Usamos cookies para medir audiência e melhorar sua experiência. Você pode aceitar ou recusar a qualquer momento. Veja sobre o iMasters.
Suspeito que aqui tenha sido infectado com estes virus graças a um Torrent que minha namorada baixou no link abaixo, o note é meu e dela: megasoftwareparadise.blogspot.com.br/2013/12/ape-ripper-630-torrent.html E depois ela ao instalar esse Ape Ripper que supostamente deveria estar normal só ficava dando erro e no final o NOD32 alertou sobre vírus Redmys.AF, Boaxxe.BH.gen e Boaxxe.BE em três processos, e como aqui no Windows 8.1 ainda não dá pra usar ComboFix usei MalwareBytes e Kaspersky Security Scan para localizar o foco do virus e ambos encontraram arquivos infectados que nem o NOD32 detectou, os que o KSS encontrou removi manualmente mas 4 dias depois o NOD32 encontrou mais arquivos infectados com Boaxxe.BE e Kryptik.BTEM/BTOF e Generik e agora já faz uns 2 dias que não é encontrado nenhum arquivo infectado mas não sei se os focos sumiram de vez daqui, segue aqui os logs do MB: Citar Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org Versão da Base de Dados: v2014.01.20.06 Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
leticia cruz:: PC-CRUZ [administrador] Proteção: Permitir 20/01/2014 16:50:48
mbam-log-2014-01-20 (16-50-48).txt Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM | P2P
Opções de verificação desativadas:
Objetos escaneados: 501432
Tempo decorrido: 3 hora(s), 38 minuto(s), 1 segundo(s) Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 1
C:\Users\leticia cruz\AppData\Local\AVworks\mc_demux_mp4.dll (VirTool.Vbcrypt) -> Será deletado na próxima inicialização. Chaves de Registro Detectadas: 16
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{60EACC1A-33FA-443D-9846-17B28E2C9BDB} (PUP.Optional.MiniBar.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044} (PUP.Optional.MiniBar.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C} (PUP.Optional.MiniBar.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\Interface\{06E50566-0AB7-431C-841D-62794727DAF9} (PUP.Optional.MiniBar.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} (PUP.Optional.MiniBar.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} (PUP.Optional.MiniBar.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCR\AppID\Iminent.WebBooster.InternetExplorer.DLL (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Enviado para a Quarentena e deletado com sucesso.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Enviado para a Quarentena e deletado com sucesso. Valores de Registro Detectadas: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AVworks (VirTool.Vbcrypt) -> Data: regsvr32.exe "C:\Users\leticia cruz\AppData\Local\AVworks\mc_demux_mp4.dll" -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{539F76FD-084E-4858-86D5-62F02F54AE86} (PUP.Optional.MiniBar.A) -> Data: -> Enviado para a Quarentena e deletado com sucesso.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{539F76FD-084E-4858-86D5-62F02F54AE86} (PUP.Optional.MiniBar.A) -> Data: -> Enviado para a Quarentena e deletado com sucesso.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0S1M2W1C1S1J1T1L1E1B1I -> Enviado para a Quarentena e deletado com sucesso. Itens de Dados no Registro Detectadas: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Ruim: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Bom: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Enviado para a Quarentena e reparado com sucesso. Pastas Detectadas: 3
C:\Users\leticia cruz\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\eSafe (PUP.Optional.Esafe.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\leticia cruz\AppData\Roaming\FILE SCOUT (PUP.Optional.FileScout.A) -> Enviado para a Quarentena e deletado com sucesso. Arquivos Detectados: 13
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\amtlib.dll (PUP.RiskwareTool.CK) -> Nenhuma ação foi feita.
C:\Program Files\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> Nenhuma ação foi feita.
C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> Nenhuma ação foi feita.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\amtlib.dll (PUP.RiskwareTool.CK) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\fabricio.therebels.convertxtodvd.v5.1.0.2\patch.exe (PUP.Riskware.Patcher) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\Internet Download Manager 6.18 build 2\Keygen-Patch UnREaL RCE\Keygen.and.Patch-UnREaL.exe (RiskWare.Tool.CK) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\kawyn.therebels.sbousidm\IDM.v6.xx.release.3-patch-IREC\IDM.v6.xx.release.3-patch.exe (PUP.Hacktool.Patcher) -> Nenhuma ação foi feita.
C:\Windows\Office15\Activator\OfficeAcT.exe (Spyware.Banker) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\AppData\Local\AVworks\mc_demux_mp4.dll (VirTool.Vbcrypt) -> Será deletado na próxima inicialização.
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp9982.exe (Trojan.Dorkbot.ED) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\leticia cruz\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\ProgramData\eSafe\EDELAYINFO.EDB (PUP.Optional.Esafe.A) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\leticia cruz\AppData\Roaming\FILE SCOUT\uninst.exe (PUP.Optional.FileScout.A) -> Enviado para a Quarentena e deletado com sucesso. (fim) Citar Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org Versão da Base de Dados: v2014.01.20.06 Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
leticia cruz:: PC-CRUZ [administrador] Proteção: Permitir 20/01/2014 16:50:48
MBAM-log-2014-01-20 (21-22-03).txt Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM | P2P
Opções de verificação desativadas:
Objetos escaneados: 501432
Tempo decorrido: 3 hora(s), 38 minuto(s), 1 segundo(s) Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 1
C:\Users\leticia cruz\AppData\Local\AVworks\mc_demux_mp4.dll (VirTool.Vbcrypt) -> Nenhuma ação foi feita. Chaves de Registro Detectadas: 16
HKCR\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} (PUP.Optional.Delta.A) -> Nenhuma ação foi feita.
HKCR\CLSID\{60EACC1A-33FA-443D-9846-17B28E2C9BDB} (PUP.Optional.MiniBar.A) -> Nenhuma ação foi feita.
HKCR\CLSID\{AA74D58F-ACD0-450D-A85E-6C04B171C044} (PUP.Optional.MiniBar.A) -> Nenhuma ação foi feita.
HKCR\TypeLib\{F13D3582-1359-4F8F-9A48-EF3AE9F5701C} (PUP.Optional.MiniBar.A) -> Nenhuma ação foi feita.
HKCR\Interface\{06E50566-0AB7-431C-841D-62794727DAF9} (PUP.Optional.MiniBar.A) -> Nenhuma ação foi feita.
HKCR\CLSID\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} (PUP.Optional.MiniBar.A) -> Nenhuma ação foi feita.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{AAA38851-3CFF-475F-B5E0-720D3645E4A5} (PUP.Optional.MiniBar.A) -> Nenhuma ação foi feita.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{AF6B0594-6008-4327-93E5-608AD710A6FA} (PUP.Optional.WebCake.A) -> Nenhuma ação foi feita.
HKCR\AppID\Iminent.WebBooster.InternetExplorer.DLL (PUP.Optional.Iminent.A) -> Nenhuma ação foi feita.
HKCU\SOFTWARE\BabylonToolbar (PUP.Optional.BabylonToolBar.A) -> Nenhuma ação foi feita.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Nenhuma ação foi feita.
HKCU\Software\DataMngr (PUP.Optional.DataMngr.A) -> Nenhuma ação foi feita.
HKCU\Software\InstallCore\1I1T1Q1S (PUP.Optional.InstallCore.A) -> Nenhuma ação foi feita.
HKCU\SOFTWARE\INSTALLCORE (PUP.Optional.InstallCore.A) -> Nenhuma ação foi feita.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86} (PUP.Optional.Qone8) -> Nenhuma ação foi feita.
HKLM\Software\Iminent (PUP.Optional.Iminent.A) -> Nenhuma ação foi feita. Valores de Registro Detectadas: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|AVworks (VirTool.Vbcrypt) -> Data: regsvr32.exe "C:\Users\leticia cruz\AppData\Local\AVworks\mc_demux_mp4.dll" -> Nenhuma ação foi feita.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{539F76FD-084E-4858-86D5-62F02F54AE86} (PUP.Optional.MiniBar.A) -> Data: -> Nenhuma ação foi feita.
HKCU\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks|{539F76FD-084E-4858-86D5-62F02F54AE86} (PUP.Optional.MiniBar.A) -> Data: -> Nenhuma ação foi feita.
HKCU\Software\InstallCore|tb (PUP.Optional.InstallCore.A) -> Data: 0S1M2W1C1S1J1T1L1E1B1I -> Nenhuma ação foi feita. Itens de Dados no Registro Detectadas: 1
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes|DefaultScope (PUP.Optional.Qone8) -> Ruim: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}) Bom: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}) -> Nenhuma ação foi feita. Pastas Detectadas: 3
C:\Users\leticia cruz\AppData\Roaming\Babylon (PUP.Optional.Babylon.A) -> Nenhuma ação foi feita.
C:\ProgramData\eSafe (PUP.Optional.Esafe.A) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\AppData\Roaming\FILE SCOUT (PUP.Optional.FileScout.A) -> Nenhuma ação foi feita. Arquivos Detectados: 13
C:\Users\leticia cruz\AppData\Local\AVworks\mc_demux_mp4.dll (VirTool.Vbcrypt) -> Nenhuma ação foi feita.
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\amtlib.dll (PUP.RiskwareTool.CK) -> Nenhuma ação foi feita.
C:\Program Files\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> Nenhuma ação foi feita.
C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> Nenhuma ação foi feita.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\amtlib.dll (PUP.RiskwareTool.CK) -> Nenhuma ação foi feita.
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmp9982.exe (Trojan.Dorkbot.ED) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\fabricio.therebels.convertxtodvd.v5.1.0.2\patch.exe (PUP.Riskware.Patcher) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\Internet Download Manager 6.18 build 2\Keygen-Patch UnREaL RCE\Keygen.and.Patch-UnREaL.exe (RiskWare.Tool.CK) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\kawyn.therebels.sbousidm\IDM.v6.xx.release.3-patch-IREC\IDM.v6.xx.release.3-patch.exe (PUP.Hacktool.Patcher) -> Nenhuma ação foi feita.
C:\Windows\Office15\Activator\OfficeAcT.exe (Spyware.Banker) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\AppData\Roaming\Babylon\log_file.txt (PUP.Optional.Babylon.A) -> Nenhuma ação foi feita.
C:\ProgramData\eSafe\EDELAYINFO.EDB (PUP.Optional.Esafe.A) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\AppData\Roaming\FILE SCOUT\uninst.exe (PUP.Optional.FileScout.A) -> Nenhuma ação foi feita. (fim) Citar Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org Versão da Base de Dados: v2014.01.21.05 Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
leticia cruz:: PC-CRUZ [administrador] Proteção: Permitir 21/01/2014 14:30:47
mbam-log-2014-01-21 (14-30-47).txt Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM | P2P
Opções de verificação desativadas:
Objetos escaneados: 496824
Tempo decorrido: 3 hora(s), 24 minuto(s), 16 segundo(s) Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos) Pastas Detectadas: 0
(Não foram detectados ítens maliciosos) Arquivos Detectados: 8
C:\Users\leticia cruz\Downloads\Compressed\fabricio.therebels.convertxtodvd.v5.1.0.2\patch.exe (PUP.Riskware.Patcher) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\Internet Download Manager 6.18 build 2\Keygen-Patch UnREaL RCE\Keygen.and.Patch-UnREaL.exe (RiskWare.Tool.CK) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\kawyn.therebels.sbousidm\IDM.v6.xx.release.3-patch-IREC\IDM.v6.xx.release.3-patch.exe (PUP.Hacktool.Patcher) -> Nenhuma ação foi feita.
C:\Windows\Office15\Activator\OfficeAcT.exe (Spyware.Banker) -> Nenhuma ação foi feita.
C:\Program Files\Adobe\Acrobat 10.0\Acrobat\amtlib.dll (PUP.RiskwareTool.CK) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Adobe\Adobe Illustrator CS6\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\amtlib.dll (PUP.RiskwareTool.CK) -> Enviado para a Quarentena e deletado com sucesso.
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\amtlib.dll (PUP.RiskwareTool.CK) -> Enviado para a Quarentena e deletado com sucesso. (fim) Citar Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org Versão da Base de Dados: v2014.01.24.03 Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
leticia cruz:: PC-CRUZ [administrador] Proteção: Não permitir 24/01/2014 06:09:26
mbam-log-2014-01-24 (06-09-26).txt Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM | P2P
Opções de verificação desativadas:
Objetos escaneados: 499275
Tempo decorrido: 3 hora(s), 19 minuto(s), 38 segundo(s) Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos) Pastas Detectadas: 0
(Não foram detectados ítens maliciosos) Arquivos Detectados: 8
C:\Program Files (x86)\Internet Download Manager\(IDM) Keygen + Patch Update 1 -UnREaL.exe (RiskWare.Tool.CK) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\AppData\Local\Temp\NeroInstallFiles\NERO20131212105334547\ISSetupPrerequisites\opencandy\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\Internet Download Manager (IDM) 6.18 Build 12 Full Including Keygen+Patch\(IDM) Keygen + Patch Update 1\(IDM) Keygen + Patch Update 1 -UnREaL.exe (RiskWare.Tool.CK) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\Nero 2014\-patch.exe (PUP.Riskware.Patcher) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\raylson.therebels.2014NEPlaT\Patch Kindly\nero.14.platinum.v15.0.02200_patch.exe (PUP.Riskware.Patcher) -> Nenhuma ação foi feita.
C:\ProgramData\Microsoft\BingDesktop\BingCore\temp\tmpE22F.exe (Trojan.Ransom.ED) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\leticia cruz\AppData\Local\Google\Chrome\User Data\Default\File System\001\t\00\00000015 (RiskWare.Tool.CK) -> Enviado para a Quarentena e deletado com sucesso.
C:\Users\leticia cruz\AppData\Local\Temp\rbbrapgz.exe (Trojan.Ransom.ED) -> Enviado para a Quarentena e deletado com sucesso. (fim) Citar Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org Versão da Base de Dados: v2014.01.25.08 Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16476
leticia cruz:: PC-CRUZ [administrador] Proteção: Não permitir 26/01/2014 02:46:57
mbam-log-2014-01-26 (02-46-57).txt Tipo de Verificação: Verificação Completa (C:\|D:\|)
Opções de verificações ativadas: Memória | Inicialização | Registro | Sistema de arquivos | Heurística/Extra | Heurística/Shuriken | PUP | PUM | P2P
Opções de verificação desativadas:
Objetos escaneados: 499900
Tempo decorrido: 3 hora(s), 15 minuto(s), 13 segundo(s) Processos de Memória Detectados: 0
(Não foram detectados ítens maliciosos) Módulos de Memória Detectados: 0
(Não foram detectados ítens maliciosos) Chaves de Registro Detectadas: 0
(Não foram detectados ítens maliciosos) Valores de Registro Detectadas: 0
(Não foram detectados ítens maliciosos) Itens de Dados no Registro Detectadas: 0
(Não foram detectados ítens maliciosos) Pastas Detectadas: 0
(Não foram detectados ítens maliciosos) Arquivos Detectados: 5
C:\Program Files (x86)\Internet Download Manager\(IDM) Keygen + Patch Update 1 -UnREaL.exe (RiskWare.Tool.CK) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\AppData\Local\Temp\NeroInstallFiles\NERO20131212105334547\ISSetupPrerequisites\opencandy\OCSetupHlp.dll (PUP.Optional.OpenCandy) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\Internet Download Manager (IDM) 6.18 Build 12 Full Including Keygen+Patch\(IDM) Keygen + Patch Update 1\(IDM) Keygen + Patch Update 1 -UnREaL.exe (RiskWare.Tool.CK) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\Nero 2014\-patch.exe (PUP.Riskware.Patcher) -> Nenhuma ação foi feita.
C:\Users\leticia cruz\Downloads\Compressed\raylson.therebels.2014NEPlaT\Patch Kindly\nero.14.platinum.v15.0.02200_patch.exe (PUP.Riskware.Patcher) -> Nenhuma ação foi feita. (fim) E aqui está uma print vinda da quarentena do NOD32:
/applications/core/interface/imageproxy/imageproxy.php?img=http://oi39.tinypic.com/14ub3v5.jpg&key=531b9e1e2aa9ba53eb2b61e0f2db1955900d95981f0d0de478f468795dbdcd17" alt="14ub3v5.jpg" />
Modo normal:
Citar GMER 2.1.19355 - http://www.gmer.net
Rootkit scan 2014-01-27 01:45:38
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000033 ST320LM001_HN-M320MBB rev.2AR10002 298,09GB
Running: qc8e6tnb.exe. Driver: C:\Users\LETICI~1\AppData\Local\Temp\kfrdapog.sys ---- User code sections - GMER 2.1 ----.text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[992] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 194 00007ff8fa191f6a 4 bytes [19, FA, F8, 7F].text C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe[992] C:\WINDOWS\SYSTEM32\WSOCK32.dll!setsockopt + 218 00007ff8fa191f82 4 bytes [19, FA, F8, 7F].text C:\Windows\System32\igfxpers.exe[1904] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ff90f66169a 4 bytes [66, 0F, F9, 7F].text C:\Windows\System32\igfxpers.exe[1904] C:\WINDOWS\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ff90f6616a2 4 bytes [66, 0F, F9, 7F].text C:\Windows\System32\igfxpers.exe[1904] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ff90f66181a 4 bytes [66, 0F, F9, 7F].text C:\Windows\System32\igfxpers.exe[1904] C:\WINDOWS\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ff90f661832 4 bytes [66, 0F, F9, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [688:704] fffff960009464d0
Thread C:\WINDOWS\system32\svchost.exe [1268:1672] 00007ff907a22b90
Thread C:\WINDOWS\system32\svchost.exe [1268:2728] 00007ff907a267bc
Thread C:\WINDOWS\system32\svchost.exe [1268:2996] 00007ff902562110
Thread C:\WINDOWS\system32\svchost.exe [1268:3020] 00007ff901784608
Thread C:\WINDOWS\system32\svchost.exe [1268:3032] 00007ff9016c1584
Thread C:\WINDOWS\system32\svchost.exe [1268:3056] 00007ff901101b30
Thread C:\WINDOWS\system32\svchost.exe [1296:1676] 00007ff9065d12f8
Thread C:\WINDOWS\system32\svchost.exe [1296:1664] 00007ff9065b3118
Thread [3812:1576] 00007ff9111c2764
Thread C:\WINDOWS\SYSTEM32\ntdll.dll [1932:2044] 00000000000ba9e7
---- Processes - GMER 2.1 ---- Process C:\ProgramData\DatacardService\HWDeviceService64.exe ( suspicious ) @ C:\ProgramData\DatacardService\HWDeviceService64.exe [1796] 00007ff79f690000
Library C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll ( suspicious ) @ C:\WINDOWS\Explorer.EXE [2524] (FILE NOT FOU 00007ff8fde50000
Library C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll ( suspicious ) @ C:\WINDOWS\Explorer.EXE [2524] 00007ff8fcbc0000
Library C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll ( suspicious ) @ C:\WINDOWS\Explorer.EXE 2524 00007ff8fbb40000
Process C:\ProgramData\DatacardService\DCSHelper.exe ( suspicious ) @ C:\ProgramData\DatacardService\DCSHelper.exe [2624] 0000000000400000
Process C:\Users\leticia cruz\AppData\Roaming\VIVO INTERNET\ouc.exe ( suspicious ) @ C:\Users\leticia cruz\AppData\Roaming\VIVO INTERNET\ouc.exe [2276] 0000000000400000
Process C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe ( suspicious ) @ C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe [3860] 0000000000400000
Library C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ( suspicious ) @ C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe 3860 0000000003f00000
Library C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\libcef.dll ( suspicious ) @ C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe 3860 000000006a600000
Library C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\icudt.dll ( suspicious ) @ C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe [3860] 0000000069ad0000
Process C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe ( suspicious ) @ C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3316] 0000000000d60000
Process C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe ( suspicious ) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe [3492] (Com(2013-11-20 22:48:09) 00007ff610b90000
Library C:\Program Files\WindowsApps\Microsoft.VCLibs.120.00_12.0.21005.1_x64__8wekyb3d8bbwe\msvcr120_app.dll ( suspicious ) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe [3492] (Microsoft® C R(2013-10-20 00:48:57) 00007ff8fe790000
Library C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\wllog.dll ( suspicious ) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe [3492] (Window(2013-11-20 22:48:10) 00007ff900b20000
Library C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.Service.dll ( suspicious ) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d(2013-11-20 22:48:10) 00007ff8f4420000
Library C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\bici.dll ( suspicious ) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\LiveComm.exe [3492] (Windows(2013-11-20 22:48:09) 00007ff900860000
Library C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\Microsoft.WindowsLive.Platform.dll ( suspicious ) @ C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20315_x64__8wekyb3d8bbwe\Li(2013-11-20 22:48:09) 00007ff8f4130000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ---- Modo de segurança: Citar GMER 2.1.19355 - http://www.gmer.net
Rootkit scan 2014-01-27 02:02:07
Windows 6.3.9600 x64 \Device\Harddisk0\DR0 -> \Device\00000033 ST320LM001_HN-M320MBB rev.2AR10002 298,09GB
Running: qc8e6tnb.exe. Driver: C:\Users\LETICI~1\AppData\Local\Temp\kfrdapog.sys ---- Kernel code sections - GMER 2.1 ----.text C:\WINDOWS\system32\ntoskrnl.exe!NtCallbackReturn + 960 fffff8038d357a00 26 bytes [80, 1F, AE, FF, 82, 28, 5E,...] ---- User code sections - GMER 2.1 ----.text C:\WINDOWS\Explorer.EXE[876] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 714 00007ffa2cc8154a 4 bytes [C8, 2C, FA, 7F].text C:\WINDOWS\Explorer.EXE[876] C:\WINDOWS\SYSTEM32\MSIMG32.dll!GradientFill + 722 00007ffa2cc81552 4 bytes [C8, 2C, FA, 7F].text C:\WINDOWS\Explorer.EXE[876] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 98 00007ffa2cc8162a 4 bytes [C8, 2C, FA, 7F].text C:\WINDOWS\Explorer.EXE[876] C:\WINDOWS\SYSTEM32\MSIMG32.dll!TransparentBlt + 122 00007ffa2cc81642 4 bytes [C8, 2C, FA, 7F] ---- Threads - GMER 2.1 ---- Thread C:\WINDOWS\system32\csrss.exe [460:476] fffff9600094a4d0
---- Processes - GMER 2.1 ---- Library C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll ( suspicious ) @ C:\WINDOWS\Explorer.EXE [876] (FILE NOT FOUND 00007ffa2d5e0000 ---- Disk sectors - GMER 2.1 ---- Disk \Device\Harddisk0\DR0 unknown MBR code ---- EOF - GMER 2.1 ----
Não tive tempo pra isso ainda porque minha namorada tá fazendo pressão pra mim assistir American Horror Story com ela, mas agora apareceu mais esse:
/applications/core/interface/imageproxy/imageproxy.php?img=http://oi62.tinypic.com/f0w8wo.jpg&key=be00d5bb0f6699b7314bbb70b8cd61dc0c70fd0891af2d7a1f1726e6a6e008da" alt="f0w8wo.jpg" />
Bom Dia! tecnicodehardware
|- Baixe: < SFTGC > ( ... de Pierre13 )
|- Salve-o no desktop!
|- Para Windows Vista e 7,execute "SFTGC.exe" como administrador!
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/SFTGC_Go_zps151dad06.jpg&key=1b6242bb716a1a228385ec3e75d2bd83e0dff6646ff08e4d73d5097c9c6f66c5" alt="SFTGC_Go_zps151dad06.jpg" />
|- Execute-o e clique "Go".
|- Aguarde seu término,que é rápido.
|- Poste o relatório! ( SFT.txt )
|- Ps: De acordo com o tamanho do relatório,não poste-o diretamente!
|- Acesse,para essa tarefa! < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Cjoint_Logo.jpg&key=bc3f249ffa4fec167155636520ebfd1fed8f6c8d63b5aa0b8cd82fb55aa2edb7" alt="Cjoint_Logo.jpg" /> >
|- À seguir,execute e poste o relatório de adwcleaner.
Abs!
http://cjoint.com/14fe/DBdbVwYbzR7.htm
*** [ Serviços ] ***
*** [ Arquivos / Pastas ] ***
*** [ Atalhos ] ***
*** [ Registro ] ***
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKLM\Software\Conduit
*** [ Navegadores ] ***
-\\ Internet Explorer v11.0.9600.16384
-\\ Google Chrome v32.0.1700.102
[ Arquivo : C:\Users\leticia cruz\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [930 octets] - [02/02/2014 22:54:00]
AdwCleaner[s0].txt - [793 octets] - [02/02/2014 22:58:16]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [852 octets] ##########
Bom Dia! tecnicodehardware
|- Baixe: < zoek > ( ... by Smeenk )
|- Ou aqui! < /applications/core/interface/imageproxy/imageproxy.php?img=http://www.imgdumper.nl/uploads6/51a612a8b2bc1/51a612a8b27e2-Zoek.png&key=b080d87f02699d418b53b08471d428294848da3b0e2385f0657dbc188036baad" alt="51a612a8b27e2-Zoek.png" /> zoek.exe >
|- Salve-o e descompacte-o para o desktop!
|- Estarão disponíveis: zoek.com, zoek.scr, zoek.pif e zoek.exe
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.
hijackthis;
iedefaults;
chromelook;
firefoxlook;
shortcutfix;
autoclean;
emptytemp;|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".
Zoek.exe is running now.Do not start any browser windows, they will be closed automatically. Please wait! This window will close when finished. A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log
|- Surgirão estas informações,pedindo-lhe que aguarde o surgimento do relatório.
|- Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Zoek_Reboot_zpscf60b3cf.jpg&key=cd3dbc8b6058332b5ca134f03724ff8c45ff51d7f31a8c732301729c7a9e6c94" alt="Zoek_Reboot_zpscf60b3cf.jpg" />
|- Aceite e/ou confirme o reboot!
zoek.hta failed by unknown error.Restart computer, and try again.
|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<
Abs!
Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by leticia cruz on 03/02/2014 at 19:03:54,79.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\leticia cruz\Desktop\zoek\zoek.exe [scan all users] [script inserted]
==== System Restore Info ======================
03/02/2014 19:11:20 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Deleting Files \ Folders ======================
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager deleted
"C:\PROGRA~2\Internet Download Manager\IDMan.exe" deleted
"C:\PROGRA~2\Internet Download Manager\idmmkb.dll" deleted
"C:\PROGRA~2\Internet Download Manager\IDMNetMon64.dll" deleted
"C:\PROGRA~2\Internet Download Manager\IDMShellExt64.dll" deleted
"C:\PROGRA~2\Internet Download Manager\IEMonitor.exe" deleted
"C:\PROGRA~2\Internet Download Manager" not deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"web2pdfextension@web2pdf.adobedotcom"="C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn" [22/01/2014 20:11]
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[23/09/2012 20:43]
jeaohhlajejodfjadcponpnjgkiikocn - C:\Program Files (x86)\Internet Download Manager\IDMGCExt.crx[]
Google Docs - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Last updated at time on date - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb
Google Search - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Adobe Acrobat - Create PDF - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj
IDM Integration Module - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn
ThemeBeta.com - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lehofnfnainbidonokangafhogakodoi
Stop Autoplay for YouTube. - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgdfnbpkmkkdhgidgcpdkgpdlfjcgnnh
Google Wallet - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chrome Fix ======================
C:\Users\leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeaohhlajejodfjadcponpnjgkiikocn deleted successfully
C:\Users\leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\jeaohhlajejodfjadcponpnjgkiikocn deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3276470861-1064914068-939901412-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
HKEY_USERS\S-1-5-21-3276470861-1064914068-939901412-1002\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8} deleted successfully
==== Deleting CLSID Registry Values ======================
==== shortcuts in Users Start Menu ======================
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk -
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Songr.lnk - C:\Users\leticia cruz\AppData\Local\Songr\Songr.exe
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices\GT-B5722.lnk - C:\Program Files (x86)\Bluetooth Suite\Win7UI.exe bc:47:60:55:56:28
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HaZaRD Screensavers\SAO OP1 Screensaver\SAO OP1 Screensaver.lnk - C:\windows\System32\SAO OP1.scr
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HaZaRD Screensavers\SAO OP1 Screensaver\Uninstall SAO OP1 Screensaver.lnk - C:\Program Files (x86)\HaZaRD Screensavers\SAO OP1\Uninstall.exe
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrodist.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-FFFF-7760-000000000006}\_SC_Acrobat.ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Application Manager.lnk - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDapp.exe --appletID=CCM_UI --appletVersion=1.0 --workflow=CCM_workflow_launch
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk - C:\Program Files (x86)\Adobe\Acrobat 11.0\FormsCentral\FormsCentralForAcrobat.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4.lnk - C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe After Effects CS6.lnk - C:\Program Files\Adobe\Adobe After Effects CS6\Support Files\AfterFX.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Audition CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Audition CS6\Adobe Audition CS6.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Bridge CS6 (64bit).lnk - C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Bridge CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Bridge CS6\Bridge.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Dreamweaver CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\Dreamweaver.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Encore CS6.lnk - C:\Program Files\Adobe\Adobe Encore CS6\Adobe Encore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe ExtendScript Toolkit CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Utilities - CS6\ExtendScript Toolkit CS6\ExtendScript Toolkit.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Extension Manager CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Adobe Extension Manager CS6.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Fireworks CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Fireworks CS6\Fireworks.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Flash Professional CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Flash CS6\Flash.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Illustrator CS6 (64 Bit).lnk - C:\Program Files\Adobe\Adobe Illustrator CS6 (64 Bit)\Support Files\Contents\Windows\Illustrator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe InDesign CS6.lnk - C:\Program Files (x86)\Adobe\Adobe InDesign CS6\InDesign.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Media Encoder CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Media Encoder CS6\Adobe Media Encoder.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Photoshop CS6 (64 Bit).lnk - C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Prelude CS6.lnk - C:\Program Files (x86)\Adobe\Adobe Prelude CS6\Adobe Prelude.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe Premiere Pro CS6.lnk - C:\Program Files\Adobe\Adobe Premiere Pro CS6\Adobe Premiere Pro.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Master Collection CS6\Adobe SpeedGrade CS6.lnk - C:\Program Files\Adobe\Adobe SpeedGrade CS6\bin\SpeedGrade.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4\Glary Utilities 4.lnk - C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4\Uninstall.lnk - C:\Program Files (x86)\Glary Utilities 4\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 4\Website.lnk - C:\Program Files (x86)\Glary Utilities 4\Glary Utilities 4.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk - C:\Program Files (x86)\Internet Download Manager\grabber.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk - C:\Program Files (x86)\Internet Download Manager\idman.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk - C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk - C:\Program Files (x86)\Internet Download Manager\license.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk - C:\Program Files (x86)\Internet Download Manager\tutor.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk - C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Outlook 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\outicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013\Word 2013.lnk - C:\WINDOWS\Installer\{90150000-0011-0000-1000-0000000FF1CE}\wordicon.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiPony\MiPony.lnk - C:\Program Files (x86)\MiPony\MiPony.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero Blu-ray Player.lnk - C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero ControlCenter.lnk - C:\WINDOWS\Installer\{ABC88553-8770-4B97-B43E-5A90647A5B63}\ScControlCenterSta_FC2653898C5047A6A872CAF6433C43A8.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero MediaBrowser.lnk - C:\Program Files (x86)\Nero\KM\MediaBrowser.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero MediaHome.lnk - C:\Program Files (x86)\Nero\KM\MediaHome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 2014\Nero 2014.lnk - C:\WINDOWS\Installer\{D5115C78-2D22-4668-A5E2-6C87DED3ED1B}\NeroLauncher.ex_2882597C6E684EBDA23F3CF2CA0CBC30.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 2014\Nero Burning ROM.lnk - C:\WINDOWS\Installer\{F2B9C8D6-C69C-4BA7-95D2-66F1C68D15DA}\ARPPRODUCTICON.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 2014\Nero Disc To Device.lnk - C:\WINDOWS\Installer\{3AD3C0C2-65A2-45AE-BFAF-7879CFFF7DA8}\ScDisc2DeviceStart_31C5D7D15DA846FBB6553A0819A0C381.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 2014\Nero Express.lnk - C:\WINDOWS\Installer\{ED7943A4-2FF0-4096-BBEA-DE3CC206E3D4}\ARPPRODUCTICON.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 2014\Nero Recode.lnk - C:\WINDOWS\Installer\{5B1886C1-6EFA-4D07-95D3-8B84C743CC71}\ScRecodeStartMenu_563A75F05683422E8C558ED3B6DA617D.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 2014\Nero RescueAgent.lnk - C:\WINDOWS\Installer\{581DCE84-1948-4891-A4A7-A1222CC137C5}\NeroRescueAgent.ex_2882597C6E684EBDA23F3CF2CA0CBC30.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero\Nero 2014\Nero Video.lnk - C:\WINDOWS\Installer\{C2A4BAE3-A4E9-4B01-B33D-EF68B976CA70}\ScVisionStartMenu_88036A9DCD1D412A84701A23A35FB37B.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony\Sony PC Companion\Sony PC Companion 2.1.lnk - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ConvertXToDVD 5.lnk - C:\Program Files (x86)\VSO\ConvertX\5\ConvertXtoDvd.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\Desinstalar ConvertXToDVD 5.lnk - C:\Program Files (x86)\VSO\ConvertX\5\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\l glp license.lnk - C:\Program Files (x86)\VSO\ConvertX\5\lgpl-2.1.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\Translate ConvertXToDVD 5.lnk - C:\ProgramData\VSO\ConvertXToDVD\5\Lang\EditLoc_online.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ Drivers\ Instalar.lnk - C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe /install /deletecpl "Install and please reboot once finished..."
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ Drivers\ Remover Driver (Modo de Compatibilidade).lnk - C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe /remove /removeatip "Uninstalling... Please reboot aftwerwards"
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO\ConvertXtoDVD 5\ Drivers\ Verificar.lnk - C:\Program Files (x86)\VSO\pcsetup\PcSetup.exe
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Glary Utilities 4.lnk - C:\Program Files (x86)\Glary Utilities 4\Integrator.exe
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office15\OUTLOOK.EXE /recycle
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\MiPony.lnk - C:\Program Files (x86)\MiPony\MiPony.exe
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Story Album Viewer.lnk - C:\Program Files (x86)\Samsung\Story Album Viewer\HTML5Viewer.exe
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk -
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Settings.lnk - C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Users\leticia cruz\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Songr.lnk - C:\Users\leticia cruz\AppData\Local\Songr\Songr.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jeaohhlajejodfjadcponpnjgkiikocn deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Internet Download Manager deleted successfully
==== HijackThis Entries ======================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe Acrobat Create PDF Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O2 - BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\Microsoft Office\Office15\GROOVEEX.DLL
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [Glary Memory Optimizer] C:\Program Files (x86)\Glary Utilities 4\memdefrag.exe /autostart
O4 - HKCU\..\Run: [AVworks] regsvr32.exe "C:\Users\leticia cruz\AppData\Local\AVworks\GoogleUpdate.dll"
O4 - HKLM\..\Policies\Explorer\Run: [btvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
O4 - Startup: Dropbox.lnk = C:\Users\leticia cruz\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Enviar para o OneNote.lnk = C:\Program Files\Microsoft Office\Office15\ONENOTEM.EXE
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\Program Files\Microsoft Office\Office15\ONBttnIE.dll/105
O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Baixar com Mipony - file://C:\Program Files (x86)\MiPony\Browser\IEContext.htm
O8 - Extra context menu item: Converter destino do link em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\Program Files\Microsoft Office\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Fazer o download de todos os links usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Fazer o download usando o IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Clique para Telefonar do Lync - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\Skype4COM.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - Invalid registry found
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: AtherosSvc - Windows ® Win 7 DDK provider - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
O23 - Service: @%ProgramFiles%\Windows Identity Foundation\v3.5\c2wtsres.dll,-1000 (c2wts) - Unknown owner - C:\Program Files (x86)\Windows Identity Foundation\v3.5\c2wtshost.exe (file missing)
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Easy Launcher - Samsung Electronics CO., LTD. - C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Orolix Device Monitor (OrolixDeviceMonitor) - Orolix Desenvolvimento de Software LTDA. - C:\Program Files (x86)\TIM Communicator\module\devicemon.exe
O23 - Service: Protexis Licensing V2 (PSI_SVC_2) - Protexis Inc. - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: SW Update Service (SWUpdateService) - Samsung Electronics CO., LTD. - C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZAtheros Bt and Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\leticia cruz\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\leticia cruz\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=173 folders=17 23932905 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\leticia cruz\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\LETICI~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\PROGRA~2\Internet Download Manager" not found
==== EOF on 03/02/2014 at 19:50:55,10 ======================
Boa Tarde! tecnicodehardware
|- Seus logs estão limpos! :yes:
|- Remova as ferramentas que foram empregadas,com o DelFix.
-/-
|- Baixe: |DelFix| ( ... de Xplode )
/applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/My%2520Tools%25203/DelFix_SetaVerde.jpg&key=a562af283f81224b0096f109e2c85fcde8abae0d109a59c91160b5f99a23e243" alt="DelFix_SetaVerde.jpg" />
|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.
|- Execute-a!
|- Com as duas checkbox marcadas!
|- Clique "Run".
|- Tudo Ok?
Abs!
Fiz o que pediu mas o Bing Desktop não para de criar arquivos temporários infectados com Boaxxe.BE (hoje mesmo o NOD32 detectou mais um) e pra piorar não consigo desinstalá-lo, ele nem aparece em algum desinstalador e o Killbox não o desinstala, aliás nem estando em modo de segurança consigo deletar a pasta dele.
Fiz o que pediu mas o Bing Desktop não para de criar arquivos temporários infectados com Boaxxe.BE (hoje mesmo o NOD32 detectou mais um) e pra piorar não consigo desinstalá-lo, ele nem aparece em algum desinstalador e o Killbox não o desinstala, aliás nem estando em modo de segurança consigo deletar a pasta dele.
Boa Tarde! tecnicodehardware
|- Baixe,novamente,a ferramenta Zoek.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes];r
{0633EE93-D776-472f-A0FF-E1416B8B2E3A}=-;r
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.br"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
iedefaults;http://www.google.com.br
C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll;f
C:\ProgramData\Microsoft\BingDesktop\BingCore;fs
C:\ProgramData\Microsoft\BingDesktop;fs
{0633EE93-D776-472f-A0FF-E1416B8B2E3A};c
emptyalltemp;
emptyclsid;|- Cole estas informações que estão em vermelho,no campo da ferramenta.
|- Clique "Run Script".
|- Ao concluir,poste o relatório!
Abs!
Zoek.exe v5.0.0.0 Updated 31-January-2014
Tool run by leticia cruz on 06/02/2014 at 0:47:12,60.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\leticia cruz\Desktop\zoek\zoek.exe [scan all users] [script inserted]
==== System Restore Info ======================
06/02/2014 00:50:59 Zoek.exe System Restore Point Created Succesfully.
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3276470861-1064914068-939901412-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Registry Fix Code ======================
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
{0633EE93-D776-472f-A0FF-E1416B8B2E3A}=-
==== Deleting Files \ Folders ======================
"C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll" not deleted
"C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll" deleted
"C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll" not deleted
"C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopCore.dll" deleted
"C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll" not deleted
"C:\ProgramData\Microsoft\BingDesktop\BingCore" not deleted
"C:\ProgramData\Microsoft\BingDesktop" not deleted
"C:\ProgramData\Microsoft\BingDesktop\BingCore" not deleted
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com.br"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\leticia cruz\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\leticia cruz\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\leticia cruz\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=185 folders=28 28511164 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\DefaultAppPool\AppData\Local\Temp emptied successfully
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Users\leticia cruz\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\LETICI~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll" not found
"C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll" not found
"C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll" not found
"C:\ProgramData\Microsoft\BingDesktop\BingCore" not found
"C:\ProgramData\Microsoft\BingDesktop" not found
==== EOF on 06/02/2014 at 1:03:22,83 ======================
Agora deletou.
Boa Noite! tecnicodehardware
Agora deletou.
|- Se o problema foi resolvido,execute a ferramenta DelFix,conforme instruções anteriores.
|- Tudo Ok?
Abs!
~ Removing disinfection tools ...
Deleted : C:\zoek-results.log
Deleted : C:\Users\leticia cruz\Downloads\RogueKiller.exe
~ Cleaning system restore ...
Deleted : RP #32 [End of disinfection | 02/04/2014 16:46:11]
Deleted : RP #33 [zoek.exe restore point | 02/06/2014 02:49:49]
New restore point created !
########## - EOF - ##########
Boa Noite! tecnicodehardware
Tudo Ok? :thumbsup:
Foi resolvido?
Abs!
Até o momento não veio mais nenhum arquivo infectado, vou ficar de olho por mais uns dias pra ter certeza.
PROBLEMA RESOLVIDO
Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.
Bom Dia! tecnicodehardware
|- Baixe: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Logo2_zps580bcd78.jpg&key=71530441ef1621c6398a69f0f5fae6f7f5c87897579baf8487ec306c4e109626" alt="AdwCleaner_Logo2_zps580bcd78.jpg" /> > ( ... par Xplode )
|- Ao acessar,clique na imagem: < /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/AdwCleaner_Tlcharger.jpg&key=2319bbcd35144166c25768473f26c7f193a7ab5036b9479bd1465d8257d6f6b2" alt="AdwCleaner_Tlcharger.jpg" /> >
|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como /applications/core/interface/imageproxy/imageproxy.php?img=http://i1143.photobucket.com/albums/n629/j2ram/Executar_Administrador.jpg&key=29bbf2d3836c6859afe3923102565f782321b5a7a2787d5bb24cc9918d13e9bd" alt="Executar_Administrador.jpg" />
/applications/core/interface/imageproxy/imageproxy.php?img=http://t.imgbox.com/advz4z8Y.jpg&key=d014b7c10974863cb53eb98c621165d7bed35f01f9fe6800257605fc7dc58eba" alt="advz4z8Y.jpg" />
|- Ps: Dê início ao scan,clicando em "Examinar".
|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
|- Copie o log ou clique "Relatório".
|- Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >
Abs!