dieguin11 0 Denunciar post Postado Agosto 13, 2013 Olá, sou novo no fórum e estou com um problema em meu computador! Não sei ao certo se é um malware ou algum tipo de vírus. Quando tento abrir o programa "Trade Manager" (programa similar ao Messenger) o processo é executado normalmente, mas o programa não abre, nenhuma janela é aberta. O mesmo problema está começando a acontecer com o programa "Ares Galaxy". Não sei o que aconteceu para está acontecendo isto. Começou a acontecer isto ontem, desinstalei e reinstalei o programa, mas não resolveu o problema. Segue abaixo Log do HijackThis: Logfile of Trend Micro HijackThis v2.0.4Scan saved at 04:07:33, on 13/08/2013Platform: Windows 7 SP1 (WinNT 6.00.3505)MSIE: Internet Explorer v10.0 (10.00.9200.16635)Boot mode: NormalRunning processes:C:\Windows\system32\taskhost.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Program Files\Common Files\Java\Java Update\jusched.exeC:\Program Files\AVAST Software\Avast\AvastUI.exeC:\Program Files\Ares\Ares.exeC:\Program Files\Internet Download Manager\IDMan.exeC:\Program Files\TradeManager\AliIM.exeC:\Program Files\Microsoft Office\Office14\ONENOTEM.EXEC:\Windows\system32\wuauclt.exeC:\HiJackThis\HiJackThis.exeC:\Windows\system32\DllHost.exeR0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://*.alipay.comO15 - Trusted Zone: http://*.alisoft.comO15 - Trusted Zone: http://*.taobao.comO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLLO18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXEO23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exeO23 - Service: avast! Firewall - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exeO23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe--End of file - 5384 bytes Desde já agradeço! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 13, 2013 Bom Dia! dieguin11 O15 - Trusted Zone: http://*.alipay.com O15 - Trusted Zone: http://*.alisoft.com O15 - Trusted Zone: http://*.taobao.com |- Foi vc que configurou estes sites,como confiáveis no IE? : dieguin11, em 13/08/2013, said: Quando tento abrir o programa "Trade Manager" (programa similar ao Messenger) o processo é executado normalmente, mas o programa não abre, nenhuma janela é aberta. O mesmo problema está começando a acontecer com o programa "Ares Galaxy". |- Verifique se não é o Avast,em sua SandBox,que está bloqueando estes programas. |- Baixe: < ZHPDiag2.exe > ( ... de Nicolas Coolman ) |- Salve-o no disco local! ( C ou D ) |- Execute o ícone do pergaminho. ( ZHPDiag ) |- Clique: "CONFIGURE" |- Clique: "Options" >> "All" >> OK |- Clique: "CONFIGURE" >> "Full Analysis" |- Aguarde a conclusão! |- Caso ocorra travamentos e não possa obter o log,aborte a verificação completa e faça a customizada. |- Volte a janela principal da ferramenta. |- Clique "Options" >> "None". |- Marque,apenas,a opção "Additional Scan (O88)". ~ Unselected Option: O1,039,O40,O41,O42,O43,O44,O45,O46,O47, O48,O49,O50,O51,O52,O53,O54,O55,O56,O57, O58,O59,O60,O61,O62,O63,O64,O65,O66,O67, O68,O69,O80,O81,O82,O83,O84,O85,O86,O87, O89,O90,O91,O92 #### |- Ps: Desta forma,estas opções serão desabilitadas! |- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt ) At+ Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Agosto 13, 2013 Olá DigRam, não fui eu quem configurou aqueles sites como confiáveis no IE, quase nem uso o IE. Uso mais o Firefox e depois o Chrome. Verifiquei a Sandbox do Avast e não há nenhum programa bloqueado lá. Não ocorreu travamentos durante a execução do ZHPDiag, segue o log obtido: ~ Relatório de ZHPDiag v2013.8.13.20 - Nicolas Coolman (13/08/2013)~ Executado por Diego (13/08/2013 14:14:08)~ Enderego da Website : http://nicolascoolman.webs.com~ Estatuto da versão : Versão atualizada.~ Lista Branca : Habilitado pelo programa~ Elevação de privilégios : OK~ Controle de conta de usuário : Activate by user---\\ Navegadores de InternetMSIE: Internet Explorer v10.0.9200.16635MFIE: Mozilla Firefox 22.0 (Defaut)GCIE: Google Chrome v28.0.1500.95---\\ Informação de produto do Windows~ Langage: PortugaisWindows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)Windows Server License Manager Script : OKSoftware Protection Service (Protection logicielle) : OKWindows Automatic Updates : OKWindows Activation Technologies : OK---\\ Software de proteção do sistemaavast! Internet Security v8.0.1489.0SUPERAntiSpyware v5.6.1018Windows Defender W7---\\ Software de otimização do sistemaCCleaner v3.21 =>Piriform Ltd---\\ Compartilhamento de software PeerToPeer---\\ Software de vigilânciaAdobe Flash Player 11 PluginJava 7 Update 25---\\ Informações sobre o sistema~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel~ Operating System: 32 BitsBoot mode: Normal (Normal boot)Total RAM: 2035 MB (44% free)System Restore: Activé (Enable)System drive C: has 60 GB (40%) free of 149 GB---\\ Conexão para o sistema no modo~ Computer Name: PARTICULAR-PC~ User Name: Diego~ All Users Names: HomeGroupUser$, Diego, Convidado, Administrador,~ Unselected Option: NoneLogged in as Administrator---\\ Variáveis de ambiente~ System Unit : C:\~ %AppData% : C:\Users\Diego\AppData\Roaming\~ %Desktop% : C:\Users\Diego\Desktop\~ %Favorites% : C:\Users\Diego\Favorites\~ %LocalAppData% : C:\Users\Diego\AppData\Local\~ %StartMenu% : C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\~ %Windir% : C:\Windows\~ %System% : C:\Windows\System32\---\\ Enumeração das unidades de discoC:\ Hard drive, Flash drive, Thumb drive (Free 60 Go of 149 Go)D:\ CD-ROM drive (Not Inserted)---\\ Estado do Windows Security Center[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date~ Security Center: 37 Legitimates Filtered in 00mn 00s---\\ Pesquisar arquivo genérico específico[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320][MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256][MD5.9BF7C7654EFD098EE3A27B49492A382A] - (.Microsoft Corporation - Internet Extensions para Win32.) (.11/06/2013 - 20:43:37.) -- C:\Windows\System32\wininet.dll [1767936][MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 03:17:56.) -- C:\Windows\System32\Winlogon.exe [286720][MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 03:21:26.) -- C:\Windows\System32\sppcomapi.dll [193536][MD5.9EBBBA55060F786F0FCAA3893BFA2806] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:18:03.) -- C:\Windows\system32\Drivers\AFD.sys [338944][MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584][MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656][MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.19/11/2010 - 23:38:12.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544][MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.19/11/2010 - 23:42:34.) -- C:\Windows\system32\Drivers\DfsC.sys [78336][MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 00:59:30.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544][MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896][MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888][MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904][MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.19/11/2010 - 23:39:46.) -- C:\Windows\system32\Drivers\netBT.sys [187904][MD5.5E43D2B0EE64123D4880DFA6626DEFDE] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:45:29.) -- C:\Windows\system32\Drivers\ntfs.sys [1211752][MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360][MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848][MD5.B973FCFC50DC1434E1970A146F7E3885] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 01:24:48.) -- C:\Windows\system32\Drivers\rdpdr.sys [133632][MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168][MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.19/11/2010 - 23:39:18.) -- C:\Windows\system32\Drivers\tdx.sys [74752][MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 03:30:18.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]~ Generic Processes: Scanned in 00mn 00s---\\ Estado dos arquivos ocultos (hidden/Total)~ Mes images (My Pictures) : 1/1149~ Mes musiques (My Musics) : 741/2949~ Mes Videos (My Videos) : 3/14~ Mes Favoris (My Favorites) : 1/22~ Mes Documents (My Documents) : 1/1711~ Mon Bureau (My Desktop) : 1/1346~ Menu demarrer (Programs) : 1/46~ Hidden Files: Scanned in 00mn 03s---\\ Iniciado o processo de inicialização do sistema de su[MD5.D63797E8E7781EE1500A810CB6194FA6] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816] [PID.3264][MD5.3F11B20D12D89365D7721BDC860CE5F0] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4858968] [PID.3272][MD5.69E967F3FF9E3DF41F4228440FBD43AE] - (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe [1015808] [PID.3416][MD5.28E8986BEB3C2936764BE1E30C093115] - (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exe [3612240] [PID.3444][MD5.7E83F8DD4D6C077187D58925A80D2D6E] - (.Alibaba (China) Co., Ltd. - AliWangWang.) -- C:\Program Files\TradeManager\AliIM.exe [293272] [PID.3536][MD5.E84DA43E726D043CA2DEE71F01DB261A] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.exe [228448] [PID.3548][MD5.C8D28F8B498CADBB9445AC4545BD41B7] - (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe [920472] [PID.4048][MD5.E9349A03FD81B4806714A16796B5E20A] - (.Mozilla Corporation - Plugin Container for Firefox.) -- C:\Program Files\Mozilla Firefox\plugin-container.exe [17304] [PID.2328][MD5.D8425B8D6DC2AA8D871363B0775BCF18] - (.Adobe Systems, Inc. - Adobe Flash Player 11.8 r800.) -- C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe [1861512] [PID.3512][MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.536][MD5.20723F65359524C4E7C587AD480D3907] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7806464] [PID.2480]~ Processes Running: Scanned in 00mn 00s---\\ Google Chrome, iniciar, Pesquisar, extensões (G0, G1, G2)C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\Preferences~ Google Browser: 12 Legitimates Filtered in 00mn 10s---\\ Mozilla Firefox, Plugins, iniciar, Pesquisar, extensões (P2, M0, M1, M2, M3)P2 - FPN:Firefox Plugin Navigator . (.No owner - npwangwang.) -- C:\Program Files\Mozilla Firefox\Plugins\npwangwang.dllP2 - FPN: [HKLM] [@alibaba.com/npwangwang;version=1.0] - (.No owner - npwangwang.) -- C:\Program Files\TradeManager\npwangwang.dllP2 - FPN: [HKCU] [@alibaba.com/npAliSSOLogin;version=1.0] - (.Alibaba software (Shanghai) Corporation. - npAliSSOLogin Plugin.) -- C:\Program Files\TradeManager\npAliSSOLogin.dllP2 - FPN: [HKCU] [{@alibaba.com/alisetup;version=1.0}] - (.alibaba - alibaba setup one click.) -- C:\Users\Diego\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll~ Firefox Browser: 21 Legitimates Filtered in 00mn 00s---\\ Internet Explorer, iniciar, Pesquisar, URLSearchHook, Phishing (R0, R1, R3, R4)R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.alibaba - alibaba setup one click.) (No version) -- (.not file.)~ IE Browser: 13 Legitimates Filtered in 00mn 00s---\\ Internet Explorer, gerenciamento de Proxy (R5)R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no keyR5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll~ Proxy management: Scanned in 00mn 00s---\\ Análise das linhas F0, F1, F2, F3 - IniFiles, Autoloading programasF2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,F2 - REG:system.ini: Shell=C:\Windows\explorer.exeF2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe~ Keys: Scanned in 00mn 00s---\\ Redirecionamento de arquivo de hosts (O1)~ Le fichier hosts est sain (The hosts file is clean).~ Hosts File: Scanned in 00mn 00s~ Nombre de lignes (Lines number): 1---\\ Barras de ferramentas do Internet Explorer (O3)O3 - Toolbar: avast! Online Security - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - IE Webrep plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll~ Toolbar: Scanned in 00mn 00s---\\ Aplicativos iniciados pelo registro & arquivo (O4)O4 - HKLM\..\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exeO4 - HKLM\..\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exeO4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exeO4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exeO4 - HKCU\..\Run: [iDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exeO4 - HKCU\..\Run: [aliim] . (.Alibaba (China) Co., Ltd. - AliWangWang.) -- C:\Program Files\TradeManager\AliIM.exeO4 - HKUS\S-1-5-21-3016910884-1348811529-430916093-1001\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exeO4 - HKUS\S-1-5-21-3016910884-1348811529-430916093-1001\..\Run: [iDMan] . (.Tonec Inc. - Internet Download Manager (IDM).) -- C:\Program Files\Internet Download Manager\IDMan.exeO4 - HKUS\S-1-5-21-3016910884-1348811529-430916093-1001\..\Run: [aliim] . (.Alibaba (China) Co., Ltd. - AliWangWang.) -- C:\Program Files\TradeManager\AliIM.exe~ Application: Scanned in 00mn 00s---\\ Outros links de usuários (O4)O4 - GS\TaskBar: Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exeO4 - GS\TaskBar: Windows Explorer.lnk . (.Microsoft Corporation - Windows Explorer.) -- C:\Windows\explorer.exeO4 - GS\TaskBar: Windows Media Palyer.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exeO4 - GS\Programs: GameRanger.lnk . (.GameRanger Technologies - GameRanger.) -- C:\Users\Diego\AppData\Roaming\GameRanger\GameRanger\GameRanger.exeO4 - GS\Programs: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exeO4 - GS\Programs: Windows Media Palyer.lnk . (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files\Windows Media Player\wmplayer.exeO4 - GS\QuickLaunch: Counter-Strike NoN SteaM.lnk . (...) -- C:\Program Files\Valve\CS.NS.exe (.not file.)O4 - GS\QuickLaunch: Foxit Reader 5.0.lnk . (...) -- C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exeO4 - GS\QuickLaunch: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Diego\AppData\Local\Google\Chrome\Application\chrome.exeO4 - GS\QuickLaunch: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exeO4 - GS\QuickLaunch: Microsoft Outlook.lnk . (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files\Microsoft Office\Office14\OUTLOOK.exeO4 - GS\QuickLaunch: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exeO4 - GS\QuickLaunch: TradeManager.lnk . (.Alibaba (China) Co., Ltd. - AliWangWang.) -- C:\Program Files\TradeManager\AliIM.exeO4 - GS\Accessories: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exeO4 - GS\Accessories: Private Character Editor.lnk . (.Microsoft Corporation - Editor de caracteres particulares.) -- C:\Windows\system32\eudcedit.exeO4 - GS\SendTo: Fax Recipient.lnk . (.Microsoft Corporation - Microsoft Windows Fax and Scan.) -- C:\Windows\system32\WFS.exeO4 - GS\SendTo: Skype.lnk . (.Skype Technologies S.A. - Skype.) -- C:\Program Files\Skype\Phone\Skype.exeO4 - GS\Desktop: Age of Empires 2.lnk . (.Microsoft Corporation - Age of Empires II.) -- C:\Users\Diego\Desktop\Age of Empires II\empires2.exeO4 - GS\Desktop: Ares.lnk . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exeO4 - GS\Desktop: GameRanger.lnk . (.GameRanger Technologies - GameRanger.) -- C:\Users\Diego\AppData\Roaming\GameRanger\GameRanger\GameRanger.exeO4 - GS\Desktop: Revo Uninstaller.lnk . (.VS Revo Group - Revo Uninstaller.) -- C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exeO4 - GS\Desktop: SUPERAntiSpyware Professional.lnk . (.SUPERAntiSpyware.com - SUPERAntiSpyware Application.) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe~ Global Startup: Scanned in 00mn 00s---\\ Botões na barra de ferramentas "principais ferramentas do" Internet Explorer (O9)O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBttnIE.dllO9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files\MICROS~3\Office14\ONBTTN~1.dll~ IE Extra Buttons: Scanned in 00mn 00s---\\ Seqüestrador de Winsock (Layered Service Provider) (O10)O10 - WLSP:\000000000002\Winsock LSP File . (.Microsoft Corporation - Provedor de Correção de Nomeação de Emails.) -- C:\Windows\system32\napinsp.dllO10 - WLSP:\000000000005\Winsock LSP File . (.Microsoft Corporation - Provedor de serviços do Microsoft Windows Sockets 2.0.) -- C:\Windows\system32\mswsock.dll~ Winsock: 8 Legitimates Filtered in 00mn 00s---\\ Site na zona confiável d'Internet Explorer (O15)O15 - Trusted Zone: [HKCU\...\Domains] http.alipay.comO15 - Trusted Zone: [HKCU\...\Domains] http.alisoft.comO15 - Trusted Zone: [HKCU\...\Domains] http.taobao.com~ IE Zone Confiance: Scanned in 00mn 00s---\\ Alterar os endereços de domínio/DNS (O17)O17 - HKLM\System\CCS\Services\Tcpip\..\{C0CC4C8B-539E-421B-B75A-C84E85BC464E}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CS1\Services\Tcpip\..\{C0CC4C8B-539E-421B-B75A-C84E85BC464E}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CS2\Services\Tcpip\..\{C0CC4C8B-539E-421B-B75A-C84E85BC464E}: DhcpNameServer = 192.168.1.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1~ Domain: Scanned in 00mn 00s---\\ Protocolo adicional (O18)O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllO18 - Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll~ Protocole Additionnel: Scanned in 00mn 00s---\\ AppInit_DLLs valor de registro e as subchaves Winlogon Notify (autorun) (O20)O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll~ Winlogon: Scanned in 00mn 00s---\\ Tarefas agendadas no modo automático (O39)[MD5.00000000000000000000000000000000] [APT] [{28FFB70B-0525-450D-8F30-B65A8E118B8B}] (...) -- C:\Program Files\Oi\Programmer\OiVelox.exe (.not file.) [0][MD5.354B869D0C2707DB12F1666F1EB0C3A9] [APT] [{2CA4D642-4369-4194-9FBC-A11C41EDBE21}] (...) -- C:\Users\Diego\Administrador\Programas\Counter Strike\CS 1.6 - 2013.exe [280279178][MD5.00000000000000000000000000000000] [APT] [{3809CEC8-B7B1-4C5D-997A-3D80AE8215AC}] (...) -- C:\Program Files\Oi\Programmer\OiVelox.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [{9A44096E-A23F-4018-981E-32E55339D9E9}] (...) -- C:\Users\Diego\Downloads\age2upa.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [{9DF5F2FC-B9B4-40E3-A52F-11D9D30CB760}] (...) -- C:\Program Files\Oi\Programmer\OiVelox.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [{DC70EFFA-08C0-4015-8613-F96F18D988B4}] (...) -- C:\Users\Diego\Administrador\Programas\Counter Strike\Counter.Strike.Source.2010.Orange.Box.NoSteam.[setti]\Counter.Strike.Source.2010.Orange.Box.NoSteam.[setti].exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [{ED954EC7-9D9B-463F-8F5D-9B9ED70377B9}] (...) -- C:\Users\Diego\Downloads\jxpiinstall.exe (.not file.) [0]~ Scheduled Task: 12 Legitimates Filtered in 00mn 07s---\\ HKCU & HKLM Software Keys[HKCU\Software\APN PIP][HKCU\Software\Ares][HKCU\Software\Audiggle LTD][HKCU\Software\Brasfoot][HKCU\Software\Softonic] =>Toolbar.Conduit[HKCU\Software\Vagalume][HKLM\Software\CS.NS][HKLM\Software\PIP]~ Key Software: 137 Legitimates Filtered in 00mn 00s---\\ Conteúdo de pastas, programas, arquivos de programas, ProgramData, AppData (O43)O43 - CFD: 20/08/2011 - 01:36:32 - [4,783] ----D C:\Program Files\AresO43 - CFD: 20/08/2011 - 00:44:49 - [0,102] ----D C:\Program Files\PluginLetrasO43 - CFD: 10/07/2013 - 20:08:14 - [0] ----D C:\ProgramData\APNO43 - CFD: 13/08/2013 - 13:10:11 - [0,000] ----D C:\ProgramData\boost_interprocessO43 - CFD: 20/10/2011 - 21:46:25 - [0,002] ----D C:\ProgramData\OiO43 - CFD: 18/05/2013 - 14:54:36 - [1,246] ----D C:\Users\Diego\AppData\Local\AresO43 - CFD: 16/06/2012 - 02:47:50 - [0,001] ----D C:\Users\Diego\AppData\Local\Audiggle_LTDO43 - CFD: 20/08/2011 - 01:36:29 - [0] ----D C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ares~ 388 Dossiers CLSID vides (CLSID Empty Folders)~ Program Folder: 593 Legitimates Filtered in 00mn 33s---\\ Últimos arquivos modificados ou criados no Windows e System32 (O44)O44 - LFC:[MD5.FAB95B7BE330E9B1DBD56F9146F01E71] - 13/08/2013 - 14:07:59 ---A- . (.Nicolas Coolman - ZHPDiag.) -- C:\ZHPDiag2.exe [5068193]O44 - LFC:[MD5.DC3B33687EDA31138E758DA82EA9B660] - 13/08/2013 - 03:07:29 ---A- . (...) -- C:\ComboFix.txt [17666]O44 - LFC:[MD5.3CF3D4A45CC2AF973DBC30EC8D33252B] - 13/08/2013 - 02:55:01 ---A- . (...) -- C:\Windows\system.ini [215]O44 - LFC:[MD5.00824137314A391872BCAA5075845D18] - 09/08/2013 - 21:34:31 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [127896]O44 - LFC:[MD5.B5A5342A01F65147AF0FBD0E94684367] - 09/08/2013 - 21:34:31 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [663606]O44 - LFC:[MD5.F158D9409883F0863EAD93B6D8A5DF06] - 04/08/2013 - 06:44:25 ---A- . (...) -- C:\Windows\AutoKMS.log [47051]O44 - LFC:[MD5.3FFBEE694566CADB0A64D8A1ACD7DBCE] - 03/08/2013 - 05:27:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswSP.sys.sum [175]O44 - LFC:[MD5.FAF091AA45A6A6CF3CF94FE065950956] - 03/08/2013 - 05:27:29 ---A- . (...) -- C:\Windows\System32\Drivers\aswSnx.sys.sum [175]~ Files: 30 Legitimates Filtered in 00mn 04s---\\ Operações e funções na inicialização do Windows Explorer (O46)O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLLO46 - SEH:ShellExecuteHooks - SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL~ ShellExecuteHooks: Scanned in 00mn 00s---\\ Enumeração de registro de teclas PoliciesSystem (MWPS) (O55)O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0~ MWPS: 18 Legitimates Filtered in 00mn 00s---\\ Lista de drivers do sistema (SDL) (O58)O58 - SDL:[MD5.21E785EBD7DC90A06391141AAC7892FB] - 13/07/2009 - 22:26:15 ---A- . (.Adaptec, Inc. - Adaptec Windows SAS/SATA Storport Driver.) -- C:\Windows\System32\Drivers\adp94xx.sys [422976]O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]~ Drivers: Scanned in 00mn 00s---\\ Últimos arquivos modificados ou criado (usuário) (O61)O61 - LFC: 10/08/2013 - 14:51:32 ---A- C:\Users\Diego\AppData\Local\Ares\Data\TempUL\UDPPHash_927D8C62A3FDA35A7280E8029CAFC39798778FA6.dat [510]O61 - LFC: 10/08/2013 - 17:11:20 ---A- C:\Users\Diego\AppData\Local\Ares\Data\TempUL\UDPPHash_BD6B73F8C5CAD47F81B8633DE514B742C136E03B.dat [290]O61 - LFC: 11/08/2013 - 16:41:22 ---A- C:\Users\Diego\AppData\Roaming\Microsoft\OIS\Toolbars.dat [723]O61 - LFC: 11/08/2013 - 17:16:22 ---A- C:\Users\Diego\AppData\Local\Ares\Data\TempUL\UDPPHash_066BC5C2914DF0047A729A6A203B4525BB445811.dat [630]O61 - LFC: 12/08/2013 - 00:34:12 ---A- C:\Users\Diego\Downloads\AliIM2013_ATM(7.01.02E).exe [32098240]O61 - LFC: 12/08/2013 - 01:10:38 ---A- C:\Users\Diego\AppData\Local\Alibaba\AliSetup\0.1.0.52\uninst.exe [51210]O61 - LFC: 12/08/2013 - 16:42:23 ---A- C:\Users\Diego\AppData\Local\Ares\Data\ChatroomIPs.dat [4806]O61 - LFC: 12/08/2013 - 17:04:11 ---A- C:\Users\Diego\AppData\Local\Ares\Data\TempUL\UDPPHash_189F35406DDEFD1411F22753A9FBC240FA329B17.dat [830]O61 - LFC: 12/08/2013 - 21:02:10 ---A- C:\Users\Diego\Documents\Resumo de libras.docx [16677]O61 - LFC: 13/08/2013 - 03:10:36 ---A- C:\Users\Diego\Administrador\log.txt [17666]O61 - LFC: 13/08/2013 - 03:38:03 -SHA- C:\Users\Diego\Thumbs.db [51712]O61 - LFC: 13/08/2013 - 13:12:20 ---A- C:\Users\Diego\AppData\Local\Ares\Data\PHashIdx.dat [739222]O61 - LFC: 13/08/2013 - 13:12:21 ---A- C:\Users\Diego\AppData\Local\Ares\Data\ShareH.dat [110772]O61 - LFC: 13/08/2013 - 13:12:21 ---A- C:\Users\Diego\AppData\Local\Ares\Data\ShareL.dat [398482]O61 - LFC: 13/08/2013 - 13:49:55 ---A- C:\Users\Diego\AppData\Local\Ares\Data\DHTnodes.dat [4779]O61 - LFC: 13/08/2013 - 13:55:56 ---A- C:\Users\Diego\AppData\Local\Ares\Data\FailedSNodes.dat [3962]O61 - LFC: 13/08/2013 - 13:55:56 ---A- C:\Users\Diego\AppData\Local\Ares\Data\SNodes.dat [24794]~ 3 Fichiers temporaires (Temporary files)~ Files: 181 Legitimates Filtered in 00mn 58s---\\ Arquivo de fluxo de dados alternativo (ADS) (O62)O62 - ADS:Alternate Data Stream File - C:\Windows\System32\COMDLG32.OCX:Zone.IdentifierO62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\config\O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\FxsTmp\O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\ias\O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\Msdtc\O62 - ADS:Alternate Data Stream File - C:\Windows\System32\MSWINSCK.OCX:Zone.IdentifierO62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\NetworkList\O62 - ADS:Alternate Data Stream File - C:\Windows\System32\prjXTab.ocx:Zone.IdentifierO62 - ADS:Alternate Data Stream File - C:\Windows\System32\Richtx32.ocx:Zone.IdentifierO62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\Tasks\O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\wdi\O62 - ADS:Alternate Data Stream File - ing C:\Windows\System32\wfp\~ ADS: Scanned in 00mn 02s---\\ Lista de ferramentas de desinfecção (LATC) (O63)O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1~ ADS: Scanned in 00mn 00s---\\ Iniciar menu Internet (SMI) (O68)O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exeO68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Diego\AppData\Local\Google\Chrome\Application\chrome.exeO68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe~ Keys: Scanned in 00mn 00s---\\ Pesquisa "infecção em navegadores de internet (SBI) (O69)O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - http://www.bing.comO69 - SBI: SearchScopes [HKCU] {AAA2E876-3E99-4549-AB85-C82000A0D1DE} - (Google) - http://www.google.comO69 - SBI: SearchScopes [HKCU] {E7FCE54A-B9B1-4DB9-9C1D-A5F4976C8103} - (MercadoLivre) - http://www.mercadolivre.comO69 - SBI: SearchScopes [HKCU] {ECAE9BD1-F194-408A-92E0-A9AE9C2A656C} - (Wikipedia) - http://pt.wikipedia.org~ Keys: Scanned in 00mn 00s---\\ Pesquisa específica na raiz do sistema (SPRF) (O84)[MD5.5B6C11DE7E839C05248CED8825470FEF] [sPRF][11/06/2013] (.VSO Software - low level access layer for CD/DVD/BD devices.) -- C:\Users\Diego\AppData\Roaming\pcouffin.sys [47360][MD5.EF27D705FBCEA4DE4C12B5F50E040587] [sPRF][04/08/2011] (.Adobe Systems, Inc. - Adobe® Flash® Player Installer/Uninstaller 10.3 r183.) -- C:\Windows\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe [3126944]~ Files: Scanned in 00mn 00s---\\ Lista de exceções no firewall (FirewallRules) (O87)O87 - FAEL: "TCP Query User{666054AB-989F-4F61-B36E-A86AC21DB613}C:\program files\ares\ares.exe" | In - Private - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files\ares\ares.exeO87 - FAEL: "UDP Query User{16EF0635-0ADB-4E7A-9F91-71666F6D2C27}C:\program files\ares\ares.exe" | In - Private - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files\ares\ares.exeO87 - FAEL: "TCP Query User{0EAC761C-0320-46F5-B119-505EEA94A78D}C:\program files\ares\ares.exe" | In - Public - P6 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files\ares\ares.exeO87 - FAEL: "UDP Query User{E3D14CBD-3125-4FFF-B20E-F9E424DA5BBE}C:\program files\ares\ares.exe" | In - Public - P17 - TRUE | .(.Ares Development Group - Ares p2p for windows.) -- C:\program files\ares\ares.exe~ Firewall: 209 Legitimates Filtered in 00mn 01s---\\ Pesquisar pacotes WindowsInstaller (WIS) (NTFS) (O93)[MD5.BD75BF3DA346BC1ADDCE6BD3AD29BC28] [WIS][31/07/2013] (.Skype Technologies S.A. - Skype.) -- C:\Windows\Installer\1b658e6.msi [21807104]~ WIS: 54 Legitimates Filtered in 00mn 05s---\\ Condição geral dos serviços não Microsoft (GSR) (SR = Running, SS = parado)SR - | Auto 07/05/2013 119024 | (!SASCORE) . (.SUPERAntiSpyware.com.) - C:\Program Files\SUPERAntiSpyware\SASCORE.exeSR - | Auto 09/05/2013 46808 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exeSR - | Auto 09/05/2013 137960 | (avast! Firewall) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\afwServ.exeSR - | Auto 21/06/2013 162408 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files\Skype\Updater\Updater.exeSR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exeSR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe~ Services: Scanned in 00mn 07s---\\ Verificação adicional (O88)Database Version : v2.12849 - (13/08/2013)Clés trouvées (Keys found) : 4Valeurs trouvées (Values found) : 0Dossiers trouvés (Folders found) : 0Fichiers trouvés (Files found) : 0[HKCU\Software\APN PIP] =>Toolbar.Ask[HKCU\Software\Softonic] =>Toolbar.Conduit[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast[HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast~ Additionnel Scan: 198245 Items scanned in 00mn 20s---\\ Resumo de detecções encontrado na sua estação de trabalho~ http://nicolascoolman.webs.com/apps/blog/show/29507721-toolbar-conduit =>Toolbar.Conduit~ http://nicolascoolman.webs.com/apps/blog/show/28927746-toolbar-ask =>Toolbar.Ask~ http://nicolascoolman.webs.com/apps/blog/show/30898585-toolbar-avast =>Toolbar.Avast~ MSI: 3 link(s) detected in 00mn 20s~ 1592 Legitimates filtered by white listEnd of the scan (459 lines in 03mn 07s)(0) Obrigado pela ajuda! Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 13, 2013 Boa Tarde! dieguin11 < Alipay.com > |- Os adicionamentos à zona de sites confiáveis,foram realizados pelo software "Alibaba". #### ---\\ Mozilla Firefox, Plugins, iniciar, Pesquisar, extensões (P2, M0, M1, M2, M3) P2 - FPN:Firefox Plugin Navigator . (.No owner - npwangwang.) -- C:\Program Files\Mozilla Firefox\Plugins\npwangwang.dll P2 - FPN: [HKLM] [@alibaba.com/npwangwang;version=1.0] - (.No owner - npwangwang.) -- C:\Program Files\TradeManager\npwangwang.dll P2 - FPN: [HKCU] [@alibaba.com/npAliSSOLogin;version=1.0] - (.Alibaba software (Shanghai) Corporation. - npAliSSOLogin Plugin.) -- C:\Program Files\TradeManager\npAliSSOLogin.dll P2 - FPN: [HKCU] [{@alibaba.com/alisetup;version=1.0}] - (.alibaba - alibaba setup one click.) -- C:\Users\Diego\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll ~ Firefox Browser: 21 Legitimates Filtered in 00mn 00s #### |- Ps: Você o conhece? Reparei que o mesmo lançou extensão e/ou plugins ao Firefox. |- Caso não o conheça,proceda à sua desinstalação e mesmo que o conheça,faça o mesmo. -/- |- Baixe: < zoek > ( ... by Smeenk ) |- Ou aqui! < zoek.exe > |- Salve-o no desktop! |- Desabilite seu antivírus! |- Para Windows 7,execute zoek.exe como administrador. {CFBFAE00-17A6-11D0-99CB-00C04FD64497};c firefoxlook; autoclean; filesrcm; emptyclsid; emptyalltemp; |- Copie e cole estas informações,em vermelho,no campo da ferramenta. |- Clique "Run Script". Zoek.exe is running now. Do not start any browser windows, they will be closed automatically. Please wait! This window will close when finished. A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log |- Surgirão estas informações,pedindo-lhe que aguarde o relatório. |- Aceite e/ou confirme o reboot! zoek.hta failed by unknown error. Restart computer, and try again. |- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta. |- Poste o relatório,que estará em C:\zoek-results.txt << -/- |- Feche programas/pastas que estejam abertas. |- Feche,também,o navegador! |- Para Windows Vista,desabilite a UAC. |- Para Windows Vista ou 7,clique direito em ZHPFix.exe e execute-o como administrador. |- Selecione e copie estas informações,que estão em vermelho,para o "Bloco de Notas". P2 - FPN:Firefox Plugin Navigator . (.No owner - npwangwang.) -- C:\Program Files\Mozilla Firefox\Plugins\npwangwang.dll P2 - FPN: [HKLM] [@alibaba.com/npwangwang;version=1.0] - (.No owner - npwangwang.) -- C:\Program Files\TradeManager\npwangwang.dll P2 - FPN: [HKCU] [@alibaba.com/npAliSSOLogin;version=1.0] - (.Alibaba software (Shanghai) Corporation. - npAliSSOLogin Plugin.) -- C:\Program Files\TradeManager\npAliSSOLogin.dll P2 - FPN: [HKCU] [{@alibaba.com/alisetup;version=1.0}] - (.alibaba - alibaba setup one click.) -- C:\Users\Diego\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.alibaba - alibaba setup one click.) (No version) -- (.not file.) O4 - HKUS\S-1-5-21-3016910884-1348811529-430916093-1001\..\Run: [aliim] . (.Alibaba (China) Co., Ltd. - AliWangWang.) -- C:\Program Files\TradeManager\AliIM.exe O4 - HKCU\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe => Sourceforge.net%Ares O4 - HKUS\S-1-5-21-3016910884-1348811529-430916093-1001\..\Run: [ares] . (.Ares Development Group - Ares p2p for windows.) -- C:\Program Files\Ares\Ares.exe => Sourceforge.net%Ares O4 - GS\QuickLaunch: Counter-Strike NoN SteaM.lnk . (...) -- C:\Program Files\Valve\CS.NS.exe (.not file.) O15 - Trusted Zone: [HKCU\...\Domains] http.alipay.com O15 - Trusted Zone: [HKCU\...\Domains] http.alisoft.com O15 - Trusted Zone: [HKCU\...\Domains] http.taobao.com O43 - CFD: 10/07/2013 - 20:08:14 - [0] ----D C:\ProgramData\APN => Toolbar.eBay [MD5.00000000000000000000000000000000] [APT] [{28FFB70B-0525-450D-8F30-B65A8E118B8B}] (...) -- C:\Program Files\Oi\Programmer\OiVelox.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{3809CEC8-B7B1-4C5D-997A-3D80AE8215AC}] (...) -- C:\Program Files\Oi\Programmer\OiVelox.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{9A44096E-A23F-4018-981E-32E55339D9E9}] (...) -- C:\Users\Diego\Downloads\age2upa.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{9DF5F2FC-B9B4-40E3-A52F-11D9D30CB760}] (...) -- C:\Program Files\Oi\Programmer\OiVelox.exe (.not file.) [0] [MD5.00000000000000000000000000000000] [APT] [{ED954EC7-9D9B-463F-8F5D-9B9ED70377B9}] (...) -- C:\Users\Diego\Downloads\jxpiinstall.exe (.not file.) [0] C:\Program Files\TradeManager\AliIM.exe C:\Program Files\TradeManager [HKCU\Software\APN PIP] =>Toolbar.Ask [HKCU\Software\Softonic] =>Toolbar.Conduit [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast [HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}] =>Toolbar.Avast proxyfix emptytemp emptyclsid emptyflash firewallraz sysrestore |- Estando com o Bloco de Notas aberto,acione os atalhos: "Ctrl+A" -> "Ctrl+C" |- Minimize o Bloco de Notas. |- Clique no menu,"Paste ClipBoard". |- Evite a opção "Colar" ( Ctrl+V ),no campo amarelo claro,que não habilita o botão "Go". |- Clique "GO" >> Oui. |- Ps: Temos,àcima,sequência de imagens para maior exclarecimento. |- Poste o relatório: C:\ZHP\ZHPFix[R1].txt Abs! Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Agosto 13, 2013 Boa noite, DigRam!Esse software "Alibaba" eu creio que seja o programa TradeManager no qual não estava conseguindo abrir no computador, Alibaba.com é um site de compras de produtos da China, o programa TradeManager é usado para conversas com vendedores do site. Acho que o mesmo é seguro, mas como você pediu desinstalei o programa.Executei o Zoek, segue o relatório: Zoek.exe Version 4.0.0.4 Updated 10-August-2013Tool run by Diego on 13/08/2013 at 18:29:00,90.Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Diego\Desktop\zoek.exe [script inserted]==== System Restore Info ======================13/08/2013 18:30:55 Zoek.exe System Restore Point Created Succesfully.==== Deleting CLSID Registry Keys ========================== Deleting CLSID Registry Values ======================HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfullyHKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfullyHKEY_USERS\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\{CFBFAE00-17A6-11D0-99CB-00C04FD64497} deleted successfully==== Deleting Services ========================== FireFox Fix ======================ProfilePath: C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\1zx84nxg.defaultuser.js not found---- Lines yahoo removed from prefs.js ----user_pref("extensions.wrc.SearchRules.yahoo.com.style", ".WRCN {display:none} .sm-hd .WRCN, .sm-links .WRCN, .res h3 > .WRCN {display:inline !important; background: url(\"IMAGE\") right no-repeat}");user_pref("extensions.wrc.SearchRules.yahoo.com.url", "^http(s)?\\:\\/\\/((.)+\\.)?search\\.yahoo\\.com\\/(.)*");---- Lines yahoo modified from prefs.js -------- Lines delta removed from prefs.js -------- Lines delta modified from prefs.js -------- Lines ask.com removed from prefs.js -------- Lines ask.com modified from prefs.js -------- FireFox user.js and prefs.js backups ----prefs_082013_1834_.backup==== Deleting Files \ Folders ======================"C:\Users\Diego\AppData\Roaming\Nero" deleted"C:\ProgramData\APN" deleted"C:\ProgramData\boost_interprocess" deleted==== Files Recently Created / Modified ============================ C:\Windows ====2013-08-03 08:26:13 E9C8673674ECF840EE59ED805DBE9966 41664 ----a-w- C:\Windows\avastSS.scr====== C:\Users\Diego\AppData\Local\Temp ====2013-08-13 21:16:26 251F683F4447E2FD4B7E37EE97C16622 834048 ----a-w- C:\Users\Diego\AppData\Local\Temp\MsgPlusUninstall.exe====== C:\Windows\system32 =========== C:\Windows\system32\drivers =====2013-08-03 08:27:29 FAF091AA45A6A6CF3CF94FE065950956 175 ----a-w- C:\Windows\System32\drivers\aswSnx.sys.sum2013-08-03 08:27:29 3FFBEE694566CADB0A64D8A1ACD7DBCE 175 ----a-w- C:\Windows\System32\drivers\aswSP.sys.sum2013-08-03 08:27:29 22EA82FFE8CA4965C1994F24C35DC202 175 ----a-w- C:\Windows\System32\drivers\aswVmm.sys.sum2013-08-03 08:27:17 937300BC7C4CDF7576BCCE44E19BBB9D 369584 ----a-w- C:\Windows\System32\drivers\aswSP.sys2013-08-03 08:27:17 4AF5F360BA1E8794D32B366E45A64A0A 29816 ----a-w- C:\Windows\System32\drivers\aswFsBlk.sys2013-08-03 08:26:55 47DA17FD9C2F8B1B62A06DFB7AFDC8CA 204784 ----a-w- C:\Windows\System32\drivers\aswNdis2.sys2013-08-03 08:26:54 FFE9A993B3EC2908FECB1DF2C39148BB 61680 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys2013-08-03 08:26:54 EA235FC109D9B9FA7A602BA30888B2B9 104752 ----a-w- C:\Windows\System32\drivers\aswFW.sys2013-08-03 08:26:53 1F71F170D90E42EFDE9633D81D5E12DC 56080 ----a-w- C:\Windows\System32\drivers\aswTdi.sys2013-08-03 08:26:52 CCD565A8A72AF7D45F9A242013870926 770344 ----a-w- C:\Windows\System32\drivers\aswSnx.sys2013-08-03 08:26:52 3FCA5C1A8F33CF9857220CC3A3076A3E 21576 ----a-w- C:\Windows\System32\drivers\aswKbd.sys2013-08-03 08:26:51 8CFAA2B965773A653F48F1207A9CB9C4 175176 ----a-w- C:\Windows\System32\drivers\aswVmm.sys2013-08-03 08:26:50 B680134BA1813B78B47FDD1DFF223CA5 49376 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys2013-08-03 08:26:48 1F7094D4268D46F718C51286DC189791 66336 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys2013-08-03 08:26:12 7B948E3657BEA62E437BC46CA6EF6012 12112 ----a-w- C:\Windows\System32\drivers\aswNdis.sys2013-07-19 12:06:44 2AA2C79B9E39C2FCBE0670AECC5B4361 104928 ----a-w- C:\Windows\System32\drivers\idmwfp.sys====== C:\Windows\Tasks ======2013-08-03 08:26:46 7595430D0526DE300D5D5A68C74B2F11 4182 ----a-w- C:\Windows\system32\Tasks\avast! Emergency Update2013-07-27 02:14:31 C4760631DE3AE6B1BE21EF1E67222D40 3152 ----a-w- C:\Windows\system32\Tasks\{9A44096E-A23F-4018-981E-32E55339D9E9}====== C:\Windows\Temp ============= C:\Program Files =====2013-08-13 17:09:15 -------- d-----w- C:\Program Files\ZHPDiag2013-07-31 05:01:18 -------- d-----w- C:\Program Files\Common Files\Skype2013-07-31 05:01:17 -------- d-----r- C:\Program Files\Skype======= C: =====2013-08-13 17:19:19 1FA164243EFD41A81528DD1A458BBF2E 512 ----a-w- C:\PhysicalDisk0_MBR.bin2013-08-13 17:07:44 FAB95B7BE330E9B1DBD56F9146F01E71 5068193 ----a-w- C:\ZHPDiag2.exe====== C:\Users\Diego\AppData\Roaming ======2013-08-13 06:07:30 -------- d-----w- C:\users\Public\AppData\Local\temp2013-08-13 06:07:30 -------- d-----w- C:\users\Diego\AppData\Local\temp2013-08-13 06:07:30 -------- d-----w- C:\users\Default\AppData\Local\temp2013-08-13 06:07:30 -------- d-----w- C:\users\Default User\AppData\Local\temp2013-07-27 01:58:04 -------- d-----w- C:\users\Diego\AppData\Roaming\GameRanger2013-07-16 01:12:02 -------- d-----w- C:\users\Diego\AppData\Roaming\Alibaba====== C:\Users\Diego ======2013-08-13 06:07:30 -------- d-----w- C:\Users\Public\AppData2013-08-12 03:32:41 0772FC64005AFA40C8781F4633418C7E 32098240 ----a-w- C:\Users\Diego\Downloads\AliIM2013_ATM(7.01.02E).exe2013-07-31 05:01:18 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2013-07-31 04:59:51 0D736AAAB3A5ACFD3A4605730A8AA33A 31945320 ----a-w- C:\Users\Diego\Downloads\SkypeSetupFull.exe====== C: exe-files ==2013-08-13 21:16:26 251F683F4447E2FD4B7E37EE97C16622 834048 ----a-w- C:\Users\Diego\AppData\Local\temp\MsgPlusUninstall.exe2013-08-13 17:09:18 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Program Files\ZHPDiag\catchme.exe2013-08-13 17:09:18 CB2D120A4B72422A8141192831B1F500 80384 ----a-w- C:\Program Files\ZHPDiag\mbrcheck.exe2013-08-13 17:09:18 5DAF7081A4BB112FA3F1915819330A3E 61440 ----a-w- C:\Program Files\ZHPDiag\pv.exe2013-08-13 17:09:18 5BBF2A0351E336646022D09009560CEF 143360 ----a-w- C:\Program Files\ZHPDiag\FileInfos.exe2013-08-13 17:09:18 2312A38B8B003330DB919FA818C48449 231048 ----a-w- C:\Program Files\ZHPDiag\sigcheck.exe2013-08-13 17:09:17 A60BCC497F3AED8F9D86FD80B749B34A 2727936 ----a-w- C:\Program Files\ZHPDiag\ZHPFix\ZHPFix.exe2013-08-13 17:09:17 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Program Files\ZHPDiag\mbr.exe2013-08-13 17:09:17 6B8AF3A2A3D9059008B55C444461CA00 61952 ----a-w- C:\Program Files\ZHPDiag\Lads.exe2013-08-13 17:09:17 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Program Files\ZHPDiag\subinacl.exe2013-08-13 17:09:17 451AE03D3C92777F09840CA56F08AB62 454056 ----a-w- C:\Program Files\ZHPDiag\setacl32.exe2013-08-13 17:09:17 3E350EB5DF15C06DEC400A39DD1C6F29 559528 ----a-w- C:\Program Files\ZHPDiag\setacl64.exe2013-08-13 17:09:16 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe2013-08-13 17:09:16 20723F65359524C4E7C587AD480D3907 7806464 ----a-w- C:\Program Files\ZHPDiag\ZHPDiag.exe2013-08-13 17:09:15 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files\ZHPDiag\ZHPhep.exe2013-08-13 17:09:15 8AE13B97BFCAD6C7D3B8C8A1C298EFB4 694736 ----a-w- C:\Program Files\ZHPDiag\unins000.exe2013-08-13 17:07:44 FAB95B7BE330E9B1DBD56F9146F01E71 5068193 ----a-w- C:\ZHPDiag2.exe2013-08-12 03:32:41 0772FC64005AFA40C8781F4633418C7E 32098240 ----a-w- C:\Users\Diego\Downloads\AliIM2013_ATM(7.01.02E).exe=== C: other files ====== Firefox Extensions ======================ProfilePath: C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\1zx84nxg.default- IDM CC - C:\Users\Diego\AppData\Roaming\IDM\idmmzcc5- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF==== Firefox Plugins ======================Profilepath: C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\1zx84nxg.default0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash101700E93EB905992B518256CB441829 - C:\Users\Diego\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google UpdateABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In0D80C49D9A4A3E096296C67BD015F614 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery5689804A4016EAF199C7FA2E3C88778F - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll - Foxit Reader Plugin for MozillaC47AC87A8E29E0E51917F5AD99688D84 - C:\Users\Diego\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll - alibaba setup one click15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight==== Chrome Look ======================HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsjmolcgpienlcieaajfkkdamlngancncm - C:\Program Files\Internet Download Manager\IDMGCExt.crx[19/07/2013 20:46]avast Online Security - Diego - Default\Extensions\gomekmidlodglbbmalcneegieacbdmkiIDM Integration - Diego - Default\Extensions\jmolcgpienlcieaajfkkdamlngancncm==== Set IE to Default ======================Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"New Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"==== All HKCU SearchScopes ======================HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"{AAA2E876-3E99-4549-AB85-C82000A0D1DE} Google Url="http://www.google.com.br/search?hl=pt-BR&q={searchTerms}&meta="{E7FCE54A-B9B1-4DB9-9C1D-A5F4976C8103} MercadoLivre Url="http://www.mercadolivre.com.br/jm/search?as_word={searchTerms}"{ECAE9BD1-F194-408A-92E0-A9AE9C2A656C} Wikipedia Url="http://pt.wikipedia.org/wiki/Especial:Search?search={searchTerms}&go=Artigo"==== Empty IE Cache ======================C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully==== Empty FireFox Cache ======================C:\users\Diego\AppData\Local\Mozilla\Firefox\Profiles\1zx84nxg.default\Cache emptied successfully==== Empty Chrome Cache ======================C:\users\Diego\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully==== Empty All Flash Cache ======================Flash Cache Emptied Successfully==== Empty All Java Cache ======================Java Cache cleared successfully==== After Reboot ========================== Empty Temp Folders ======================C:\Windows\Temp successfully emptiedC:\Users\Diego\AppData\Local\Temp successfully emptied==== Empty Recycle Bin ======================C:\$RECYCLE.BIN successfully emptied==== EOF on 13/08/2013 at 18:40:44,74 ====================== E agora o relatório do ZHPFix: Rapport de ZHPFix 2013.7.20.5 par Nicolas Coolman, Update du 20/07/2013Fichier d'export Registre :Run by Diego at 13/08/2013 19:04:25High Elevated Privileges : OKWindows 7 Ultimate Edition, 32-bit Service Pack 1 (Build 7601)Recycle Files Deleted========== Registry Key ==========DELETED Key: Mozilla Plugin: @alibaba.com/npwangwang;version=1.0DELETED Key: Mozilla Plugin: @alibaba.com/npAliSSOLogin;version=1.0DELETED Key: Mozilla Plugin: {@alibaba.com/alisetup;version=1.0}DELETED Key: HKCU\Software\APN PIPDELETED Key: HKCU\Software\SoftonicDELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}DELETED Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}========== Registry Value ==========NOT FOUND URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497}NOT FOUND RunValue: aliimDELETED RunValue: aresNOT FOUND RunValue: aresProxyFix : Proxy killed successfullyDELETED ProxyServer ValueDELETED ProxyEnable ValueDELETED EnableHttp1_1 ValueDELETED ProxyHttp1.1 ValueDELETED ProxyOverride ValueNo Value in Standard Profile Register Key FirewallRaz :No Value in Domain Profile Register Key FirewallRaz :DELETED FirewallRaz (None) : {04E6C509-C04F-486E-A335-FC50B330850F}DELETED FirewallRaz (None) : {9F2E0D08-B172-4C73-8B99-6D3C09D8BA5A}DELETED FirewallRaz (Private) : TCP Query User{52A72724-3C23-4CA6-BF8F-2F5D30D0340E}C:\downloads\age of empires ii completo traduzido\empires2.exeDELETED FirewallRaz (Private) : UDP Query User{4EE55FED-CB82-4D95-8EA9-5FDC23DA3C75}C:\downloads\age of empires ii completo traduzido\empires2.exe========== Registry Data Items ==========REMOVED Trusted Zone: alipay.comREMOVED Trusted Zone: alisoft.comREMOVED Trusted Zone: taobao.com========== Repertory ==========No Empty CLSID DirectoriesDELETED Flash Cookies========== File ==========DELETED File: c:\program files\mozilla firefox\plugins\npwangwang.dllNOT FOUND File: c:\program files\trademanager\npwangwang.dllNOT FOUND File: c:\program files\trademanager\npalissologin.dllDELETED File: c:\users\diego\appdata\local\alibaba\alisetup\0.1.0.52\npalisetuponeclick.dllNOT FOUND File: c:\program files\trademanager\aliim.exeDELETE on Reboot c:\program files\ares\ares.exeDELETED File: c:\users\diego\appdata\roaming\microsoft\internet explorer\quick launch\counter-strike non steam.lnkNOT FOUND File: c:\program files\valve\cs.ns.exeNOT FOUND Folder/File: c:\program files\trademanager\aliim.exeNOT FOUND Folder/File: c:\program files\trademanagerDELETED Window TemporaryDELETED Flash Cookies========== Task ==========DELETED Task: {28FFB70B-0525-450D-8F30-B65A8E118B8B}DELETED Task: {3809CEC8-B7B1-4C5D-997A-3D80AE8215AC}DELETED Task: {9A44096E-A23F-4018-981E-32E55339D9E9}DELETED Task: {9DF5F2FC-B9B4-40E3-A52F-11D9D30CB760}DELETED Task: {ED954EC7-9D9B-463F-8F5D-9B9ED70377B9}========== Restoration ==========Restore System Point created succefully========== Summary ==========7 : Registry Key16 : Registry Value3 : Registry Data Items2 : Repertory12 : File5 : Task1 : RestorationEnd of clean in 00mn 23s========== Report File ==========C:\ZHP\ZHPFix[R1].txt - 13/08/2013 19:04:25 [3297] Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 13, 2013 Boa Noite! dieguin11 |- Baixe: < > ( ... par Xplode ) |- Ao acessar,clique na imagem: < > |- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen". |- Salve-o no desktop! |- Clique direito em adwcleaner.exe,e escolha sua execução como |- Ps: Dê início ao scan,clicando em "Remover". < > |- Ao concluir,poste o relatório: C:\AdwCleaner[S1].txt A+ Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Agosto 14, 2013 Boa noite! DigRam Fiz como você pediu, mas a versão do programa baixada foi a 3.0 Executei como administrador e cliquei "Clean", segue abaixo o relatório gerado: # AdwCleaner v3.000 - Report created13/08/2013at22:10:20# Updated 13/08/2013 by Xplode# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)# Username : Diego - PARTICULAR-PC# Running from : C:\Users\Diego\Desktop\adwcleaner.exe***** [ Services ] ********** [ Files / Folders ] ********** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_robo-defense_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_robo-defense_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_pdfcreator_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_pdfcreator_RASMANCSKey Deleted : HKLM\Software\PIP***** [ Browsers ] *****-\\ Internet Explorer v10.0.9200.16635Setting Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch] - hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htmSetting Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [searchAssistant] - hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm-\\ Mozilla Firefox v22.0 (pt-BR)[ File : C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\1zx84nxg.default\prefs.js ]Line Deleted : user_pref("browser.newtabpage.blocked", "{\"kLOD5BNrqZmLLLp2UaLo1g==\":1,\"TQcyb471GFrr80rGBIIMTg==\[...]-\\ Google Chrome v[ File : C:\Users\Diego\AppData\Local\Google\Chrome\User Data\Default\preferences ][OK] No bad entry found.*************************AdwCleaner[0].txt - [1575 octets] - [13/08/2013 22:10:20]########## EOF - C:\AdwCleaner\AdwCleaner[0].txt - [1634 octets] ########## Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 14, 2013 Bom Dia! dieguin |- Seu navegador Firefox foi sequestrado,logo o software não é seguro. -/- |- Abra,novamente,a ferramenta Zoek. C:\Users\Diego\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll;f C:\Users\Diego\AppData\Local\Alibaba;fs C47AC87A8E29E0E51917F5AD99688D84;ff createsrpoint; |- Cole,no campo,este script em vermelho. |- Clique "Run Script". |- Poste o log ou relatório! A+ Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Agosto 14, 2013 Boa Noite! DigRam Não entendi muito bem, quando você diz que o Firefox foi sequestrado. Sou leigo nessa área, teria como me explicar o que acontece com o navegador quando isso ocorre. Segue abaixo o relatório gerado no Zoek: Zoek.exe Version 4.0.0.4 Updated 10-August-2013Tool run by Diego on 14/08/2013 at 2:38:11,00.Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Diego\Desktop\zoek.exe [script inserted]==== System Restore Info ======================14/08/2013 02:41:03 Zoek.exe System Restore Point Created Succesfully.==== FireFox Fix ======================ProfilePath: C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\1zx84nxg.defaultuser.js not found---- Lines C47AC87A8E29E0E51917F5AD99688D84 removed from prefs.js -------- Lines C47AC87A8E29E0E51917F5AD99688D84 modified from prefs.js -------- FireFox user.js and prefs.js backups ----prefs_082013_0241_.backupprefs_082013_1834_.backup==== Deleting Files \ Folders ======================"C:\Users\Diego\AppData\Local\Alibaba\AliSetup\0.1.0.52\npAliSetupOneClick.dll" not found"C:\Users\Diego\AppData\Local\Alibaba" deleted==== Firefox Extensions ======================ProfilePath: C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\1zx84nxg.default- IDM CC - C:\Users\Diego\AppData\Roaming\IDM\idmmzcc5- avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF==== Firefox Plugins ======================Profilepath: C:\Users\Diego\AppData\Roaming\Mozilla\Firefox\Profiles\1zx84nxg.default0C8597DBC74AAF5179471BA013E3C6B4 - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll - Shockwave Flash101700E93EB905992B518256CB441829 - C:\Users\Diego\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll - Google UpdateABCB4A6EAB701C629378255ABCB308E5 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll - Java Platform SE 7 U25D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\system32\npdeployJava1.dll - Java Deployment Toolkit 7.0.250.17F045DF7AF127DC4BCC53421850114E15 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll - Silverlight Plug-In0D80C49D9A4A3E096296C67BD015F614 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll - Photo Gallery5689804A4016EAF199C7FA2E3C88778F - C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll - Foxit Reader Plugin for Mozilla7D28153B7D586330678AD522B71D89CB - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrlui.dll - Microsoft® Silverlight15E298B5EC5B89C5994A59863969D9FF - C:\Windows\system32\npmproxy.dll - Microsoft® Windows® Operating System==== EOF on 14/08/2013 at 2:41:27,80 ====================== Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 14, 2013 Bom Dia! dieguin11< Browser hijacking >|- São programas que alteram as configurações de navegadores,sem o aval do utilizador,e causam efeitos desagradáveis,como redirecionamentos a endereços de associados,popups,lentidão ao navegar,favorecimentos à softwares PUPs,adwares e/ou spywares.|- Ps: Se o software Trade Manager lhe é fundamental para seus negócios ou compras,vc pode tentar a instalação portable. Ou seja! Buscando instalá-lo em sua unidade pendrive e acessando-o por intermédio do Taomee Browser,que é navegador chinês e otimizado ao DDTank. Tanto este navegador quanto o Trade Manager,vc instalará em seu pendrive.|- Ps: Vamos verificar se,ainda,temos resquícios desse hijacker no registro do Windows?-/-|- Baixe: < SEAF > ( ... de C_XX )|- Clique na seta verde,para o download.|- Salve-a no desktop!|- Para Windows Vista ou 7,dê clique direito em SEAF.exe e execute-o como administrador.|- Siga a sequência numérica,em seus procedimentos:|- < 1 > Neste campo,cole a(s) ocorrência(s)...no caso: trademanager|- < 2 > Em "Calculer le checksum",escolha "MD5".|- < 3 > Em "[ Options du registre ]",marque: "Chercher également dans le registre"|- < 4 > Clique em "Lancer la recherche" << Aguarde!|- Ps: Na mensagem,clique em "Non".|- Ao concluir,teremos o relatório: C:\SeafLog.txt << Poste-o!Abs! Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Agosto 14, 2013 Boa Tarde! DigRam Entendi agora o que você quis dizer! Posso continuar acessando o site "alibaba.com" em qualquer navegador, mas sem ter o programa instalado? Segue aí o log do SEAF: 1. ========================= SEAF 1.0.1.0 - C_XX2.3. Commencé à: 12:57:31 le 14/08/20134.5. Valeur(s) recherchée(s):6. trademanager7.8. Légende: TC => Date de création, TM => Date de modification, DA => Dernier accès9.10. (!) --- Calcul du Hash "MD5"11. (!) --- Recherche registre12.13. ====== Fichier(s) ======14.15.16. "C:\Program Files\Mozilla Firefox\plugins\nptrademanager.dll" [ ARCHIVE | 88 Ko ]17. TC: 26/03/2013,22:52:44 | TM: 26/03/2013,22:52:44 | DA: 15/04/2013,22:33:4018.19. Hash MD5: 218A7218BDB4953D6102B502BA60F4B620.21.22. =========================23.24.25. "C:\Users\Diego\AppData\Local\Google\Chrome\Application\plugins\nptrademanager.dll" [ NOT_CONTENT_INDEXED|ARCHIVE | 88 Ko ]26. TC: 26/03/2013,22:52:44 | TM: 26/03/2013,22:52:44 | DA: 19/12/2012,11:01:4227.28. Hash MD5: 218A7218BDB4953D6102B502BA60F4B629.30.31. =========================32.33.34.35. ====== Entrée(s) du registre ======36.37.38. [HKLM\Software\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0]39. DA: 13/08/2013 19:04:0540.41. [HKU\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Alibaba\ATMDataSetting]42. "DataPath"="C:\Program Files\TradeManager\profiles" (REG_SZ)43.44. [HKU\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48D49FCF-3CC7-4639-91CC-0346035512C6}]45. "AppPath"="C:\Program Files\TradeManager" (REG_SZ)46.47. [HKU\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B41C687-7E1F-4e00-AFBF-CCBF908D3003}]48. "AppPath"="C:\Program Files\Trademanager" (REG_SZ)49.50. [HKU\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{918650CA-0F85-4f03-8FF5-E1BEEBBF5828}]51. "AppPath"="C:\Program Files\Trademanager" (REG_SZ)52.53. [HKU\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F753462F-4BBA-4985-8FE9-A1A07585AA48}]54. "AppPath"="C:\Program Files\Trademanager" (REG_SZ)55.56. [HKU\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1a2ae746_0]57. ""="{0.0.0.00000000}.{fcca7803-3aa2-48d8-87db-cc10af2617ed}|\Device\HarddiskVolume1\Program Files\TradeManager\AliIM.exe%b{00000000-0000-0000-0000-000000000000}" (REG_SZ)58.59. [HKU\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\55adc766_0]60. ""="{0.0.0.00000000}.{fcca7803-3aa2-48d8-87db-cc10af2617ed}|\Device\HarddiskVolume1\Program Files\Trademanager\AliIM.exe%b{00000000-0000-0000-0000-000000000000}" (REG_SZ)61.62. [HKU\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]63. "C:\Program Files\Trademanager\Uninstall.exe"="1" (REG_DWORD)64.65. =========================66.67. Fin à: 13:00:51 le 14/08/201368. 361774 Éléments analysés69.70. =========================71. E.O.F Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 14, 2013 Olá! dieguin11 Entendi agora o que você quis dizer! Posso continuar acessando o site "alibaba.com" em qualquer navegador, mas sem ter o programa instalado? |- Isso mesmo! |- Daqui à pouco,vou editar minha mensagem e postar script na ferramenta Zoek,aqui neste Post. |- Fique atento! O44 - LFC:[MD5.DC3B33687EDA31138E758DA82EA9B660] - 13/08/2013 - 03:07:29 ---A- . (...) -- C:\ComboFix.txt [17666] |- Cuidado ao executar o ComboFix,sem estar sob supervisão. -/- |- Abra a ferramenta Zoek,como administrador!|- Copie e cole estas informações,em vermelho,no campo da ferramenta.|- Clique "Run Script".[HKU\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1a2ae746_0];r""=-;r;r[HKU\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\55adc766_0];r""=-;r;r[HKU\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted];r"C:\Program Files\Trademanager\Uninstall.exe"=-;r[-HKU\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48D49FCF-3CC7-4639-91CC-0346035512C6}];r[-HKU\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B41C687-7E1F-4e00-AFBF-CCBF908D3003}];r[-HKU\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{918650CA-0F85-4f03-8FF5-E1BEEBBF5828}];r[-HKU\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F753462F-4BBA-4985-8FE9-A1A07585AA48}];r[-HKU\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Alibaba];r[-HKLM\Software\MozillaPlugins\@alibaba.com/nptrademanager;version=1.0];r[-HKLM\Software\MozillaPlugins\nptrademanager;version=1.0];r [-HKLM\Software\MozillaPlugins\@alibaba.com];r[HKU\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Alibaba\ATMDataSetting];r"DataPath"=-;r{48D49FCF-3CC7-4639-91CC-0346035512C6};c{6B41C687-7E1F-4e00-AFBF-CCBF908D3003};c{918650CA-0F85-4f03-8FF5-E1BEEBBF5828};c{F753462F-4BBA-4985-8FE9-A1A07585AA48};c{fcca7803-3aa2-48d8-87db-cc10af2617ed};c type C:\ComboFix.txt >>"C:\log.txt";bAliIM.exe;zAliIM.exe;iC:\Users\Diego\AppData\Local\Google\Chrome\Application\plugins\nptrademanager.dll;fC:\Program Files\Mozilla Firefox\plugins\nptrademanager.dll;fC:\Program Files\Trademanager\Uninstall.exe;fC:\Program Files\TradeManager\profiles;fsC:\Program Files\TradeManager;fsemptyalltemp; shortcutfix; Zoek.exe is running now.Do not start any browser windows, they will be closed automatically.Please wait! This window will close when finished.A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log |- Surgirão estas informações,pedindo-lhe que aguarde o relatório.|- Aceite e/ou confirme o reboot! zoek.hta failed by unknown error.Restart computer, and try again. |- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.|- Poste o relatório,que estará em C:\zoek-results.txt <<A+ Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Agosto 14, 2013 Boa Noite! DigRam Eu executei o Combofix seguindo os passos de um outro tópico onde a pessoa teve um problema similar ao meu, mas pensei melhor e vi que não era melhor opção e que poderia até piorar a situação, e vim aqui pedir ajuda! :thumbsup: Segue o relatório do Zoek: Zoek.exe Version 4.0.0.4 Updated 10-August-2013Tool run by Diego on 14/08/2013 at 17:56:52,88.Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x86Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\Diego\Desktop\zoek.exe [script inserted]==== Deleting CLSID Registry Keys ========================== Deleting CLSID Registry Values ========================== File Information Results ========================== Registry Fix Code ======================Windows Registry Editor Version 5.00[HKEY_USERS\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\1a2ae746_0]""=-ECHO est desativado.[HKEY_USERS\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\55adc766_0]""=-ECHO est desativado.[HKEY_USERS\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted]"C:\Program Files\Trademanager\Uninstall.exe"=-[-HKEY_USERS\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{48D49FCF-3CC7-4639-91CC-0346035512C6}][-HKEY_USERS\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6B41C687-7E1F-4e00-AFBF-CCBF908D3003}][-HKEY_USERS\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{918650CA-0F85-4f03-8FF5-E1BEEBBF5828}][-HKEY_USERS\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F753462F-4BBA-4985-8FE9-A1A07585AA48}][-HKEY_USERS\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Alibaba][-HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@alibaba.com/nptrademanager[-HKEY_LOCAL_MACHINE\Software\MozillaPlugins\nptrademanager[-HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@alibaba.com][HKEY_USERS\S-1-5-21-3016910884-1348811529-430916093-1001\Software\Alibaba\ATMDataSetting]"DataPath"=-==== Batch Command(s) Run By Tool========================== Deleting Files \ Folders ======================"C:\Program Files\Trademanager\Uninstall.exe" not found"C:\Program Files\TradeManager\profiles" not found"C:\Program Files\TradeManager" not found"C:\Users\Diego\AppData\Local\Google\Chrome\Application\plugins\nptrademanager.dll" deleted"C:\Program Files\Mozilla Firefox\plugins\nptrademanager.dll" deleted==== Folders Found ========================== Files Found ======================--- C:\Windows\Prefetch\ALIIM.EXE-7D56BBCC.pf ---Company: ------File Description: ------File Version: ------Product Name: ------Copyright: ------Original Filename: ------File type: ----a-w-File size: 64986Created time: 2013-08-13 17:53:07Modified time: 2013-08-13 17:53:07MD5: 26C09D4858940C6B5DCC6DE74F91F0E8SHA1: 7A614BB3EDF4644077DA9B26180EFEDB67DCB55E==== shortcuts on Users Desktops ======================C:\Users\Diego\Desktop\Age of Empires 2.lnk - C:\Users\Diego\Desktop\Age of Empires II\empires2.exeC:\Users\Diego\Desktop\GameRanger.lnk - C:\Users\Diego\AppData\Roaming\GameRanger\GameRanger\GameRanger.exeC:\Users\Diego\Desktop\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exeC:\Users\Diego\Desktop\SUPERAntiSpyware Professional.lnk - C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exeC:\Users\Diego\Desktop\Age of Empires II\Support\The Conquerors - MFill.lnk - C:\Users\Diego\Desktop\Age of Empires II\age2_x1.exe mfillC:\Users\Diego\Desktop\Age of Empires II\Support\The Conquerors - MSync.lnk - C:\Users\Diego\Desktop\Age of Empires II\age2_x1.exe msyncC:\Users\Diego\Desktop\Age of Empires II\Support\The Conquerors - NoMusic.lnk - C:\Users\Diego\Desktop\Age of Empires II\age2_x1.exe nomusicC:\Users\Diego\Desktop\Age of Empires II\Support\The Conquerors - NormalMouse.lnk - C:\Users\Diego\Desktop\Age of Empires II\age2_x1.exe normalmouseC:\Users\Diego\Desktop\Age of Empires II\Support\The Conquerors - NoSC.lnk - C:\Users\Diego\Desktop\Age of Empires II\age2_x1.exe noscC:\Users\Diego\Desktop\Age of Empires II\Support\The Conquerors - NoSound.lnk - C:\Users\Diego\Desktop\Age of Empires II\age2_x1.exe nosoundC:\Users\Diego\Desktop\Age of Empires II\Support\The Conquerors - NoStartup.lnk - C:\Users\Diego\Desktop\Age of Empires II\age2_x1.exe nostartupC:\Users\Diego\Desktop\Age of Empires II\Support\The Conquerors - NoTerrainSound.lnk - C:\Users\Diego\Desktop\Age of Empires II\age2_x1.exe noterrainsound==== shortcuts on All Users Desktop ======================C:\Users\Public\Desktop\avast Internet Security.lnk - C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exeC:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLite.exeC:\Users\Public\Desktop\Foxit Reader 5.0.lnk - C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exeC:\Users\Public\Desktop\MBRCheck.lnk - C:\Program Files\ZHPDiag\mbrcheck.exeC:\Users\Public\Desktop\Skype.lnk - C:\Windows\Installer\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}\SkypeIcon.exeC:\Users\Public\Desktop\ZHPDiag.lnk - C:\Program Files\ZHPDiag\ZHPhep.exeC:\Users\Public\Desktop\ZHPFix.lnk - C:\Program Files\ZHPDiag\ZHPFix\ZHPhep.exe==== shortcuts in Users Start Menu ======================C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameRanger.lnk - C:\Users\Diego\AppData\Roaming\GameRanger\GameRanger\GameRanger.exeC:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Age of Empires II Age of Kings.lnk - C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Steam Half-life 2 Deathmatch™.lnk - C:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Users\Diego\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk - C:\Program Files\Internet Download Manager\grabber.chmC:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk - C:\Program Files\Internet Download Manager\idman.chmC:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk - C:\Program Files\Internet Download Manager\IDMan.exeC:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk - C:\Program Files\Internet Download Manager\license.txtC:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk - C:\Program Files\Internet Download Manager\tutor.chmC:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk - C:\Program Files\Internet Download Manager\Uninstall.exeC:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Revo Uninstaller.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exeC:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Run Hunter Mode.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revouninstaller.exe -hunterC:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Uninstall.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\uninst.exeC:\Users\Diego\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller\Website.lnk - C:\Program Files\VS Revo Group\Revo Uninstaller\Revo Uninstaller.url==== shortcuts in All Users Start Menu ======================C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast Internet Security.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Grabber Help.lnk - C:\Program Files\Internet Download Manager\grabber.chmC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\IDM Help.lnk - C:\Program Files\Internet Download Manager\idman.chmC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Internet Download Manager.lnk - C:\Program Files\Internet Download Manager\IDMan.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\license.lnk - C:\Program Files\Internet Download Manager\license.txtC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\TUTORIALS.lnk - C:\Program Files\Internet Download Manager\tutor.chmC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Download Manager\Uninstall IDM.lnk - C:\Program Files\Internet Download Manager\Uninstall.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight\Microsoft Silverlight.lnk - C:\Program Files\Microsoft Silverlight\5.1.20513.0\Silverlight.Configuration.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files\Skype\Phone\Skype.exe==== shortcuts in Quick Launch ======================C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Diego\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader 5.0.lnk - C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exeC:\Users\Diego\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Users\Diego\AppData\Local\Google\Chrome\Application\chrome.exeC:\Users\Diego\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exeC:\Users\Diego\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE /recycleC:\Users\Diego\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Diego\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Diego\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Diego\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Diego\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exeC:\Users\Diego\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Palyer.lnk - C:\Program Files\Windows Media Player\wmplayer.exe==== Empty IE Cache ======================C:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Diego\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully==== Empty FireFox Cache ======================C:\users\Diego\AppData\Local\Mozilla\Firefox\Profiles\1zx84nxg.default\Cache emptied successfully==== Empty Chrome Cache ======================C:\users\Diego\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully==== Empty All Flash Cache ======================Flash Cache Emptied Successfully==== Empty All Java Cache ======================Java Cache cleared successfully==== After Reboot ========================== Empty Temp Folders ======================C:\Windows\Temp successfully emptiedC:\Users\Diego\AppData\Local\Temp successfully emptied==== Empty Recycle Bin ======================C:\$RECYCLE.BIN successfully emptied==== EOF on 14/08/2013 at 18:04:21,81 ====================== Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 15, 2013 Bom Dia! dieguin11< Trade Manager Portable >|- Baixe daqui o TradeManager Portable para seu pendrive,mas desconheço que efeitos terá em seu navegador Firefox. Pode ocorrer novo sequestro e configurações impostas pelo software.< TaomeeNavegador_Instalador.rar >|- Estou executando ensaios com o TradeManager e Taomee,em meu PC,e hoje à noite irei relatar-lhe o que ocorreu.|- Manualmente.delete este ficheiro: C:\Windows\Prefetch\ALIIM.EXE-7D56BBCC.pf << -/- |- Baixe: |DelFix| ( ... de Xplode )|- Estando na página,clique na seta verde para o download.|- Salve-a em um local conveniente! ( desktop! )|- Feche aplicativos que estejam abertos.|- Execute-a!|- Com as 3 checkbox marcadas!|- Clique "Run".|- Poste o log! Abs! Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Agosto 15, 2013 Bom dia! DigRam. Obrigado por disponibilizar pra mim o TradeManager Portátil, ainda nem havia procurado. Esse Taomee Navegador é melhor que os outros navegadores normalmente usados ou se equivale aos outros? Aguardarei sua resposta com o resultado dos testes que você fez em seu PC. Segue o log do Delfix: # DelFix v10.4 - Logfile created 15/08/2013 at 14:45:11# Updated 19/07/2013 by Xplode# Username : Diego - PARTICULAR-PC# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)~ Removing disinfection tools ...Deleted : C:\ZHPDeleted : C:\Program Files\ZHPDiagDeleted : C:\Program Files\SEAFDeleted : C:\ComboFix.txtDeleted : C:\log.txtDeleted : C:\PhysicalDisk0_MBR.binDeleted : C:\SeafLog.txtDeleted : C:\ZHPDiag2.exeDeleted : C:\zoek-results.logDeleted : C:\Users\Diego\Desktop\adwcleaner.exeDeleted : C:\Users\Diego\Desktop\hijackthis.logDeleted : C:\Users\Diego\Desktop\seaf.exeDeleted : C:\Users\Diego\Desktop\ZHPDiag.txtDeleted : C:\Users\Diego\Desktop\ZHPFixReport.txtDeleted : C:\Users\Diego\Desktop\zoek.exeDeleted : C:\Users\Public\Desktop\MBRCheck.lnkDeleted : C:\Users\Public\Desktop\ZHPDiag.lnkDeleted : C:\Users\Public\Desktop\ZHPFix.lnkDeleted : HKLM\SOFTWARE\AdwCleanerDeleted : HKLM\SOFTWARE\SwearwareDeleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SEAFDeleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1~ Cleaning system restore ...Deleted : RP #338 [ComboFix created restore point | 08/13/2013 06:24:11]Deleted : RP #340 [Revo Uninstaller's restore point - Messenger Plus! | 08/13/2013 21:15:55]Deleted : RP #342 [Revo Uninstaller's restore point - TradeManager 2013 Beta2 | 08/13/2013 21:25:30]Deleted : RP #343 [zoek.exe restore point | 08/13/2013 21:30:49]Deleted : RP #345 [P | 08/13/2013 22:04:11]Deleted : RP #346 [zoek.exe restore point | 08/14/2013 05:40:49]Deleted : RP #347 [Windows Update | 08/14/2013 06:18:54]New restore point created !~ Resetting system settings ... OK########## - EOF - ########## Obrigado! Abç Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 15, 2013 Olá! dieguin11 |- Tentei instalar a Portable,versão 2011,disponibilizada no 4 Shared e não funcionou. Mesmo assim,reparei integração ao navegador Internet Explorer,não dando opções à outros navegadores. Com isso o Taomee pode ser abortado nesse intento. |- Ps: Gostei muito do Taomee... é rápido! E...até agora,não vi ocorrerem craches. |- Vou testar versão mais moderna do TradeManager e ver se o integro ao Taomee,mesmo não sendo portable. --//-- < TradeManager for Windows > |- Baixei daqui o software e o instalei no pendrive e,parece-me que alterou o IE,apesar de estar com o Taomee aberto. Tenho que ter cadastro no Alibaba.com...igual ao Yahoo. - Vou me cadastrar! - Cliquei em Join Free e vou efetuar a "Account Registation". - Concluí e estou aguardando o fim do "Auto Login"...que não termina e fica em "loading..." interminável. - Não consegui o cadastro com o Taomee aberto,e vou abrir oIE que o software configurou para abrir com esta página inicial. - Vou,novamente,tentar o cadastro! - O novo cadastro não foi aceito,com o mesmo endereço de e-mail. Apesar de faltar alguns detalhes,ele foi aceito e acessei assim mesmo,mas abriu uma página pedindo a confirmação do e-mail. Fui ao Yahoo e confirmei o e-mail,clicando no botão "Confirm Email Address". - Maravilha...consegui o cadastro,que foi fácil utilizando o IE. - Fechei todas as guias que estavam abertas e vou testar o comunicador TradeManager,já dispondo de senha e login. - Pronto! Acessei a página de contatos...mas o Inglês é necessário para dialogar. |- Viu dieguin11? Tente o IE e não o Firefox,que vc irá conseguir. |- Informe os resultados! Abs! Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Agosto 16, 2013 Boa noite! DigRam Vou ficar no aguardo do resultados dos testes com a versão mais atual do TradeManager! Após executar todos esses procedimentos, posso ter certeza que não tem nenhum malware ou vírus no PC? Se a resposta for não, você poderia me indicar alguma ferramenta eficaz que faça a verificação em todo PC, detectando possíveis ameaças. Abç! Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Agosto 16, 2013 Boa noite! DigRam Consigo abrir acessar o site Alibaba.com pelo Firefox sem problemas, meu problema era o programa TradeManager que não queria abrir. Mas acho que agora está tudo certo, vou instalar em um pendrive mesmo e tentar rodar o programa por lá. Obrigado! Abç Compartilhar este post Link para o post Compartilhar em outros sites
DigRam 144 Denunciar post Postado Agosto 16, 2013 Olá! dieguin11 |- Não tem vírus em seu PC! |- O problema eram adwares,que podiam estar interferindo no software. Tudo Ok? Abs! Compartilhar este post Link para o post Compartilhar em outros sites
dieguin11 0 Denunciar post Postado Agosto 16, 2013 Boa Noite! DigRam Tudo certo então! Muito obrigado pela ajuda! Abç! Compartilhar este post Link para o post Compartilhar em outros sites
