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.

|- Copie o log ou clique "Relatório".

|- Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

Abs!

1sefirot1 · Maio 27, 2014

Segue os logs

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.1.4 (04.06.2014:1)

OS: Windows 8 x64

Ran by Gustavo on 26/05/2014 at 22:40:17,47

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3336594925-1444484530-2665733283-1001\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mysearchdial

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}

~~~ Files

~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\baidu"

Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"

Successfully deleted: [Folder] "C:\Users\Gustavo\AppData\Roaming\baidu"

Successfully deleted: [Folder] "C:\Users\Gustavo\AppData\Roaming\mysearchdial"

Successfully deleted: [Folder] "C:\Program Files (x86)\mysearchdial"

Successfully deleted: [Folder] "C:\Program Files (x86)\quiknowledge"

~~~ FireFox

Successfully deleted: [File] C:\Users\Gustavo\AppData\Roaming\mozilla\firefox\profiles\pvngbors.default\user.js

Successfully deleted: [File] C:\Users\Gustavo\AppData\Roaming\mozilla\firefox\profiles\pvngbors.default\searchplugins\mysearchdial.xml

Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com"

Successfully deleted: [Folder] C:\Users\Gustavo\AppData\Roaming\mozilla\firefox\profiles\pvngbors.default\extensions\staged

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\quiknowledge@quiknowledge.com

Successfully deleted the following from C:\Users\Gustavo\AppData\Roaming\mozilla\firefox\profiles\pvngbors.default\prefs.js

user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites02_14_20_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0CtDtAyE0A0E0DyCtD0FtN0D0Tzu0SzzyCtAtN1L2XzutBtFtB

user_pref("browser.search.selectedEngine", "Mysearchdial");

~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on 26/05/2014 at 23:05:52,55

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

AdwCleaner.txt:

# AdwCleaner v3.211 - Relatório criado 26/05/2014 às 23:09:46

# Atualizado 26/05/2014 por Xplode

# Sistema Operacional : Windows 8 (64 bits)

# Usuário : Gustavo - GUSTAVO-NOTE2

# Executando de : C:\Users\Gustavo\Desktop\adwcleaner_3.211.exe

# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : qknfd

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Program Files (x86)\webget

Pasta Deletada : C:\Program Files\Quiknowledge

Pasta Deletada : C:\Users\Gustavo\AppData\Local\Temp\webget

Pasta Deletada : C:\Users\Gustavo\AppData\Roaming\1H1Q

Pasta Deletada : C:\Users\Public\Documents\baidu

Arquivo Deletada : C:\Windows\Tasks\MySearchDial.job

Arquivo Deletada : C:\Windows\System32\Tasks\MySearchDial

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DC264A72-FA75-4948-B881-EA8EFF8E5DD2}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC264A72-FA75-4948-B881-EA8EFF8E5DD2}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DC264A72-FA75-4948-B881-EA8EFF8E5DD2}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}

Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DC264A72-FA75-4948-B881-EA8EFF8E5DD2}

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}

Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}

Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}

Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}

Chave Deletedo : HKCU\Software\webget

Chave Deletedo : HKCU\Software\AppDataLow\Software

Chave Deletedo : HKLM\Software\webget

Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webget

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16537

Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v25.0 (pt-BR)

[ Arquivo : C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\pvngbors.default\prefs.js ]

-\\ Google Chrome v35.0.1916.114

[ Arquivo : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [startup_urls] : hxxp://start.mysearchdial.com/?f=1&a=dsites02_14_20_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0CtDtAyE0A0E0DyCtD0FtN0D0Tzu0SzzyCtAtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0CtDtCzz0DyDzztG0DyByCtBtG0A0C0B0BtGtDtByD0DtGyC0B0EzyzytBzyyC0A0F0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0EyE0EtB0A0CtCtG0ByByEyDtGtD0D0B0DtGtAzz0E0FtGtAzzyEyEtB0F0E0FzztAtCzz2Q&cr=1171445982&ir=

Deletedo [Homepage] : hxxp://start.mysearchdial.com/?f=1&a=dsites02_14_20_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0CtDtAyE0A0E0DyCtD0FtN0D0Tzu0SzzyCtAtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0CtDtCzz0DyDzztG0DyByCtBtG0A0C0B0BtGtDtByD0DtGyC0B0EzyzytBzyyC0A0F0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0EyE0EtB0A0CtCtG0ByByEyDtGtD0D0B0DtGtAzz0E0FtGtAzzyEyEtB0F0E0FzztAtCzz2Q&cr=1171445982&ir=

Deletedo [Extension] : pflphaooapbgpeakohlggbpidpppgdff

*************************

AdwCleaner[R0].txt - [9053 octets] - [10/12/2013 11:28:22]

AdwCleaner[R1].txt - [4853 octets] - [26/05/2014 23:08:33]

AdwCleaner[s0].txt - [8433 octets] - [10/12/2013 11:29:31]

AdwCleaner[s1].txt - [4132 octets] - [26/05/2014 23:09:46]

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [4192 octets] ##########

DigRam · Maio 27, 2014

Boa Noite! Gsbad

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! <

zoek.exe >

|- Salve-o e descompacte-o para o desktop!

|- Estarão disponíveis: zoek.com, zoek.scr, zoek.pif e zoek.exe

|- Desabilite seu antivírus!

|- Para Windows 7,execute zoek.exe como administrador.

hijackthis;

iedefaults;

chromelook;

shortcutfix;

autoclean;

emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.

|- Clique "Run Script".

Zoek.exe is running now.

Do not start any browser windows, they will be closed automatically.

Please wait! This window will close when finished.

A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o surgimento do relatório.

|- Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.

Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.

|- Poste o relatório,que estará em C:\zoek-results.txt <<

Abs!

1sefirot1 · Maio 28, 2014

Zoek.exe v5.0.0.0 Updated 22-05-2014

Tool run by Gustavo on 27/05/2014 at 21:05:55,76.

Microsoft Windows 8 6.2.9200 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Gustavo\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

27/05/2014 21:07:02 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3336594925-1444484530-2665733283-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Deleting Files \ Folders ======================

C:\PROGRA~3\Baidu deleted

C:\windows\SysNative\tasks\Baidu Antivirus Update deleted

C:\Users\Gustavo\AppData\Roaming\unins000.exe deleted

C:\Users\Gustavo\AppData\Roaming\unins001.exe deleted

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" [10/01/2014 17:04]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\pvngbors.default

- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

- Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi

- leethax.net extension - %ProfilePath%\extensions\leethax@leethax.net.xpi

- webget - %ProfilePath%\extensions\{9edd0ea8-2819-47c2-8320-b007d5996f8a}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\pvngbors.default

29B5096C332ECE24A72024212A2282EF - C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal

FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Gustavo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

B52EFEC8EEF9A7809376795ED3699826 - C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil

6405D35B002039122117B4EAD3EDD8BD - C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal

==== Chrome Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

nnjbodopomfddehlalfilheomcahbpei - C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[10/01/2014 17:04]

pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[24/05/2014 09:30]

GBBD Banco do Brasil - Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp

Google Wallet - Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

GBBD Caixa Economica Federal - Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei

GBBD Banco do Brasil - Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh

==== Set IE to Default ======================

Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU

New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== shortcuts on Users Desktops ======================

C:\Users\Gustavo\Desktop\bkp\fotos face\fotos\Favoritos - Atalho.lnk -

C:\Users\Gustavo\Desktop\bkp\Fotos mae\Favoritos - Atalho.lnk -

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bav.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Uninstall.lnk - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Uninstall.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft.lnk - C:\Program Files (x86)\Minecraft\Minecraft.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft\Uninstall.lnk - C:\Program Files (x86)\Minecraft\uninstall.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer\Console do Trusteer Endpoint Protection.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer\Encerrar Trusteer Endpoint Protection.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer\Iniciar Trusteer Endpoint Protection.lnk -

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Users\Gustavo\AppData\Roaming\BitTorrent\BitTorrent.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk - C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GameRanger.lnk - C:\Users\Gustavo\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Photoshop CS6 (64 Bit).lnk - C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BitTorrent.lnk - C:\Users\Gustavo\Downloads\BitTorrent.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Libraries

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157