[Resolvido] Note iniciando lento e email infectado.

[Cristiano T. 0]

Bom dia, gostaria de relatar dois problemas.

 

O primeiro é que de uns tempos pra cá o notebook está iniciando muito lento, desconfio

 

O segundo é que venho recebendo emails de minha própria pessoa com vírus. Toda semana chega pelo menos um email infectado, como se eu mesmo enviasse para mim. Meu email é da hotmail. Ex: nome@outlllok.com.

Tenho outro email no gmail, mas esse problema só ocorre no hotmail.

Já mudei a senha várias vezes e nada de parar de receber esses emails.

Nunca cliquei nos links que estão no email.

Já me informaram se tratar de uma técnica que se chama e-mail spoofing. Fiz o que a pessoa me sugeriu e mesmo assim não resolveu.

Imagem -> http://www.cjoint.com/c/FBdn0QjVoYO

 

 

 

LOGS:

Addition -> http://www.cjoint.com/c/FBdnQUQmWzO

FRST -> http://www.cjoint.com/c/FBdnS4sCEbO

[caedurodrigues 19]

Boa noite, eu vou analisar o seu caso.

 

• Baixe:<> <(...by eset.com)>

• Salve-a na Área de trabalho !

• Desabilite seu antivírus e execute o arquivo esetsmartinstaller_enu.exe.

• Aceite o contrato e marque: "Yes, I accept the Terms of Use"

• Clique: "Start".

• Marque as caixinhas como na imagem acima

• Clique "Change" e marque também a caixa Computador.

• Clique: "Start" >> Aguarde! ( Pode durar algumas horas,esse scan... )

• Ao concluir,clique em "List of found threats".

• Copie e cole o conteúdo em sua próxima resposta.

O relatório fica salvo em C:\Program Files\ESET\EsetOnlineScanner\log.txt

• Obs: Se nada for encontrado, nenhum log será gerado.

• Clique "Back" >> "Finish".

• Poste o Relatório!

[Cristiano T. 0]

C:\$Recycle.Bin\S-1-5-21-2916229193-2596999592-3945810575-1000\$R8LOAG3.rar a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application deleted
C:\$Recycle.Bin\S-1-5-21-2916229193-2596999592-3945810575-1000\$RCH3Z49.exe a variant of MSIL/HackTool.IdleKMS.C potentially unsafe application deleted
C:\Program Files\Microsoft Office\Office15\Microsoft Toolkit.exe a variant of MSIL/HackKMS.G potentially unsafe application deleted
C:\Users\Cristiano\AppData\Roaming\uTorrent\updates\3.4.2_35141.exe a variant of Win32/OpenCandy.A potentially unsafe application cleaned by deleting
C:\Users\Cristiano\AppData\Roaming\Wondershare\MobileGo\TempRoot\TempRoot.zip multiple threats deleted
C:\Users\Cristiano\AppData\Roaming\Wondershare\MobileGo\TempRoot\root\rootf.apk Android/Exploit.Lotoor.EF trojan deleted
C:\Users\Outros\AppData\Local\Temp\ICReinstall_Porca_Veia_Eu_Gostei_Do_Baile_Veio_Tche_Bailao.exe a variant of Win32/InstallCore.ACZ potentially unwanted application cleaned by deleting
C:\Windows\AutoKMS\AutoKMS.exe a variant of MSIL/HackKMS.H potentially unsafe application deleted

[caedurodrigues 19]

Boa noite,

Desative temporariamente seu antivirus, antispywares e firewall, para não causar conflitos.

 

• Baixe: <> (...par Xplode)

• Ou aqui >>AdwCleaner<<

• Salve-a na sua Desktop (área de trabalho).

• Feche todos os programas e navegadores de internet abertos.

• Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:

• Clique em Examinar, para iniciar o escaneamento!

• Ao término, clique em limpar

• Copie o log ou clique "Relatório".

• Poste: >> C:\AdwCleaner\AdwCleaner[C1].txt<<

NOTA: Se o AdwCleaner encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC. Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

 

• Baixe:<> <(...by Malwarebytes)>

• Salve-o no desktop!

• Desabilite seu antivírus!

• Para Windows 7, clique direito em JRT.exe e depois clique em

• Aguarde a conclusão e poste o relatório. ( JRT.txt )

 

[Cristiano T. 0]

# AdwCleaner v5.032 - Logfile created 05/02/2016 at 12:38:42
# Updated 31/01/2016 by Xplode
# Database : 2016-02-02.1 [server]
# Operating system : Windows 7 Ultimate Service Pack 1 (x64)
# Username : Cristiano - CTV
# Running from : C:\Users\Cristiano\Desktop\adwcleaner_5.032.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : vToolbarUpdater40.2.5

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Security Toolbar
[-] Folder Deleted : C:\Users\Cristiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji
[!] Folder Not Deleted : C:\Users\Cristiano\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji
[-] Folder Deleted : C:\Users\Cristiano\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji
[!] Folder Not Deleted : C:\Users\Cristiano\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji
[-] Folder Deleted : C:\Users\Cristiano\AppData\LocalLow\HPAppData

***** [ Files ] *****

[-] File Deleted : C:\Users\Cristiano\AppData\Roaming\Mozilla\Firefox\Profiles\f714aep6.default-1435240498475\Extensions\Avg@toolbar.xpi
[-] File Deleted : C:\Users\Cristiano\AppData\Roaming\Mozilla\Firefox\Profiles\f714aep6.default-1435240498475\searchplugins\avg-secure-search.xml

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\chfdnecihphmhljaaejmgoiahnihplgn
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CCC052E-BDEE-408A-BEA7-90914EF2964B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61F47056-E400-43D3-AF1E-AB7DFFD4C4AD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E2B98EEA-EE55-4E9B-A8C1-6E5288DF785A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\OB
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKU\S-1-5-19\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[-] Key Deleted : HKU\S-1-5-20\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
[!] Key Not Deleted : HKU\S-1-5-21-2916229193-2596999592-3945810575-1000\Software\OB
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]
[-] Data Restored : HKU\S-1-5-21-2916229193-2596999592-3945810575-1000\Software\Microsoft\Internet Explorer\Main [start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[!] Key Not Deleted : HKU\S-1-5-21-2916229193-2596999592-3945810575-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Data Restored : HKU\S-1-5-21-2916229193-2596999592-3945810575-1000\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Web browsers ] *****

[-] [C:\Users\Cristiano\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Default_Search_Provider] Deleted : hxxp://www.istartsurf.com/webfavicon.ico
[-] [C:\Users\Cristiano\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : phkhjncldpmjmdeenlhnacjdihkfhnji
[-] [C:\Users\Cristiano\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : phkhjncldpmjmdeenlhnacjdihkfhnji

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [5522 bytes] ##########

 

-----------------------------------------------------------------------------------

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.2 (01.06.2016)
Operating System: Windows 7 Ultimate x64
Ran by Cristiano (Administrator) on 05/02/2016 at 12:44:33,68
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5

Successfully deleted: C:\Users\Cristiano\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3PYA84E1 (Folder)
Successfully deleted: C:\Users\Cristiano\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4DDNMOE1 (Folder)
Successfully deleted: C:\Users\Cristiano\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FIE3G903 (Folder)
Successfully deleted: C:\Users\Cristiano\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\MSMF6RLR (Folder)
Successfully deleted: C:\Windows\prefetch\TOOLBARUPDATER.EXE-CC73B449.pf (File)

Deleted the following from C:\Users\Cristiano\AppData\Roaming\Mozilla\Firefox\Profiles\f714aep6.default-1435240498475\prefs.js
user_pref(browser.urlbar.suggest.searches, true);



Registry: 1

Successfully deleted: HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C41A1C0E-EA6C-11D4-B1B8-444553540027} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 05/02/2016 at 13:19:04,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

[caedurodrigues 19]

Boa noite,

• Baixe:<> (...by Malwarebytes)

• Dê um duplo-clique no mbam-setup.exe para instalar o programa.

• Desmarque a caixa: "Ativar trial gratuito do Malwarebytes Anti-Malware PRO"

• Clique "Concluir".

• Se houver atualizações a serem feitas, serão baixadas e instaladas !

• Escolha Configurações >> Detecção e proteção >> Marque Verificar por Rootkits. Em Detecções PUP (programas potencialmente indesejados), selecione Tratar detecções como malware.

• Clique em Verificar. Em seguida Verificar Ameaça e por fim em Iniciar Verificação.

• Começara então o escaneamento. Aguarde pois pode demorar.

• Ps: Para determinadas infecções,o programa pedirá reboot. << Confirme!

• Ao concluir, se houver ítens encontrados, clique no botão Remover Selecionados

• O log é automaticamente salvo pelo MBAM, e para vê-lo clique na aba Histórico >> Logs de aplicativos>> Log de Verificação na janela principal do programa.

• Depois clique no botão Exportar. Utilize o formato .txt para exportar o log e salve-o na área de trabalho.

• NÃO UTILIZAR O FORMATO .XML PARA EXPORTAR O LOG.

• O log de Proteção e desnecessário para uma Análise, exporte sempre o log Correto.

NOTA: Se o MBAM encontrar arquivos que não consiga remover, poderá ter de reiniciar o PC (talvez mais de uma vez).

Faça isso imediatamente, ao ser perguntado se quer reiniciar o PC.

[Cristiano T. 0]

Malwarebytes Anti-Malware
www.malwarebytes.org

Data da verificação: 07/02/2016
Hora da verificação: 09:25
Arquivo de registro: MBAM.txt
Administrador: Sim

Versão: 2.2.0.1024
Banco de dados de malware: v2016.02.07.02
Banco de dados de rootkit: v2016.01.20.01
Licença: Gratuita
Proteção contra malware: Desabilitado
Proteção contra website malicioso: Desabilitado
Autoproteção: Desabilitado

Sistema operacional: Windows 7 Service Pack 1
CPU: x64
Sistema de arquivos: NTFS
Usuário: Cristiano

Tipo de verificação: Verificação da ameaça
Resultado: Concluído
Objetos verificados: 423770
Tempo decorrido: 28 min, 25 seg

Memória: Habilitado
Inicialização: Habilitado
Sistema de arquivos: Habilitado
Arquivos compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado

Processos: 0
(Nenhum item malicioso detectado)

Módulos: 0
(Nenhum item malicioso detectado)

Chaves de registro: 0
(Nenhum item malicioso detectado)

Valores de registro: 0
(Nenhum item malicioso detectado)

Dados de registro: 0
(Nenhum item malicioso detectado)

Pastas: 8
PUP.Optional.MultiPlug, C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji\4.0, Quarentena, [c41a75e81a7f2511f6d6faf42bd77090],
PUP.Optional.MultiPlug, C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji, Quarentena, [c41a75e81a7f2511f6d6faf42bd77090],
PUP.Optional.MultiPlug, C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji\4.0, Quarentena, [b42a025b267333035775638b4db51ce4],
PUP.Optional.MultiPlug, C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji, Quarentena, [b42a025b267333035775638b4db51ce4],
PUP.Optional.MultiPlug, C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji\4.0, Quarentena, [26b894c92c6dbe78a726cd2169991de3],
PUP.Optional.MultiPlug, C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji, Quarentena, [26b894c92c6dbe78a726cd2169991de3],
PUP.Optional.MultiPlug, C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji\4.0, Quarentena, [a23c2e2f3b5e46f03994c22ce12144bc],
PUP.Optional.MultiPlug, C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji, Quarentena, [a23c2e2f3b5e46f03994c22ce12144bc],

Arquivos: 12
PUP.Optional.MultiPlug, C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji\4.0\lsdb.js, Quarentena, [c41a75e81a7f2511f6d6faf42bd77090],
PUP.Optional.MultiPlug, C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji\4.0\background.html, Quarentena, [c41a75e81a7f2511f6d6faf42bd77090],
PUP.Optional.MultiPlug, C:\Users\Administrador\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji\4.0\manifest.json, Quarentena, [c41a75e81a7f2511f6d6faf42bd77090],
PUP.Optional.MultiPlug, C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji\4.0\lsdb.js, Quarentena, [b42a025b267333035775638b4db51ce4],
PUP.Optional.MultiPlug, C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji\4.0\background.html, Quarentena, [b42a025b267333035775638b4db51ce4],
PUP.Optional.MultiPlug, C:\Users\Convidado\AppData\Local\Comodo\Dragon\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji\4.0\manifest.json, Quarentena, [b42a025b267333035775638b4db51ce4],
PUP.Optional.MultiPlug, C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji\4.0\lsdb.js, Quarentena, [26b894c92c6dbe78a726cd2169991de3],
PUP.Optional.MultiPlug, C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji\4.0\background.html, Quarentena, [26b894c92c6dbe78a726cd2169991de3],
PUP.Optional.MultiPlug, C:\Users\Administrador\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji\4.0\manifest.json, Quarentena, [26b894c92c6dbe78a726cd2169991de3],
PUP.Optional.MultiPlug, C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji\4.0\lsdb.js, Quarentena, [a23c2e2f3b5e46f03994c22ce12144bc],
PUP.Optional.MultiPlug, C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji\4.0\background.html, Quarentena, [a23c2e2f3b5e46f03994c22ce12144bc],
PUP.Optional.MultiPlug, C:\Users\Convidado\AppData\Local\Google\Chrome SxS\User Data\Default\Extensions\phkhjncldpmjmdeenlhnacjdihkfhnji\4.0\manifest.json, Quarentena, [a23c2e2f3b5e46f03994c22ce12144bc],

Setores físicos: 0
(Nenhum item malicioso detectado)


(end)

[caedurodrigues 19]

Boa noite,

 

• Baixe:<zoek.exe> (...by Smeenk)

• Salve na sua Desktop (Área de trabalho) !

• Execute o arquivo Zoek.exe.

• Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em

• Selecione as linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar!

createsrpoint;

emptyfolderscheck;delete

shortcutfix;

ffdefaults;

chrdefaults;

resetwmi;

iedefaults;

resetieproxy;

emptyclsid;

msconfigcheck;

autoclean;

ipconfig /flushdns >>"%temp%\log.txt";b

• Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar.

• Clique , aguarde o scan. Ao final abrirá o bloco de notas com o relatório.

• Uma cópia também será salva no seu disco local com o nome zoek-results.txt.

• Anexe o zoek-results.txt na sua próxima resposta.

 

[Cristiano T. 0]

Durante a verificação ocorreu esse erro:

http://www.cjoint.com/c/FBkxzXHlHfe

 

O anti vírus detectou o seguinte:

 

Detecção do Identity Protection
"Nome da ameaça" "Status" "Tempo de detecção" "Tipo de objeto" "Processar"
"Unknown, C:\Users\Cristiano\AppData\Local\Temp\zoek.bat" "Adicionado às exceções" "10/02/2016, 19:59:55" "Arquivo ou diretório" ""

Mesmo assim dei permissão.

 

----------------------------------------------------------------

 

Zoek.exe v5.0.0.1 Updated 27-09-2015
Tool run by Cristiano on 10/02/2016 at 16:24:29,43.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Cristiano\Desktop\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

10/02/2016 16:29:08 Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\MSXML 4.0 deleted successfully
C:\PROGRA~3\DivX deleted successfully
C:\PROGRA~3\SmartOnes deleted successfully
C:\Users\Cristiano\AppData\Roaming\EncryptStick deleted successfully
C:\Users\Cristiano\AppData\Roaming\eXPert PDF Jobs deleted successfully
C:\Users\Cristiano\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Cristiano\AppData\Local\EmieSiteList deleted successfully
C:\Users\Cristiano\AppData\Local\EmieUserList deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-2916229193-2596999592-3945810575-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} deleted successfully
HKEY_USERS\S-1-5-21-2916229193-2596999592-3945810575-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{310CA7B9-D56B-499A-B786-D9648270585E} deleted successfully
HKEY_USERS\S-1-5-21-2916229193-2596999592-3945810575-1000\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886C} deleted successfully
HKEY_USERS\S-1-5-21-2916229193-2596999592-3945810575-1000\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E8878} deleted successfully
HKEY_USERS\S-1-5-21-2916229193-2596999592-3945810575-1000\Software\Mozilla\Firefox\Extensions\{87F8774F-B485-47E2-A755-A40A8A5E886D} deleted successfully

==== Deleting Services ======================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WtuSystemSupport deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\WtuSystemSupport deleted successfully

==== FireFox Fix ======================

Deleted from C:\Users\CRISTI~1\AppData\Roaming\Mozilla\Firefox\Profiles\f714aep6.default-1435240498475\prefs.js:
user_pref("browser.startup.homepage", "www.google.com.br");
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\CRISTI~1\AppData\Roaming\Mozilla\Firefox\Profiles\f714aep6.default-1435240498475\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\CRISTI~1\AppData\Roaming\Thunderbird\Profiles\bm832zzl.default\prefs.js:

Added to C:\Users\CRISTI~1\AppData\Roaming\Thunderbird\Profiles\bm832zzl.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

Deleted from C:\Users\Outros\AppData\Roaming\Mozilla\Firefox\Profiles\9x62d7lp.default\prefs.js:

Added to C:\Users\Outros\AppData\Roaming\Mozilla\Firefox\Profiles\9x62d7lp.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Batch Command(s) Run By Tool======================


Configura‡Æo de IP do Windows

Libera‡Æo do Cache do DNS Resolver bem-sucedida.

==== Deleting Files \ Folders ======================

C:\Users\Cristiano\AppData\Local\AVG Web TuneUp deleted
C:\Users\Outros\AppData\Local\AVG Web TuneUp deleted
C:\Users\Cristiano\.android deleted
C:\Windows\sysWoW64\config\systemprofile\.android deleted
C:\PROGRA~2\AVG Web TuneUp deleted
C:\Users\Cristiano\AppData\Roaming\Wondershare deleted
C:\Users\Cristiano\AppData\Roaming\wpulog.txt deleted
C:\Users\Cristiano\AppData\Roaming\Thinstall deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Wondershare deleted
C:\PROGRA~3\AVG Web TuneUp deleted
C:\PROGRA~3\Elcomsoft Password Recovery deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Cristiano\AppData\Local\Thinstall deleted
C:\Users\Cristiano\AppData\Local\Wondershare deleted
C:\Users\Outros\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Windows\Syswow64\GroupPolicy\gpt.ini deleted
C:\Users\Cristiano\AppData\Roaming\langInstall.exe deleted
"C:\PROGRA~2\Wondershare\WAF\2.1.4.4\Newtonsoft.Json.dll" deleted
"C:\PROGRA~2\Wondershare\WAF\2.1.4.4\WsAppCollect.dll" deleted
"C:\PROGRA~2\Wondershare\WAF\2.1.4.4\WsAppCommon.dll" not deleted
"C:\PROGRA~2\Wondershare\WAF\2.1.4.4\WsAppService.exe" not deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\CBSProducstInfo.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\DAQExp.dll" deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact\WSHelper.exe" deleted
"C:\PROGRA~2\Wondershare" not deleted
"C:\PROGRA~2\COMMON~1\Wondershare" deleted
"C:\PROGRA~2\Wondershare\WAF" not deleted
"C:\PROGRA~2\Wondershare\WAF\2.1.4.4" not deleted
"C:\PROGRA~2\COMMON~1\Wondershare\Wondershare Helper Compact" deleted

==== Firefox Start and Search pages ======================

ProfilePath: C:\Users\CRISTI~1\AppData\Roaming\Mozilla\Firefox\Profiles\f714aep6.default-1435240498475
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\CRISTI~1\AppData\Roaming\Thunderbird\Profiles\bm832zzl.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

ProfilePath: C:\Users\Outros\AppData\Roaming\Mozilla\Firefox\Profiles\9x62d7lp.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [10/11/2014 21:23]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"smartwebprinting@hp.com"="C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3" [10/11/2014 21:23]

==== Firefox Extensions ======================

ProfilePath: C:\Users\CRISTI~1\AppData\Roaming\Mozilla\Firefox\Profiles\f714aep6.default-1435240498475
- NetVideoHunter - C:\Users\Cristiano\AppData\Roaming\Mozilla\Firefox\Profiles\f714aep6.default-1435240498475\extensions\netvideohunter@netvideohunter.com
- NetVideoHunter - %ProfilePath%\extensions\netvideohunter@netvideohunter.com
- Adblock Plus - %ProfilePath%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi

ProfilePath: C:\Users\CRISTI~1\AppData\Roaming\Thunderbird\Profiles\bm832zzl.default
- Lightning - C:\Users\Cristiano\AppData\Roaming\Thunderbird\Profiles\bm832zzl.default\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
- Provider for Google Calendar - C:\Users\Cristiano\AppData\Roaming\Thunderbird\Profiles\bm832zzl.default\extensions\{a62ef8ec-5fdc-40c2-873c-223b8a6925cc}
- Provider for Google Calendar - %ProfilePath%\extensions\{a62ef8ec-5fdc-40c2-873c-223b8a6925cc}
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Cristiano\AppData\Roaming\Mozilla\Firefox\Profiles\f714aep6.default-1435240498475
6FE651F6E3025AD51CC1D54913AEEADC - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll - Shockwave Flash


==== Fake Chromium Profiles Check ======================

Fake profile C:\Users\Administrador\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Administrador\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Administrador\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Convidado\AppData\Local\Google\Chrome deleted
Fake profile C:\Users\Convidado\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Convidado\AppData\Local\Comodo\Dragon deleted
Fake profile C:\Users\Cristiano\AppData\Local\Google\Chrome SxS deleted
Fake profile C:\Users\Cristiano\AppData\Local\Comodo\Dragon deleted

==== Chromium Look ======================

Google Chrome Version: 46.0.2490.86


HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
bbjllphbppobebmjpjcijfbakobcheof - No path found[]

GBBD Banco do Brasil - Cristiano\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp
Rapport - Outros\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof

==== Chromium Fix ======================

C:\Users\Outros\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage deleted successfully
C:\Users\Outros\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.audienceinsights.net_0.localstorage-journal deleted successfully
C:\Users\Outros\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage deleted successfully
C:\Users\Outros\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_ads1.msads.net_0.localstorage-journal deleted successfully
C:\Users\Outros\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage deleted successfully
C:\Users\Outros\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_c.betrad.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Cristiano\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Cristiano\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Outros\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Outros\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Cristiano\AppData\Roaming\Opera Software\Opera Stable\Preferences was reset successfully
C:\Users\Cristiano\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Outros\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Outros\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
C:\Users\Cristiano\AppData\Roaming\Opera Software\Opera Stable\Web Data was reset successfully
C:\Users\Cristiano\AppData\Roaming\Opera Software\Opera Stable\Web Data-journal was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Outros\Desktop\ALDO - Atalho.lnk - D:\ALDO
C:\Users\Outros\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Outros\Desktop\IRPF2015 - Atalho.lnk - C:\Arquivos de Programas RFB\IRPF2015\IRPF2015.exe
C:\Users\Outros\Desktop\Receitanet 1.04 .lnk - C:\Program Files (x86)\Programas RFB\Receitanet\Windows\Receitanet.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\AVG Protection.lnk - C:\Program Files (x86)\AVG\Av\avgui.exe
C:\Users\Public\Desktop\Foxit Advanced PDF Editor.lnk - C:\Program Files (x86)\Foxit Software\Foxit Advanced PDF Editor\Foxit Advanced PDF Editor.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1046-7B44-AC0F074E4100}\SC_Reader.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk - C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 16\Ajuda.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 16\lang\BurningStudio-en-us.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 16\Ashampoo Burning Studio 16 .lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 16\burningstudio16.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 16\Desinstalar Ashampoo Burning Studio 16.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 16\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo\Ashampoo Burning Studio 16\Leia-me.lnk - C:\Program Files (x86)\Ashampoo\Ashampoo Burning Studio 16\readme_pt_br.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG Protection.lnk - C:\Program Files (x86)\AVG\Av\avgui.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dindin\Cópia de Segurança.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dindin\Desinstalar Dindin.lnk - C:\Program Files (x86)\Dindin\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dindin\Dindin.lnk - C:\Program Files (x86)\Dindin\Dindin.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dindin\Gerenciador.lnk - C:\Program Files (x86)\Dindin\Dindin.exe /gerenciador
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dindin\Localizador.lnk - C:\Program Files (x86)\Dindin\Dindin.exe /localizador
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Rapid Storage Technology.lnk - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorUI.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configurar Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_73\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Sobre o Java.lnk - C:\Program Files (x86)\Java\jre1.8.0_73\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Verificar Atualizações.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4\LibreOffice Base.lnk - C:\Program Files (x86)\LibreOffice 4\program\sbase.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4\LibreOffice Calc.lnk - C:\Program Files (x86)\LibreOffice 4\program\scalc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4\LibreOffice Draw.lnk - C:\Program Files (x86)\LibreOffice 4\program\sdraw.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4\LibreOffice Impress.lnk - C:\Program Files (x86)\LibreOffice 4\program\simpress.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4\LibreOffice Math.lnk - C:\Program Files (x86)\LibreOffice 4\program\smath.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4\LibreOffice Writer.lnk - C:\Program Files (x86)\LibreOffice 4\program\swriter.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4\LibreOffice.lnk - C:\Program Files (x86)\LibreOffice 4\program\soffice.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\Silverlight.Configuration.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Program Uninstaller\Wise Program Uninstaller.lnk - C:\Program Files (x86)\Wise\Wise Program Uninstaller\WiseProgramUninstaller.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Outros\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Outros\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Outros\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Outros\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Outros\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Outros\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Web TuneUp deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cristiano\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Cristiano\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Outros\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Cristiano\AppData\Local\Mozilla\Firefox\Profiles\f714aep6.default-1435240498475\cache2 emptied successfully
C:\Users\Outros\AppData\Local\Mozilla\Firefox\Profiles\9x62d7lp.default\cache2 emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Cristiano\AppData\Local\Opera Software\Opera Stable\Cache emptied successfully
C:\Users\Cristiano\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Outros\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== Reset WMI ======================

Os seguintes servi‡os sÆo dependentes do servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows.
Finalizar o servi‡o Testador de instrumenta‡Æo de gerenciam. do Windows tamb‚m finalizar estes servi‡os.

Central de Seguran‡a
Auxiliar de IP
Intel® Rapid Storage Technology

O servi‡o de Central de Seguran‡a est sendo finalizado .
O servi‡o de Central de Seguran‡a foi finalizado com ˆxito.

O servi‡o de Auxiliar de IP est sendo finalizado .
O servi‡o de Auxiliar de IP foi finalizado com ˆxito.

O servi‡o de Intel® Rapid Storage Technology est sendo finalizado .....
O servi‡o de Intel® Rapid Storage Technology foi finalizado com ˆxito.

O servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows est sendo finalizado .
O servi‡o de Testador de instrumenta‡Æo de gerenciam. do Windows foi finalizado com ˆxito.

C:\Windows\system32\wbem\repository renamed to repository.old
C:\Windows\syswow64\wbem\repository renamed to repository.old

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1144 folders=198 273441947 bytes)

==== Empty Temp Folders ======================

C:\Users\Cristiano\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Outros\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\CRISTI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\PROGRA~2\Wondershare\WAF\2.1.4.4\WsAppCommon.dll" not found
"C:\PROGRA~2\Wondershare\WAF\2.1.4.4\WsAppService.exe" not found
"C:\PROGRA~2\Wondershare" not found

==== EOF on 10/02/2016 at 20:17:55,49 ======================

[Cristiano T. 0]

Complementando....

 

Recebi mais dois emails daquele tipo que falei dia 04 e 05.

Um através do email @outlook.com e outro através @live.com, esse último era meu antigo email da hotmail que ficou atrelado ao que utilizo atualmente, mas não sei como remover.

 

http://www.cjoint.com/c/FBkx2uwGfJe

 

http://www.cjoint.com/c/FBkx4MEPrse

[caedurodrigues 19]

Boa noite,

• Baixe: <ZHPDiag3 ><> ( ...Nicolas Coolman)

• Na página, clique

• Salve-a no Desktop (Área de trabalho)

• Dê um duplo clique para executar .

• Para Windows 7, 8 clique direito e depois em

• Clique "Eu"

• Clique em Scanner

• Após a Conclusão

• Clique em Relatório

• Obs: O relatório por ser extenso deve ser postado em um desses sites:

• Acesse: <>

• Ou acesse:<>

• Maiores informações:<Link> << Hospedagem !

[Cristiano T. 0]

http://www.cjoint.com/c/FBmoU6lVMJH

[caedurodrigues 19]

Boa noite,

• Baixe: <>

• Estando na página,clique:

• Salve na Desktop, instale a ferramenta.

• Execute este script na ferramenta ZHPFix.

• Copie estas informações que estão em vermelho para o Bloco de notas.

• Com o Bloco de notas aberto, faça: ctrl+a >> ctrl+c.

• À seguir, minimize o Bloco de notas.

Script ZHPFix

SysRestore

O23 - Service: Wondershare Application Framework Service (WsAppService) . (...) - C:\Program Files (x86)\Wondershare\WAF\2.1.4.4\WsAppService.exe (.not file.)

O4 - HKLM\..\Wow6432Node\Run: [Wondershare Helper Compact.exe] C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe (.not file.)

O4 - HKLM\..\Wow6432Node\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe (.not file.)

O43 - CFD: 07/11/2014 - [] D -- C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS

O87 - FAEL: "{3847B844-0931-490D-86B1-D768C404ECAD}" [in-None-P6-TRUE] .(...) -- C:\Program Files\KMSpico\KMSELDI.exe (.not file.) =>HackTool.KMSpico

O87 - FAEL: "{8297513D-7F22-4F7F-9E84-6897DB08E867}" [in-None-P17-TRUE] .(...) -- C:\Program Files\KMSpico\KMSELDI.exe (.not file.) =>HackTool.KMSpico

O87 - FAEL: "{EE716790-3DB9-467B-96F9-6A97E8D365D3}" [in-None-P6-TRUE] .(...) -- C:\Program Files\KMSpico\AutoPico.exe (.not file.) =>HackTool.KMSpico

O87 - FAEL: "{C85C1F84-2585-4B0B-BECA-CEA8857BE06B}" [in-None-P17-TRUE] .(...) -- C:\Program Files\KMSpico\AutoPico.exe (.not file.) =>HackTool.KMSpico

C:\ProgramData\Microsoft Toolkit =>HackTool.AutoKMS

EmptyClsid

FirewallRaz

EmptyPrefetch

EmptyTemp

EmptyFlash

• Abra a ferramenta ZHPFix. <>

• Clique em IMPORTAÇÃO > OK

• Clique "GO".

• Poste o Relatório!

Um grande abraço.

Esse script foi elaborado somente para este computador, de acordo com os arquivos e chaves presentes.

Aos visitantes: Se estiverem com um problema semelhante, não utilizem esse script, pois o uso sem supervisão pode causar danos ao sistema.

[Cristiano T. 0]

Rapport de ZHPFix 2015.10.19.9 par Nicolas Coolman, Update du 19/10/2015
Fichier d'export Registre :
Run by Cristiano at 17/02/2016 22:02:07
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 06s)
Prefetcher vazio

========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (7)
ELIMINÉ Flash Cookies (0)

========== Ficheiros ==========
ELIMINÉ Temporários windows (28) (280.839 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
2 : Valores do Registo
3 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 01mn 05s

========== Caminho do ficheiro do relatório ==========
C:\Users\Cristiano\AppData\Roaming\ZHP\ZHPFix[R1].txt - 17/02/2016 22:02:14 [983]

[caedurodrigues 19]

Boa noite, vamos fazer um check em certos serviços, atualizações e programas de segurança

• Baixe: <> (...by glax24)

• Salve-a na Desktop (Área de trabalho)

• Para Windows 7, 8, e 10 clique direito em SecurityCheck e clique em

• Aguarde enquanto a ferramenta faz o exame.

• Ao término clique em "OK".

• Ao final, abrirá um log, o SecurityCheck.txt.Este log é salvo em C: (Disco local) na pasta SecurityCheck que foi criada.

• Não Anexe, apenas Copie e cole o relatório!.

[Cristiano T. 0]

Vamos lá...

 

 

 

 

SecurityCheck by glax24 & Severnyj v.1.4.0.35 [23.01.16]
WebSite: www.safezone.cc
DateLog: 18.02.2016 08:19:42
Path starting: C:\Users\Cristiano\AppData\Local\Temp\SecurityCheck\SecurityCheck.exe
Log directory: C:\SecurityCheck\
IsAdmin: True
User: Cristiano
VersionXML: 2.49is-17.02.2016
___________________________________________________________________________

Windows 7(6.1.7601) Service Pack 1 (x64) Ultimate Lang: Portuguese(0816)
Installation date OS: 07.11.2014 22:36:26
LicenseStatus: Windows® 7, Ultimate edition The machine is permanently activated.
Boot Mode: Normal
Default Browser: C:\Program Files (x86)\Mozilla Firefox\firefox.exe
SystemDrive: C: FS: [NTFS] Capacity: [107.4 Gb] Used: [86.2 Gb] Free: [21.2 Gb]
------------------------------- [ Windows ] -------------------------------
Internet Explorer 11.0.9600.17914 Warning! Download Update
Online installation. Last version available when Windows update is enabled throught the Internet.
User Account Control enabled
Notify of download and installation
Date install updates: 2015-07-24 17:37:11
Windows Update (wuauserv) - The service is running
Central de Segurança (wscsvc) - The service is running
Registo remoto (RemoteRegistry) - The service has stopped
Descoberta SSDP (SSDPSRV) - The service is running
Serviços de Área de Trabalho Remota (TermService) - The service has stopped
Windows Remote Management (WS-Management) (WinRM) - The service has stopped
---------------------------- [ Antivirus_WMI ] ----------------------------
AVG AntiVirus Free Edition (enabled and up to date)
--------------------------- [ FirewallWindows ] ---------------------------
Firewall do Windows (MpsSvc) - The service is running
--------------------------- [ AntiSpyware_WMI ] ---------------------------
AVG AntiVirus Free Edition (enabled and up to date)
---------------------- [ AntiVirusFirewallInstall ] -----------------------
ESET Online Scanner v3
-------------------------- [ SecurityUtilities ] --------------------------
Malwarebytes Anti-Malware versão 2.2.0.1024 v.2.2.0.1024
--------------------------- [ OtherUtilities ] ----------------------------
WinRAR 5.01 (64-bit) v.5.01.0 Warning! Download Update
Microsoft Silverlight v.5.1.41212.0
TeamViewer 9 v.9.0.32494 Warning! Download Update
^Optional update.^
LibreOffice 4.4.7.2 v.4.4.7.2
--------------------------------- [ P2P ] ---------------------------------
µTorrent v.3.4.5.41372 Warning! P2P-client.
-------------------------------- [ Java ] ---------------------------------
Java 8 Update 73 v.8.0.730.2 Warning! Download Update
Uninstall old version and install new one.
--------------------------- [ AdobeProduction ] ---------------------------
Adobe Flash Player 20 ActiveX v.20.0.0.306
Adobe Flash Player 20 NPAPI v.20.0.0.306
Adobe Acrobat Reader DC - Português v.15.010.20059 [+]
------------------------------- [ Browser ] -------------------------------
Google Chrome v.48.0.2564.109
Mozilla Firefox 44.0.2 (x86 pt-BR) v.44.0.2
Opera Stable 35.0.2066.68 v.35.0.2066.68
----------------------------- [ EmailClient ] -----------------------------
Mozilla Thunderbird 38.6.0 (x86 pt-BR) v.38.6.0
--------------------------- [ RunningProcess ] ----------------------------
c:\PROGRA~2\AVG\Av\avgrsa.exe v.16.31.0.7357
C:\Program Files (x86)\AVG\Av\avgcsrva.exe v.16.31.0.7357
C:\Program Files (x86)\AVG\Av\avgidsagent.exe v.16.31.0.7357
C:\Program Files (x86)\AVG\Av\avgnsa.exe v.16.31.0.7357
C:\Program Files (x86)\AVG\Av\avgemca.exe v.16.31.0.7357
C:\Program Files (x86)\AVG\Av\avgui.exe v.16.31.0.7357
----------------------------- [ End of Log ] ------------------------------

[caedurodrigues 19]

Bom dia, como está o PC ? O problema do e-mail ainda continua ?

[Cristiano T. 0]

Em relação ao PC tudo ok. Mas o problema do email continua =/

 

Estou anexando o print dos últimos que chegaram e enviarei o código fonte de dois desses emails via MP caso te ajude a identificar algo.
Abraço!

 

 

http://www.cjoint.com/c/FBtqpeLb77y

[caedurodrigues 19]

Bom dia Cristiano, desculpe-me a demora em respondê-lo. O seu problema tem relação com a técnica chamada Spoofing, como podemos ver no cabeçalho do e-mail que você me enviou: smtp.mailfrom=www-data@regreg4tr34.regreg4tr34.b9.internal.cloudapp.net, que mostra que não foi enviado por você. Dê uma olhada aqui:

 

http://answers.microsoft.com/pt-br/outlook_com/forum/osecurity-osafe/meu-e-mail-fica-enviando-e-mails-sozinho-como/fbeb45b6-f3b9-4249-b54f-bce93eb88b04

 

http://answers.microsoft.com/pt-br/outlook_com/forum/oemail-osend/recebo-e-mails-de-eu-mesmo/8d4eca9f-e33b-4bb0-9fc9-3fa587424e8d?auth=1

 

 

Podemos finalizar o tópico ?

[Cristiano T. 0]

Pode finalizar.

 

Obrigado pela ajuda.