Logo Hardware.com.br
IIDora
IIDora Novo Membro Registrado
17 Mensagens 0 Curtidas

[Resolvido] Malware

#1 Por IIDora 12/12/2015 - 00:35
Olá alguém poderia me ajudar ? O meu notebook está com malware, está aparecendo uma imagem de propaganda aleatória na área de trabalho e quando eu navego na internet também fica abrindohttp://www.yeabests.cc/, poderiam me ajudar a remover esses malwares? Eu vi você ajudando o iPedroohttps://www.hardware.com.br/comunidade/virus-adclick/1391684/. Está no mesmo caso que o meu.
Eu consegui chegar até numa certa parte, foi na parte de copiar as informações no bloco de notas e salvar no desktop, só que os scripts não é os mesmos, pode me ajudar por favor? Os relatórios vou deixar aqui em baixo.

FRST: http://www.cjoint.com/c/ELmaEAYVy7c
Addition: http://www.cjoint.com/c/ELmaKU2ICfc
Shortcut: http://www.cjoint.com/c/ELmaMpC2ZQc

Poderia me ajudar nos seguintes passos por favor ?
Obrigado!
notebook imagem aparecendo malware
Responder
joram
joram Highlander Registrado
5.4K Mensagens 2.5K Curtidas
#2 Por joram
12/12/2015 - 01:01
/!\ Bom Dia! IIDora /!\

> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-as com o nome fixlist. << Texto!
> Salve-as no desktop! ( Área de trabalho ... ) -/- C:\Users\João Cascimiro\Desktop <<

start
CloseProcesses:
(TODO: <公司名>) C:\Program Files (x86)\SFK\SSFK.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe
() C:\Program Files (x86)\CalendarTool\2.0.0.11061\calendar.exe
() C:\Users\João Cascimiro\AppData\Local\Temp\carssn.exe
(Bandoo Media, inc) C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe
HKLM-x32\...\Run: [DATAMNGR] => C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngrUI.exe [1890744 2012-09-02] (Bandoo Media, inc)
HKLM-x32\...\Run: [mbot_br_014010168] => [X]
HKLM-x32\...\Run: [HomePageHelper] => C:\Users\JOOCAS~1\AppData\Local\Temp\HomePage.exe <===== ATENÇÃO
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\Run: [CrashService] => "C:\Users\João Cascimiro\AppData\Local\BoBrowser\Application\crash_service.exe" --max-reports=50 --no-window
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\Run: [YeaInstaller] => C:\Users\João Cascimiro\AppData\Local\Temp\setup.exe <===== ATENÇÃO
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\Run: [Yeaplayer] => C:\Program Files (x86)\Yeaplayer\Yeaplayermd.exe /autostart
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\Run: [-] => C:\Users\João Cascimiro\AppData\Local\Temp\carssn.exe [1923584 2015-12-10] () <===== ATENÇÃO
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\Run: [Pritc] => C:\Windows\Temp\00001270\casrss.exe [3154944 2015-12-10] (VLOME) <===== ATENÇÃO
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\MountPoints2: E - E:\AutoRun.exe
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\MountPoints2: {21572460-66a1-11e3-b303-c32ad72989f3} - E:\AutoRun.exe
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\MountPoints2: {21572725-66a1-11e3-b303-c32ad72989f3} - E:\AutoRun.exe
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll => C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\datamngr.dll [2300344 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll => C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\IEBHO.dll [1528760 2012-09-02] (Bandoo Media, inc)
AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~1\Datamngr\datamngr.dll => C:\Program Files (x86)\Searchqu Toolbar\Datamngr\datamngr.dll [1723320 2012-09-02] (Bandoo Media, inc)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => Nenhum Arquivo
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Nenhum Arquivo
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Nenhum Arquivo
CHR HKLM\SOFTWARE\Policies\Google: Restrição <======= ATENÇÃO
Tcpip\Parameters: [DhcpNameServer] 80.82.64.136 8.8.8.8
Tcpip\..\Interfaces\{8DB20170-BFD6-4DDA-886F-D72AC4960A4B}: [DhcpNameServer] 80.82.64.136 8.8.8.8
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.yeabests.cc/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://nav.brotlab.net?uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.navegaki.com?q={searchTerms}&uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotlab.net?uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.navegaki.com?q={searchTerms}&uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nav.brotlab.net?uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.navegaki.com?q={searchTerms}&uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = hxxp://search.certified-toolbar.com?si=42826&home=true&tid=3393
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.navegaki.com?q={searchTerms}&uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.certified-toolbar.com?si=42826&tid=3393&bs=true&q=
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=42826&bs=true&tid=3393&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
SearchScopes: HKU\S-1-5-21-3922755168-1862369084-2486531989-1000 -> DefaultScope {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
SearchScopes: HKU\S-1-5-21-3922755168-1862369084-2486531989-1000 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://search.certified-toolbar.com?si=42826&bs=true&tid=3393&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3922755168-1862369084-2486531989-1000 -> {1B28C45F-FB65-4D8A-8AC6-7ACBDFB200C7} URL = hxxps://br.search.yahoo.com/search?fr=mcafee&type=B010BR662D20140722&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3922755168-1862369084-2486531989-1000 -> {3BFDF95F-D2FD-47B5-BF43-0F76EBFF9753} URL = hxxp://br.search.yahoo.com/search?fr=mcafee&type=A010BR662&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-3922755168-1862369084-2486531989-1000 -> {7D7E2DD8-73C5-8E3A-DBBD-70156B1698B5} URL =
SearchScopes: HKU\S-1-5-21-3922755168-1862369084-2486531989-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3922755168-1862369084-2486531989-1000 -> {E921F400-D383-4B1B-9DE6-FCFCACFC1173} URL = hxxp://search.navegaki.com?q={searchTerms}&uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
BHO: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files (x86)\Searchqu Toolbar\Datamngr\x64\BrowserConnection.dll [2012-09-02] (Bandoo Media, inc)
BHO-x32: Searchqu Toolbar -> {99079a25-328f-4bd4-be04-00955acaa0a7} -> C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll [2012-02-27] ()
BHO-x32: DataMngr -> {9D717F81-9148-4f12-8568-69135F087DB0} -> C:\Program Files (x86)\Searchqu Toolbar\Datamngr\BrowserConnection.dll [2012-09-02] (Bandoo Media, inc)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - Nenhum Arquivo
Toolbar: HKLM-x32 - Searchqu Toolbar - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files (x86)\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll [2012-02-27] ()
Filter: application/octet-stream - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Nenhum Arquivo
Filter: application/x-complus - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Nenhum Arquivo
Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll Nenhum Arquivo
StartMenuInternet: IEXPLORE.EXE - C:\Program Files\Internet Explorer\iexplore.exe http://www.omniboxes.com/?type=sc&ts=1449431459&z=fd8b914aefc5afbdbd59068gbz3z5tfz8c5gdz8w5t&from=amt&uid=WDCXWD3200BPVT-22JJ5T0_WD-WXU1EA1MYCYCMYCYC
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll [Nenhum Arquivo]
FF HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\Firefox\Extensions: [D7C802E4-BDDC-4A1F-A790-F4C9D43DA9FD] - C:\Program Files (x86)\LyricsTab\116.xpi => não encontrado (a)
FF HKU\S-1-5-21-3922755168-1862369084-2486531989-1000\...\Firefox\Extensions: [[EMAIL]connect@LyricsTab.co[/EMAIL]] - C:\Program Files (x86)\LyricsTab\120.xpi => não encontrado (a)
CHR HKLM-x32\...\Chrome\Extension: [dfbjjbgnapmckapgljdjahlnfonhglai] - C:\Program Files (x86)\LyricsTab\120.crx
StartMenuInternet: Google Chrome.PPJ2QNC4DSINTBWF4F2M2Q6P5A - C:\Users\João Cascimiro\AppData\Local\Google\Chrome\Application\chrome.exe hxxp://nav.brotlab.net?uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br
S2 GoogleChromeUpService; C:\ProgramData\upgsvr.exe [1762304 2015-11-16] (TODO: <公司名>) [Arquivo não assinado]
R2 SSFK; C:\Program Files (x86)\SFK\SSFK.exe [155280 2015-12-06] (TODO: <公司名>)
R2 TheCalendarService; C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe [151688 2015-11-23] ()
R2 WindowsMangerProtect; C:\ProgramData\Tmp0x0x\ProtectWindowsManager.exe [344232 2015-12-06] (Sysinternals process Explorer) <==== ATENÇÃO
R3 WinHttpAutoProxySvc; winhttp.dll [X]
2016-06-07 18:23 - 2015-12-10 20:22 - 04871408 _____ C:\Users\João Cascimiro\AppData\Roaming\fb1e6ae1f3cd.exe
2016-06-07 18:22 - 2015-12-10 20:22 - 04871408 _____ C:\Users\João Cascimiro\AppData\Roaming\6240c801ad89.exe
2016-06-07 18:21 - 2015-12-10 20:21 - 04871408 _____ C:\Users\João Cascimiro\AppData\Roaming\53cca628f322.exe
2016-06-07 18:21 - 2015-12-10 20:19 - 04871408 _____ C:\Users\João Cascimiro\AppData\Roaming\799662a5f35e.exe
2015-12-10 19:19 - 2015-12-09 14:55 - 01923584 _____ C:\Users\João Cascimiro\AppData\Roaming\carssn.exe.1
2015-12-10 17:00 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\João Cascimiro\AppData\Roaming\upgsvr.exe.1
2015-12-10 16:52 - 2015-12-10 16:52 - 00005569 _____ C:\Users\João Cascimiro\AppData\Roaming\webad.xml
2015-12-10 16:52 - 2015-12-09 14:55 - 01923584 _____ C:\Users\João Cascimiro\AppData\Roaming\carssn.exe
2015-12-10 16:50 - 2015-12-10 08:39 - 01015808 _____ (d) C:\Users\João Cascimiro\AppData\Roaming\download.exe
2015-12-09 21:18 - 2015-12-09 21:19 - 00000000 ____D C:\Users\João Cascimiro\AppData\Local\Yeaplayer
2015-12-09 21:17 - 2015-11-14 21:08 - 02496403 _____ ( ) C:\Users\João Cascimiro\AppData\Roaming\yeaplayer_51472.exe
2015-12-07 14:17 - 2015-12-10 21:56 - 00000000 ____D C:\Users\João Cascimiro\AppData\Roaming\CalendarTool
2015-12-07 14:17 - 2015-12-07 14:17 - 00000000 ____D C:\Users\Public\Documents\Guid
2015-12-07 14:17 - 2015-12-07 14:17 - 00000000 ____D C:\Program Files (x86)\CalendarTool
2015-12-06 17:58 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\Todos os Usuários\upgsvr.exe
2015-12-06 17:58 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\Users\João Cascimiro\AppData\Roaming\upgsvr.exe
2015-12-06 17:58 - 2015-11-16 08:01 - 01762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe
2015-12-06 17:57 - 2015-12-06 20:53 - 00002976 _____ C:\Windows\System32\Tasks\svchost
2015-12-06 17:56 - 2015-12-06 17:56 - 00003192 _____ C:\Windows\System32\Tasks\{1076E5AF-74F2-4057-8F43-7B9B64172C7F}
2015-12-06 17:52 - 2015-12-06 17:52 - 00000000 ____D C:\Program Files (x86)\28C593F3-1449431530-E111-A7D6-DC0EA1C33D50
2015-12-05 18:11 - 2015-12-05 18:11 - 00000000 __SHD C:\found.004
2015-11-18 21:45 - 2015-11-18 21:45 - 00000000 __SHD C:\found.003
2015-11-16 17:21 - 2015-11-16 17:21 - 00000000 __SHD C:\found.002
2015-12-06 18:03 - 2012-02-21 08:54 - 00000000 ____D C:\Users\Todos os Usuários\McAfee
2015-12-06 18:03 - 2012-02-21 08:54 - 00000000 ____D C:\ProgramData\McAfee
2016-06-07 18:21 - 2015-12-10 20:21 - 4871408 _____ () C:\Users\João Cascimiro\AppData\Roaming\53cca628f322.exe
2016-06-07 18:22 - 2015-12-10 20:22 - 4871408 _____ () C:\Users\João Cascimiro\AppData\Roaming\6240c801ad89.exe
2016-06-07 18:21 - 2015-12-10 20:19 - 4871408 _____ () C:\Users\João Cascimiro\AppData\Roaming\799662a5f35e.exe
2015-12-10 16:52 - 2015-12-09 14:55 - 1923584 _____ () C:\Users\João Cascimiro\AppData\Roaming\carssn.exe
2015-12-10 19:19 - 2015-12-09 14:55 - 1923584 _____ () C:\Users\João Cascimiro\AppData\Roaming\carssn.exe.1
2015-12-10 16:50 - 2015-12-10 08:39 - 1015808 _____ (d) C:\Users\João Cascimiro\AppData\Roaming\download.exe
2016-06-07 18:23 - 2015-12-10 20:22 - 4871408 _____ () C:\Users\João Cascimiro\AppData\Roaming\fb1e6ae1f3cd.exe
2015-12-06 17:58 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\Users\João Cascimiro\AppData\Roaming\upgsvr.exe
2015-12-10 17:00 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\Users\João Cascimiro\AppData\Roaming\upgsvr.exe.1
2015-12-09 21:17 - 2015-11-14 21:08 - 2496403 _____ () C:\Users\João Cascimiro\AppData\Roaming\yeaplayer_51472.exe
2012-08-28 23:50 - 2012-10-09 00:01 - 0031465 _____ () C:\Users\João Cascimiro\AppData\Local\funmoods.crx
2015-12-06 17:58 - 2015-11-16 08:01 - 1762304 _____ (TODO: <公司名>) C:\ProgramData\upgsvr.exe
2015-12-11 08:10 - 2015-12-10 15:43 - 0600312 _____ () C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
2015-11-23 06:41 - 2015-11-23 06:41 - 00151688 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarServ.exe
2015-11-23 06:42 - 2015-11-23 06:42 - 03999880 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11061\Calendar.exe
2015-11-23 06:42 - 2015-11-23 06:42 - 00158344 _____ () C:\Program Files (x86)\CalendarTool\2.0.0.11061\CalendarEntry.dll
2015-12-10 16:52 - 2015-12-10 16:52 - 01923584 ____N () C:\Users\João Cascimiro\AppData\Local\Temp\carssn.exe
Task: {26DC6C72-A38A-4C57-817D-4D8B34B22561} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {29697219-5E5E-4883-ACF6-7394EB90D6AC} - System32\Tasks\svchost => C:\Users\João Cascimiro\AppData\Local\Temp\setup.exe <==== ATENÇÃO
Task: {8852E801-4AE8-4E55-8B48-EADAB8921510} - System32\Tasks\crash_service => C:\Users\João Cascimiro\AppData\Local\BoBrowser\Application\crash_service.exe <==== ATENÇÃO
Task: {E5A8BD64-11EE-4DED-9AF8-D1B4C945DAF7} - System32\Tasks\Go for FilesUpdate => C:\Program Files (x86)\GoforFiles\GFFUpdater.exe <==== ATENÇÃO
FirewallRules: [{56E1FDE6-5981-4A97-92D8-E295621E4A93}] => (Allow) C:\Users\João Cascimiro\AppData\Local\BoBrowser\Application\bobrowser.exe
ShortcutWithArgument: C:\Users\João Cascimiro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files (x86)\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/ <==== ATENÇÃO
ShortcutWithArgument: C:\Users\João Cascimiro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome (2).lnk -> C:\Users\João Cascimiro\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/ <==== ATENÇÃO
ShortcutWithArgument: C:\Users\João Cascimiro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Users\João Cascimiro\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.) -> hxxp://www.yeabests.cc/ <==== ATENÇÃO
ShortcutWithArgument: C:\Users\João Cascimiro\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Yeabeats Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://www.yeabests.cc/ <==== ATENÇÃO
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Widget Browser.lnk -> C:\Program Files (x86)\Adobe\Adobe Widget Browser\Adobe Widget Browser.exe () -> hxxp://www.yeabests.cc/ <==== ATENÇÃO
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) -> hxxp://nav.brotlab.net?uid={dddb4e8e517840adbdb8c15056f4ebad}&r=102br <==== ATENÇÃO
ShortcutWithArgument: C:\Users\Public\Desktop\Netflix.lnk -> C:\ProgramData\OEM_E471269A730D\Netflix\StartURL.exe () -> hxxps://www.netflix.com/?mqso=80031250 <==== ATENÇÃO
AlternateDataStreams: C:\Windows\System32:1577F0F1_Uni.gbp
C:\Users\João Cascimiro\AppData\Local\BoBrowser\Application\bobrowser.exe
C:\Users\João Cascimiro\AppData\Local\Temp\carssn.exe
C:\Windows\Temp\00001270\casrss.exe
C:\ProgramData\upgsvr.exe
C:\ProgramData\YeaPlayer_br_IBD_Bundle.exe
C:\Users\Todos os Usuários\upgsvr.exe
C:\Users\Todos os Usuários\YeaPlayer_br_IBD_Bundle.exe
C:\Users\João Cascimiro\AppData\Local\Temp\carssn.exe
C:\Users\João Cascimiro\AppData\Local\Temp\da3c3f44f7de8ef5.exe
CMD: type C:\AVScanner.ini
Folder: C:\4d609fc31fd8de56149a9c1c9243
CreateRestorePoint:
RemoveProxy:
EmptyTemp:
Reboot:
Hosts:
end

> Execute FRST/FRST64 >> Clique "Corrigir" << Aguarde!
> Na mensagem,clique Executar.
> Poste o relatório! (Fixlog.txt)
Imagem
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos aos mesmos! >

A+
Moderador - iMasters Fóruns - Segurança & Malwares
Administrador - Fórum SecSecurity
Administrador - Fórum PC Brasil
joram
joram Highlander Registrado
5.4K Mensagens 2.5K Curtidas
#8 Por joram
12/12/2015 - 20:37
/!\ Boa Noite! llDora /!\

> Baixe: < Imagem > ( ... par Xplode )
> Ou daqui: < AdwCleaner >

> Ao acessar,clique em "Download Now".
> Salve-o no desktop!
< Imagem >

> Desabilite seu antivírus!
> Clique direito em adwcleaner.exe,e escolha sua execução como administrador.

Imagem

> Abra a ferramenta e na guia "Opções",assinale todas as Restaurações.

Imagem

> Ps: Dê início ao scan,clicando em "Verificar" ou "Examinar".

***** [ Registro ] *****
Chave Encontrada : HKCU\Software\360

> Caso tenha o antivírus 360 Total Security,desmarque a caixinha desta chave.

Imagem

> Ao concluir,clique "Limpar" ou "Cleaning" >> Ok >> Ok >> Ok.
> Copie o log ou clique "Relatorio".
> Poste: < C:\AdwCleaner\AdwCleaner[S0].txt >

> Baixe: < Imagem > ( ... by Malwarebytes.org )
> Salve-o no desktop!
> Desabilite seu antivírus!
> Para Windows 7,clique direito em JRT.exe e execute-o ...

Imagem

Imagem

> Aguarde a conclusão e poste o relatório. ( JRT.txt )

Abs!
Moderador - iMasters Fóruns - Segurança & Malwares
Administrador - Fórum SecSecurity
Administrador - Fórum PC Brasil
IIDora
IIDora Novo Membro Registrado
17 Mensagens 0 Curtidas
#15 Por IIDora
12/12/2015 - 22:38
< C:\AdwCleaner\AdwCleaner[S0].txt >

# AdwCleaner v5.024 - Relatório criado 12/12/2015 às 22:20:51
# Atualizado 07/12/2015 por Xplode
# Banco de dados : 2015-12-12.1 [Servidor]
# Sistema operacional : Windows 7 Home Basic Service Pack 1 (x64)
# Usuário : João Cascimiro - JOÃOCASCIMIRO
# Executando de : C:\Users\João Cascimiro\Desktop\AdwCleaner.exe
# Opção : Limpar
# Apoio : http://toolslib.net/forum

***** [ Serviços ] *****

[-] Serviço Excluído : TheDesktopWeatherService

***** [ Pastas ] *****

[-] Pasta Excluído : C:\Program Files (x86)\Free Video Converter
[-] Pasta Excluído : C:\Program Files (x86)\goforfiles
[-] Pasta Excluído : C:\Program Files (x86)\Protected Search
[-] Pasta Excluído : C:\Program Files (x86)\Searchqu Toolbar
[-] Pasta Excluído : C:\Program Files (x86)\sweetpacks bundle uninstaller
[-] Pasta Excluído : C:\Program Files (x86)\WeatherTool
[-] Pasta Excluído : C:\Program Files (x86)\SFK
[-] Pasta Excluído : C:\Program Files (x86)\myfree codec
[-] Pasta Excluído : C:\Program Files (x86)\FindLyrics
[-] Pasta Excluído : C:\Program Files (x86)\Show-Lyrics
[-] Pasta Excluído : C:\ProgramData\Ask
[-] Pasta Excluído : C:\ProgramData\Tarma Installer
[-] Pasta Excluído : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
[-] Pasta Excluído : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\myfree codec
[-] Pasta Excluído : C:\Users\João Cascimiro\AppData\LocalLow\Searchqutoolbar
[-] Pasta Excluído : C:\Users\João Cascimiro\AppData\LocalLow\SimplyTech
[-] Pasta Excluído : C:\Users\João Cascimiro\AppData\Roaming\DealPly
[-] Pasta Excluído : C:\Users\João Cascimiro\AppData\Roaming\Funmoods
[-] Pasta Excluído : C:\Users\João Cascimiro\AppData\Roaming\goforfiles
[-] Pasta Excluído : C:\Users\João Cascimiro\AppData\Roaming\OpenCandy
[-] Pasta Excluído : C:\Users\João Cascimiro\AppData\Roaming\omniboxes
[-] Pasta Excluído : C:\Users\João Cascimiro\AppData\Roaming\WeatherTool
[-] Pasta Excluído : C:\Users\João Cascimiro\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
[-] Pasta Excluído : C:\Users\João Cascimiro\Desktop\ASP
[-] Pasta Excluído : C:\Users\Public\Documents\Guid
[-] Pasta Excluído : C:\Windows\SysWOW64\ARFC
[-] Pasta Excluído : C:\Windows\SysWOW64\jmdp
[-] Pasta Excluído : C:\Windows\SysWOW64\WNLT
[-] Pasta Excluído : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\DealPly
[-] Pasta Excluído : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\WeatherTool
[-] Pasta Excluído : C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\CalendarTool

***** [ Arquivos ] *****

[-] Arquivo Excluído : C:\END
[-] Arquivo Excluído : C:\Users\João Cascimiro\Desktop\Continue installation .lnk
[-] Arquivo Excluído : C:\Windows\launcher.exe
[-] Arquivo Excluído : C:\Windows\SysNative\dmwu.exe
[-] Arquivo Excluído : C:\Windows\SysNative\ImhxxpComm.dll
[-] Arquivo Excluído : C:\Windows\SysNative\WinDivert64.sys

***** [ DLLs ] *****


***** [ Atalhos ] *****


***** [ Tarefas agendadas ] *****


***** [ Registro ] *****

[-] Valor Excluída : HKCU\Software\Microsoft\Internet Explorer\Main [Backup.old.Start Page]
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
[-] Chave Excluída : HKLM\SOFTWARE\Classes\BrowserConnection.Loader
[-] Chave Excluída : HKLM\SOFTWARE\Classes\BrowserConnection.Loader.1
[-] Chave Excluída : HKLM\SOFTWARE\Classes\DnsBHO.BHO
[-] Chave Excluída : HKLM\SOFTWARE\Classes\DnsBHO.BHO.1
[-] Chave Excluída : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
[-] Chave Excluída : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
[-] Chave Excluída : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
[-] Chave Excluída : HKLM\SOFTWARE\MICROSOFT\MEDIAPLAYER\SHIMINCLUSIONLIST\bobrowser.exe
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
[-] Chave Excluída : HKCU\Software\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\CLSID\{5C3B5DAA-0AFF-4808-90FB-0F2F2D760E36}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{5B4144E1-B61D-495A-9A50-CD1A95D86D15}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
[-] Chave Excluída : HKLM\SOFTWARE\Classes\TypeLib\{841D5A49-E48D-413C-9C28-EB3D9081D705}
[-] Chave Excluída : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[-] Chave Excluída : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D717F81-9148-4F12-8568-69135F087DB0}
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
[-] Valor Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{3FBEAF13-3559-41DC-B964-C695708A0751}]
[-] Valor Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{44C9CC91-6A4A-4579-B4B5-899ECDC18DC6}]
[-] Valor Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Ext\CLSID [{90609D82-77C3-4391-8915-CF5638CF4605}]
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\CLSID\{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\CLSID\{FEFD3AF5-A346-4451-AA23-A3AD54915515}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
[-] Chave Excluída : HKCU\Software\APN PIP
[-] Chave Excluída : HKCU\Software\DataMngr
[-] Chave Excluída : HKCU\Software\DataMngr_Toolbar
[-] Chave Excluída : HKCU\Software\Funmoods
[-] Chave Excluída : HKCU\Software\GoforFiles
[-] Chave Excluída : HKCU\Software\Headlight
[-] Chave Excluída : HKCU\Software\IM
[-] Chave Excluída : HKCU\Software\InstallCore
[-] Chave Excluída : HKCU\Software\Myfree Codec
[-] Chave Excluída : HKCU\Software\PIP
[-] Chave Excluída : HKCU\Software\SweetIM
[-] Chave Excluída : HKCU\Software\WNLT
[-] Chave Excluída : HKCU\Software\WeatherTool
[-] Chave Excluída : HKCU\Software\DAILYPCCLEAN
[-] Chave Excluída : HKCU\Software\CALENDARTOOL
[-] Chave Excluída : HKCU\Software\AppDataLow\Software\simplytech
[-] Chave Excluída : HKLM\SOFTWARE\DataMngr
[-] Chave Excluída : HKLM\SOFTWARE\GoforFiles
[-] Chave Excluída : HKLM\SOFTWARE\Myfree Codec
[-] Chave Excluída : HKLM\SOFTWARE\PIP
[-] Chave Excluída : HKLM\SOFTWARE\SearchquMediabarTb
[-] Chave Excluída : HKLM\SOFTWARE\SweetIM
[-] Chave Excluída : HKLM\SOFTWARE\Tutorials
[-] Chave Excluída : HKLM\SOFTWARE\Clara
[-] Chave Excluída : HKLM\SOFTWARE\omniboxesSoftware
[-] Chave Excluída : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\MyFreeCodec
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
[-] Chave Excluída : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7ADF667E-E14D-4D2C-827C-B0108F0D93BC}
[-] Chave Excluída : [x64] HKLM\SOFTWARE\DataMngr
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Tarma Installer
[-] Chave Excluída : [x64] HKLM\SOFTWARE\WNLT
[-] Chave Excluída : [x64] HKLM\SOFTWARE\WeatherTool
[-] Chave Excluída : [x64] HKLM\SOFTWARE\CALENDARTOOL
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WeatherTool
[-] Chave Excluída : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D9BAB2C9-5236-48c3-AF02-67E799F09BBD}
[-] Chave Excluída : HKU\.DEFAULT\Software\DealPly
[-] Chave Excluída : HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
[-] Dados Restaurar : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Dados Restaurar : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
[-] Dados Restaurar : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
[-] Dados Restaurar : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar]
[-] Dados Restaurar : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
[-] Dados Restaurar : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page]
[-] Dados Restaurar : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
[-] Dados Restaurar : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Dados Restaurar : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
[-] Dados Restaurar : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
[-] Dados Restaurar : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchURI [(Default)]
[-] Dados Restaurar : HKLM\SOFTWARE\Classes\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
[-] Dados Restaurar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Default_Page_URL]
[-] Dados Restaurar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Bar]
[-] Dados Restaurar : HKCU\Software\Microsoft\Internet Explorer\Search [Start Page]
[-] Dados Restaurar : HKCU\Software\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
[-] Dados Restaurar : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Dados Restaurar : HKCU\Software\Microsoft\Internet Explorer\Search [Search Bar]
[-] Dados Restaurar : HKCU\Software\Microsoft\Internet Explorer\Search [Search Page]
[-] Dados Restaurar : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
[-] Dados Restaurar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Page]
[-] Dados Restaurar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Start Default_Page_URL]
[-] Dados Restaurar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Default_Search_URL]
[-] Dados Restaurar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Bar]
[-] Dados Restaurar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [Search Page]
[-] Dados Restaurar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]
[-] Dados Restaurar : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
[-] Dados Restaurar : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [(Default)]
[-] Dados Restaurar : HKCU\Software\Microsoft\Internet Explorer\SearchURI [(Default)]
[-] Dados Restaurar : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [(Default)]
[-] Dados Restaurar : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchURI [(Default)]
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\navegaki.com
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\searchnu.com
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.navegaki.com
[-] Chave Excluída : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\www.searchnu.com

***** [ Navegadores ] *****


*************************

:: Chaves "Tracing" excluídas
:: Configurações Proxy restauradas
:: Configurações Winsock restauradas
:: Configurações TCP/IP restauradas
:: Configurações do Firewall restauradas
:: Configurações IPSec restauradas
:: Políticas do Chrome excluídas

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [13008 bytes] ##########
Responder Tópico
© 1999-2024 Hardware.com.br. Todos os direitos reservados.
Imagem do Modal