Ir ao conteúdo
  • Comunicados

    • diego_moicano

      Gostaria de se tornar um analista em Remoção de Malware?   07-12-2015

      Gostaria de se tornar um analista em Remoção de Malware? O Fórum Clube do Hardware deu início a um programa de treinamento em análises de log. Os interessados deverão enviar um email para aprendizes (arroba) clubedohardware (ponto) com (ponto) br respondendo as seguintes perguntas: Por que você gostaria de aprender a analisar logs? Possui tempo hábil para o treinamento? Tem conhecimentos em informática? Se sim descreva-os. Possui inglês para leitura? Qual seu objetivo após completar o treinamento?   Não se esqueça de incluir no e-mail o seu nome de usuário (fornecer o link também), idade e cidade onde vive. Adicione também qualquer experiência e/ou razão sobre o porquê você seria um bom Analista. É digno de nota que apenas os que forem selecionados receberão resposta por MP (Mensagem Pessoal), não existe um padrão na escolha dos futuros aprendizes, todos os e-mails serão lidos e serão analisados de forma imparcial, portanto não será permitido reclamações neste aspecto. O treinamento é dado no próprio fórum. Quando um aprendiz é selecionado ele é movido para um novo grupo, onde terá acesso a fóruns fechados para os demais usuários onde poderá dar inicio ao seu treinamento. Importante: A cada 30 dias os e-mails não selecionados serão apagados, portanto você pode enviar um novo e-mail após 1 mês, e-mails enviados antes serão desconsiderados.  
    • Gabriel Torres

      Seja um moderador do Clube do Hardware!   12-02-2016

      Prezados membros do Clube do Hardware, Está aberto o processo de seleção de novos moderadores para diversos setores ou áreas do Clube do Hardware. Os requisitos são:   Pelo menos 500 posts e um ano de cadastro; Boa frequência de participação; Ser respeitoso, cordial e educado com os demais membros; Ter bom nível de português; Ter razoável conhecimento da área em que pretende atuar; Saber trabalhar em equipe (com os moderadores, coordenadores e administradores).   Os interessados deverão enviar uma mensagem privada para o usuário @Equipe Clube do Hardware com o título "Candidato a moderador". A mensagem deverá conter respostas às perguntas abaixo:   Qual o seu nome completo? Qual sua data de nascimento? Qual sua formação/profissão? Já atuou como moderador em algo outro fórum, se sim, qual? De forma sucinta, explique o porquê de querer ser moderador do fórum e conte-nos um pouco sobre você.   OBS: Não se trata de função remunerada. Todos que fazem parte do staff são voluntários.
Marcos Rizzato

Como eu removo o virus js:banker-adg trj ??

Recommended Posts


ZA-Scan V1.0.0.5 Updated 31-December-2015
Tool run by Marcos on 24/08/2016 at 13:51:40,07.
Microsoft Windows 7 Home Basic  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marcos\Downloads\ZA-Scan.exe [Z-Analyse Scan]

==== Running Processes ======================

C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\bassvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Baidu Security\MoboMarket\1.3.7.5841\bastray.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ToolsUpdatePlatform\UpdatePlatform.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
C:\Windows\SysWOW64\srvany.exe
C:\Windows\KMService.exe
C:\Program Files (x86)\scpbrad\scpbradserv.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
C:\Program Files (x86)\CalendarTool\2.0.0.10764\CalendarServ.exe
C:\Program Files (x86)\scpbrad\scpbradguard.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\PROGRA~2\GbPlugin\GbpSv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Users\Marcos\Downloads\ZA-Scan.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\SysWOW64\cmd.exe
C:\Users\Marcos\AppData\Local\Temp\ZAScan.exe

==== Services(whitelist) ======================
Powered by E Dev

R2 - [AdobeARMservice] - Adobe Acrobat Update Service - c:\program files (x86)\common files\adobe\arm\1.0\armsvc.exe
R2 - [Apple Mobile Device Service] - Apple Mobile Device Service - c:\program files\common files\apple\mobile device support\applemobiledeviceservice.exe
R2 - [BASSVC] - Baidu MoboMarket Service - c:\program files (x86)\baidu security\mobomarket\1.3.7.5841\bassvc.exe
R2 - [Bonjour Service] - Serviço do Bonjour - c:\program files\bonjour\mdnsresponder.exe
R2 - [c2cautoupdatesvc] - Skype Click to Call Updater - c:\program files (x86)\skype\toolbars\autoupdate\skypec2cautoupdatesvc.exe
R2 - [c2cpnrsvc] - Skype Click to Call PNR Service - c:\program files (x86)\skype\toolbars\pnrsvc\skypec2cpnrsvc.exe
R2 - [GbpSv] - Gbp Service - c:\progra~2\gbplugin\gbpsv.exe
R2 - [HPSupportSolutionsFrameworkService] - HP Support Solutions Framework Service - c:\program files (x86)\hewlett-packard\hp support solutions\hpsupportsolutionsframeworkservice.exe
R2 - [KMService] - KMService - c:\windows\system32\srvany.exe [x]
R2 - [scpbradserv] - Componente de Segurança Bradesco - c:\program files (x86)\scpbrad\scpbradserv.exe
R2 - [TeamViewer9] - TeamViewer 9 - c:\program files (x86)\teamviewer\version9\teamviewer_service.exe
R2 - [TheCalendarService] - The Calendar Service - c:\program files (x86)\calendartool\2.0.0.10764\calendarserv.exe
R2 - [TrustedInstaller] - Instalador de Módulos do Windows - c:\windows\servicing\trustedinstaller.exe
R2 - [Warsaw Technology] - Warsaw Technology - c:\program files\diebold\warsaw\core.exe
R2 - [wlidsvc] - Windows Live ID Sign-in Assistant - c:\program files\common files\microsoft shared\windows live\wlidsvc.exe
R2 - [WSearch] - Windows Search - c:\windows\system32\searchindexer.exe
R3 - [iPod Service] - iPod Service - c:\program files\ipod\bin\ipodservice.exe
R3 - [osppsvc] - Office Software Protection Platform - c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\osppsvc.exe
R3 - [WMPNetworkSvc] - Serviço de Compartilhamento de Rede do Windows Media Player - c:\program files\windows media player\wmpnetwk.exe
S2 - [clr_optimization_v4.0.30319_32] - Microsoft .NET Framework NGEN v4.0.30319_X86 - c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe
S2 - [clr_optimization_v4.0.30319_64] - Microsoft .NET Framework NGEN v4.0.30319_X64 - c:\windows\microsoft.net\framework64\v4.0.30319\mscorsvw.exe
S2 - [gupdate] - Serviço do Google Update (gupdate) - c:\program files (x86)\google\update\googleupdate.exe
S2 - [Nero BackItUp Scheduler 4.0] - Nero BackItUp Scheduler 4.0 - c:\program files (x86)\common files\nero\nero backitup 4\nbservice.exe
S2 - [SkypeUpdate] - Skype Updater - c:\program files (x86)\skype\updater\updater.exe
S2 - [sppsvc] - Proteção de Software - c:\windows\system32\sppsvc.exe
S2 - [tcsd_win32.exe] - NTRU TSS v1.2.1.28 TCS - c:\program files (x86)\ntru cryptosystems\ntru tcg software stack\bin\tcsd_win32.exe
S3 - [AdobeFlashPlayerUpdateSvc] - Adobe Flash Player Update Service - c:\windows\syswow64\macromed\flash\flashplayerupdateservice.exe
S3 - [ALG] - Serviço Gateway de Camada de Aplicativo - c:\windows\system32\alg.exe
S3 - [COMSysApp] - COM+ System Application - c:\windows\system32\dllhost.exe
S3 - [Fax] - Fax - c:\windows\system32\fxssvc.exe
S3 - [FLEXnet Licensing Service 64] - FLEXnet Licensing Service 64 - c:\program files\common files\macrovision shared\flexnet publisher\fnplicensingservice64.exe
S3 - [FontCache3.0.0.0] - Windows Presentation Foundation Font Cache 3.0.0.0 - c:\windows\microsoft.net\framework64\v3.0\wpf\presentationfontcache.exe
S3 - [fsssvc] - Windows Live Family Safety Service - c:\program files (x86)\windows live\family safety\fsssvc.exe
S3 - [gupdatem] - Serviço do Google Update (gupdatem) - c:\program files (x86)\google\update\googleupdate.exe
S3 - [IEEtwCollectorService] - Internet Explorer ETW Collector Service - c:\windows\system32\ieetwcollector.exe
S3 - [Microsoft SharePoint Workspace Audit Service] - Microsoft SharePoint Workspace Audit Service - c:\program files (x86)\microsoft office\office14\groove.exe
S3 - [MSDTC] - Coordenador de transações distribuídas - c:\windows\system32\msdtc.exe
S3 - [msiserver] - Windows Installer - c:\windows\system32\msiexec.exe
S3 - [ose] - Office  Source Engine - c:\program files (x86)\common files\microsoft shared\source engine\ose.exe
S3 - [PerfHost] - Host de DLL de Contador de Desempenho - c:\windows\syswow64\perfhost.exe
S3 - [RpcLocator] - Alocador Remote Procedure Call (RPC) - c:\windows\system32\locator.exe
S3 - [SNMPTRAP] - Interceptação SNMP - c:\windows\system32\snmptrap.exe
S3 - [vds] - Disco Virtual - c:\windows\system32\vds.exe
S3 - [VSS] - Cópia de Sombra de Volume - c:\windows\system32\vssvc.exe
S3 - [wbengine] - Serviço de Mecanismo de Backup em Nível de Bloco - c:\windows\system32\wbengine.exe
S3 - [wmiApSrv] - WMI Performance Adapter - c:\windows\system32\wbem\wmiapsrv.exe
S4 - [aspnet_state] - Serviço de estado do ASP.NET - c:\windows\microsoft.net\framework64\v4.0.30319\aspnet_state.exe
S4 - [clr_optimization_v2.0.50727_32] - Microsoft .NET Framework NGEN v2.0.50727_X86 - c:\windows\microsoft.net\framework\v2.0.50727\mscorsvw.exe
S4 - [clr_optimization_v2.0.50727_64] - Microsoft .NET Framework NGEN v2.0.50727_X64 - c:\windows\microsoft.net\framework64\v2.0.50727\mscorsvw.exe
S4 - [wlcrasvc] - Windows Live Mesh remote connections service - c:\program files\windows live\mesh\wlcrasvc.exe

==== Drivers(whitelist) ======================
Powered by E Dev

R0 - [FileInfo] - File Information FS MiniFilter - C:\Windows\system32\Drivers\FileInfo.sys
R0 - [FltMgr] - FltMgr - C:\Windows\system32\Drivers\FltMgr.sys
R0 - [Mup] - Mup - C:\Windows\system32\Drivers\Mup.sys
R1 - [NetBIOS] - NetBIOS Interface - C:\Windows\system32\Drivers\NetBIOS.sys
R3 - [srv] - Driver SMB 1.xxx do Servidor - C:\Windows\system32\Drivers\srv.sys
R3 - [srv2] - Driver SMB 2.xxx do Servidor - C:\Windows\system32\Drivers\srv2.sys
R0 - [ACPI] - Microsoft ACPI Driver - C:\Windows\system32\Drivers\ACPI.sys
R0 - [amdxata] - amdxata - C:\Windows\system32\Drivers\amdxata.sys
R0 - [aswRvrt] - avast! Revert - C:\Windows\system32\Drivers\aswRvrt.sys
R0 - [aswVmm] - avast! VM Monitor - C:\Windows\system32\Drivers\aswVmm.sys
R0 - [atapi] - Canal de IDE - C:\Windows\system32\Drivers\atapi.sys
R0 - [CLFS] - Log Comum (CLFS) - C:\Windows\system32\Drivers\CLFS.sys [x]
R0 - [CNG] - CNG - C:\Windows\system32\Drivers\CNG.sys
R0 - [Compbatt] - Microsoft Composite Battery Driver - C:\Windows\system32\Drivers\Compbatt.sys
R0 - [Disk] - Driver de disco - C:\Windows\system32\Drivers\Disk.sys
R0 - [fvevol] - Driver de Filtro de Criptografia de Unidade de Disco BitLocker - C:\Windows\system32\Drivers\fvevol.sys
R0 - [hwpolicy] - Hardware Policy Driver - C:\Windows\system32\Drivers\hwpolicy.sys
R0 - [KSecDD] - KSecDD - C:\Windows\system32\Drivers\KSecDD.sys
R0 - [KSecPkg] - KSecPkg - C:\Windows\system32\Drivers\KSecPkg.sys
R0 - [mountmgr] - Gerenciador de Pontos de Montagem - C:\Windows\system32\Drivers\mountmgr.sys
R0 - [msahci] - msahci - C:\Windows\system32\Drivers\msahci.sys
R0 - [msisadrv] - msisadrv - C:\Windows\system32\Drivers\msisadrv.sys
R0 - [NDIS] - Driver do Sistema NDIS - C:\Windows\system32\Drivers\NDIS.sys
R0 - [partmgr] - Gerenciador de Partições - C:\Windows\system32\Drivers\partmgr.sys
R0 - [pci] - PCI Bus Driver - C:\Windows\system32\Drivers\pci.sys
R0 - [pcw] - Performance Counters for Windows Driver - C:\Windows\system32\Drivers\pcw.sys
R0 - [rdyboost] - ReadyBoost - C:\Windows\system32\Drivers\rdyboost.sys
R0 - [spldr] - Security Processor Loader Driver - C:\Windows\system32\Drivers\spldr.sys
R0 - [Tcpip] - Driver de Protocolo TCP/IP - C:\Windows\system32\Drivers\Tcpip.sys
R0 - [vdrvroot] - Driver de enumerador da unidade virtual Microsoft - C:\Windows\system32\Drivers\vdrvroot.sys
R0 - [volmgr] - Volume Manager Driver - C:\Windows\system32\Drivers\volmgr.sys
R0 - [volmgrx] - Gerenciador de Volume Dinâmico - C:\Windows\system32\Drivers\volmgrx.sys
R0 - [volsnap] - Volumes de armazenamento - C:\Windows\system32\Drivers\volsnap.sys
R0 - [Wdf01000] - Serviço de Estruturas de Driver em Modo Kernel - C:\Windows\system32\Drivers\Wdf01000.sys
R1 - [AFD] - Ancillary Function Driver for Winsock - C:\Windows\system32\Drivers\AFD.sys
R1 - [Beep] - Beep - C:\Windows\system32\Drivers\Beep.sys
R1 - [tdx] - Driver de Suporte a TDI Herdado de NetIO - C:\Windows\system32\Drivers\tdx.sys
R2 - [tcpipreg] - TCP/IP Registry Compatibility - C:\Windows\system32\Drivers\tcpipreg.sys
S0 - [gbpddreg] - Gbpddreg svc - C:\Windows\system32\Drivers\gbpddreg.sys [x]
S0 - [GbpKm] - Gbp KernelMode - C:\Windows\system32\Drivers\GbpKm.sys [x]

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1183236349-1378701238-273495361-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ApplePhotoStreams"="C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Diebold - Warsaw"="C:\Program Files\Diebold\Warsaw\core.exe"
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [14/07/2016 10:56]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/08/2015 10:27]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [31/08/2015 10:27]
C:\Windows\tasks\ToolsUpdatePlatform_ScheduledTask.job --a------ C:\Program Files (x86)\ToolsUpdatePlatform\UpdatePlatform.exe [18/08/2015 02:39]
C:\Windows\tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}.job --a------ [Undetermined Task]
C:\Windows\tasks\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}.job --a------ C:\Program Files (x86)\CalendarTool\1.3.1.10384\InstallHelper.exe []

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\BrowserProtect" [C:\Windows\system32\sc.exe start BrowserProtect]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\SafeZone scheduled Autoupdate 1468587913" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe]
"C:\Windows\SysNative\tasks\ToolsUpdatePlatform_ScheduledTask" [C:\Program Files (x86)\ToolsUpdatePlatform\UpdatePlatform.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{293B9582-7934-4E03-8258-F78C9D187A33}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{002D8B1C-7EE8-431F-9B31-9981D78F85A5}" [C:\Program Files (x86)\Ares\Ares.exe]
"C:\Windows\SysNative\tasks\{29FCA202-BC08-4479-9C26-7FC2C315103E}" [C:\Program Files (x86)\Ares\Ares.exe]
"C:\Windows\SysNative\tasks\{2A6A6C0A-6DF1-4478-807F-2FF9BF46B935}" [C:\Users\Marcos\AppData\Roaming\{2F3AA0F6-976C-4b02-A66A-5D1DEA00811F}\InstallHelp.exe]
"C:\Windows\SysNative\tasks\{94304F97-5B42-457B-BBD4-7826DE08594A}" [C:\Program Files (x86)\Ares\Ares.exe]
"C:\Windows\SysNative\tasks\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}{19F8DB95-4D78-4ddb-AC71-C610654FE37F}" [C:\Program Files (x86)\CalendarTool\1.3.1.10384\InstallHelper.exe]
"C:\Windows\SysNative\tasks\{E871FD54-8203-4B2D-98EB-7F03FEE328A2}" [C:\Program Files (x86)\Ares\Ares.exe]
"C:\Windows\SysNative\tasks\Apple\AppleSoftwareUpdate" [C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe]
"C:\Windows\SysNative\tasks\AVAST Software\Avast settings backup" [C:\Program Files\Common Files\AV\avast Antivirus\backup.exe]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [17/08/2016 15:33]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"sp@avast.com"="C:\Program Files\AVAST Software\Avast\SafePrice\FF" [17/08/2016 15:33]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{58bd07eb-0ee0-4df0-8121-dc9b693373df}"="C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension" [24/03/2015 14:04]

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
eofcbnmajmjmplflapaojjnihcjkigck - No path found[]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx[25/05/2016 10:31]
pgafcinpmmpklohkojmllohdhomoefph - C:\ProgramData\BrowserProtect\2.6.1040.25\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.crx[]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Marcos\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[]

Avast SafePrice - Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck
Chrome Web Store Payments - Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
Chrome Media Router - Marcos\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

==== IE Start and Search Settings ======================

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.gorellimoveis.com.br/"
"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1434022425&z=9acf16552e22a53785019c3gaz9c3z9ecoeofc5cfb&from=cor&uid=WDCXWD3200BPVT-00JJ5T0_WD-WXH1CB1S1221S1221"
"Search Page"="https://br.search.yahoo.com/yhs/search?hspart=nzn&hsimp=yhs-nzn_test&p={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1434022425&z=9acf16552e22a53785019c3gaz9c3z9ecoeofc5cfb&from=cor&uid=WDCXWD3200BPVT-00JJ5T0_WD-WXH1CB1S1221S1221&q={searchTerms}"
"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1434022425&z=9acf16552e22a53785019c3gaz9c3z9ecoeofc5cfb&from=cor&uid=WDCXWD3200BPVT-00JJ5T0_WD-WXH1CB1S1221S1221"
"Start Page"="http://br.hao123.com/?tn=sdkw_inner_hp_01_hao123_br"
"Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1434022425&z=9acf16552e22a53785019c3gaz9c3z9ecoeofc5cfb&from=cor&uid=WDCXWD3200BPVT-00JJ5T0_WD-WXH1CB1S1221S1221&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.istartsurf.com/web/?type=ds&ts=1434022425&z=9acf16552e22a53785019c3gaz9c3z9ecoeofc5cfb&from=cor&uid=WDCXWD3200BPVT-00JJ5T0_WD-WXH1CB1S1221S1221&q={searchTerms}"
"Default_Page_URL"="http://www.istartsurf.com/?type=hp&ts=1434022425&z=9acf16552e22a53785019c3gaz9c3z9ecoeofc5cfb&from=cor&uid=WDCXWD3200BPVT-00JJ5T0_WD-WXH1CB1S1221S1221"
"Start Page"="http://br.hao123.com/?tn=sdkw_inner_hp_01_hao123_br"
"Search Page"="http://www.istartsurf.com/web/?type=ds&ts=1434022425&z=9acf16552e22a53785019c3gaz9c3z9ecoeofc5cfb&from=cor&uid=WDCXWD3200BPVT-00JJ5T0_WD-WXH1CB1S1221S1221&q={searchTerms}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKLM\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} - http://www.istartsurf.com/web/?type=ds&ts=1434022425&z=9acf16552e22a53785019c3gaz9c3z9ecoeofc5cfb&from=cor&uid=WDCXWD3200BPVT-00JJ5T0_WD-WXH1CB1S1221S1221&q={searchTerms}
HKLM\SearchScopes\{DE907DA9-9FEF-4661-BB7C-5AF831B4C5D8} - http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{33BB0A4E-99AF-4226-BDF6-49120163DE86}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - No_Url_Value
HKLM\Wow6432Node\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} - http://www.istartsurf.com/web/?type=ds&ts=1434022425&z=9acf16552e22a53785019c3gaz9c3z9ecoeofc5cfb&from=cor&uid=WDCXWD3200BPVT-00JJ5T0_WD-WXH1CB1S1221S1221&q={searchTerms}
HKLM\Wow6432Node\SearchScopes\{DE907DA9-9FEF-4661-BB7C-5AF831B4C5D8} - http://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
HKCU\SearchScopes "DefaultScope"="Web"
HKCU\SearchScopes\Web - https://br.search.yahoo.com/yhs/search?hspart=nzn&hsimp=yhs-nzn_test&p={searchTerms}
HKCU\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} - http://www.istartsurf.com/web/?type=ds&ts=1434022425&z=9acf16552e22a53785019c3gaz9c3z9ecoeofc5cfb&from=cor&uid=WDCXWD3200BPVT-00JJ5T0_WD-WXH1CB1S1221S1221&q={searchTerms}
HKCU\SearchScopes\{DE907DA9-9FEF-4661-BB7C-5AF831B4C5D8} - No_Url_Value

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1434022425&z=9acf16552e22a53785019c3gaz9c3z9ecoeofc5cfb&from=cor&uid=WDCXWD3200BPVT-00JJ5T0_WD-WXH1CB1S1221S1221
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://br.search.yahoo.com/yhs/search?hspart=nzn&hsimp=yhs-nzn_test&p={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.istartsurf.com/?type=hp&ts=1434022425&z=9acf16552e22a53785019c3gaz9c3z9ecoeofc5cfb&from=cor&uid=WDCXWD3200BPVT-00JJ5T0_WD-WXH1CB1S1221S1221
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.istartsurf.com/web/?type=ds&ts=1434022425&z=9acf16552e22a53785019c3gaz9c3z9ecoeofc5cfb&from=cor&uid=WDCXWD3200BPVT-00JJ5T0_WD-WXH1CB1S1221S1221&q={searchTerms}
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.istartsurf.com/web/?type=ds&ts=1434022425&z=9acf16552e22a53785019c3gaz9c3z9ecoeofc5cfb&from=cor&uid=WDCXWD3200BPVT-00JJ5T0_WD-WXH1CB1S1221S1221&q={searchTerms}
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://drogariabarbosa.com/novo/2015.vai
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_101\bin\jp2ssv.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} (GpcContainer Class) - https://akamaicdn.webex.com/client/WBXclient-T29L10NSP7EP1-6/event/ieatgpc1.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F4776BB3-6246-4AA7-9CD6-B0ED9A7DF986}: NameServer = 77.234.40.79

==== EOF on 24/08/2016 at 13:54:31,10 ======================
 

ZA-Scan.txt

Editado por Marcos Rizzato

Compartilhar este post


Link para o post
Compartilhar em outros sites

@Marcos Rizzato

 

Por favor, atente para o seguinte:

  • Sobre o Fórum: Este é um espaço privado, não público. Seu uso é um privilégio, não um direito.
  • Caso fique sem resposta durante 3 dias, me envie uma Mensagem Privada (MP);
  • O que será passado aqui, somente será com relação ao problema do seu computador portanto, não faça mais em nenhum outro;
  • Siga, por favor, atentamente as instruções passadas e em caso de dúvidas não hesite em perguntá-las;
  • Respeite a ordem das instruções passadas.
  • Observação: Não tome outra medida além das passadas aqui; atente para que, caso peça ajuda em outro fórum, não deixe de nos informar, sob risco de desconfigurar seu computador!

Ao invés de criar um novo tópico, peço que você continue com este e faça uma resposta anexando o log do ZA-Scan, de acordo com essas instruções:

http://forum.clubedohardware.com.br/topic/1105783-como-criar-seu-t%C3%B3pico/

 

 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tópico Arquivado

 

Como o autor não respondeu ao tópico por mais de 10 dias, o mesmo foi arquivado. Caso você seja o autor do tópico e quer que o mesmo seja reaberto, entre em contato com um Analista de Segurança do Fórum solicitando o desbloqueio.

 

CarlosTurco

diego_moicano

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.





Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×