Manain 0 Denunciar post Postado Setembro 27, 2014 Segue Log para analise, possível infecção: Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 17:55:21, on 27/09/2014 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v11.0 (11.00.9600.17280) Boot mode: Normal Running processes: C:\Windows\System32\smss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe C:\PROGRA~1\GbPlugin\GbpSv.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\taskhost.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\mfevtps.exe C:\Windows\system32\svchost.exe C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe C:\Windows\System32\aetcrss1.exe C:\Program Files\Real\RealPlayer\Update\realsched.exe C:\Windows\system32\WUDFHost.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Windows\system32\spool\DRIVERS\W32X86\3\HP1006MC.EXE C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\system32\taskhost.exe C:\Users\Casa das Impressoras\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Casa das Impressoras\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\hijackThis\HiJackThis.exe C:\Windows\system32\wbem\wmiprvse.exe R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - Default URLSearchHook is missing O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office12\GR469A~1.DLL O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll O2 - BHO: Auxiliar de Conexão do Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" O4 - HKLM\..\Run: [startCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun O4 - HKLM\..\Run: [CertificateRegistration] aetcrss1.exe O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Real\RealPlayer\update\realsched.exe" -osboot O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe" O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [Google Update] "C:\Users\Casa das Impressoras\AppData\Local\Google\Update\GoogleUpdate.exe" /c O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL') O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE') O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics O15 - Trusted Zone: http://www.caixa.gov.br O16 - DPF: {9EC30204-384D-11D3-9CA3-00A024F0AF03} (ValidaUsuario Class) - https://cpne.bradesco.com.br/certifexp.cab O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~3\Office12\GRA32A~1.DLL O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~1\mcafee\msc\mcsniepl.dll O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll O21 - SSODL: CompIBBrd - {A3717295-941D-416F-9384-ED1736729F1C} - C:\Program Files\Scpad\scpLIB.dll O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\Platform\McSvcHost\McSvHost.exe O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Windows\system32\mfevtps.exe -- End of file - 7738 bytes Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 28, 2014 Bom Dia! Manain > Baixe: < ZHPDiag2.exe > < > ( ... de Nicolas Coolman ) > Salve-o no disco local! ( C ou D )> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta. > Execute o ícone do pergaminho. ( ZHPDiag ) > Clique "COMPLETA" e aguarde a conclusão!> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )> Ps: Como o log será extenso,envie-o à Pjjoint.malekal. > Ou acesse: < > > Maiores informações: < |Link| > A+ Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Setembro 28, 2014 log ZHPdiag postado via joint.com Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 29, 2014 log ZHPdiag postado via joint.com Boa Tarde! Manain > O link ao relatório não foi colado aqui. A+ Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Setembro 30, 2014 Bom dia Digam Foi vacilo meu, desculpe. Segue link http://cjoint.com/14sp/DIEl2POlTKt.htm Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Setembro 30, 2014 Boa Tarde! Manain > Execute este script na ferramenta ZHPFix. > Selecione e copie estas informações que estão no Code,para o Bloco de Notas. > Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar ) > À seguir,minimize o Bloco de Notas. Script ZHPFix EmptyTemp EmptyFlash FirewallRaz O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.) O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.) O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbase.sys (.not file.) O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef.sys (.not file.) O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.) O43 - CFD: 14/08/2014 - 19:43:15 - [] ----D C:\ProgramData\boost_interprocess O51 - MPSK:{6ff9c475-68b9-11e3-b475-001b24160c36}\AutoRun\command. (...) -- E:\MotorolaDeviceManagerSetup.exe (.not file.) [HKLM\Software\Classes\ctTOOLBAR.ctToolBarCtrl.2] [HKLM\Software\baidu] [HKCU\Software\Baidu Security] [HKCU\Software\Baidu] C:\Windows\system32\drivers\Bfilter.sys C:\Windows\system32\drivers\Bfmon.sys C:\Windows\System32\drivers\bnbase.sys C:\Windows\system32\drivers\bndef.sys C:\Windows\system32\drivers\Bprotect.sys ServiceStop:Bfilter ServiceStop:Bfmon ServiceStop:Bnbase ServiceStop:Bndef ServiceStop:Bprotect > Abra a ferramenta ZHPFix. < > > Clique IMPORTAÇÃO >> OK. > Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script. > Clique "GO". > Poste o relatório! A+ Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Setembro 30, 2014 Boa Noite DigRam Segue relatório ZHPFix Rapport de ZHPFix 2014.9.16.7 par Nicolas Coolman, Update du 16/09/2014 Fichier d'export Registre : Run by Casa das Impressoras at 30/09/2014 20:18:34 High Elevated Privileges : OK Windows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601) Reciclagem vazia (00mn 09s) ========== Estado dos serviços ========== Bfilter Parado Bfmon Parado Bnbase Parado Bndef Parado Bprotect Parado ========== Chaves do Registo ========== ELIMINÉ Driver Key: Bfilter ELIMINÉ Driver Key: Bfmon ELIMINÉ Driver Key: Bnbase ELIMINÉ Driver Key: Bndef ELIMINÉ Driver Key: Bprotect ELIMINÉ CLSID MPSK: {6ff9c475-68b9-11e3-b475-001b24160c36} ELIMINÉ: HKLM\Software\Classes\ctTOOLBAR.ctToolBarCtrl.2 ELIMINÉ: HKLM\Software\baidu ELIMINÉ: HKCU\Software\Baidu Security ELIMINÉ: HKCU\Software\Baidu ========== Valores do Registo ========== Ausente Valor Perfil Padrão: FirewallRaz : Ausente Valor Perfil Domínio FirewallRaz : ELIMINÉ: FirewallRaz (None) : {CC630466-873E-4502-B952-D37FAE8F6D3D} ========== Pastas ========== ELIMINÉ Temporários windows (20) ELIMINÉ Flash Cookies (0) ELIMINÉ: C:\ProgramData\boost_interprocess ========== Ficheiros ========== ELIMINÉ Temporários windows (106) (12.430.734 octets) ELIMINÉ Flash Cookies (0) (0 octets) ========== Recapitulativo ========== 10 : Chaves do Registo 3 : Valores do Registo 3 : Pastas 2 : Ficheiros 5 : Estado dos serviços End of clean in 00mn 36s ========== Caminho do ficheiro do relatório ========== C:\Users\Casa das Impressoras\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/09/2014 20:18:44 [1502] Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 1, 2014 Boa Noite! Manain> Baixe: < Adware Removal Tool > ( ... by techsupportall.com )> Salve-a no desktop!> Execute o arquivo Adware-Removal-Tool-v3.5.exe <<> Dê início a verificação,clicando em Scan.> Ao concluir seu prescan,clique OK.> Ps: Cada guia irá mostrar o que será removido!> Clique "Next" >> Aguarde!< Computador >> Windows (C:) >> Program Files >> Adware-Removal-Tool >> Reports >> Repair_Logs_2014_09_dia_h_min_seg.txt <<> Poste o relatório!Abs! Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Outubro 1, 2014 DigRam Bom Dia Segue abaixo o relatório do Adware Removal Tool v3.9 * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * Adware Removal Tool v3.9 Time: 2014_10_01_05_14_32 OS: Windows 7 - 32 Bit Account Name: Casa das Impressoras U0L0S11 \\\\\\\\\\\\\\\\\\\\\\\ Repair Logs \\\\\\\\\\\\\\\\\\\\\\ Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:dllname Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}:masterclsid Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}:dllname Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{472734EA-242A-422B-ADF8-83D1E48CC825}:dllname Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}:dllname Deleted - RegistryValueData - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}:dllname Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2A0F3D1B-0909-4FF4-B272-609CCE6054E7} Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{2EECD738-5844-4A99-B4B6-146BF802613B} Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{472734EA-242A-422B-ADF8-83D1E48CC825} Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E} Deleted - RegistryKey - HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility:{98889811-442D-49DD-99D7-DC866BE87DBC} \\ Finished Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 1, 2014 Bom Dia! Manain Seus logs estão limpos! Caso queira,otimize a memória e registro,com o JetClean. Baixe: < JetClean 1.5.0 > ( ... by BlueSprig.com ) < Maiores informações! > << Leia aqui! Salve-o em local conveniente. ( jetclean-setup.exe ) Instale o software,tendo cuidado de desmarcar a instalação de programas afiliados. Estando na Guia "1-Click",preferencialmente,vá em "Scan Now". Escolha: Scan & Repair Caso queira ver o relatório. ( Configurações >> Relatório ) Clique "Ver log". Tudo ok? Compartilhar este post Link para o post Compartilhar em outros sites
Manain 0 Denunciar post Postado Outubro 2, 2014 Boa noite. DigRam Muito obrigado, os navegadores não estão mais travando ou deixando de responder. Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Outubro 2, 2014 PROBLEMA RESOLVIDO Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico. Compartilhar este post Link para o post Compartilhar em outros sites