Ir ao conteúdo
  • Cadastre-se
shiribia

remoção de virus

Recommended Posts

acho q estou c virus no meu notebook...

 

baixei o programa mas ele não para de passar e não gera o log..

 

já ficou mais de 3 horas e nada... so gerou o backup com a pasta vazia..

 

podem me ajudar??

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

@shiribia

 

Por favor, atente para o seguinte:
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Procure sempre me manter informado, durante a remoção, sobre o que acontece com seu computador.
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Ao invés de criar um novo tópico, peço que você continue com este e faça uma resposta anexando o log do ZA-Scan, de acordo com essas instruções: http://forum.clubedohardware.com.br/topic/1105783-como-criar-seu-t%C3%B3pico/

 

Abraços.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ola @Mention!!

 

Estou desde ontem tentando scannear porém fica por mais de 4h rodando e não gera o log.. Gera so o arquivo de backup..

 

já exclui e baixei outro arquivo mas continua da mesma forma..clico em executar como adm mas não finaliza.. o que devo fazer? 


Ola @Mention!!

 

Estou desde ontem tentando scannear porém fica por mais de 4h rodando e não gera o log.. Gera so o arquivo de backup..

 

já exclui e baixei outro arquivo mas continua da mesma forma..clico em executar como adm mas não finaliza.. o que devo fazer? 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Obrigada, no modo segurança deu certo segue log.

 

ZA-Scan V1.0.0.4 Updated 04-May-2015
Tool run by Silvia Cristina on 22/08/2015 at 18:55:21,24.
Microsoft Windows 7 Starter  6.1.7601 Service Pack 1 x86
Running in: Safe Mode MINIMAL No Internet Access Detected
Launched: C:\Users\Silvia Cristina\Desktop\ZA-Scan.exe [Z-Analyse Scan]
 
==== Running Processes ======================
 
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\ctfmon.exe
C:\Windows\helppane.exe
C:\Windows\system32\DllHost.exe
C:\Users\Silvia Cristina\Desktop\ZA-Scan.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\conhost.exe
C:\Users\SILVIA~1\AppData\Local\Temp\ZAScan.exe
C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
 
==== Services(whitelist) ======================
Powered by E Dev
 
S2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files\common files\adobe\arm\1.0\armsvc.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [DsiWMIService] - Dritek WMI Service - c:\program files\launch manager\dsiwmis.exe
S2 - [ePowerSvc] - Acer ePower Service - c:\program files\acer\acer epower management\epowersvc.exe
S2 - [GbpSv] - Gbp Service - c:\progra~1\gbplugin\gbpsv.exe
S2 - [GREGService] - GREGService - c:\program files\acer\registration\gregsvc.exe
S2 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files\google\update\googleupdate.exe [x]
S2 - [iAStorDataMgrSvc] - Intel® Rapid Storage Technology - c:\program files\intel\intel® rapid storage technology\iastordatamgrsvc.exe
S2 - [Live Updater Service] - Live Updater Service - c:\program files\acer\acer updater\updaterservice.exe
S2 - [LMS] - Intel® Management and Security Application Local Management Service - c:\program files\intel\intel® management engine components\lms\lms.exe
S2 - [McAfee SiteAdvisor Service] - McAfee SiteAdvisor Service - c:\program files\mcafee\siteadvisor\mcsacore.exe
S2 - [McShield] - McAfee McShield - c:\program files\common files\mcafee\systemcore\\mcshield.exe
S2 - [mfefire] - McAfee Firewall Core Service - c:\program files\common files\mcafee\systemcore\\mfefire.exe
S2 - [mfevtp] - McAfee Validation Trust Protection Service - c:\windows\system32\mfevtps.exe
S2 - [scpVista] - scpVista - c:\program files\scpad\scpvista.exe
S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
S2 - [uNS] - Intel® Management & Security Application User Notification Service - c:\program files\intel\intel® management engine components\uns\uns.exe
S2 - [update Cyti Web] - Update Cyti Web - c:\program files\cyti web\updatecytiweb.exe [x]
S2 - [Warsaw Technology] - Warsaw Technology - c:\program files\diebold\warsaw\core.exe
S2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
S2 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
S2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\system32\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [EgisTec Ticket Service] - EgisTec Ticket Service - c:\program files\common files\egistec\services\egisticketservice.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FLEXnet Licensing Service] - FLEXnet Licensing Service - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework\v3.0\wpf\presentationfontcache.exe
S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files\google\update\googleupdate.exe [x]
S3 - [iEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [McAWFwk] - McAfee Activation Service - c:\progra~1\mcafee\msc\mcawfwk.exe
S3 - [McODS] - McAfee Scanner - c:\program files\mcafee\virusscan\mcods.exe
S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose] - Office  Source Engine - c:\program files\common files\microsoft shared\source engine\ose.exe
S3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
S3 - [sNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
S3 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - Serviço de estado do ASP.NET - c:\windows\microsoft.net\framework\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [wlcrasvc] - Windows Live Mesh remote connections service - c:\program files\windows live\mesh\wlcrasvc.exe
 
==== Drivers(whitelist) ======================
Powered by E Dev
 
R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
S1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
S3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys
S3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys
R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys
R0 - [GbpKm] - Gbp KernelMode - C:\Windows\system32\Drivers\GbpKm.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [iaStor] - Intel AHCI Controller - C:\Windows\system32\Drivers\iaStor.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mfewfpk] - McAfee Inc. mfewfpk - C:\Windows\system32\Drivers\mfewfpk.sys
R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Microsoft Virtual Drive Enumerator Driver - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wd] - Microsoft Watchdog Timer Driver - C:\Windows\system32\Drivers\Wd.sys
R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
S0 - [bhbase] - Baidu Hook Base - C:\Windows\system32\Drivers\Bhbase.sys
S0 - [mfehidk] - McAfee Inc. mfehidk - C:\Windows\system32\Drivers\mfehidk.sys
S0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
S1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
S1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys
S2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys
 
==== Deleting Files \ Folders ======================
 
C:\Windows\system32\appdata deleted
 
==== Startup Registry Enabled ======================
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"
 
[HKEY_USERS\S-1-5-21-263234876-223598981-1728758433-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background"
"Facebook Update"="C:\Users\Silvia Cristina\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"HW_OPENEYE_OUC_VIVO INTERNET"="C:\Users\Silvia Cristina\Desktop\VIVO INTERNET\UpdateDog\ouc.exe"
"YTDownloader"="C:\Program Files\YTDownloader\YTDownloader.exe /boot"
 
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"
"Del6369208"="cmd.exe /Q /D /c del C:\Windows\TEMP\0.del"
"Del312189"="cmd.exe /Q /D /c del C:\Windows\TEMP\0.del"
"Del3756784"="cmd.exe /Q /D /c del C:\Windows\TEMP\0.del"
"Del4406622"="cmd.exe /Q /D /c del C:\Windows\TEMP\0.del"
"Del190383"="cmd.exe /Q /D /c del C:\Windows\TEMP\0.del"
"Del174440"="cmd.exe /Q /D /c del C:\Windows\TEMP\0.del"
 
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"
 
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"
 
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe /qn /x{voidguid}"
"Del6369208"="cmd.exe /Q /D /c del C:\Windows\TEMP\0.del"
"Del312189"="cmd.exe /Q /D /c del C:\Windows\TEMP\0.del"
"Del3756784"="cmd.exe /Q /D /c del C:\Windows\TEMP\0.del"
"Del4406622"="cmd.exe /Q /D /c del C:\Windows\TEMP\0.del"
"Del190383"="cmd.exe /Q /D /c del C:\Windows\TEMP\0.del"
"Del174440"="cmd.exe /Q /D /c del C:\Windows\TEMP\0.del"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe"
"AmIcoSinglun"="C:\Program Files\AmIcoSingLun\AmIcoSinglun.exe"
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s"
"mcui_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey"
"SuiteTray"="C:\Program Files\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
"EgisTecPMMUpdate"="C:\Program Files\EgisTec IPS\PmmUpdate.exe"
"EgisUpdate"="C:\Program Files\EgisTec IPS\EgisUpdate.exe -d"
"BackupManagerTray"="C:\Program Files\NTI\Acer Backup Manager\BackupManagerTray.exe -h -k"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"LManager"="C:\Program Files\Launch Manager\LManager.exe"
"ArcadeMovieService"="C:\Program Files\Acer\clear.fi\Movie\clear.fiMovieService.exe"
"Power Management"="C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"Mouse Suite 98 Daemon"="ICO.EXE"
"HP Software Update"="C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe"
"CorelDRAW Graphics Suite 11b"="C:\Program Files\Corel\Corel Graphics 12\Languages\BR\Programs\Registration.exe /title=CorelDRAW Graphics Suite 12 /date=032013 serial=DR12WEX-1504397-KTY lang=BP"
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe"
"YTDownloader"="C:\Program Files\YTDownloader\YTDownloader.exe /boot"
"Diebold - Warsaw"="C:\Program Files\Diebold\Warsaw\core.exe"
"MRT"="C:\Windows\system32\MRT.exe /R"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "
"Windows Mobile Device Center"="%windir%\WindowsMobile\wmdc.exe "
 
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background"
"Facebook Update"="C:\Users\Silvia Cristina\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"HW_OPENEYE_OUC_VIVO INTERNET"="C:\Users\Silvia Cristina\Desktop\VIVO INTERNET\UpdateDog\ouc.exe"
"YTDownloader"="C:\Program Files\YTDownloader\YTDownloader.exe /boot"
 
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:/PROGRA~2/{D65E3~1/171~1.0/deto.dll"
 
==== Startup Folders ======================
 
2013-09-11 20:00:03 47555 ----a-w- C:\Users\Silvia Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\5689.js
2015-04-25 03:07:21 1131 ----a-w- C:\Users\Silvia Cristina\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
 
==== Task Scheduler Jobs ======================
 
C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [16/04/2015 15:35]
C:\Windows\tasks\APSnotifierPP1.job --a------ C:\Program Files\AnyProtectEx\AnyProtect.exe []
C:\Windows\tasks\APSnotifierPP2.job --a------ C:\Program Files\AnyProtectEx\AnyProtect.exe []
C:\Windows\tasks\APSnotifierPP3.job --a------ C:\Program Files\AnyProtectEx\AnyProtect.exe []
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-263234876-223598981-1728758433-1000Core.job --a------ C:\Users\Silvia Cristina\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/07/2012 22:24]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-263234876-223598981-1728758433-1000UA.job --a------ C:\Users\Silvia Cristina\AppData\Local\Facebook\Update\FacebookUpdate.exe [11/07/2012 22:24]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files\Google\Update\GoogleUpdate.exe []
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ [undetermined Task]
C:\Windows\tasks\WSE_Vosteran.job --a------ [undetermined Task]
 
==== Other Scheduled Tasks ======================
 
"C:\Windows\system32\tasks\Adobe Acrobat Update Task" [C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe]
"C:\Windows\system32\tasks\Adobe Flash Player Updater" [C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\system32\tasks\APSnotifierPP1" [C:\Program Files\AnyProtectEx\AnyProtect.exe]
"C:\Windows\system32\tasks\APSnotifierPP2" [C:\Program Files\AnyProtectEx\AnyProtect.exe]
"C:\Windows\system32\tasks\APSnotifierPP3" [C:\Program Files\AnyProtectEx\AnyProtect.exe]
"C:\Windows\system32\tasks\clear.fi" ["C:\Program Files\Acer\clear.fi\MVP\clear.fi.exe"]
"C:\Windows\system32\tasks\clear.fiAgent" ["C:\Program Files\Acer\clear.fi\MVP\clear.fiAgent.exe"]
"C:\Windows\system32\tasks\DealPly" [C:\Users\SILVIA~1\AppData\Roaming\DealPly\UPDATE~1\UPDATE~1.EXE]
"C:\Windows\system32\tasks\DealPlyUpdate" ["C:\Program Files\DealPly\DealPlyUpdate.exe"]
"C:\Windows\system32\tasks\DMREngine" ["C:\Program Files\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe"]
"C:\Windows\system32\tasks\DoctorPC_Popup" [C:\Program Files\Doctor PC\Splash.exe]
"C:\Windows\system32\tasks\DoctorPC_Start" [C:\Program Files\Doctor PC\DoctorPC.exe]
"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-263234876-223598981-1728758433-1000Core" [C:\Users\Silvia Cristina\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\system32\tasks\FacebookUpdateTaskUserS-1-5-21-263234876-223598981-1728758433-1000UA" [C:\Users\Silvia Cristina\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files\Google\Update\GoogleUpdate.exe]
"C:\Windows\system32\tasks\HPCustParticipation HP Deskjet 2050 J510 series" ["C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe"]
"C:\Windows\system32\tasks\Launch 2564" [C:\Program Files\YTDownloader\YTDownloader.exe]
"C:\Windows\system32\tasks\Optimizer Pro Schedule" ["C:\Program Files\Optimizer Pro\OptProLauncher.exe"]
"C:\Windows\system32\tasks\PostPoneInstall" [C:\Users\SILVIA~1\AppData\Local\Temp\ce98ac2e-20c0-4a93-86f6-bdb3e61caf55.exe]
"C:\Windows\system32\tasks\Run_Bobby_Browser" ["C:\Users\Silvia Cristina\AppData\Local\BoBrowser\Application\bobrowser.exe"]
"C:\Windows\system32\tasks\SMupdate1" [C:\Windows\system32\rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update1]
"C:\Windows\system32\tasks\WSE_Vosteran" [C:\Users\SILVIA~1\AppData\Roaming\WSE_VO~1\UPDATE~1\UPDATE~1.EXE]
"C:\Windows\system32\tasks\YourFile DownloaderUpdate" [C:\Program Files\YourFileDownloader Updater\YourFileUpdater.exe]
"C:\Windows\system32\tasks\YTDownloader" [C:\Program Files\YTDownloader\YTDownloader.exe]
"C:\Windows\system32\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{D19CA586-DD6C-4a0a-96F8-14644F340D60}"="C:\Program Files\Common Files\McAfee\SystemCore" [22/08/2015 18:30]
 
==== Firefox Extensions ======================
 
ExtDir: C:\Users\Silvia Cristina\AppData\Roaming\Mozilla\Firefox\Profiles\extensions
- PutLockerDownloader V3.0 - %ExtDir%\putlockerdownloader3@putlockerdownloader.com.xpi
 
==== Firefox Plugins ======================
 
 
==== Fake Chromium Profiles Check ======================
 
Fake profile C:\Users\Administrador\AppData\Local\Torch Found
Fake profile C:\Users\Administrador\AppData\Local\Google\Chrome Found
Fake profile C:\Users\Administrador\AppData\Local\Google\Chrome SxS Found
Fake profile C:\Users\Administrador\AppData\Local\Comodo\Dragon Found
Fake profile C:\Users\Administrador\AppData\Local\Chromatic Browser Found
Fake profile C:\Users\Convidado\AppData\Local\Torch Found
Fake profile C:\Users\Convidado\AppData\Local\Google\Chrome Found
Fake profile C:\Users\Convidado\AppData\Local\Google\Chrome SxS Found
Fake profile C:\Users\Convidado\AppData\Local\Comodo\Dragon Found
Fake profile C:\Users\Convidado\AppData\Local\Chromatic Browser Found
Fake profile C:\Users\Silvia Cristina\AppData\Local\Torch Found
Fake profile C:\Users\Silvia Cristina\AppData\Local\Google\Chrome SxS Found
Fake profile C:\Users\Silvia Cristina\AppData\Local\Comodo\Dragon Found
Fake profile C:\Users\Silvia Cristina\AppData\Local\Chromatic Browser Found
 
==== Chromium Look ======================
 
Google Chrome Version: 35.0.1916.153
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files\McAfee\SiteAdvisor\McChPlg.crx[]
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]
koalekbhpbggkcfhkkbolikjoaobbppi - C:\Program Files\PutLockerDownloader\PutLockerDownloader10.crx[11/04/2013 12:54]
oilkkkefbalmbfppgjmgjoefbclebkce - No path found[]
pelmeidfhdlhlbjimpabfcbnnojbboma - C:\Users\Silvia Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx[30/05/2014 03:22]
 
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
gaiilaahiahdejapggenmdmafpmbipje - C:\Program Files\DealPly\DealPly.crx[]
oilkkkefbalmbfppgjmgjoefbclebkce - No path found[]
 
cosstminn - Administrador\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eglmnlmiebbgogfahnehpojojbipkacm
cosstminn - Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eglmnlmiebbgogfahnehpojojbipkacm
cosstminn - Administrador\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglmnlmiebbgogfahnehpojojbipkacm
cosstminn - Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eglmnlmiebbgogfahnehpojojbipkacm
cosstminn - Administrador\AppData\Local\Torch\User Data\Default\Extensions\eglmnlmiebbgogfahnehpojojbipkacm
cosstminn - Convidado\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eglmnlmiebbgogfahnehpojojbipkacm
cosstminn - Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eglmnlmiebbgogfahnehpojojbipkacm
cosstminn - Convidado\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglmnlmiebbgogfahnehpojojbipkacm
cosstminn - Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eglmnlmiebbgogfahnehpojojbipkacm
cosstminn - Convidado\AppData\Local\Torch\User Data\Default\Extensions\eglmnlmiebbgogfahnehpojojbipkacm
cosstminn - Silvia Cristina\AppData\Local\Chromatic Browser\User Data\Default\Extensions\eglmnlmiebbgogfahnehpojojbipkacm
cosstminn - Silvia Cristina\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\eglmnlmiebbgogfahnehpojojbipkacm
ddpjcojaoicnomgkjeeepiiplgheophj - Silvia Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddpjcojaoicnomgkjeeepiiplgheophj
GBBD Banco do Brasil - Silvia Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp
Chrome Web Store Payments - Silvia Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Silvia Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
cosstminn - Silvia Cristina\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\eglmnlmiebbgogfahnehpojojbipkacm
cosstminn - Silvia Cristina\AppData\Local\Torch\User Data\Default\Extensions\eglmnlmiebbgogfahnehpojojbipkacm
undetermined - Silvia Cristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
 
==== Chromium Startpages ======================
 
C:\Users\Silvia Cristina\AppData\Local\BoBrowser\User Data\Default\Preferences
"startup_urls": [ "http://www.google.com/" ],
 
C:\Users\Silvia Cristina\AppData\Local\Google\Chrome\User Data\Default\Preferences
"startup_urls": [ "http://www.google.com.br/" ],
 
 
==== IE Start and Search Settings ======================
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{5CC1ECF8-03E9-4325-B4CB-C51F84E70E68}"
 
==== All HKCU SearchScopes ======================
 
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{B3E81BF2-0A80-400A-A7BE-3BFD5A1889D7} FileConverter 1.1 Customized Web Search Url="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3241941"
{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} Pesquisa segura Url="http://br.search.yahoo.com/search?fr=mcafee&type=A011BR662&p={SearchTerms}"
 
==== HijackThis Entries ======================
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
O2 - BHO: CompSegIB - {2E3C3651-B19C-4DD9-A979-901EC3E930AF} - C:\Program Files\Scpad\scpsssh2.dll
O2 - BHO: FileConverter 1.1 - {4e8f6cb8-79e6-4def-8f44-6ffd56e07774} - C:\Users\Silvia Cristina\AppData\LocalLow\FileConverter_1.1\prxtbFil2.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130605111241.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: DealPly - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files\DealPly\DealPlyIE.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files\GbPlugin\gbiehabn.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O3 - Toolbar: FileConverter 1.1 Toolbar - {4e8f6cb8-79e6-4def-8f44-6ffd56e07774} - C:\Users\Silvia Cristina\AppData\LocalLow\FileConverter_1.1\prxtbFil2.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
 
==== EOF on 22/08/2015 at 18:57:48,08 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Ok,

 

Desative temporariamente seu antivírus, antispywares e firewall, para não causar conflitos.

 

Baixe o anexo desse post e salve no mesmo local do ZA-Scan.

 

Execute novamente o ZA-Scan.exe, aguarde e ao final anexe o log gerado.

zascript.txt

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado.

Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com um Analista de Segurança do Fórum solicitando o desbloqueio.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×