[Resolvido] &nbspCoisas Estranhas no PC

[moicanofacul 0]

Essa semana percebi que de vez em quando, rapidamente, abria e fechava uma janela no monitor, tão rápido que eu não conseguia ver o que era;

 

Na aba 'Processos' do gerenciador de tarefas reparei a execução de 2 itens que não lembro de ter visto antes: "nvvsvc.exe" e "nvxdsyvnc.exe";

 

Hoje quando fechei as janelas dos softwares que estava utilizando, apareceu no canto inferior direito da tela, acima do relógio, dizeres de que meu windows não é original. Depois de verificar no Sistema se tinha algum erro, a notificação sumiu;

 

Gerei o HiJackThis e, durante a execução, surgiu a seguinte mensagem de erro: http://imagizer.imageshack.us/v2/800x600q90/833/pf3h.jpg

 

Segue log do HiJackThis:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:22:19, on 22/01/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16428)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
C:\Users\Pierre Cardoso\Downloads\Nova pasta\HiJackThis.exe
C:\Windows\SysWOW64\DllHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=Userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [skyDrive] "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 13235 bytes

[DigRam 144]

Boa Noite! moicanofacul

< nvvsvc.exe >

|- Pertence a placa de video NVIDIA. ( NVIDIA Driver Helper Service )

< nvxdsyvnc.exe >

|- Para este,não encontrei referências...onde recomendo verificação ou pesquisa online no site VT.

-/-

|- Acesse este site: < Virus Total >
|- Faça a análise deste ficheiro: nvxdsyvnc.exe



|- Se já ocorreu,anteriormente,uma análise da(s) amostra(s),clique em: "Reanalyse file now"



|- Ao concluir,poste o link ao relatório.

-/-

|- Baixe: < ZHPDiag2.exe > < > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.



|- Execute o ícone do pergaminho. ( ZHPDiag )



|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!



|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < >

|- Maiores informações: < |Link| >

A+

[moicanofacul 0]

Camarada, perdoe-me, mas digitei o nome errado. O correto é: "nvxdsync.exe".

De qualquer sorte, o site VT solicita que eu selecione o arquivo. Eu não consigo localizá-lo pela busca do Windows. Abrindo o gerenciador de tarefas e clicando com o botão direito do mouse no aplicativo, tenho as opções "Abrir Local do Arquivo" e "Propriedades", porém ao selecioná-las nada acontece. Assim, não consigo fazer a verificação no site VT.

 

Segue relatório do ZHPDiag:

~ Relatório do ZHPDiag v2014.1.17.19 - Nicolas Coolman (17/01/2014)
~ Iniciado por Pierre Cardoso (23/01/2014 20:54:10)
~ Endereço do Website : http://www.paologios.com]
[HKCU\Software\PartyGaming]
[HKCU\Software\SERPRO]
[HKCU\Software\VCM]
[HKCU\Software\nester]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Full Tilt Poker]
[HKLM\Software\Wow6432Node\SIC]
~ Key Software: 406 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 29/05/2012 - 22:02:59 - [5,167] ----D C:\Program Files (x86)\BitLord =>Adware.WhenUSave
O43 - CFD: 14/07/2010 - 23:13:17 - [3,508] ----D C:\Program Files (x86)\Central de Jogos
O43 - CFD: 15/11/2010 - 22:16:00 - [1,045] ----D C:\Program Files (x86)\Formats
O43 - CFD: 11/01/2014 - 18:29:18 - [133,291] ----D C:\Program Files (x86)\Full Tilt Poker
O43 - CFD: 21/08/2012 - 20:32:56 - [0] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 29/04/2013 - 22:59:59 - [8,843] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 05/01/2014 - 01:21:37 - [0,063] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 09/07/2010 - 10:54:12 - [6,585] ----D C:\ProgramData\{B3C2C1CD-6B77-4A96-B670-F734AC2A1CBC}
O43 - CFD: 05/01/2010 - 15:50:23 - [5,468] --H-D C:\ProgramData\{D441869F-BEC4-446D-9888-C5CA29F160F9}
O43 - CFD: 29/05/2012 - 21:56:11 - [0,094] ----D C:\Users\Pierre Cardoso\AppData\Roaming\BitLord =>Adware.WhenUSave
O43 - CFD: 14/02/2013 - 20:18:08 - [36,268] ----D C:\Users\Pierre Cardoso\AppData\Roaming\cef-cache
O43 - CFD: 06/02/2012 - 22:30:33 - [0] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Evil
O43 - CFD: 11/08/2012 - 22:28:28 - [0,005] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Party
O43 - CFD: 22/03/2011 - 14:02:30 - [13,091] ----D C:\Users\Pierre Cardoso\AppData\Local\CPN
O43 - CFD: 04/01/2014 - 20:16:08 - [0,591] ----D C:\Users\Pierre Cardoso\AppData\Local\FullTiltPoker
O43 - CFD: 14/04/2011 - 14:29:32 - [0,002] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2011
O43 - CFD: 29/04/2013 - 22:59:37 - [0,004] ----D C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013
~ 9 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 270 Legitimates Filtered in 00mn 35s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.3D281096F9C57CA85B0C9E7C6E71CEC9] - 12/01/2014 - 22:54:25 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [147654]
O44 - LFC:[MD5.C7409E2070E1B02E6B566B2A42377B37] - 12/01/2014 - 22:54:25 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [705814]
O44 - LFC:[MD5.2034011358FAECA28DBF16F1D69E2BE7] - 18/01/2014 - 13:05:49 ---A- . (...) -- C:\Windows\wpd99.drv [59]
~ Files: 23 Legitimates Filtered in 00mn 01s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{18b70cd3-302c-11df-af0e-806e6f6e6963}\AutoRun\command. (.Macromedia, Inc. - Flash Player 5.0 r30.) -- E:\dvd-rom.exe
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 17 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.2285B31039611D509F6120D691CA661F] - 29/05/2012 - 15:53:30 ---A- . (.Windows ® Codename Longhorn DDK provider - hpvhd 64bit support driver.) -- C:\Windows\System32\Drivers\cpqdfw.sys [27456]
O58 - SDL:[MD5.0E5DA5369A0FCAEA12456DD852545184] - 13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:[MD5.F2523EF6460FC42405B12248338AB2F0] - 10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:[MD5.A15860E920B02C9A7CE8F3A6C2FF1E3A] - 13/04/2012 - 22:09:43 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [560184]
O58 - SDL:[MD5.F3817967ED533D08327DC73BC4D5542A] - 13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:[MD5.7AE58DF54421FCE8B4D6F8058E1E60C1] - 09/10/2012 - 08:29:58 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [46440]
O58 - SDL:[MD5.B7CC2AF3D5604EFDC5F82AF7A5B21FB1] - 21/01/2014 - 19:48:33 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 17 Legitimates Filtered in 00mn 37s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: prefs.js [Pierre Cardoso - 3dkhh8bj.default-1379274333240] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} [DefaultScope] - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {0CFC0FF2-7D28-4419-B506-086356381DDA} - (Americanas.com.br) - http://www.americanas.com
O69 - SBI: SearchScopes [HKCU] {0D763647-EF4D-4055-AA9E-5AA247285547} - (Saraiva.com) - http://www.livrariasaraiva.com
O69 - SBI: SearchScopes [HKCU] {0EACAB93-7E9C-41D7-ACE4-B696381E2C0E} - (Wikipedia (br)) - http://br.wikipedia.org
O69 - SBI: SearchScopes [HKCU] {5D3373DE-E345-414F-9E6C-5EA687463EA2} - (Submarino.com) - http://www.submarino.com
O69 - SBI: SearchScopes [HKCU] {9AFB250B-3A9F-4BE3-BA52-E5235AC5E952} - (Google) - http://www.google.com
O69 - SBI: SearchScopes [HKCU] {A9E19A04-33B3-4FD9-B056-9A6B8BF3A70B} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {E354496C-DDB9-47A7-A193-3ED9DEE8EA88} - (Bondfaro) - http://www.bondfaro.com
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D96EC2DE0DF19F3323E0CECFB49FCAFF] [sPRF][09/12/2013] (...) -- C:\Users\Pierre Cardoso\AppData\Roaming\unins000.dat [33278]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [sPRF][09/12/2013] (.No owner - Setup/Uninstall.) -- C:\Users\Pierre Cardoso\AppData\Roaming\unins000.exe [720082]
[MD5.C11706D2FD4AFCB8B0D6DAA0EF55D2C8] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\Rar.exe [403968]
[MD5.8C458DC9E7DC6EC0DC5F24C999AFA4C7] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\RarExt64.dll [193536]
[MD5.AD08FE53A5E484EA568D60544EF3F05C] [sPRF][25/04/2012] (...) -- C:\Program Files (x86)\rarnew.dat [20]
[MD5.8C95C6D737C450F0B847C22B9BA88766] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\UnRAR.exe [266240]
[MD5.BD3165A325F222F642F743B6CF2937ED] [sPRF][17/02/2012] (...) -- C:\Program Files (x86)\WinRAR.exe [1150464]
[MD5.76CDB2BAD9582D23C1F6F4D868218D6C] [sPRF][25/04/2012] (...) -- C:\Program Files (x86)\zipnew.dat [22]
~ Files: 12 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{1C13D696-15B3-47F3-932C-9E3B749FC524}" | In - Private - P6 - TRUE | .(...) -- C:\Program Files (x86)\Central de Jogos\Central.exe
O87 - FAEL: "{EB0851DA-9F07-47F8-8409-6A2B4D4E1D8B}" | In - Private - P17 - TRUE | .(...) -- C:\Program Files (x86)\Central de Jogos\Central.exe
O87 - FAEL: "{0A5ABD57-59F6-4F47-A4A7-C333958B1FAF}" | In - Domain - P6 - FALSE | .(...) -- C:\Program Files (x86)\Central de Jogos\Central.exe
O87 - FAEL: "{4F9DD9A0-FDDE-4915-9A37-8618F7BB521E}" | In - Domain - P17 - FALSE | .(...) -- C:\Program Files (x86)\Central de Jogos\Central.exe
O87 - FAEL: "{DEA08F2B-60BC-4D3A-A657-43FF8C580262}" | In - Private - P6 - TRUE | .(.No owner - SpywareBlaster.) -- C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe
O87 - FAEL: "{A1CE858E-5339-4F60-95BE-33494AB4029C}" | In - Private - P17 - TRUE | .(.No owner - SpywareBlaster.) -- C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe
O87 - FAEL: "{F5C1F742-4750-4FD8-930A-5BA1911435A3}" | In - Domain - P6 - FALSE | .(.No owner - SpywareBlaster.) -- C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe
O87 - FAEL: "{585D73E3-7965-4481-B9F1-5238512218F1}" | In - Domain - P17 - FALSE | .(.No owner - SpywareBlaster.) -- C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe
O87 - FAEL: "TCP Query User{03B1EBDB-9D74-4D1E-A71B-77C90772D6D2}C:\program files (x86)\bitlord\bitlord.exe" | In - Public - P6 - TRUE | .(.www.BitLord.com - BitLord.) -- C:\program files (x86)\bitlord\bitlord.exe =>Adware.WhenUSave
O87 - FAEL: "UDP Query User{78CDFBF4-B5E0-4C93-9DCF-8C0F52F68770}C:\program files (x86)\bitlord\bitlord.exe" | In - Public - P17 - TRUE | .(.www.BitLord.com - BitLord.) -- C:\program files (x86)\bitlord\bitlord.exe =>Adware.WhenUSave
~ Firewall: 234 Legitimates Filtered in 00mn 01s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 21/01/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 22/03/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 22/03/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 10/08/2012 1001376 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 20/12/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 15/03/2013 1266464 | (nvUpdatusService) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
SS - | Demand 04/01/2012 718888 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Auto 05/09/2013 171680 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SR - | Auto 30/08/2011 140672 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE64.exe
SR - | Auto 08/09/2009 202752 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 20/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 28/11/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 08/10/2013 452136 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 27/09/2012 86528 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 02/10/2009 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 20/08/2009 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 15/03/2013 877856 | (nvsvc) . (.NVIDIA Corporation.) - C:\Windows\system32\nvvsvc.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 14/03/2013 383264 | (Stereo Service) . (.NVIDIA Corporation.) - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 16s



---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:[MD5.A15860E920B02C9A7CE8F3A6C2FF1E3A] - 13/04/2012 - 22:09:43 ---A- . (.Duplex Secure Ltd. - SCSI Pass Through Direct Host.) -- C:\Windows\System32\Drivers\sptd.sys [560184]
~ Emulateurs: Scanned in 00mn 16s



---\\ Scâner Aditional (088)
Database Version : 13024 - (17/01/2014)
Clés trouvées (Keys found) : 8
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 3
Fichiers trouvés (Files found) : 1

[HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bitlord.exe] =>Adware.WhenUSave
[HKLM\Software\Classes\bitlordunfinishedfile] =>Adware.WhenUSave
[HKCU\Software\bitlord] =>Adware.WhenUSave
[HKCU\Software\PartyGaming] =>Casino.OnlineGames
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS] =>Toolbar.Ask
C:\Program Files (x86)\BitLord =>Adware.WhenUSave^
C:\Users\Pierre Cardoso\AppData\Roaming\BitLord =>Adware.WhenUSave^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord =>Adware.WhenUSave
[HKCU\Software\BitLord] =>Adware.WhenUSave^
~ Additionnel Scan: 395002 Items scanned in 00mn 17s



---\\ Sumário das deteções encontradas na sua estação
~ http://nicolascoolman.webs.com/apps/blog/show/28701901-adware-whenusave =>Adware.WhenUSave
~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask
~ MSI: 2 link(s) detected in 00mn 17s



~ 1361 Legitimates filtered by white list
End of the scan (492 lines in 02mn 17s)(0)

[DigRam 144]

Boa Noite! moicanofacul

Camarada, perdoe-me, mas digitei o nome errado. O correto é: "nvxdsync.exe".

|- Já desconfiava,onde neste caso,pode abortar a pesquisa no site VT.

-/-

|- Execute este script na ferramenta ZHPFix.
|- Copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c
|- À seguir,minimize o Bloco de Notas.

script zhpfix
[MD5.00000000000000000000000000000000] [APT] [{ACD5EDD8-D2C5-4D4E-8D28-6FF1D54AD86B}] (...) -- E:\AUTORUN.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{C96B3FA5-4876-4563-BE6A-3F99C061A838}] (...) -- E:\Setup.exe (.not file.) [0]
O69 - SBI: prefs.js [Pierre Cardoso - 3dkhh8bj.default-1379274333240] user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
[HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bitlord.exe] =>Adware.WhenUSave
[HKLM\Software\Classes\bitlordunfinishedfile] =>Adware.WhenUSave
[HKCU\Software\bitlord] =>Adware.WhenUSave
[HKCU\Software\PartyGaming] =>Casino.OnlineGames
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASMANCS] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32] =>Toolbar.Ask
[HKLM\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS] =>Toolbar.Ask
C:\Program Files (x86)\BitLord =>Adware.WhenUSave^
C:\Users\Pierre Cardoso\AppData\Roaming\BitLord =>Adware.WhenUSave^
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitLord =>Adware.WhenUSave
[HKCU\Software\BitLord] =>Adware.WhenUSave^
firewallraz
emptytemp
emptyclsid
sysrestore
|- Abra a ferramenta ZHPFix. < >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!

A+

[moicanofacul 0]

Relatório ZHPFix:

 

Rapport de ZHPFix 2014.1.17.2 par Nicolas Coolman, Update du 17/01/2014
Fichier d'export Registre :
Run by Pierre Cardoso at 25/01/2014 11:51:02
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 02s)

========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\bitlord.exe
ELIMINÉ: HKLM\Software\Classes\bitlordunfinishedfile
ELIMINÉ: HKCU\Software\bitlord
ELIMINÉ: HKCU\Software\PartyGaming
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASAPI32
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\apnstub_RASMANCS
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASAPI32
ELIMINÉ: HKLM\Software\Wow6432Node\Microsoft\Tracing\AskInstallChecker_RASMANCS

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Public) : TCP Query User{03B1EBDB-9D74-4D1E-A71B-77C90772D6D2}C:\program files (x86)\bitlord\bitlord.exe
ELIMINÉ: FirewallRaz (Public) : UDP Query User{78CDFBF4-B5E0-4C93-9DCF-8C0F52F68770}C:\program files (x86)\bitlord\bitlord.exe

========== Preferências do navegador ==========
ELIMINÉ Mozilla Pref: user_pref("weboftrust.search.ask.display", "Ask.com Web Search");

========== Pastas ==========
ELIMINÉ: C:\Users\Pierre Cardoso\AppData\Local\{0C70E7EF-981E-4C30-965D-9EEDE9DA20C4}
ELIMINÉ: C:\Users\Pierre Cardoso\AppData\Local\{324B5B95-689F-4717-9032-9256A4744E80}
ELIMINÉ: C:\Users\Pierre Cardoso\AppData\Local\{A67842D5-6C90-44F6-AA8C-546FEB0648BC}
ELIMINÉ: C:\Users\Pierre Cardoso\AppData\Local\{B4381331-A64E-4551-9114-810E5488982D}
ELIMINÉ: C:\Users\Pierre Cardoso\AppData\Local\{BACBED92-C5DE-4AE2-A85C-BB19C51927EA}
ELIMINÉ: C:\Users\Pierre Cardoso\AppData\Local\{BFF03CAB-E533-4D85-915F-C43B27D227EF}
ELIMINÉ: C:\Users\Pierre Cardoso\AppData\Local\{E136CE20-F563-4CA0-A9C3-7445444CB28C}
ELIMINÉ: C:\Users\Pierre Cardoso\AppData\Local\{E46A8F44-67CB-479C-B49A-C78EF98C7E3A}
ELIMINÉ: C:\Users\Pierre Cardoso\AppData\Local\{F7474E83-2E37-4217-A8E2-236A74A99A58}
ELIMINÉ: C:\Users\Pierre Cardoso\AppData\Local\{F77CD462-AC33-4F81-85BE-F7E2A48DDD46}

========== Ficheiros ==========
ELIMINÉ Temporários windows (32) (1.755.416 octets)

========== Tarefa planificada ==========
ELIMINÉ: {ACD5EDD8-D2C5-4D4E-8D28-6FF1D54AD86B}
ELIMINÉ: {C96B3FA5-4876-4563-BE6A-3F99C061A838}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
8 : Chaves do Registo
4 : Valores do Registo
10 : Pastas
1 : Ficheiros
1 : Preferências do navegador
2 : Tarefa planificada
1 : Restauração Sistema


End of clean in 00mn 39s

========== Caminho do ficheiro do relatório ==========
C:\Users\Pierre Cardoso\AppData\Roaming\ZHP\ZHPFix[R1].txt - 25/01/2014 11:51:05 [2868]

[DigRam 144]

Bom Dia! moicanofacul

 

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < zoek.exe >

|- Salve-o e descompacte-o para o desktop!

|- Estarão disponíveis: zoek.com, zoek.scr, zoek.pif e zoek.exe

|- Desabilite seu antivírus!

|- Para Windows 7,execute zoek.exe como administrador.

hijackthis;

iedefaults;

chromelook;

shortcutfix;

autoclean;

emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.

|- Clique "Run Script".

 

Zoek.exe is running now.

Do not start any browser windows, they will be closed automatically.

Please wait! This window will close when finished.

A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o surgimento do relatório.

|- Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.

|- Aceite e/ou confirme o reboot!

 

zoek.hta failed by unknown error.

 

Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.

|- Poste o relatório,que estará em C:\zoek-results.txt <<

 

A+

[moicanofacul 0]

Zoek.exe v5.0.0.0 Updated 25-January-2014
Tool run by Pierre Cardoso on 26/01/2014 at 1:32:00,35.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Pierre Cardoso\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

26/01/2014 01:33:34 Zoek.exe System Restore Point Created Succesfully.

==== Creating Sample_012014_0140.zip ======================

Process firefox.exe killed
Copied file C:\Users\Pierre Cardoso\AppData\Roaming\unins000.exe to sample\unins000.exe
sample\unins000.exe renamed to AD6E810B9CE3D8C0C1FF0203C68C6FA6

C:\Users\Public\Desktop\sample_012014_0140.zip created successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240

user.js not found
---- Lines ask.com removed from prefs.js ----
user_pref("weboftrust.search.ask.display", "Ask.com Web Search");
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 0);
---- FireFox user.js and prefs.js backups ----

prefs_012014_0140_.backup

==== Deleting Files \ Folders ======================

C:\ProgramData\boost_interprocess deleted
C:\Users\Pierre Cardoso\AppData\Local\cache deleted
C:\Users\Pierre Cardoso\AppData\Roaming\unins000.exe deleted
"C:\Users\Pierre Cardoso\AppData\Roaming\Ajpa" deleted
"C:\Users\Pierre Cardoso\AppData\Roaming\Evil" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [11/09/2013 06:54]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E886C}"="C:\Users\Pierre Cardoso\AppData\Local\GAS Tecnologia\GBBD\bb\xpi" [11/01/2014 10:05]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240
- Portugus Brasileiro Nova Ortografia - %ProfilePath%\extensions\pt-BR@dictionaries.addons.mozilla.org
- Flashblock - %ProfilePath%\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
- Facebook Photo Zoom - %ProfilePath%\extensions\{7c6cdf7c-8ea8-4be7-ae5a-0b3effe14d66}
- WOT - %ProfilePath%\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
- Desprotetor de Links - %ProfilePath%\extensions\desprotetordelinks@claudio-silva.com.xpi
- NoScript - %ProfilePath%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Pierre Cardoso\AppData\Roaming\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240
2557FBC582910A71CDEB0F22886D118D - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash
630B1C896D9DC03447A6951102EBEBFD - C:\Users\Pierre Cardoso\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
BE126CB7049E89ED6F3038016668B502 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll - RealNetworks RealDownloader Chrome Background Extension Plug-In (32-bit)
EAC427FEF96A13058C1ACD17C38966CF - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll - RealNetworks RealDownloader PepperFlashVideoShim Plug-In (32-bit)
96B3689320E9B16EDF38B7A5001C35F0 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll - RealNetworks RealDownloader HTML5VideoShim Plug-In (32-bit)
F8CB60A5ACA5D73807ECBD9942A8BCB7 - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll - RealDownloader Plugin
D493C8FC0D0FD015BB9765658D77346E - C:\Users\Pierre Cardoso\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
555E65306A5D3A5978BE74E1DD62CDD9 - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll - RealNetworks Chrome Background Extension Plug-In (32-bit)
E32771B0AE3F18CEFFC12D682025238A - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll - RealPlayer HTML5VideoShim Plug-In (32-bit)
DAD55CEF682EAE6FA7B4C9487563A496 - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll - Shockwave for Director / Shockwave for Director
3D3CAF586124C4E8102764C8B3063BB6 - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll - Shockwave for Director / Shockwave for Director
58B690C992C321664AB6145A350B5DCD - C:\Users\Pierre Cardoso\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Pierre Cardoso\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[11/01/2014 10:05]

Google Docs - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
RealDownloader - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji
Google Wallet - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Banco do Brasil - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="${searchCLSID}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{searchCLSID}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{searchCLSID} Unknown Url="Not_Found"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{0CFC0FF2-7D28-4419-B506-086356381DDA} Americanas.com.br Url="http://www.americanas.com.br/busca/{searchTerms}"
{0D763647-EF4D-4055-AA9E-5AA247285547} Saraiva.com Url="http://www.livrariasaraiva.com.br/pesquisaweb/pesquisaweb.dll/pesquisa?FILTRON1=X&PALAVRASN1={searchTerms}&ESTRUTN1=&MODELON1=C&ORDEMN1=E&QTTOP=100"
{0EACAB93-7E9C-41D7-ACE4-B696381E2C0E} Wikipedia (br) Url="http://br.wikipedia.org/w/index.php?title=Dibar:Klask&search={searchTerms}"
{5D3373DE-E345-414F-9E6C-5EA687463EA2} Submarino.com Url="http://www.submarino.com.br/busca?q={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{9AFB250B-3A9F-4BE3-BA52-E5235AC5E952} Google Url="http://www.google.com/search?hl=en&q={searchTerms}"
{A9E19A04-33B3-4FD9-B056-9A6B8BF3A70B} Bing Url="http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox"
{E354496C-DDB9-47A7-A193-3ED9DEE8EA88} Bondfaro Url="http://www.bondfaro.com.br/cprocura?produto={searchTerms}"

==== shortcuts on Users Desktops ======================

C:\Users\Pierre Cardoso\Desktop\Blogs e Páginas.lnk -
C:\Users\Pierre Cardoso\Desktop\Concursos Públicos.lnk -
C:\Users\Pierre Cardoso\Desktop\Pierre Cardoso (P).lnk - P:\
C:\Users\Pierre Cardoso\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\Users\Pierre Cardoso\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files (x86)\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\partypoker.lnk - C:\Programs\PartyGaming\PartyGaming.exe -P=PartyPoker
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games\Pro Evolution Soccer 2013.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker\Desinstalar partypoker.lnk - C:\programs\partygaming\PartyPoker\Uninstall\Setup.exe App_Type=U
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\partypoker\partypoker.lnk - C:\Programs\PartyGaming\PartyGaming.exe -P=PartyPoker
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode\Uninstall XMedia Recode.lnk - C:\Program Files (x86)\XMedia Recode\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode\XMedia Recode.lnk - C:\Program Files (x86)\XMedia Recode\XMedia Recode.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GOM Player.lnk - C:\Program Files (x86)\GRETECH\GomPlayer\GOM.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\partypoker.lnk - C:\Programs\PartyGaming\PartyGaming.exe -P=PartyPoker
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk - C:\Program Files (x86)\Winamp\winamp.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Aplicativo do Windows Phone para desktop.lnk - C:\Program Files (x86)\Windows Phone\WindowsPhone.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\BF1942.lnk - C:\Program Files (x86)\EA GAMES\Battlefield 1942\BF1942.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\ClocX.lnk - C:\Program Files\ClocX\ClocX.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Diablo II - Lord of Destruction.lnk - C:\Program Files (x86)\Diablo II\Diablo II.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Full Tilt Poker.lnk - C:\Program Files (x86)\Full Tilt Poker\FullTiltPoker.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Gios PDF Splitter and Merger for Windows.lnk - C:\Users\Pierre Cardoso\Documents\GiosPSM\GiosPSM.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\HP Scan.lnk - C:\Program Files (x86)\hp\HP Deskjet 2050 J510 series\bin\HPScan.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\PartyPoker.lnk - C:\Programs\PartyGaming\PartyGaming.exe -P=PartyPoker
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Play GTA Vice City.lnk - C:\Program Files (x86)\Rockstar Games\Grand Theft Auto Vice City\gta-vc.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Project64 1.6.lnk - C:\Program Files (x86)\Project64 1.6\Project64.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Calculator.lnk - C:\Windows\system32\calc.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Excel 2007.lnk - C:\Windows\Installer\{91120000-002F-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Pierre Cardoso\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Messenger.lnk - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Deleting Registry Keys ======================

HKEY_CURRENT_USER\Software\Policies\Google\Chrome\ExtensionInstallForcelist deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMusic FastStart deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaOviSuite2 deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray deleted successfully

==== HijackThis Entries ======================

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=Userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
O4 - HKLM\..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osboot
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [skyDrive] "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
O4 - HKCU\..\RunOnce: [uninstall C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Pierre Cardoso\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627"
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-21-3781067526-2966764731-2999422385-1003\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-3781067526-2966764731-2999422385-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pierre Cardoso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Pierre Cardoso\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Pierre Cardoso\AppData\Local\Mozilla\Firefox\Profiles\3dkhh8bj.default-1379274333240\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Pierre Cardoso\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=146 folders=28 9128969 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\UpdatusUser\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\Pierre Cardoso\AppData\Local\Temp will be emptied at reboot
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\PIERRE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp\MpCmdRun.log" not found

==== EOF on 26/01/2014 at 1:48:34,33 ======================

[DigRam 144]

Bom Dia! moicanofacul

|- Desinstale ou remova as ferramentas que foram empregadas,com o DelFix.

-/-

 

|- Baixe: |DelFix| ( ... de Xplode )



|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.



|- Execute-a!
|- Com as duas checkbox marcadas!
|- Clique "Run".

|- Tudo Ok?

 

Abs!

[moicanofacul 0]

# DelFix v10.6 - Logfile created 26/01/2014 at 11:30:01
# Updated 11/11/2013 by Xplode
# Username : Pierre Cardoso - PIERRECARDOSO
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

~ Removing disinfection tools ...

Deleted : C:\JRT
Deleted : C:\Users\Pierre Cardoso\AppData\Roaming\ZHP
Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
Deleted : C:\Program Files (x86)\ZHPDiag
Deleted : C:\Program Files (x86)\Hijackthis
Deleted : C:\AdwCleaner[s1].txt
Deleted : C:\UsbFix_Upload_Me_PIERRECARDOSO.zip
Deleted : C:\ZHPDiag2.exe
Deleted : C:\zoek-results.log
Deleted : C:\Users\Pierre Cardoso\Desktop\ZHPDiag.lnk
Deleted : C:\Users\Pierre Cardoso\Desktop\ZHPDiag.txt
Deleted : C:\Users\Pierre Cardoso\Desktop\ZHPFix.lnk
Deleted : C:\Users\Pierre Cardoso\Desktop\ZHPFixReport.txt
Deleted : C:\Users\Pierre Cardoso\Desktop\zoek.com
Deleted : C:\Users\Pierre Cardoso\Desktop\zoek.exe
Deleted : C:\Users\Pierre Cardoso\Desktop\zoek.scr
Deleted : HKLM\SOFTWARE\AdwCleaner
Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1

~ Cleaning system restore ...

Deleted : RP #774 [Windows Update | 01/15/2014 22:59:18]
Deleted : RP #775 [Windows Update | 01/21/2014 07:48:55]
Deleted : RP #776 [Windows Update | 01/24/2014 07:56:23]
Deleted : RP #777 [ZHPFix Restore System Point | 01/25/2014 14:50:37]
Deleted : RP #778 [zoek.exe restore point | 01/26/2014 04:33:13]

New restore point created !

########## - EOF - ##########

[DigRam 144]

Boa Tarde! moicanofacul

|- Caso queira,otimize o PC com o JetClean.

-/-

|- Baixe: < JetClean 1.5.0 > ( ... by BlueSprig.com )

< Maiores informações! > << Leia aqui!

|- Salve-o em Arquivos de programas. ( jetclean-setup.exe )



|- Instale o software!
|- Guia "1-Click",preferencialmente.
|- Vá em "Scan Now" e escolha: Shut down PC after Repair



|- Ou escolhendo a opção "Scan & Repair",sem o reboot do PC.
|- Tudo Ok?

 

Abs!

[moicanofacul 0]

O CCleaner já não faz o mesmo trabalho desse JetClean?

[DigRam 144]

O CCleaner já não faz o mesmo trabalho desse JetClean?

Bom Dia! moicanofacul

 

|- JetClean possui outros recurssos,como a RAM Clean e funções adicionais.

 

< JetBoost >

 

 

|- Vem com o JetBoost,que otimiza o PC para tarefas que necessitem de máxima potencialização da máquina.

 

Abs!

[DigRam 144]

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.