Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

isaiaslopes3

[Resolvido] Vírus via pen drive

Recommended Posts

Boa tarde. Fui imprimir uns arquivos numa lan house via pen drive hoje. Quando cheguei em casa e o coloquei no notebbok, ocorreu o problema. Todas as pastas originais foram substituidas por pastas-atalho com o nome original mas com destino para: 'C:\Windows\system32\cmd.exe /c Start wscript.exe 70707\i6d.js &Start EXPLORER.exe'. Além disso, apareceu uma pasta atalho com nome 'vcimporter.vciid'. Somado a isso, a internet começou a ser bloqueada através de um servidor proxy que pedia senha e usuário. Consegui desativar o proxy para poder postar aqui.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:36:25, on 15/08/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16563)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\Oi\Programmer\OiVeloxCheck.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\program files\avira\antivir desktop\ipmGui.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Users\ISAIAS\Desktop\Proteção; Limpadores\HiJackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.upe.br:9000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehCef.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: (no name) - {41564952-412D-5637-00A7-7A786E7484D7} - (no file)
O4 - HKLM\..\Run: [OiVelox] C:\Program Files\Oi\Programmer\OiVeloxCheck.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [49e7] C:\Users\ISAIAS\AppData\Roaming\5ff\49e7.js
O4 - Startup: 1ea5.js
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: http://www.caixa.gov.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{803A8E8F-63A9-4E12-AD24-5FC7651E7FD0}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Serviço de atualização Ask (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Join Air\AssistantServices.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10434 bytes

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! isaiaslopes3

 

|- Baixe: < UsbFix > ( ...de C_XX & El Desaparecido )
|- Estando na página,clique 534784e279c71.png

UsbFix_Limpar_zps9a787a70.jpg
|- Clique "Limpar".
|- Aguarde a conclusão e poste o relatório. ( C:\UsbFix.txt )
Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

############################## | UsbFix V 7.178 | [Limpar]

Usuário: ISAIAS (Administrador) # ISAIAS-PC
Atualizado em 08/08/2014 por El Desaparecido - SosVirus
Começou em 13:29:39 | 15/08/2014

Site : http://www.pt.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Asistencia : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contato : http://www.pt.usbfix.net/contato/

################## | System information |

MB: Sony Corporation (VAIO)
CPU: Intel® Pentium® Dual CPU T3200 @ 2.00GHz
RAM -> [Total : 1914 Mo | Free : 919 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft™ Windows Vista Home Basic (6.0.6002 32-Bit) Service Pack 2
WB: Internet Explorer : 9.00.8112.16421
WB: Mozilla Firefox : 31.0

################## | Security Information |

AS: Malwarebytes Anti-Malware : 2.0.2.1012
FW: Windows Firewall [(!) Não ativo]
SC: Security Center [(!) Não ativo]
WU: Windows Update [Ativo]

################## | Disk Information |

C:\ (%SystemDrive%) -> Disco fixo # 140 Gb (14 Gb livre - 10%) [] # NTFS
H:\ -> Disco removível # 4 Gb (45 Mb livre - 1%) [iSAIASLOPES] # FAT32

################## | Autorun |

H:\RECYCLER.lnk -> H:\70707\i6d.js - (SHA1: 4E52DC82D32C00762496B1DF13D01186CD41C807)
H:\Monografia.lnk -> H:\70707\i6d.js - (SHA1: 4E52DC82D32C00762496B1DF13D01186CD41C807)
H:\Músicas.lnk -> H:\70707\i6d.js - (SHA1: 4E52DC82D32C00762496B1DF13D01186CD41C807)
H:\Patos.lnk -> H:\70707\i6d.js - (SHA1: 4E52DC82D32C00762496B1DF13D01186CD41C807)
H:\MultiBit.lnk -> H:\70707\i6d.js - (SHA1: 4E52DC82D32C00762496B1DF13D01186CD41C807)
H:\Sao Jose.lnk -> H:\70707\i6d.js - (SHA1: 4E52DC82D32C00762496B1DF13D01186CD41C807)
H:\VCImporter.vciid.lnk -> H:\70707\i6d.js - (SHA1: 4E52DC82D32C00762496B1DF13D01186CD41C807)
H:\Condominio.lnk -> H:\70707\i6d.js - (SHA1: 4E52DC82D32C00762496B1DF13D01186CD41C807)
H:\Palestra.lnk -> H:\70707\i6d.js - (SHA1: 4E52DC82D32C00762496B1DF13D01186CD41C807)
H:\Documentos.lnk -> H:\70707\i6d.js - (SHA1: 4E52DC82D32C00762496B1DF13D01186CD41C807)

################## | Procura genérica |

Supprimido! C:\Users\ISAIAS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\1ea5.js
Supprimido! C:\Users\ISAIAS\AppData\Roaming\5ff\49e7.js
Supprimido! C:\Users\ISAIAS\AppData\Roaming\5ff
Supprimido! H:\RECYCLER.lnk
Supprimido! H:\Monografia.lnk
Supprimido! H:\Músicas.lnk
Supprimido! H:\Patos.lnk
Supprimido! H:\MultiBit.lnk
Supprimido! H:\Sao Jose.lnk
Supprimido! H:\VCImporter.vciid.lnk
Supprimido! H:\Condominio.lnk
Supprimido! H:\Palestra.lnk
Supprimido! H:\Documentos.lnk
Supprimido! H:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Supprimido! H:\RECYCLER\S-5-3-42-2819952290-8240758988-879315005-3665
Supprimido! C:\Windows\Tasks\UpdaterEX.job
Supprimido! C:\Users\ISAIAS\AppData\Local\Temp\937e.js
Supprimido! H:\70707\g61.js
Supprimido! H:\70707\i6d.js

(!) Ficheiros temporários suprimido. (8.60347652435303 MB)

################## | Registro |

Supprimido! HKU\S-1-5-21-3892671904-924784273-1446608767-1000\Software\Microsoft\Windows\CurrentVersion\Run|49e7

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [shell] Explorer.exe
F2 - HKLM\..\Winlogon : [userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
04 - HKLM\..\Run : [OiVelox] C:\Program Files\Oi\Programmer\OiVeloxCheck.exe
04 - HKLM\..\Run : [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
04 - HKLM\..\Run : [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKU\HiveTempKey\..\Run : [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\HiveTempKey\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..\Run : [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..\Run : [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

################## | UsbFix - Informação |

Info :


Info : Atalho vírus no disco flash, que é isso?

################## | Hijack |

Restorado! [D] H:\Monografia
Restorado! [D] H:\Músicas
Restorado! [D] H:\70707
Restorado! [D] H:\Patos
Restorado! [D] H:\MultiBit
Restorado! [D] H:\VCImporter.vciid
Restorado! [D] H:\Condominio
Restorado! [D] H:\Sao Jose
Restorado! [D] H:\Palestra
Restorado! [D] H:\Documentos

################## | C:\ %SystemDrive% - Disco fixo (NTFS) |

[07/11/2007 - 08:00:40 | A | 17 Ko] - C:\eula.1040.txt
[07/11/2007 - 08:00:40 | A | 10 Ko] - C:\eula.1033.txt
[07/11/2007 - 08:00:40 | A | 17 Ko] - C:\eula.1028.txt
[07/11/2007 - 08:00:40 | A | 17 Ko] - C:\eula.3082.txt
[07/11/2007 - 08:00:40 | A | 17 Ko] - C:\eula.2052.txt
[07/11/2007 - 08:00:40 | A | 17 Ko] - C:\eula.1042.txt
[07/11/2007 - 08:00:40 | A | 0 Ko] - C:\eula.1041.txt
[07/11/2007 - 08:00:40 | A | 17 Ko] - C:\eula.1036.txt
[07/11/2007 - 08:00:40 | A | 17 Ko] - C:\eula.1031.txt
[14/06/2012 - 14:55:25 | A | 36 Ko] - C:\debug1214.txt
[15/02/2014 - 18:07:37 | A | 1 Ko] - C:\DelFix.txt
[18/09/2006 - 18:43:37 | A | 0 Ko] - C:\config.sys
[06/08/2010 - 23:56:48 | RASH | 0 Ko] - C:\MSDOS.SYS
[06/08/2010 - 23:56:48 | RASH | 0 Ko] - C:\IO.SYS
[15/08/2014 - 11:12:39 | ASH | 2267456 Ko] - C:\pagefile.sys
[15/08/2014 - 11:12:42 | ASH | 1960996 Ko] - C:\hiberfil.sys
[07/11/2007 - 08:12:28 | A | 228 Ko] - C:\VC_RED.MSI
[03/10/2008 - 14:50:11 | A | 0 Ko] - C:\Installer_Setup.log
[03/10/2008 - 15:05:47 | A | 377 Ko] - C:\vcredist_x86.log
[07/11/2007 - 08:00:40 | A | 1 Ko] - C:\install.ini
[07/11/2007 - 08:00:40 | A | 1 Ko] - C:\globdata.ini
[11/02/2014 - 15:41:19 | A | 0 Ko] - C:\AVScanner.ini
[07/11/2007 - 08:03:18 | A | 550 Ko] - C:\install.exe
[07/11/2007 - 08:03:18 | A | 74 Ko] - C:\install.res.2052.dll
[07/11/2007 - 08:03:18 | A | 80 Ko] - C:\install.res.1041.dll
[07/11/2007 - 08:03:18 | A | 93 Ko] - C:\install.res.1040.dll
[07/11/2007 - 08:03:18 | A | 95 Ko] - C:\install.res.1036.dll
[07/11/2007 - 08:03:18 | A | 94 Ko] - C:\install.res.3082.dll
[07/11/2007 - 08:03:18 | A | 75 Ko] - C:\install.res.1028.dll
[07/11/2007 - 08:03:18 | A | 89 Ko] - C:\install.res.1033.dll
[07/11/2007 - 08:03:18 | A | 78 Ko] - C:\install.res.1042.dll
[07/11/2007 - 08:03:18 | A | 94 Ko] - C:\install.res.1031.dll
[15/01/2014 - 21:40:14 | A | 476 Ko] - C:\SecurityScanner.dll
[07/11/2007 - 08:09:22 | A | 1409 Ko] - C:\VC_RED.cab
[07/11/2007 - 08:00:40 | A | 6 Ko] - C:\vcredist.bmp
[15/10/2013 - 19:36:43 | SHD] - C:\$RECYCLE.BIN
[18/09/2006 - 18:43:36 | A | 0 Ko] - C:\autoexec.bat
[03/09/2008 - 16:42:32 | RAS | 8 Ko] - C:\BOOTSECT.BAK
[08/06/2013 - 21:49:57 | D] - C:\DOSBox-0.74
[02/11/2006 - 09:59:44 | SHD] - C:\Documents and Settings
[20/01/2008 - 23:43:50 | D] - C:\PerfLogs
[03/10/2008 - 14:18:23 | RD] - C:\MSOCache
[14/03/2009 - 23:42:06 | D] - C:\Arquivos de programas
[14/03/2009 - 23:45:27 | RD] - C:\Users
[06/04/2009 - 18:57:19 | D] - C:\Click to Disc
[11/04/2009 - 03:36:36 | RASH | 325 Ko] - C:\bootmgr
[03/05/2009 - 13:44:54 | D] - C:\downloads
[06/09/2009 - 15:10:58 | D] - C:\Artmed
[12/06/2010 - 23:56:08 | D] - C:\indy500
[17/06/2010 - 19:26:09 | D] - C:\Boot
[28/11/2010 - 18:21:38 | D] - C:\Super Nintendo
[13/03/2011 - 22:32:11 | D] - C:\ERUNT
[23/04/2011 - 20:25:03 | D] - C:\Jogos Snes
[12/03/2012 - 01:28:25 | D] - C:\Reg_Backup
[08/07/2012 - 15:19:18 | D] - C:\DTS
[16/05/2013 - 12:51:00 | D] - C:\2776a560f89eaeef7b5c7c6e8b2f6547
[04/05/2014 - 18:07:22 | D] - C:\Arquivos
[25/05/2014 - 11:10:14 | D] - C:\ProgramData
[12/08/2014 - 16:50:40 | RD] - C:\Program Files
[13/08/2014 - 14:26:33 | D] - C:\Windows
[15/08/2014 - 12:00:46 | D] - C:\5e520
[15/08/2014 - 13:19:05 | SHD] - C:\System Volume Information
[15/08/2014 - 13:27:39 | D] - C:\UsbFix

################## | H:\ - Disco removível (FAT32) |

[03/11/2013 - 16:14:28 | D] - H:\VCImporter.vciid
[15/02/2012 - 21:11:54 | A | 0 Ko] - H:\CRO Patos.txt
[04/12/2012 - 21:26:22 | A | 0 Ko] - H:\Procurar filmes.txt
[13/10/2013 - 16:46:34 | A | 1 Ko] - H:\Sites de Pesquisas e PTC.txt
[05/01/2014 - 18:49:16 | A | 0 Ko] - H:\albuns para baixar.txt
[12/03/2014 - 15:48:40 | A | 1 Ko] - H:\cabotv e tam.txt
[04/05/2014 - 18:29:42 | A | 0 Ko] - H:\.IFRN 51894-0.txt
[24/06/2014 - 17:46:56 | A | 0 Ko] - H:\.ebserhjp 12929696.txt
[31/07/2014 - 19:48:24 | A | 7 Ko] - H:\BTC.txt
[03/08/2014 - 20:03:46 | A | 2 Ko] - H:\Filmes para baixar.txt
[09/11/2010 - 18:59:20 | A | 2442 Ko] - H:\Isaias paciente 1.ppt
[02/12/2010 - 20:29:52 | A | 2931 Ko] - H:\Isaias paciente 2.ppt
[04/12/2010 - 17:38:20 | A | 2473 Ko] - H:\APRESENTAO CEAO - Marilene.ppt
[04/10/2009 - 16:27:54 | A | 31 Ko] - H:\historico_200507899[1].pdf
[12/02/2012 - 23:51:42 | A | 7 Ko] - H:\CERTIDÃO DE ANTECEDENTES CRIMINAIS.pdf
[15/04/2012 - 23:24:54 | A | 107 Ko] - H:\CEACAA0028THMN.PDF
[21/05/2013 - 11:18:48 | A | 328 Ko] - H:\ISAIAS LOPES DE ARAUJO.pdf
[12/11/2013 - 08:00:06 | A | 70 Ko] - H:\Boleto yelbo2.pdf
[12/10/2008 - 22:58:26 | A | 66 Ko] - H:\isaias.jpg
[17/12/2008 - 00:49:48 | A | 6 Ko] - H:\formatura12.jpg
[21/09/2009 - 16:36:46 | A | 127 Ko] - H:\Digitalizar0002.jpg
[21/09/2009 - 16:37:16 | A | 472 Ko] - H:\Digitalizar0002a.jpg
[21/09/2009 - 16:37:36 | A | 115 Ko] - H:\Digitalizar0003.jpg
[21/09/2009 - 16:37:56 | A | 58 Ko] - H:\Digitalizar0004.jpg
[23/07/2010 - 21:10:44 | A | 31 Ko] - H:\Isaias Lopes.jpg
[14/04/2012 - 20:54:26 | A | 111 Ko] - H:\Digitalizar0001.jpg
[05/08/2009 - 16:45:18 | A | 91 Ko] - H:\Tabela Odontológica.docx
[04/10/2009 - 16:02:24 | A | 13 Ko] - H:\Documentos exercito.docx
[06/10/2009 - 21:55:04 | A | 148 Ko] - H:\Documentos para exercito IMPRESSAO.docx
[08/12/2010 - 10:40:00 | A | 12 Ko] - H:\Atendimento ESB.docx
[24/02/2011 - 12:39:20 | A | 27 Ko] - H:\Premio Brasil Sorridente.docx
[11/01/2012 - 10:37:58 | A | 12 Ko] - H:\Curriculo.docx
[04/05/2012 - 12:38:08 | A | 60 Ko] - H:\Declaração De Não Acumulação De Cargos.docx
[16/04/2013 - 22:37:12 | A | 12 Ko] - H:\Recibo_docx.docx
[02/07/2013 - 22:33:48 | A | 14 Ko] - H:\Instrumento de escritura particular.docx
[02/07/2013 - 22:46:14 | A | 13 Ko] - H:\INSTRUMENTO DE ESCRITURA PARTICULA 2.docx
[04/03/2009 - 23:48:56 | A | 22 Ko] - H:\Bolsa Preventiva - Relatório Parcial.doc
[31/08/2009 - 19:09:18 | A | 68 Ko] - H:\material em conjunto-onde comprar.doc
[15/01/2010 - 18:58:14 | A | 406 Ko] - H:\Odontoimports.doc
[11/01/2012 - 10:40:18 | A | 24 Ko] - H:\Curriculo.doc
[19/01/2012 - 21:13:04 | A | 673 Ko] - H:\EASeEIS_SvMilVoluntario_2Anexo_2011.doc
[17/04/2013 - 17:11:28 | A | 23 Ko] - H:\Recibo_doc.doc
[02/12/2013 - 16:49:16 | A | 80 Ko] - H:\isaiaslite.dat
[27/12/2011 - 23:04:20 | D] - H:\Monografia
[14/01/2012 - 19:12:20 | D] - H:\Músicas
[04/05/2012 - 12:52:00 | D] - H:\Sao Jose
[27/11/2012 - 16:28:26 | D] - H:\Patos
[01/11/2013 - 23:47:26 | D] - H:\MultiBit
[14/11/2013 - 11:46:58 | D] - H:\Palestra
[04/05/2014 - 18:09:08 | D] - H:\Condominio
[15/06/2014 - 12:30:38 | SHD] - H:\RECYCLER
[05/08/2014 - 18:08:50 | D] - H:\Documentos
[15/08/2014 - 08:08:06 | D] - H:\70707

################## | Vaccin |

C:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)
H:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

################## | E.O.F | http://www.sosvirus.net/ | http://www.pt.usbfix.net/ |

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa Tarde! isaiaslopes3


|- Abra a ferramenta UsbFix >> Clique: Opções


UsbFix_Opccedilotildees_zpsa5c8112a.jpg


|- Marque a caixa "Desativar Autorun/AutoPlay".

|- Clique "Aplicar".

|- Insira,agora,seu pendrive infectado e na tela principal da ferramenta,clique Limpar.

|- Poste o relatório!


Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

############################## | UsbFix V 7.178 | [Limpar]

Usuário: ISAIAS (Administrador) # ISAIAS-PC
Atualizado em 08/08/2014 por El Desaparecido - SosVirus
Começou em 15:22:54 | 15/08/2014

Site : http://www.pt.usbfix.net/
Changelog : http://www.usbfix.net/maj/
Asistencia : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contato : http://www.pt.usbfix.net/contato/

################## | System information |

MB: Sony Corporation (VAIO)
CPU: Intel® Pentium® Dual CPU T3200 @ 2.00GHz
RAM -> [Total : 1914 Mo | Free : 842 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft™ Windows Vista Home Basic (6.0.6002 32-Bit) Service Pack 2
WB: Internet Explorer : 9.00.8112.16421
WB: Mozilla Firefox : 31.0

################## | Security Information |

AS: Malwarebytes Anti-Malware : 2.0.2.1012
FW: Windows Firewall [(!) Não ativo]
SC: Security Center [(!) Não ativo]
WU: Windows Update [Ativo]

################## | Disk Information |

C:\ (%SystemDrive%) -> Disco fixo # 140 Gb (14 Gb livre - 10%) [] # NTFS
H:\ -> Disco removível # 4 Gb (46 Mb livre - 1%) [iSAIASLOPES] # FAT32

################## | Autorun |


################## | Procura genérica |


(!) Ficheiros temporários suprimido. (0.368597030639648 MB)

################## | Registro |


################## | Regedit Run |

F2 - HKLM\..\Winlogon : [shell] Explorer.exe
F2 - HKLM\..\Winlogon : [userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKCU\..\Run : [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
04 - HKLM\..\Run : [OiVelox] C:\Program Files\Oi\Programmer\OiVeloxCheck.exe
04 - HKLM\..\Run : [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
04 - HKLM\..\Run : [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
04 - HKU\HiveTempKey\..\Run : [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\HiveTempKey\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..\Run : [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
04 - HKU\S-1-5-21-3892671904-924784273-1446608767-1000\..\Run : [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe

################## | UsbFix - Informação |

Info :


Info : Atalho vírus no disco flash, que é isso?

################## | Hijack |


################## | C:\ %SystemDrive% - Disco fixo (NTFS) |

[07/11/2007 - 08:00:40 | A | 17 Ko] - C:\eula.1040.txt
[07/11/2007 - 08:00:40 | A | 10 Ko] - C:\eula.1033.txt
[07/11/2007 - 08:00:40 | A | 17 Ko] - C:\eula.1028.txt
[07/11/2007 - 08:00:40 | A | 17 Ko] - C:\eula.3082.txt
[07/11/2007 - 08:00:40 | A | 17 Ko] - C:\eula.2052.txt
[07/11/2007 - 08:00:40 | A | 17 Ko] - C:\eula.1042.txt
[07/11/2007 - 08:00:40 | A | 0 Ko] - C:\eula.1041.txt
[07/11/2007 - 08:00:40 | A | 17 Ko] - C:\eula.1036.txt
[07/11/2007 - 08:00:40 | A | 17 Ko] - C:\eula.1031.txt
[14/06/2012 - 14:55:25 | A | 36 Ko] - C:\debug1214.txt
[15/02/2014 - 18:07:37 | A | 1 Ko] - C:\DelFix.txt
[18/09/2006 - 18:43:37 | A | 0 Ko] - C:\config.sys
[06/08/2010 - 23:56:48 | RASH | 0 Ko] - C:\MSDOS.SYS
[06/08/2010 - 23:56:48 | RASH | 0 Ko] - C:\IO.SYS
[15/08/2014 - 11:12:39 | ASH | 2267456 Ko] - C:\pagefile.sys
[15/08/2014 - 11:12:42 | ASH | 1960996 Ko] - C:\hiberfil.sys
[07/11/2007 - 08:12:28 | A | 228 Ko] - C:\VC_RED.MSI
[03/10/2008 - 14:50:11 | A | 0 Ko] - C:\Installer_Setup.log
[03/10/2008 - 15:05:47 | A | 377 Ko] - C:\vcredist_x86.log
[07/11/2007 - 08:00:40 | A | 1 Ko] - C:\install.ini
[07/11/2007 - 08:00:40 | A | 1 Ko] - C:\globdata.ini
[11/02/2014 - 15:41:19 | A | 0 Ko] - C:\AVScanner.ini
[07/11/2007 - 08:03:18 | A | 550 Ko] - C:\install.exe
[07/11/2007 - 08:03:18 | A | 74 Ko] - C:\install.res.2052.dll
[07/11/2007 - 08:03:18 | A | 80 Ko] - C:\install.res.1041.dll
[07/11/2007 - 08:03:18 | A | 93 Ko] - C:\install.res.1040.dll
[07/11/2007 - 08:03:18 | A | 95 Ko] - C:\install.res.1036.dll
[07/11/2007 - 08:03:18 | A | 94 Ko] - C:\install.res.3082.dll
[07/11/2007 - 08:03:18 | A | 75 Ko] - C:\install.res.1028.dll
[07/11/2007 - 08:03:18 | A | 89 Ko] - C:\install.res.1033.dll
[07/11/2007 - 08:03:18 | A | 78 Ko] - C:\install.res.1042.dll
[07/11/2007 - 08:03:18 | A | 94 Ko] - C:\install.res.1031.dll
[15/01/2014 - 21:40:14 | A | 476 Ko] - C:\SecurityScanner.dll
[07/11/2007 - 08:09:22 | A | 1409 Ko] - C:\VC_RED.cab
[07/11/2007 - 08:00:40 | A | 6 Ko] - C:\vcredist.bmp
[15/10/2013 - 19:36:43 | SHD] - C:\$RECYCLE.BIN
[18/09/2006 - 18:43:36 | A | 0 Ko] - C:\autoexec.bat
[03/09/2008 - 16:42:32 | RAS | 8 Ko] - C:\BOOTSECT.BAK
[08/06/2013 - 21:49:57 | D] - C:\DOSBox-0.74
[02/11/2006 - 09:59:44 | SHD] - C:\Documents and Settings
[20/01/2008 - 23:43:50 | D] - C:\PerfLogs
[03/10/2008 - 14:18:23 | RD] - C:\MSOCache
[14/03/2009 - 23:42:06 | D] - C:\Arquivos de programas
[14/03/2009 - 23:45:27 | RD] - C:\Users
[06/04/2009 - 18:57:19 | D] - C:\Click to Disc
[11/04/2009 - 03:36:36 | RASH | 325 Ko] - C:\bootmgr
[03/05/2009 - 13:44:54 | D] - C:\downloads
[06/09/2009 - 15:10:58 | D] - C:\Artmed
[12/06/2010 - 23:56:08 | D] - C:\indy500
[17/06/2010 - 19:26:09 | D] - C:\Boot
[28/11/2010 - 18:21:38 | D] - C:\Super Nintendo
[13/03/2011 - 22:32:11 | D] - C:\ERUNT
[23/04/2011 - 20:25:03 | D] - C:\Jogos Snes
[12/03/2012 - 01:28:25 | D] - C:\Reg_Backup
[08/07/2012 - 15:19:18 | D] - C:\DTS
[16/05/2013 - 12:51:00 | D] - C:\2776a560f89eaeef7b5c7c6e8b2f6547
[04/05/2014 - 18:07:22 | D] - C:\Arquivos
[25/05/2014 - 11:10:14 | D] - C:\ProgramData
[12/08/2014 - 16:50:40 | RD] - C:\Program Files
[13/08/2014 - 14:26:33 | D] - C:\Windows
[15/08/2014 - 12:00:46 | D] - C:\5e520
[15/08/2014 - 13:19:05 | SHD] - C:\System Volume Information
[15/08/2014 - 15:21:38 | D] - C:\UsbFix

################## | H:\ - Disco removível (FAT32) |

[03/11/2013 - 16:14:28 | D] - H:\VCImporter.vciid
[15/02/2012 - 21:11:54 | A | 0 Ko] - H:\CRO Patos.txt
[04/12/2012 - 21:26:22 | A | 0 Ko] - H:\Procurar filmes.txt
[13/10/2013 - 16:46:34 | A | 1 Ko] - H:\Sites de Pesquisas e PTC.txt
[05/01/2014 - 18:49:16 | A | 0 Ko] - H:\albuns para baixar.txt
[12/03/2014 - 15:48:40 | A | 1 Ko] - H:\cabotv e tam.txt
[04/05/2014 - 18:29:42 | A | 0 Ko] - H:\.IFRN 51894-0.txt
[24/06/2014 - 17:46:56 | A | 0 Ko] - H:\.ebserhjp 12929696.txt
[31/07/2014 - 19:48:24 | A | 7 Ko] - H:\BTC.txt
[03/08/2014 - 20:03:46 | A | 2 Ko] - H:\Filmes para baixar.txt
[09/11/2010 - 18:59:20 | A | 2442 Ko] - H:\Isaias paciente 1.ppt
[02/12/2010 - 20:29:52 | A | 2931 Ko] - H:\Isaias paciente 2.ppt
[04/12/2010 - 17:38:20 | A | 2473 Ko] - H:\APRESENTAO CEAO - Marilene.ppt
[04/10/2009 - 16:27:54 | A | 31 Ko] - H:\historico_200507899[1].pdf
[12/02/2012 - 23:51:42 | A | 7 Ko] - H:\CERTIDÃO DE ANTECEDENTES CRIMINAIS.pdf
[15/04/2012 - 23:24:54 | A | 107 Ko] - H:\CEACAA0028THMN.PDF
[21/05/2013 - 11:18:48 | A | 328 Ko] - H:\ISAIAS LOPES DE ARAUJO.pdf
[12/11/2013 - 08:00:06 | A | 70 Ko] - H:\Boleto yelbo2.pdf
[12/10/2008 - 22:58:26 | A | 66 Ko] - H:\isaias.jpg
[17/12/2008 - 00:49:48 | A | 6 Ko] - H:\formatura12.jpg
[21/09/2009 - 16:36:46 | A | 127 Ko] - H:\Digitalizar0002.jpg
[21/09/2009 - 16:37:16 | A | 472 Ko] - H:\Digitalizar0002a.jpg
[21/09/2009 - 16:37:36 | A | 115 Ko] - H:\Digitalizar0003.jpg
[21/09/2009 - 16:37:56 | A | 58 Ko] - H:\Digitalizar0004.jpg
[23/07/2010 - 21:10:44 | A | 31 Ko] - H:\Isaias Lopes.jpg
[14/04/2012 - 20:54:26 | A | 111 Ko] - H:\Digitalizar0001.jpg
[05/08/2009 - 16:45:18 | A | 91 Ko] - H:\Tabela Odontológica.docx
[04/10/2009 - 16:02:24 | A | 13 Ko] - H:\Documentos exercito.docx
[06/10/2009 - 21:55:04 | A | 148 Ko] - H:\Documentos para exercito IMPRESSAO.docx
[08/12/2010 - 10:40:00 | A | 12 Ko] - H:\Atendimento ESB.docx
[24/02/2011 - 12:39:20 | A | 27 Ko] - H:\Premio Brasil Sorridente.docx
[11/01/2012 - 10:37:58 | A | 12 Ko] - H:\Curriculo.docx
[04/05/2012 - 12:38:08 | A | 60 Ko] - H:\Declaração De Não Acumulação De Cargos.docx
[16/04/2013 - 22:37:12 | A | 12 Ko] - H:\Recibo_docx.docx
[02/07/2013 - 22:33:48 | A | 14 Ko] - H:\Instrumento de escritura particular.docx
[02/07/2013 - 22:46:14 | A | 13 Ko] - H:\INSTRUMENTO DE ESCRITURA PARTICULA 2.docx
[04/03/2009 - 23:48:56 | A | 22 Ko] - H:\Bolsa Preventiva - Relatório Parcial.doc
[31/08/2009 - 19:09:18 | A | 68 Ko] - H:\material em conjunto-onde comprar.doc
[15/01/2010 - 18:58:14 | A | 406 Ko] - H:\Odontoimports.doc
[11/01/2012 - 10:40:18 | A | 24 Ko] - H:\Curriculo.doc
[19/01/2012 - 21:13:04 | A | 673 Ko] - H:\EASeEIS_SvMilVoluntario_2Anexo_2011.doc
[17/04/2013 - 17:11:28 | A | 23 Ko] - H:\Recibo_doc.doc
[02/12/2013 - 16:49:16 | A | 80 Ko] - H:\isaiaslite.dat
[27/12/2011 - 23:04:20 | D] - H:\Monografia
[14/01/2012 - 19:12:20 | D] - H:\Músicas
[04/05/2012 - 12:52:00 | D] - H:\Sao Jose
[27/11/2012 - 16:28:26 | D] - H:\Patos
[01/11/2013 - 23:47:26 | D] - H:\MultiBit
[14/11/2013 - 11:46:58 | D] - H:\Palestra
[04/05/2014 - 18:09:08 | D] - H:\Condominio
[15/06/2014 - 12:30:38 | SHD] - H:\RECYCLER
[05/08/2014 - 18:08:50 | D] - H:\Documentos
[15/08/2014 - 08:08:06 | D] - H:\70707

################## | Vaccin |

C:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)
H:\Autorun.inf -> Vacina criada por UsbFix (El Desaparecido)

################## | E.O.F | http://www.sosvirus.net/ | http://www.pt.usbfix.net/ |

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa Tarde! isaiaslopes3


C:\5e520 <<


H:\70707 << Este diretório está na unidade pendrive!


|- Estas pastas foram estabelecidas pelo javascript malicioso.

|- Procure,manualmente,deletá-las!


R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.upe.br:9000


|- Já o Proxy,você pode configurar em seu navegador IE,para sem Proxy.

|- Ou dê Fix,utilizando o HijackThis.

|- Ao efetuar,poste HijackThis atualizado.


Abs!


Compartilhar este post


Link para o post
Compartilhar em outros sites

deletei as pastas.

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:14:08, on 15/08/2014
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16563)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\explorer.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_14_0_0_145.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Last.fm\Last.fm Scrobbler.exe
C:\Windows\system32\wbem\WmiPrvSE.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\ISAIAS\Desktop\Proteção; Limpadores\HiJackThis.exe
C:\Windows\system32\wbem\WmiPrvSE.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.upe.br:9000
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehCef.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - (no file)
O3 - Toolbar: (no name) - {41564952-412D-5637-00A7-7A786E7484D7} - (no file)
O4 - HKLM\..\Run: [OiVelox] C:\Program Files\Oi\Programmer\OiVeloxCheck.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Startup: Last.fm Helper.lnk = C:\Program Files\Last.fm\LastFMHelper.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: http://www.caixa.gov.br
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{803A8E8F-63A9-4E12-AD24-5FC7651E7FD0}: NameServer = 8.8.8.8,8.8.4.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Serviço de atualização Ask (APNMCP) - APN LLC. - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Join Air\AssistantServices.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 11641 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! isaiaslopes3

 

|- O log do HijackThis está limpo!

|- Pelo visto,foi você que configurou o Proxy ali presente,no navegador IE.

|- Para prevenir que o javascript malicioso,tenha tido tempo de infectar o volume,execute DelFix,com estas configurações.

 

-/-

 

|- Baixe: |DelFix| ( ... de Xplode )
|- Estando na página,clique em "Download Now".
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.
DelFix_Executar_zpsd62f8dcc.jpg
|- Com as caixinhas marcadas,clique Executar!
|- Caso queira,poste o log
|- Tudo Ok?
Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

# DelFix v10.8 - Relatório criado 15/08/2014 às 16:42:16
# Atualizado 29/07/2014 por Xplode
# Usuário : ISAIAS - ISAIAS-PC
# Sistema Operacional : Windows Vista Home Basic Service Pack 2 (32 bits)

~ Ativando UAC ... OK

~ Removendo ferramentas de desinfecção ...

Removido : C:\USBFix
Removido : C:\Users\ISAIAS\Desktop\UsbFix.lnk
Removido : C:\Users\ISAIAS\Desktop\UsbFix_Report.txt
Removido : HKCU\Software\USBFix
Removido : HKLM\SOFTWARE\TrendMicro\Hijackthis
Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\USBFix

~ Criando backup do registro ... OK

~ Limpando pontos da restauração do sistema ...

Removido : RP #1829 [Ponto de Verificação Agendado | 08/08/2014 16:34:03]
Removido : RP #1830 [Ponto de Verificação Agendado | 08/09/2014 15:25:17]
Removido : RP #1831 [Ponto de Verificação Agendado | 08/10/2014 18:43:59]
Removido : RP #1832 [Ponto de Verificação Agendado | 08/12/2014 21:36:04]
Removido : RP #1833 [Windows Update | 08/12/2014 21:45:13]
Removido : RP #1834 [Windows Update | 08/13/2014 02:34:41]
Removido : RP #1835 [Ponto de Verificação Agendado | 08/13/2014 18:44:05]
Removido : RP #1836 [Ponto de Verificação Agendado | 08/15/2014 16:07:05]

Novo ponto de restauração criado !

~ Redefinindo configurações do sistema ... OK

########## - EOF - ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! isaiaslopes3

 

|- Tudo Ok? Ou desejas análises mais profundas,na busca por adwares.

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

se pudesse analisar profundamente, agradeceria.

Ok! isaiaslopes3

 

|- Baixe: < ZHPDiag2.exe > < NicolasCoolman.jpg > ( ... de Nicolas Coolman )

|- Salve-o no disco local! ( C ou D )

|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.

 

ZHPDiag_Pergaminho2_zps6e758639.jpg

 

|- Execute o ícone do pergaminho. ( ZHPDiag )

 

ZHPDiagCompleta_zpse85ea35b.jpg

 

|- Clique "COMPLETA" e aguarde a conclusão!

|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )

|- Ps: Como o log será extenso,envie-o à Pjjoint.malekal.

 

|- Ou acesse: < Cjoint_Logo.jpg >

 

|- Maiores informações: < |Link| >

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! isaiaslopes3

|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c
|- À seguir,minimize o Bloco de Notas.

script zhpfix
firewallraz
[MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-3892671904-924784273-1446608767-1000Core] (...) -- C:\Users\ISAIAS\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [FacebookUpdateTaskUserS-1-5-21-3892671904-924784273-1446608767-1000UA] (...) -- C:\Users\ISAIAS\AppData\Local\Facebook\Update\FacebookUpdate.exe (.not file.) [0]
[MD5.B342CD9AA44E4AE99E2368EBDBC2E17A] - (.APN LLC. - APN Updater.) -- C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe [166352] [PID.588] =>Toolbar.Ask
[MD5.B953F2BEFC98A9239AA3DE1624E48037] [WIS][18/08/2013] (.Ask Partner Network - Avira SearchFree Toolbar plus Web Protection.) -- C:\Windows\Installer\5a5d42.msi [755200] =>Toolbar.Avira
[MD5.8A843BF2D68ADED1B6F4B87541112D2F] [APT] [updaterEX] (...) -- C:\Users\ISAIAS\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.exe [110080] =>PUP.Dealply
[MD5.6E0BB5B9C845CDC764B2998FE612F73E] [sPRF][20/05/2014] (.No owner - Setup/Uninstall.) -- C:\Users\ISAIAS\AppData\Roaming\unins000.exe [815314]
O2 - BHO: (no name) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} Chave orfã
O3 - Toolbar: (no name) - [HKLM]{41564952-412D-5637-00A7-7A786E7484D7} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{41564952-412D-5637-00A7-7A786E7484D7} Chave orfã
O23 - Service: Serviço de atualização Ask (APNMCP) . (.APN LLC. - APN Updater.) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
O39 - APT: FacebookUpdateTaskUserS-1-5-21-3892671904-924784273-1446608767-1000Core - (...) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3892671904-924784273-1446608767-1000Core.job [910]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-3892671904-924784273-1446608767-1000Core - (...) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3892671904-924784273-1446608767-1000Core [910]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-3892671904-924784273-1446608767-1000UA - (...) -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3892671904-924784273-1446608767-1000UA.job [932]
O39 - APT: FacebookUpdateTaskUserS-1-5-21-3892671904-924784273-1446608767-1000UA - (...) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3892671904-924784273-1446608767-1000UA [932]
O42 - Logiciel: Avira SearchFree Toolbar plus Web Protection v12.2.2.663 - (.Ask Partner Network.) [HKLM] -- {41564952-412D-5637-00A7-A758B70C0202} =>Toolbar.Avira

O42 - Logiciel: Extended Update - (...) [HKCU] -- UpdaterEX =>PUP.Dealply
O43 - CFD: 03/11/2013 - 18:14:53 - [] ----D C:\Users\ISAIAS\AppData\Roaming\UpdaterEX =>PUP.Dealply
O43 - CFD: 25/05/2014 - 10:39:41 - [] ----D C:\Program Files\AskPartnerNetwork
O43 - CFD: 25/05/2014 - 10:38:44 - [] ----D C:\ProgramData\APN
O43 - CFD: 14/04/2009 - 09:21:11 - [] ----D C:\ProgramData\Yahoo! Companion
O43 - CFD: 01/03/2014 - 12:15:50 - [] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 19/08/2013 - 15:25:10 - [] ----D C:\ProgramData\Spybot - Search & Destroy
O53 - SMSR:HKLM\...\startupreg\ApnTBMon [Key] . (.APN - Ask Toolbar Notifier.) -- C:\Program Files\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe =>Toolbar.Ask
O90 - PUC: "25946514D2147365007A7A857BC02020" . (.Avira SearchFree Toolbar plus Web Protection.) -- C:\Windows\Installer\{41564952-412D-5637-00A7-A758B70C0202}\ToolbarIcon.exe =>Toolbar.Avira
SR - | Auto 18/03/2014 166352 | (APNMCP) . (.APN LLC..) - C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask
[HKCR\CLSID\{4CFDB3C6-B58E-416C-BF8C-972CDD560CF8}] (OmgMp4Parser Class) =>PUP.Sogou
[HKCR\CLSID\{8512875A-816B-4F4C-AD72-FA1C52B76ABD}] (OpcMp4Player Class) =>PUP.Sogou
[HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX] =>PUP.Dealply^
[HKCR\CLSID\{4CFDB3C6-B58E-416C-BF8C-972CDD560CF8}] (OmgMp4Parser Class) =>PUP.Sogou^
[HKCR\CLSID\{8512875A-816B-4F4C-AD72-FA1C52B76ABD}] (OpcMp4Player Class) =>PUP.Sogou^
[HKLM\SYSTEM\CurrentControlSet\Services\APNMCP] =>Toolbar.Ask^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{41564952-412D-5637-00A7-A758B70C0202}] =>Toolbar.Avira^
[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\ApnTBMon] =>Toolbar.Ask^
[HKCU\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\85DE4D617B8CBA543B9328AE82F5D4D2] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\SlimShell.DLL] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{42227AF7-D349-45F7-9D8B-D369F7F6EDDE}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\AppID\{91733631-2B6B-4C9B-AA78-9C897B3BBC94}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{21CB4440-7150-4490-A24D-45B8BFD1E55D}] =>Toolbar.AVGSearch
[HKLM\Software\Classes\CLSID\{4354B1F2-0EAA-43E2-88C0-156C2F999C76}] =>Toolbar.AVGSearch
[HKCU\Software\PCTools]
[HKLM\Software\PCTools]
C:\Users\ISAIAS\AppData\Roaming\UpdaterEX =>PUP.Dealply^
C:\Users\ISAIAS\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.exe =>PUP.Dealply^
C:\Program Files\AskPartnerNetwork =>Toolbar.Ask
C:\Program Files\AskPartnerNetwork\Toolbar\apnmcp.exe =>Toolbar.Ask^
C:\Windows\Installer\5a5d42.msi =>Toolbar.Avira^
emptytemp
emptyclsid
sysrestore


|- Abra a ferramenta ZHPFix. < ZHPFix_logo2_zpsea0f2aa4.jpg >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by ISAIAS at 16/08/2014 15:17:36
High Elevated Privileges : OK
Windows Vista Home Basic Edition, 32-bit Service Pack 2 (Build 6002)

Reciclagem vazia (00mn 13s)

========== Softwares ==========
ELIMINÉ: Avira SearchFree Toolbar plus Web Protection v12.2.2.663
AUSENTE Uninstall Process: c:\users\isaias\appdata\roaming\updaterex\updateproc\updatetask.exe

========== Chaves do Registo ==========
ELIMINÉ: CLSID BHO: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
ELIMINÉ: StartupReg: ApnTBMon
ELIMINÉ: HKCR\CLSID\{4CFDB3C6-B58E-416C-BF8C-972CDD560CF8}
ELIMINÉ: HKCR\CLSID\{8512875A-816B-4F4C-AD72-FA1C52B76ABD}
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\85DE4D617B8CBA543B9328AE82F5D4D2
ELIMINÉ: HKLM\Software\Classes\CLSID\{5421BDAF-6C45-4C3A-8B4B-AE5AF31A65AF}
ELIMINÉ: HKLM\Software\Classes\AppID\SlimShell.DLL
ELIMINÉ: HKLM\Software\Classes\AppID\{42227AF7-D349-45F7-9D8B-D369F7F6EDDE}
ELIMINÉ: HKLM\Software\Classes\AppID\{91733631-2B6B-4C9B-AA78-9C897B3BBC94}
ELIMINÉ: HKLM\Software\Classes\CLSID\{21CB4440-7150-4490-A24D-45B8BFD1E55D}
ELIMINÉ: HKLM\Software\Classes\CLSID\{4354B1F2-0EAA-43E2-88C0-156C2F999C76}
ELIMINÉ: HKCU\Software\PCTools
ELIMINÉ: HKLM\Software\PCTools

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Public) : TCP Query User{F4623B4D-12E5-4A50-AD79-FE71C2F2D7EB}G:\easysetupassistant\wr741n\easysetupassistant.exe
ELIMINÉ: FirewallRaz (Public) : UDP Query User{5C10E857-4471-47E6-AF90-B97D107EDB98}G:\easysetupassistant\wr741n\easysetupassistant.exe
ELIMINÉ: Toolbar: {41564952-412D-5637-00A7-7A786E7484D7}

========== Pastas ==========
ELIMINÉ: C:\Users\ISAIAS\AppData\Local\{C6BC529F-6B14-47AF-B976-50C5E11180F0}

========== Ficheiros ==========
ELIMINÉ Temporários windows (22) (2.394.239 octets)

========== Tarefa planificada ==========
ELIMINÉ: FacebookUpdateTaskUserS-1-5-21-3892671904-924784273-1446608767-1000Core
ELIMINÉ: FacebookUpdateTaskUserS-1-5-21-3892671904-924784273-1446608767-1000UA
ELIMINÉ: UpdaterEX

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
13 : Chaves do Registo
5 : Valores do Registo
1 : Pastas
1 : Ficheiros
2 : Softwares
3 : Tarefa planificada
1 : Restauração Sistema


End of clean in 03mn 59s

========== Caminho do ficheiro do relatório ==========
C:\Users\ISAIAS\AppData\Roaming\ZHP\ZHPFix[R1].txt - 16/08/2014 15:17:49 [2593]

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! isaiaslopes3

 

|- Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )

|- Ao acessar,clique na imagem: < download-button-jdownloads.png >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução da seguinte forma: Executar_Administrador.jpg

advz4z8Y.jpg

|- Ps: Dê início ao scan,clicando em "Examinar".
|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
|- Copie o log ou clique "Relatório".
|- Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

não achei essa imagem pelo link postado

consegui baixar a versão v3306 que encontrei em outro site.

Olá! isaiaslopes3

 

< https://toolslib.net/downloads/viewdownload/1-adwcleaner/ >

 

|- Vá a este link e clique Download Now.

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

# AdwCleaner v3.306 - Relatório criado 16/08/2014 às 15:59:27
# Atualizado 15/08/2014 por Xplode
# Sistema Operacional : Windows Vista Home Basic Service Pack 2 (32 bits)
# Usuário : ISAIAS - ISAIAS-PC
# Executando de : C:\Users\ISAIAS\Desktop\adwcleaner_3.306.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Video Converter
Pasta Deletada : C:\Program Files\Free Video Converter
Pasta Deletada : C:\Users\ISAIAS\AppData\Roaming\GrabPro

***** [ Tarefas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{0EEDB912-C5FA-486F-8334-57288578C627}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Chave Deletedo : HKCU\Software\MGShareware
Chave Deletedo : HKCU\Software\Orbit
Chave Deletedo : HKCU\Software\UpdaterEX
Chave Deletedo : HKLM\SOFTWARE\MGShareware
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\UpdaterEX
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Navegadores ] *****

-\\ Internet Explorer v9.0.8112.16563


-\\ Mozilla Firefox v31.0 (x86 pt-BR)

[ Arquivo : C:\Users\ISAIAS\AppData\Roaming\Mozilla\Firefox\Profiles\lrdbzwws.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1924 octets] - [16/08/2014 15:54:36]
AdwCleaner[s0].txt - [1816 octets] - [16/08/2014 15:59:27]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1876 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! isaiaslopes3

 

|- Você está tendo acesso ao seu Painel de controle?

 

 

AdwCleaner_Desinstalar_zps581fa30b.jpg

|- Abra a ferramenta AdwCleaner e clique em "Desinstalar".
|- Confirme a solicitação!

Abs!

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.