Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

isaiaslopes3

[Resolvido] Suspeita de invasão

Recommended Posts

Boa noite, desde ontem que notei algumas situações estranhas na minha conexão.

 

Ao acessar, via facebook, o link ' http://www.joselitomuller.com/empresario-abre-cotas-para-feministas-em-carvoaria-mas-nem-uma-aceita/ ', de repente aparece a seguinte mensagem: 'Um nome de usuário e senha estão sendo solicitados por http://www.joselitomuller.com. O site diz: “Restricted Area”.

Tal mensagem pede para digitar o 'nome de usuário' e 'senha', muito parecida, por sinal, com a de acesso do roteador tplink: 'Um nome de usuário e senha estão sendo solicitados por http://tplinklogin.net. O site diz: “TP-LINK Roteador Wireless N WR740N”.

Ocorreu também em outro site, mas não lembro o link.

 

Ontem também, ao tentar acessar um app de banco, via celular, conectado à rede de wi-fi, foi permitido apenas acessar saldos, mas estava bloqueado para transações. Hoje, ao acessar, dessa vez via 3G, tudo funcionava normal com o app.

 

Nesse momento, estou recebendo constantemente mensagens do Malwarebytes sobre supostos websites maliciosos, os quais estão sendo bloqueados pelo programa. Me parece que está envolvido com o utorrent, apesar que nunca tive problema com esse programa. Na mensagem aparece o seguinte:

Domínio: ___________ (Sempre em branco)

IP: 203.111.224.64 (De vez em quando altera o número do ip)

Porta: 47597 (Constantemente muda o número)

Tipo: Outbound

Processo: C:\users\isaias\appdata\roaming\utorrent\utorrent.exe

 

Será se estão tentando invadir via rede wi-fi? Passei o malwarebytes hoje pela manhã e nada foi encontrado.

 

Malwarebytes Anti-Malware
www.malwarebytes.org


Data da verificação: 27/02/2016
Hora da verificação: 11:50:15
Arquivo de registro:
Administrador: Sim

Versão: 2.2.0.1024
Banco de dados de malware: v2016.02.26.06
Banco de dados de rootkit: v2016.02.17.01
Licença: Versão de avaliação
Proteção contra malware: Habilitado
Proteção contra website malicioso: Habilitado
Autoproteção: Desabilitado

Sistema operacional: Windows Vista Service Pack 2
CPU: x86
Sistema de arquivos: NTFS
Usuário: ISAIAS

Tipo de verificação: Verificação da ameaça
Resultado: Concluído
Objetos verificados: 327655
Tempo decorrido: 21 min, 43 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Desabilitado
Heurística: Habilitado
PUP: Aviso
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de registro: 0
(Nenhum item malicioso detectado)

Valores de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Pastas: 0
(Nenhum item malicioso detectado)

Arquivos: 0
(Nenhum item malicioso detectado)

Setores físicos: 0
(Nenhum item malicioso detectado)


(end)

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:54:41, on 27/02/2016
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16748)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\PROGRA~1\GbPlugin\GbpSv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Oi\Programmer\OiVeloxCheck.exe
C:\Windows\WindowsMobile\wmdSync.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Sony\VAIO Update 4\VAIOUpdt.exe
C:\Program Files\MCShield\MCShieldRTM.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Last.fm\Last.fm Scrobbler.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\ISAIAS\AppData\Roaming\uTorrent\uTorrent.exe
C:\Users\ISAIAS\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe
C:\Users\ISAIAS\AppData\Roaming\uTorrent\updates\3.4.5_41712\utorrentie.exe
C:\Users\ISAIAS\Desktop\Proteção; Limpadores\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.133.1.60:9000
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\PROGRAM FILES\GBPLUGIN\gbiehcef.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [OiVelox] C:\Program Files\Oi\Programmer\OiVeloxCheck.exe
O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Diebold - Warsaw] C:\Program Files\Diebold\Warsaw\core.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MCShield Monitor] C:\Program Files\MCShield\mcshieldrtm.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O15 - Trusted Zone: http://www.bb.com.br
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O15 - Trusted Zone: http://www.caixa.gov.br
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{658BD3FE-5E57-4930-85FE-EF18F637B1A7}: NameServer = 208.67.222.222,208.67.220.220
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files\GbPlugin\gbiehCef.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: Adobe Active File Monitor V6 (AdobeActiveFileMonitor6.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 6.0\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~1\GbPlugin\GbpSv.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Windows\RtkAudioService.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: VAIO Media plus Content Importer (SOHCImp) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHCImp.exe
O23 - Service: VAIO Media plus Digital Media Server (SOHDms) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDms.exe
O23 - Service: VAIO Media plus Device Searcher (SOHDs) - Sony Corporation - C:\Program Files\Sony\VAIO Media plus\SOHDs.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: CamMonitor (uCamMonitor) - ArcSoft, Inc. - C:\Program Files\ArcSoft\Magic-i Visual Effects\uCamMonitor.exe
O23 - Service: UI Assistant Service - Unknown owner - C:\Program Files\Join Air\AssistantServices.exe
O23 - Service: VAIO Entertainment TV Device Arbitration Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe
O23 - Service: VAIO Event Service - Sony Corporation - C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
O23 - Service: VAIO Power Management - Sony Corporation - C:\Program Files\Sony\VAIO Power Management\SPMService.exe
O23 - Service: VAIO Content Folder Watcher (VCFw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
O23 - Service: VAIO Content Metadata Intelligent Analyzing Manager (VcmIAlzMgr) - Sony Corporation - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
O23 - Service: VAIO Content Metadata XML Interface (VcmXmlIfHelper) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper.exe
O23 - Service: VAIO Entertainment UPnP Client Adapter (Vcsw) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
O23 - Service: VAIO Entertainment Database Service (VzCdbSvc) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 9938 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

ESETSmartInstaller@High as downloader log:
Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.Can not read file from internet.ESETSmartInstaller@High as downloader log:
Can not read file from internet.# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c440928c07bcf1449b1254f34e979f9b
# end=init
# utc_time=2015-07-24 07:12:22
# local_time=2015-07-24 04:12:22 (-0300, Hora oficial do Brasil)
# country="Brazil"
# osver=6.0.6002 NT Service Pack 2
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=41221
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=41221
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
Update Init
Update Download
esets_scanner_update returned -1 esets_gle=41221
Update Finalize
Updated modules version: 0
Old modules - leave modules
Update Init
Update Download
Update Init
Update Download
Update Finalize
Updated modules version: 24965
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c440928c07bcf1449b1254f34e979f9b
# end=updated
# utc_time=2015-07-24 09:11:16
# local_time=2015-07-24 06:11:16 (-0300, Hora oficial do Brasil)
# country="Brazil"
# osver=6.0.6002 NT Service Pack 2
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=c440928c07bcf1449b1254f34e979f9b
# engine=24965
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-24 10:27:23
# local_time=2015-07-24 07:27:23 (-0300, Hora oficial do Brasil)
# country="Brazil"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 0 274384415 0 0
# scanned=111019
# found=2
# cleaned=0
# scan_time=4567
sh=2A47168827E2D73B66C0D62C7AEFA261EDA0880D ft=1 fh=e3b9f61bd8ef5565 vn="a variant of Win32/BitCoinMiner.BJ potentially unsafe application" ac=I fn="C:\Program Files\Litecoin\litecoin-qt.exe"
sh=4120031EA919D10455D57A70DC3B0CDDA07A13A9 ft=1 fh=aabda3fa278f4e45 vn="a variant of Win32/BitCoinMiner.BJ potentially unsafe application" ac=I fn="C:\Program Files\Litecoin\daemon\litecoind.exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c440928c07bcf1449b1254f34e979f9b
# end=init
# utc_time=2015-07-24 11:04:16
# local_time=2015-07-24 08:04:16 (-0300, Hora oficial do Brasil)
# country="Brazil"
# osver=6.0.6002 NT Service Pack 2
Update Init
Update Download
Update Finalize
Updated modules version: 24968
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c440928c07bcf1449b1254f34e979f9b
# end=updated
# utc_time=2015-07-24 11:07:03
# local_time=2015-07-24 08:07:03 (-0300, Hora oficial do Brasil)
# country="Brazil"
# osver=6.0.6002 NT Service Pack 2
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=c440928c07bcf1449b1254f34e979f9b
# engine=24968
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-07-25 12:51:37
# local_time=2015-07-24 09:51:37 (-0300, Hora oficial do Brasil)
# country="Brazil"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776573 100 100 0 274393069 0 0
# scanned=206155
# found=5
# cleaned=5
# scan_time=6274
sh=2A47168827E2D73B66C0D62C7AEFA261EDA0880D ft=1 fh=e3b9f61bd8ef5565 vn="a variant of Win32/BitCoinMiner.BJ potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Litecoin\litecoin-qt.exe"
sh=4120031EA919D10455D57A70DC3B0CDDA07A13A9 ft=1 fh=aabda3fa278f4e45 vn="a variant of Win32/BitCoinMiner.BJ potentially unsafe application (cleaned by deleting - quarantined)" ac=C fn="C:\Program Files\Litecoin\daemon\litecoind.exe"
sh=DA51908BFFCC38F6016A4F69913D19C74805A36A ft=1 fh=ebaca23a69b73528 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\ISAIAS\Desktop\Documentacao ingrid\Arquivos INGRID\ingrid-4º periodo\Patologia\4shared_Desktop_3.2.3.exe"
sh=DA51908BFFCC38F6016A4F69913D19C74805A36A ft=1 fh=ebaca23a69b73528 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\ISAIAS\Desktop\Documentacao ingrid\Arquivos INGRID\ingrid-4º periodo\Patologia\gengiivite e perio.exe"
sh=DA51908BFFCC38F6016A4F69913D19C74805A36A ft=1 fh=ebaca23a69b73528 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\ISAIAS\Desktop\Documentacao ingrid\Arquivos INGRID\ingrid-4º periodo\Patologia\pato...exe"
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c440928c07bcf1449b1254f34e979f9b
# end=init
# utc_time=2016-02-28 04:48:57
# local_time=2016-02-28 01:48:57 (-0300, Hora oficial do Brasil)
# country="Brazil"
# osver=6.0.6002 NT Service Pack 2
Update Init
Update Download
Update Finalize
Updated modules version: 28341
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=c440928c07bcf1449b1254f34e979f9b
# end=updated
# utc_time=2016-02-28 05:07:44
# local_time=2016-02-28 02:07:44 (-0300, Hora oficial do Brasil)
# country="Brazil"
# osver=6.0.6002 NT Service Pack 2
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=c440928c07bcf1449b1254f34e979f9b
# engine=28341
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2016-02-28 07:19:35
# local_time=2016-02-28 04:19:35 (-0300, Hora oficial do Brasil)
# country="Brazil"
# lang=1033
# osver=6.0.6002 NT Service Pack 2
# compatibility_mode_1=''
# compatibility_mode=5892 16776574 100 100 0 293294746 0 0
# scanned=205401
# found=1
# cleaned=1
# scan_time=7910
sh=B7C20CA5F3D03CA0B47FE84EA238FF4F69E5183B ft=1 fh=075c4223825eb116 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted)" ac=C fn="C:\Arquivos\ccsetup513.exe"

Compartilhar este post


Link para o post
Compartilhar em outros sites

# AdwCleaner v5.037 - Relatório criado 29/02/2016 às 14:25:09
# Atualizado 28/02/2016 por Xplode
# Banco de dados : 2016-02-28.2 [servidor]
# Sistema operacional : Windows Vista Home Basic Service Pack 2 (x86)
# Usuário : ISAIAS - ISAIAS-PC
# Executando de : C:\Users\ISAIAS\Desktop\adwcleaner_5.037.exe
# Opção : Limpar
# Apoio : http://toolslib.net/forum

***** [ Serviços ] *****


***** [ Pastas ] *****

[-] Pasta Excluído : C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1

***** [ Arquivos ] *****


***** [ DLLs ] *****


***** [ Atalhos ] *****


***** [ Tarefas agendadas ] *****


***** [ Registro ] *****

[-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{0C1284BA-4F3A-41C6-94B5-77446F5948A9}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
[-] Chave Excluída : HKCU\Software\SlimWare Utilities Inc
[-] Chave Excluída : HKCU\Software\Yahoo\Companion
[-] Chave Excluída : HKCU\Software\Yahoo\YFriendsBar
[-] Chave Excluída : HKCU\Software\AppDataLow\Software\Yahoo\Companion
[-] Chave Excluída : HKLM\SOFTWARE\Yahoo\Companion

***** [ Navegadores ] *****


*************************

:: Chaves "Tracing" excluídas
:: Configurações Winsock restauradas

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [1735 bytes] - [29/02/2016 14:25:09]
C:\AdwCleaner\AdwCleaner[s1].txt - [1747 bytes] - [29/02/2016 14:04:28]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1881 bytes] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

deu certo em modo de segurança apenas.

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows Vista Home Basic x86
Ran by ISAIAS (Limited) on 01/03/2016 at 13:46:18,24
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01/03/2016 at 13:48:28,97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Compartilhar este post


Link para o post
Compartilhar em outros sites

Resultado da Correção pela Farbar Recovery Scan Tool (x86) Versão:27-02-2016
Executado por ISAIAS (2016-03-01 23:50:26) Run:1
Executando a partir de C:\Users\ISAIAS\Desktop
Perfis Carregados: ISAIAS (Perfis Disponíveis: ISAIAS)
Modo da Inicialização: Normal

==============================================

fixlist Conteúdo:
*****************
start
CreateRestorePoint:
CloseProcesses:
ShellExecuteHooks: - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Nenhum Arquivo [ ]
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-3892671904-924784273-1446608767-1000\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com/webhp?rlz=1W1SNYX&ie=UTF-8&oe=UTF-8
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3892671904-924784273-1446608767-1000 -> DefaultScope {67C334C0-408D-4E6D-B5A7-0ADD6AFFA252} URL =
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [X]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [X]
S0 gbpddreg; system32\drivers\gbpddreg32.sys [X]
S3 RimUsb; System32\Drivers\RimUsb.sys [X]
S4 UIUSys; system32\DRIVERS\UIUSYS.SYS [X]
S3 USBAAPL; System32\Drivers\usbaapl.sys [X]
C:\Users\ISAIAS\AppData\Local\Temp\sqlite3.dll
Task: {2969DBEA-B49A-41BE-B8EC-4BF7B56A5F75} - \{5D5E16CA-5DFB-4B26-A79C-5616192F2707} -> Nenhum Arquivo <==== ATENÇÃO
AlternateDataStreams: C:\Program Files\GbPlugin:IncompleteStartProcessProtection.cnt
AlternateDataStreams: C:\Program Files\GbPlugin:u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==
AlternateDataStreams: C:\Windows\System32:53CA9438_Bb.gbp
AlternateDataStreams: C:\Windows\System32:53CA9438_Cef.gbp
AlternateDataStreams: C:\Windows\system32\drivers:GbpKmAp.lst
AlternateDataStreams: C:\Windows\system32\Drivers\wsddfac.sys:X5ZN8aGXs4
AlternateDataStreams: C:\ProgramData\Temp:A8ADE5D8
AlternateDataStreams: C:\ProgramData\Temp:DFC5A2B2
AlternateDataStreams: C:\Users\ISAIAS\Downloads:Shareaza.GUID
AlternateDataStreams: C:\Users\ISAIAS\Downloads\Especializac¸a~o em Educac¸a~o, Pobreza e Desigualdade Social.mp4:TOC.WMV
FirewallRules: [{FB7AD794-5608-4DC1-AD97-AC0A33588C8A}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [{EC6ECF4A-4636-4BCF-9399-B08236F8377E}] => (Allow) C:\Program Files\uTorrent\uTorrent.exe
FirewallRules: [TCP Query User{DC6AE02C-08E4-4835-8B71-C0D0C132F0ED}C:\program files\emule\emule.exe] => (Allow) C:\program files\emule\emule.exe
FirewallRules: [uDP Query User{78D752E2-980E-4381-9564-0AF3F20D55EB}C:\program files\emule\emule.exe] => (Allow) C:\program files\emule\emule.exe
FirewallRules: [TCP Query User{428ED7F9-A686-4007-A650-75A18C8D4AA0}C:\program files\utorrent\utorrent.exe] => (Allow) C:\program files\utorrent\utorrent.exe
FirewallRules: [uDP Query User{09E1D67C-3A6B-447A-8B69-DE8F09326AA2}C:\program files\utorrent\utorrent.exe] => (Allow) C:\program files\utorrent\utorrent.exe
HOSTS:
RemoveProxy:
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
emptytemp:
end
*****************

Ponto de Restauração criado com sucesso.
Processos fechados com sucesso.
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\ShellExecuteHooks\\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => valor removido (a) com sucesso.
HKCR\CLSID\{AEB6717E-7E19-11d0-97EE-00C04FD91972} => chave não encontrado (a).
HKLM\Software\\Microsoft\Internet Explorer\Main\\Local Page => valor restaurado com sucesso
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Search Page => valor removido (a) com sucesso.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => valor removido (a) com sucesso.
HKU\S-1-5-21-3892671904-924784273-1446608767-1000\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => valor removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
HKU\S-1-5-21-3892671904-924784273-1446608767-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => valor removido (a) com sucesso.
Net Driver HPZ12 => serviço removido (a) com sucesso.
Pml Driver HPZ12 => serviço removido (a) com sucesso.
gbpddreg => serviço removido (a) com sucesso.
RimUsb => serviço removido (a) com sucesso.
UIUSys => serviço removido (a) com sucesso.
USBAAPL => serviço removido (a) com sucesso.
C:\Users\ISAIAS\AppData\Local\Temp\sqlite3.dll => movido com sucesso
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2969DBEA-B49A-41BE-B8EC-4BF7B56A5F75}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2969DBEA-B49A-41BE-B8EC-4BF7B56A5F75}" => chave removido (a) com sucesso.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{5D5E16CA-5DFB-4B26-A79C-5616192F2707}" => chave removido (a) com sucesso.
C:\Program Files\GbPlugin => ":IncompleteStartProcessProtection.cnt" ADS removido (a) com sucesso..
C:\Program Files\GbPlugin => ":u6eBQrM0Z2K3FKLVBMG8dY3IkKT2rqFO+Sf68h8fDg==" ADS removido (a) com sucesso..
C:\Windows\System32 => ":53CA9438_Bb.gbp" ADS removido (a) com sucesso..
C:\Windows\System32 => ":53CA9438_Cef.gbp" ADS removido (a) com sucesso..
C:\Windows\system32\drivers => ":GbpKmAp.lst" ADS removido (a) com sucesso..
C:\Windows\system32\Drivers\wsddfac.sys => ":X5ZN8aGXs4" ADS removido (a) com sucesso..
C:\ProgramData\Temp => ":A8ADE5D8" ADS removido (a) com sucesso..
C:\ProgramData\Temp => ":DFC5A2B2" ADS removido (a) com sucesso..
"C:\Users\ISAIAS\Downloads" => ":Shareaza.GUID" ADS não encontrado (a).
"C:\Users\ISAIAS\Downloads\Especializac¸a~o em Educac¸a~o, Pobreza e Desigualdade Social.mp4" => ":TOC.WMV" ADS não encontrado (a).
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FB7AD794-5608-4DC1-AD97-AC0A33588C8A} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EC6ECF4A-4636-4BCF-9399-B08236F8377E} => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{DC6AE02C-08E4-4835-8B71-C0D0C132F0ED}C:\program files\emule\emule.exe => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{78D752E2-980E-4381-9564-0AF3F20D55EB}C:\program files\emule\emule.exe => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{428ED7F9-A686-4007-A650-75A18C8D4AA0}C:\program files\utorrent\utorrent.exe => valor removido (a) com sucesso.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{09E1D67C-3A6B-447A-8B69-DE8F09326AA2}C:\program files\utorrent\utorrent.exe => valor removido (a) com sucesso.
C:\Windows\System32\Drivers\etc\hosts => movido com sucesso
Hosts restaurado com sucesso.

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.
HKU\S-1-5-21-3892671904-924784273-1446608767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => valor removido (a) com sucesso.
HKU\S-1-5-21-3892671904-924784273-1446608767-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => valor removido (a) com sucesso.


========= Fim de RemoveProxy: =========


========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

A opera‡Æo foi conclu¡da com ˆxito.



========= Fim de Reg: =========


========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

A opera‡Æo foi conclu¡da com ˆxito.



========= Fim de Reg: =========

EmptyTemp: => 626 MB de dados temporários Removidos.


O sistema precisou ser reiniciado.

==== Fim de Fixlog 23:53:27 ====

Compartilhar este post


Link para o post
Compartilhar em outros sites

SecurityCheck by glax24 & Severnyj v.1.4.0.35 [23.01.16]
WebSite: www.safezone.cc
DateLog: 02.03.2016 15:56:32
Path starting: C:\Users\ISAIAS\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: ISAIAS
VersionXML: 2.56is-02.03.2016
___________________________________________________________________________

Windows Vista(6.0.6002) Service Pack 2 (x86) HomeBasic Lang: Portuguese(0416)
Installation date OS: 14.03.2009 21:12:18
LicenseStatus: Windows Vista, HomeBasic edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [139.8 Gb] Used: [106.5 Gb] Free: [33.3 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 9.0.8112.16421 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
Automatic download and scheduled installation
Date install updates: 2016-03-01 17:33:12
Windows Update (wuauserv) - The service is running
Central de Segurança (wscsvc) - The service has stopped
Registro remoto (RemoteRegistry) - The service has stopped
Serviços de terminal (TermService) - The service is running
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
Descoberta SSDP (SSDPSRV) - The service is running
--------------------------- [ FirewallWindows ] ---------------------------
Firewall do Windows (MpsSvc) - The service has stopped
Disabled the standard profile for Windows Firewall
--------------------------- [ AntiSpyware_WMI ] ---------------------------
Windows Defender (disabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
ESET Online Scanner v3
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware versão 2.2.0.1024 v.2.2.0.1024
MCShield ::Anti-Malware Tool:: v.3.0.5.28
Zemana AntiMalware v.2.19.904
--------------------------- [ OtherUtilities ] ----------------------------
VLC media player 2.0.5 v.2.0.5 Warning! Download Update
Microsoft Silverlight v.5.1.41212.0
--------------------------------- [ IM ] ----------------------------------
Skype™ 7.0 v.7.0.102 Warning! Download Update
^Optional update.^
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.3.4.5.41712 Warning! P2P-client.
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 20 NPAPI v.20.0.0.306
Adobe Reader 9.5.5 - Português v.9.5.5 Warning! Download Update
Uninstall old version and install new one.
------------------------------- [ Browser ] -------------------------------
Mozilla Firefox 44.0.2 (x86 pt-BR) v.44.0.2
--------------------------- [ RunningProcess ] ----------------------------
C:\Program Files\Mozilla Firefox\firefox.exe v.44.0.2.5884
----------------------------- [ End of Log ] ------------------------------

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.