Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

FreedomFSA

[Resolvido] Análise de Log HijackThis

Recommended Posts

Olá!

 

Gostaria que o LOG gerado pelo Hijackthis fosse analisado.

 

Ultimamente tenho tido alguns problemas com a máquina, como lentidão exagerada e alguns programas que travam inesperadamente.

 

Porém, hoje me deparei que nem um serviço do Google abre em meu computador... O que é estranho. O.o

 

 

Enfim, segue o log:

 

Logfile of Trend Micro HijackThis v2.0.4

 

Scan saved at 00:30:27, on 16/11/2014

 

Platform: Unknown Windows (WinNT 6.02.1008)

 

MSIE: Internet Explorer v11.0 (11.00.9600.16518)

 

Boot mode: Normal

 

 

 

Running processes:

 

C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe

 

C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

 

C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe

 

C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe

 

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

 

C:\Program Files (x86)\Google\Drive\googledrivesync.exe

 

C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySQLNotifier.exe

 

C:\Program Files (x86)\Skype\Phone\Skype.exe

 

C:\Users\Avell B155\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe

 

C:\Program Files (x86)\Hotkey\Hotkey.exe

 

C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe

 

C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

 

C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

 

C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe

 

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

 

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

 

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

 

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

 

C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe

 

C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe

 

C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

 

C:\Windows\SysWOW64\DllHost.exe

 

 

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.avell.com.br/

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

 

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

 

F2 - REG:system.ini: UserInit=userinit.exe,

 

O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

 

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

 

O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office15\URLREDIR.DLL

 

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

 

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

 

O4 - HKLM\..\Run: [sound Blaster Cinema] "C:\Program Files (x86)\Creative\Sound Blaster Cinema\Sound Blaster Cinema\SBCinema.exe" /r

 

O4 - HKLM\..\Run: [updReg] C:\Windows\UpdReg.EXE

 

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

 

O4 - HKLM\..\Run: [WD Drive Unlocker] C:\Program Files (x86)\Western Digital\WD Security\WDDriveAutoUnlock.exe

 

O4 - HKLM\..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe

 

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

 

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"

 

O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart

 

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun

 

O4 - HKCU\..\Run: [MySQL Notifier] C:\Program Files (x86)\MySQL\MySQL Notifier 1.1.5\MySQLNotifier.exe

 

O4 - HKCU\..\Run: [icq] C:\Users\Avell B155\AppData\Roaming\ICQM\icq.exe -c*

 

O4 - HKCU\..\Run: [Google Update] "C:\Users\Avell B155\AppData\Local\Google\Update\GoogleUpdate.exe" /c

 

O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

 

O4 - HKCU\..\Run: [spotify Web Helper] "C:\Users\Avell B155\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

 

O4 - Global Startup: Hotkey.lnk = C:\Program Files (x86)\Hotkey\Hotkey.exe

 

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office15\EXCEL.EXE/3000

 

O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll

 

O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll

 

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

 

O15 - Trusted Zone: www.bancobrasil.com.br

 

O15 - Trusted Zone: www14.bancobrasil.com.br

 

O15 - Trusted Zone: www2.bancobrasil.com.br

 

O15 - Trusted Zone: www.bb.com.br

 

O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL

 

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

 

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

 

O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL

 

O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll

 

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

 

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

 

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

 

O23 - Service: AtherosSvc - Unknown owner - C:\Windows\system32\AdminService.exe (file missing)

 

O23 - Service: AvrcpService - Realtek Semiconductor Corporation - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\AvrcpService.exe

 

O23 - Service: BTDevManager - Unknown owner - C:\Program Files (x86)\REALTEK\Realtek Bluetooth\BTDevMgr.exe

 

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

 

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

 

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

 

O23 - Service: FortiClient SSLVPN (FortiSslvpnDaemon) - Fortinet Inc. - C:\Windows\SysWOW64\FortiSSLVPNdaemon.exe

 

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

 

O23 - Service: NVIDIA GeForce Experience Service (GfExperienceService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe

 

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

O23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe

 

O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)

 

O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe

 

O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe

 

O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe

 

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

 

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

 

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

 

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

 

O23 - Service: MySQL56 - Unknown owner - C:\Program.exe (file missing)

 

O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe

 

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

 

O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe

 

O23 - Service: NVIDIA Network Service (NvNetworkService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe

 

O23 - Service: NVIDIA Streamer Service (NvStreamSvc) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe

 

O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)

 

O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files (x86)\Even Balance, Inc\PunkBuster\PB\PnkBstrA.exe

 

O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe

 

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

 

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

 

O23 - Service: Service KMSELDI - Unknown owner - C:\Program Files\KMSpico\Service_KMS.exe

 

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

 

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

 

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

 

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

 

O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe

 

O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

 

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

 

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

 

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

 

O23 - Service: @oem1.inf,%ViaKaraokeSrv.SvcDesc%;VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)

 

O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe

 

O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe

 

O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe

 

O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

 

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

 

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

 

O23 - Service: WD Backup (WDBackup) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe

 

O23 - Service: WD Drive Manager (WDDriveService) - Western Digital Technologies, Inc. - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe

 

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)

 

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

 

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

 

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

 

 

 

--

 

End of file - 13342 bytes

 

 

Outro ponto que queria ressaltar, é que, ao executar o Hijackthis, foi retornado o seguinte erro/alerta na tela:

 

 

\hijack.png

 

 

Obrigado pela atenção.

.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! FreedomFSA

 

> Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )

>

> Ou daqui: < AdwCleaner >

> Ao acessar,clique em "Download Now".

>

> Salve-o no desktop!

 

< Executar_Administrador.jpg >

 

> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

 

AdwCleaner_Examinar_zps828ed634.jpg

 

> Ps: Dê início ao scan,clicando em "Examinar".

 

< AdwCleaner_Limpar_zps06005ae9.jpg >

 

> Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.

> Copie o log ou clique "Relatório".

> Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

DigRam,

 

Segue o LOG gerado pelo AdwCleaner...

 

 

*********************** INÍCIO DO LOG ***************************

 

# AdwCleaner v4.101 - Relatório criado 16/11/2014 às 12:52:58
# Atualizado 09/11/2014 por Xplode
# Database : 2014-11-16.1 [Live]
# Sistema Operacional : Windows 8.1 Pro (64 bits)
# Usuário : Avell B155 - B155
# Executando de : C:\Users\Avell B155\Desktop\adwcleaner_4.101.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\Program Files (x86)\AskPartnerNetwork

***** [ Tarefas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v33.1.1 (x86 pt-BR)


-\\ Google Chrome v38.0.2125.122

[C:\Users\Avell B155\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [search Provider] : hxxp://br.ask.com/web?q={searchTerms}
[C:\Users\Avell B155\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deletedo [search Provider] : hxxp://www.softonic.com.br/s/{searchTerms}

*************************

AdwCleaner[R0].txt - [1193 octets] - [16/11/2014 12:52:00]
AdwCleaner[s0].txt - [1103 octets] - [16/11/2014 12:52:58]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1163 octets] ##########

 

*********************************** FIM DO LOG ************************

 

VLwz!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! FreedomFSA

 

> Baixe: < Zoek-exe.png > ( ... by Smeenk )
> Salve-o ao desktop!
> Desabilite seu antivírus!
> Para Windows 7,execute zoek.exe como administrador.
chromelook;
autoclean;
emptytemp;
> Copie e cole estas informações,que estão em vermelho,no campo da ferramenta.
> Clique "Run Script".

Zoek.exe is running now.

Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
> Surgirão informações,pedindo-lhe que aguarde o surgimento do relatório.
> Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.
Zoek_Reboot_zpscf60b3cf.jpg
> Confirme o reboot!

zoek.hta failed by unknown error.

 

Restart computer, and try again.
> Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
> Poste o relatório,que estará em C:\zoek-results.txt <<
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

DigRam!

 

Segue o log gerado pelo Zoek.

 

Zoek.exe v5.0.0.0 Updated 16-November-2014
Tool run by Avell B155 on 17/11/2014 at 16:29:02,03.
Microsoft Windows 8.1 Pro 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Avell B155\Desktop\zoek\zoek.com [scan all users] [script inserted]

==== Older Logs ======================

C:\zoek-results2014-11-17-175311.log 405 bytes

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1242072069-3624147157-1849234089-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F4E39681-15F8-4fda-B8A3-B5C98378F2F3} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\boost_interprocess deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\Users\AVELLB~1\AppData\Roaming\Mozilla\Firefox\Profiles\x9yz7alz.default\extensions\firefox@mega.co.nz.xpi deleted
C:\Users\Avell B155\AppData\Roaming\unins000.exe deleted

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Avell B155\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [21/08/2014 18:01]

==== Firefox Extensions ======================

ProfilePath: C:\Users\AVELLB~1\AppData\Roaming\Mozilla\Firefox\Profiles\x9yz7alz.default
- Undetermined - cryptocat@crypto.cat
- Undetermined - {87F8774F-B485-47E2-A755-A40A8A5E886C}
- Cryptocat - %ProfilePath%\extensions\cryptocat@crypto.cat.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Avell B155\AppData\Roaming\Mozilla\Firefox\Profiles\x9yz7alz.default
D2377C9458EFEB094E38B8C874AA214C - C:\Users\Avell B155\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll - Google Update
76EFD64CD206B93E2EB5320A23C19AD7 - C:\Users\Avell B155\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll - Google Talk Plugin
2AB6A7F373290AE20A19CF5F306E8C97 - C:\Users\Avell B155\AppData\Roaming\Mozilla\plugins\npo1d.dll - Google Talk Plugin Video Renderer
BFD1CDA328C83054154DD05EA233F79B - C:\Users\Avell B155\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
77B8694352764F6079A2332FAD7FD426 - C:\Users\Avell B155\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
DE85813201ACE03E7909F618B56B4600 - C:\Users\Avell B155\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin
A58DE0A570148AF5FF3512B2A340D09F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_214.dll - Shockwave Flash
FF7BE908352D36D50E308F49162FEA32 - C:\Users\Avell B155\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil


==== Chromium Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
lmjegmlicamnimmfhcmpkclmigmmcbeh - No path found[]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Avell B155\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[22/05/2014 16:02]

Google Docs - Avell B155\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Avell B155\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Avell B155\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Despertador Online - Avell B155\AppData\Local\Google\Chrome\User Data\Default\Extensions\caokbcfjjpfjghiibofdoakkclhlkhkh
Desprotetor.com - Desprotetor de links - Avell B155\AppData\Local\Google\Chrome\User Data\Default\Extensions\cocohmmjllchepkjocddkihldoiillkl
Google Search - Avell B155\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Cryptocat - Avell B155\AppData\Local\Google\Chrome\User Data\Default\Extensions\gonbigodpnfghidmnphnadhepmbabhij
Yulia Brodskaya - Avell B155\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlgdloilieclkegafohackmhffbmdpko
Google Drive App Launcher - Avell B155\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh
GBBD Banco do Brasil - Avell B155\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp
Google Wallet - Avell B155\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Banco do Brasil - Avell B155\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - Avell B155\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Chromium Fix ======================

C:\Users\Avell B155\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.avell.com.br/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.avell.com.br/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR"

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Avell B155\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Avell B155\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Avell B155\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Avell B155\AppData\Local\Microsoft\Windows\INetCache\IE\524IPMHF will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Avell B155\AppData\Local\Mozilla\Firefox\Profiles\x9yz7alz.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Avell B155\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=21 folders=18 45287483 bytes)

==== Empty Temp Folders ======================

C:\Users\Avell B155\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\AVELLB~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Avell B155\AppData\Local\Microsoft\Windows\INetCache\IE\524IPMHF" not found

==== EOF on 17/11/2014 at 16:45:24,89 ======================

Mais ou, vc notou alguma coisa estranha nos logs? Spyware, malware, qlq coisa ?

 

Vlwz!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! FreedomFSA

 


 

 

Mais ou, você notou alguma coisa estranha nos logs? Spyware, malware, qlq coisa ?

> Nenhum malware em potencial e que possa comprometer a máquina.

 

> Vamos remover as ferramentas que foram utilizadas na desinfecção!
> Baixe: < delfix_108_zps75ef8ba4.jpg > ( ... de Xplode )
DelFix_Download_zpsb5d944c7.jpg
> Estando na página,clique em Download Now.
> Salve-a em um local conveniente! ( desktop! )
> Feche aplicativos que estejam abertos.
DelFix_RCL_zpscdf4940b.jpg
> Remover ferramentas de desinfecção
> Criar backup do registro
> Limpar pontos da restauração do sistema
> Com estas caixinhas marcadas,clique Executar!
> Reinicie o computador ao concluir!
> Tudo Ok?
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

DigRam!

 

Segue o log

 

aurac# DelFix v10.8 - Relatório criado 18/11/2014 às 15:24:46
# Atualizado 29/07/2014 por Xplode
# Usuário : Avell B155 - B155
# Sistema Operacional : Windows 8.1 Pro (64 bits)

~ Removendo ferramentas de desinfecção ...

Removido : C:\zoek_backup
Removido : C:\AdwCleaner
Removido : C:\Users\Avell B155\AppData\Roaming\ZHP
Removido : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Removido : C:\Program Files (x86)\ZHPDiag
Removido : C:\Program Files (x86)\Trend Micro\Hijackthis
Removido : C:\zoek-results.log
Removido : C:\zoek-results2014-11-17-175311.log
Removido : HKLM\SOFTWARE\AdwCleaner
Removido : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Criando backup do registro ... OK

~ Limpando pontos da restauração do sistema ...

Removido : RP #48 [Ponto de Verificação Agendado | 10/28/2014 06:23:36]
Removido : RP #49 [installed Java 7 Update 71 | 11/05/2014 18:23:29]
Removido : RP #50 [Ponto de Verificação Agendado | 11/13/2014 18:12:30]
Removido : RP #51 [DirectX instalado | 11/15/2014 01:25:36]
Removido : RP #52 [zoek.exe restore point | 11/17/2014 17:53:01]

Novo ponto de restauração criado !

########## - EOF - ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! FreedomFSA

 

> Baixe: < FRST_Logo.jpg > ( ... by Farbar )
> Ou aqui...
> Ou aqui,para sistemas 64bit!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".
FRST_Addition_Scan_zpsa9fe21c8.jpg
> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na execução da ferramenta.
> Poste o relatório! (FRST.txt + Addition.txt)
> Como o log será extenso,envie-o à Pjjoint.malekal.
> Ou acesse: < Cjoint_Logo.jpg >
> Maiores informações: < |Link| >
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa Tarde! FreedomFSA


----

----

Percentage of memory in use: 80%

Total physical RAM: 8112.25 MB

Available physical RAM: 1547.45 MB

Total Pagefile: 17263.36 MB

----

----

> A utilização da memória RAM está um pouco alta! ( 80% )


> Copie estas informações que estão em vermelho,para o Bloco de Notas.

> Salve-a com o nome fixlist. << Texto!

> Salve-a no desktop! /!\ C:\Users\Avell B155\Desktop /!\


start

FF Extension: No Name - {87F8774F-B485-47E2-A755-A40A8A5E886C} [Not Found]

2014-11-21 15:47 - 2014-11-21 15:48 - 00000015 _____ () C:\Users\Avell B155\Desktop\Novo Documento de Texto (3).txt

2014-11-18 23:28 - 2014-11-18 23:28 - 00000577 _____ () C:\Users\Avell B155\Desktop\Backup-codes-cauan.amorim.txt

2014-11-18 15:25 - 2014-11-18 15:25 - 00001210 _____ () C:\Users\Avell B155\Desktop\DelFix.txt

2014-11-18 15:24 - 2014-11-18 15:24 - 00001205 _____ () C:\DelFix.txt

2014-11-17 16:41 - 2014-02-13 23:59 - 00024064 _____ () C:\Windows\zoek-delete.exe

2014-11-17 15:54 - 2014-11-17 16:05 - 00000946 _____ () C:\Users\Avell B155\Desktop\Novo Documento de Texto (2).txt

2014-11-21 15:37 - 2014-07-16 12:59 - 01229935 _____ () C:\Windows\WindowsUpdate.log

2014-11-21 15:32 - 2013-11-18 14:31 - 00001086 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2014-11-18 15:24 - 2014-05-02 22:18 - 00000000 ____D () C:\Program Files (x86)\Trend Micro

2014-11-17 16:45 - 2014-09-29 18:02 - 00006978 _____ () C:\Windows\PFRO.log

2014-11-17 16:45 - 2013-11-18 12:44 - 00986078 _____ () C:\Users\Avell B155\AppData\Local\BTServer.log

2014-11-16 00:24 - 2014-08-22 00:05 - 00009739 _____ () C:\Users\Avell B155\Novo Documento de Texto (2).txt

2014-11-14 23:25 - 2014-09-13 20:43 - 00002772 _____ () C:\Windows\setupact.log

emptytemp:

end


> Execute FRST/FRST64 >> Clique "Fix" << Aguarde!

> Na mensagem,clique Executar.

> Poste o relatório! (Fixlog.txt)


A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

DigRam!

 

Notei que na lista supracitada, consta alguns arquivos pessoais. Um deles é:

 

C:\Users\Avell B155\Desktop\Backup-codes-cauan.amorim.txt

 

Este contém códigos de backup do autenticador do Google.

 

O resto, fiz um limpa manualmente e organizei eles.

 

No mais, posso efetuar o procedimento sugerido, excluindo a linha que citei a cima? Ou realizo novamente o procedimento anterior a este?

 

Obrigado!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Tarde! FreedomFSA

 

 

 

No mais, posso efetuar o procedimento sugerido, excluindo a linha que citei a cima? Ou realizo novamente o procedimento anterior a este?

> Não! Podemos encerrar o caso.

> Algum problema permanece ou incomoda?

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Uai,acho que podemos encerrar por aqui DigRam. :D

 

Mas, antes lhe pergunto, fico aqui no meu PC o FRST... Pode dar shit-del nele?

 

XD

 

vlwzz por tudo. o/

Compartilhar este post


Link para o post
Compartilhar em outros sites

Uai,acho que podemos encerrar por aqui DigRam. :D

 

Mas, antes lhe pergunto, fico aqui no meu PC o FRST... Pode dar shit-del nele?

 

XD

 

vlwzz por tudo. o/

Boa Noite! FreedomFSA

 

> Sim! Pode removê-lo.

 

A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.