Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

jucca

[Resolvido] &nbspRede caindo e computador congelando

Por , em Tópicos Resolvidos (Seguranca & Malwares)

Recommended Posts

jucca    0

jucca
Postado

Olá a todos

 

A alguns dias um computador menos importante da rede começou a congelar sozinho. Somente resetando para voltar.

 

Depois de alguns dias a rede começou a cair, fiquei uma hora buscando o problema, até que lembrei que havia isolado este computador e ele estava congelado, tinha esquecido de resetar. Quando resetei, a rede voltou instantaneamente.

 

Ficou claro que é vírus ou malware. Quando ela está fora da rede, nada acontece, tudo normal.

Preciso de ajuda para caçá-lo, uma vez que não posso formatar a máquina.

 

Segue abaixo o log Hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:24:58, on 15/09/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Internet Explorer\IELowutil.exe
C:\HijackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.16.16\bh\delta.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.16.16\deltaTlbr.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: entrada.bat
O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converter destino do link em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EE9868F-EC6A-43EA-A01D-A0DD32D9E3FA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3EE9868F-EC6A-43EA-A01D-A0DD32D9E3FA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3EE9868F-EC6A-43EA-A01D-A0DD32D9E3FA}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: c:\progra~3\browse~1\261519~1.190\{c16c1~1\browse~1.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: BrowserProtect - Unknown owner - C:\ProgramData\BrowserProtect\2.6.1519.190\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12563 bytes

 

Grato

Julio

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! jucca

 

|- Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )

|- Ao acessar,clique na imagem: < AdwCleaner_Tlcharger.jpg >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como Executar_Administrador.jpg

advz4z8Y.jpg

|- Ps: Dê início à ferramenta,clicando em "Scan".
|- Clique "Clean",caso fique disponível,para cada guia acessada em "Results".

|- Clique nas setinhas laterais,para ter acesso às guias "Firefox" ou "Chrome". < adegUsFH.jpg >
|- Ao concluir,clique "Report".

< C:\AdwCleaner\AdwCleaner[s0].txt > ou < C:\AdwCleaner\AdwCleaner[s1].txt > ;S2, S3;...

|- Poste todos os relatórios que estarão em C:\AdwCleaner <<

 

-/-

 

|- Baixe: < ZHPDiag2.exe > < NicolasCoolman.jpg > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Execute o ícone do pergaminho. ( ZHPDiag )

abynh7jv.jpg

|- Clique: "CONFIGURE"

ZHPDiag_Options2_zps5a090bf7.jpg

|- Clique: "Options" >> "All" >> OK

ZHPDiag_FullAnalysis_zps60157826.jpg

|- Clique: "CONFIGURE" >> "Full Analysis"
|- Aguarde a conclusão!
|- Caso ocorra travamentos e não possa obter o log,aborte a verificação completa e faça a customizada.
|- Volte a janela principal da ferramenta.

adcYraWj.jpg

|- Clique "SEARCH" e aguarde a conclusão!
|- Ou clique "Options" >> "None".

ZHPDiag_AdditionalScan_zps21f11520.jpg

|- Marque,apenas,a opção "Additional Scan (O88)".

~ Unselected Option:

O1,039,O40,O41,O42,O43,O44,O45,O46,O47,
O48,O49,O50,O51,O52,O53,O54,O55,O56,O57,
O58,O59,O60,O61,O62,O63,O64,O65,O66,O67,
O68,O69,O80,O81,O82,O83,O84,O85,O86,O87,
O89,O90,O91,O92
####

|- Desta forma,estas opções serão desabilitadas!

 

zhpdia11.png

|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

 

|- Ou acesse: < Cjoint_Logo.jpg >

 

|- Maiores informações: < http://forum.imasters.com.br/topic/452911-myfiletk-cjoint/'>Link >

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

jucca    0

jucca
Postado

DigRam, obrigado pela ajuda.

 

No caso do ZHP Diag, não consegui passar completo, quanto ele chegou em uma análise do Gateway, falhou, porque desliguei este micro da rede, deve ter sido isto. Se for o caso, em uma próxima interação ligo ele na rede. Estou fazendo por pendrive.

 

Seguem logs:

 

------------------------------------- INÍCIO ADCLEANER ------------------------------------

 

# AdwCleaner v3.004 - Relatório criado 15/09/2013 no 20:56:22
# Atualizado 15/09/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Janaina - JANAINA-PC
# Executando de : C:\Users\Janaina\Desktop\adwcleaner.exe
# Opção : Examinar
***** [ Serviços ] *****
Serviço Encontrado : BrowserProtect
***** [ Arquivos / Pastas ] *****
Arquivo Encontrado : C:\Users\Janaina\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Arquivo Encontrado : C:\Users\Janaina\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Arquivo Encontrado : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\bprotector_extensions.sqlite
Arquivo Encontrado : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\bprotector_prefs.js
Arquivo Encontrado : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\searchplugins\Babylon.xml
Arquivo Encontrado : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\searchplugins\delta.xml
Arquivo Encontrado : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\user.js
Arquivo Encontrado : C:\Windows\System32\Tasks\DSite
Arquivo Encontrado : C:\Windows\System32\Tasks\EPUpdater
Arquivo Encontrado : C:\Windows\Tasks\DSite.job
Pasta Encontrado : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\Extensions\ffxtlbr@delta.com
Pasta Encontrado C:\Program Files (x86)\baidu
Pasta Encontrado C:\Program Files (x86)\delta
Pasta Encontrado C:\ProgramData\Babylon
Pasta Encontrado C:\ProgramData\boost_interprocess
Pasta Encontrado C:\ProgramData\BrowserProtect
Pasta Encontrado C:\Users\Janaina\AppData\LocalLow\delta
Pasta Encontrado C:\Users\Janaina\AppData\Roaming\BabSolution
Pasta Encontrado C:\Users\Janaina\AppData\Roaming\Babylon
Pasta Encontrado C:\Users\Janaina\AppData\Roaming\delta
Pasta Encontrado C:\Users\Janaina\AppData\Roaming\DSite
Pasta Encontrado C:\Users\Janaina\AppData\Roaming\file scout
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Encontrada : HKCU\Software\BabSolution
Chave Encontrada : HKCU\Software\DataMngr
Chave Encontrada : HKCU\Software\Delta
Chave Encontrada : HKCU\Software\dsiteproducts
Chave Encontrada : HKCU\Software\f68c8ce539bf41
Chave Encontrada : HKCU\Software\InstallCore
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Encontrada : [x64] HKCU\Software\BabSolution
Chave Encontrada : [x64] HKCU\Software\DataMngr
Chave Encontrada : [x64] HKCU\Software\Delta
Chave Encontrada : [x64] HKCU\Software\dsiteproducts
Chave Encontrada : [x64] HKCU\Software\InstallCore
Chave Encontrada : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Encontrada : HKLM\Software\Babylon
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Chave Encontrada : HKLM\SOFTWARE\Classes\delta.deltaappCore
Chave Encontrada : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Chave Encontrada : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Chave Encontrada : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Chave Encontrada : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Chave Encontrada : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Chave Encontrada : HKLM\SOFTWARE\Classes\escort.escortIEPane
Chave Encontrada : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Chave Encontrada : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Chave Encontrada : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Chave Encontrada : HKLM\SOFTWARE\Classes\Prod.cap
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Encontrada : HKLM\Software\DataMngr
Chave Encontrada : HKLM\Software\Delta
Chave Encontrada : HKLM\SOFTWARE\f68c8ce539bf41
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
Valor Encontrada : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valor Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Mozilla Firefox v23.0.1 (pt-BR)
[ Arquivo : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\prefs.js ]
Linha encontrada : user_pref("browser.search.defaultenginename", "Delta Search");
Linha encontrada : user_pref("browser.search.order.1", "Delta Search");
Linha encontrada : user_pref("browser.search.selectedEngine", "Delta Search");
Linha encontrada : user_pref("extensions.delta.admin", false);
Linha encontrada : user_pref("extensions.delta.aflt", "babsst");
Linha encontrada : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Linha encontrada : user_pref("extensions.delta.autoRvrt", "false");
Linha encontrada : user_pref("extensions.delta.dfltLng", "en");
Linha encontrada : user_pref("extensions.delta.excTlbr", false);
Linha encontrada : user_pref("extensions.delta.ffxUnstlRst", true);
Linha encontrada : user_pref("extensions.delta.id", "d0bea5c00000000000007071bc6bd6c8");
Linha encontrada : user_pref("extensions.delta.instlDay", "15835");
Linha encontrada : user_pref("extensions.delta.instlRef", "sst");
Linha encontrada : user_pref("extensions.delta.newTab", false);
Linha encontrada : user_pref("extensions.delta.prdct", "delta");
Linha encontrada : user_pref("extensions.delta.prtnrId", "delta");
Linha encontrada : user_pref("extensions.delta.rvrt", "false");
Linha encontrada : user_pref("extensions.delta.smplGrp", "none");
Linha encontrada : user_pref("extensions.delta.tlbrId", "base");
Linha encontrada : user_pref("extensions.delta.tlbrSrchUrl", "");
Linha encontrada : user_pref("extensions.delta.vrsn", "1.8.16.16");
Linha encontrada : user_pref("extensions.delta.vrsni", "1.8.16.16");
Linha encontrada : user_pref("extensions.delta.vrsnTs", "1.8.16.1611:38:09");
-\\ Google Chrome v28.0.1500.95
[ Arquivo : C:\Users\Janaina\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [10554 octets] - [15/09/2013 20:56:22]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [10615 octets] ##########
# AdwCleaner v3.004 - Relatório criado 15/09/2013 no 20:59:52
# Atualizado 15/09/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Janaina - JANAINA-PC
# Executando de : C:\Users\Janaina\Desktop\adwcleaner.exe
# Opção : Examinar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Arquivo Encontrado : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\searchplugins\Babylon.xml
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Mozilla Firefox v23.0.1 (pt-BR)
[ Arquivo : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\prefs.js ]
-\\ Google Chrome v28.0.1500.95
[ Arquivo : C:\Users\Janaina\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [10720 octets] - [15/09/2013 20:56:22]
AdwCleaner[R1].txt - [1208 octets] - [15/09/2013 20:59:52]
AdwCleaner[s0].txt - [10221 octets] - [15/09/2013 20:57:10]
########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [1329 octets] ##########
# AdwCleaner v3.004 - Relatório criado 15/09/2013 no 21:02:29
# Atualizado 15/09/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Janaina - JANAINA-PC
# Executando de : C:\Users\Janaina\Desktop\adwcleaner.exe
# Opção : Examinar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Mozilla Firefox v23.0.1 (pt-BR)
[ Arquivo : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\prefs.js ]
-\\ Google Chrome v28.0.1500.95
[ Arquivo : C:\Users\Janaina\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [10720 octets] - [15/09/2013 20:56:22]
AdwCleaner[R1].txt - [1409 octets] - [15/09/2013 20:59:52]
AdwCleaner[R2].txt - [907 octets] - [15/09/2013 21:02:29]
AdwCleaner[s0].txt - [10221 octets] - [15/09/2013 20:57:10]
AdwCleaner[s1].txt - [1461 octets] - [15/09/2013 21:00:21]
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1087 octets] ##########
# AdwCleaner v3.004 - Relatório criado 15/09/2013 no 21:06:00
# Atualizado 15/09/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Janaina - JANAINA-PC
# Executando de : C:\Users\Janaina\Desktop\adwcleaner.exe
# Opção : Examinar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Mozilla Firefox v23.0.1 (pt-BR)
[ Arquivo : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\prefs.js ]
-\\ Google Chrome v28.0.1500.95
[ Arquivo : C:\Users\Janaina\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [10720 octets] - [15/09/2013 20:56:22]
AdwCleaner[R1].txt - [1409 octets] - [15/09/2013 20:59:52]
AdwCleaner[R2].txt - [1167 octets] - [15/09/2013 21:02:29]
AdwCleaner[R3].txt - [967 octets] - [15/09/2013 21:06:00]
AdwCleaner[s0].txt - [10221 octets] - [15/09/2013 20:57:10]
AdwCleaner[s1].txt - [1461 octets] - [15/09/2013 21:00:21]
AdwCleaner[s2].txt - [1226 octets] - [15/09/2013 21:03:40]
########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1207 octets] ##########
# AdwCleaner v3.004 - Relatório criado 15/09/2013 no 20:57:10
# Atualizado 15/09/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Janaina - JANAINA-PC
# Executando de : C:\Users\Janaina\Desktop\adwcleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletado : BrowserProtect
***** [ Arquivos / Pastas ] *****
Pasta Deletado : C:\ProgramData\Babylon
Pasta Deletado : C:\ProgramData\boost_interprocess
[!] Pasta Deletado : C:\ProgramData\BrowserProtect
Pasta Deletado : C:\Program Files (x86)\baidu
Pasta Deletado : C:\Program Files (x86)\delta
Pasta Deletado : C:\Users\Janaina\AppData\LocalLow\delta
Pasta Deletado : C:\Users\Janaina\AppData\Roaming\BabSolution
Pasta Deletado : C:\Users\Janaina\AppData\Roaming\Babylon
Pasta Deletado : C:\Users\Janaina\AppData\Roaming\delta
Pasta Deletado : C:\Users\Janaina\AppData\Roaming\DSite
Pasta Deletado : C:\Users\Janaina\AppData\Roaming\file scout
Pasta Deletado : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\Extensions\ffxtlbr@delta.com
Arquivo Deletado : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\bprotector_extensions.sqlite
Arquivo Deletado : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\bprotector_prefs.js
Arquivo Deletado : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\searchplugins\Babylon.xml
Arquivo Deletado : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\searchplugins\delta.xml
Arquivo Deletado : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\user.js
Arquivo Deletado : C:\Users\Janaina\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
Arquivo Deletado : C:\Users\Janaina\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
Arquivo Deletado : C:\Windows\Tasks\DSite.job
Arquivo Deletado : C:\Windows\System32\Tasks\DSite
Arquivo Deletado : C:\Windows\System32\Tasks\EPUpdater
***** [ Atalhos ] *****
***** [ Registro ] *****
Valor Deleteda : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Valor Deleteda : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Deleteda : HKLM\SOFTWARE\Classes\delta.deltaappCore
Chave Deleteda : HKLM\SOFTWARE\Classes\delta.deltaappCore.1
Chave Deleteda : HKLM\SOFTWARE\Classes\delta.deltadskBnd
Chave Deleteda : HKLM\SOFTWARE\Classes\delta.deltadskBnd.1
Chave Deleteda : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Chave Deleteda : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Chave Deleteda : HKLM\SOFTWARE\Classes\escort.escortIEPane
Chave Deleteda : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Chave Deleteda : HKLM\SOFTWARE\Classes\esrv.deltaESrvc
Chave Deleteda : HKLM\SOFTWARE\Classes\esrv.deltaESrvc.1
Chave Deleteda : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Deleteda : HKCU\Software\f68c8ce539bf41
Chave Deleteda : HKLM\SOFTWARE\f68c8ce539bf41
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chave Deleteda : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Deleteda : HKLM\SOFTWARE\Classes\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Chave Deleteda : HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Chave Deleteda : HKLM\SOFTWARE\Classes\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Chave Deleteda : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Chave Deleteda : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Deleteda : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Chave Deleteda : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Valor Deleteda : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{82E1477C-B154-48D3-9891-33D83C26BCD3}]
Chave Deleteda : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Deleteda : HKCU\Software\BabSolution
Chave Deleteda : HKCU\Software\DataMngr
Chave Deleteda : HKCU\Software\Delta
Chave Deleteda : HKCU\Software\dsiteproducts
Chave Deleteda : HKCU\Software\InstallCore
Chave Deleteda : HKLM\Software\Babylon
Chave Deleteda : HKLM\Software\DataMngr
Chave Deleteda : HKLM\Software\Delta
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Chave Deleteda : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Delta
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Mozilla Firefox v23.0.1 (pt-BR)
[ Arquivo : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\prefs.js ]
Linha deletada : user_pref("browser.search.defaultenginename", "Delta Search");
Linha deletada : user_pref("browser.search.order.1", "Delta Search");
Linha deletada : user_pref("browser.search.selectedEngine", "Delta Search");
Linha deletada : user_pref("extensions.delta.admin", false);
Linha deletada : user_pref("extensions.delta.aflt", "babsst");
Linha deletada : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Linha deletada : user_pref("extensions.delta.autoRvrt", "false");
Linha deletada : user_pref("extensions.delta.dfltLng", "en");
Linha deletada : user_pref("extensions.delta.excTlbr", false);
Linha deletada : user_pref("extensions.delta.ffxUnstlRst", true);
Linha deletada : user_pref("extensions.delta.id", "d0bea5c00000000000007071bc6bd6c8");
Linha deletada : user_pref("extensions.delta.instlDay", "15835");
Linha deletada : user_pref("extensions.delta.instlRef", "sst");
Linha deletada : user_pref("extensions.delta.newTab", false);
Linha deletada : user_pref("extensions.delta.prdct", "delta");
Linha deletada : user_pref("extensions.delta.prtnrId", "delta");
Linha deletada : user_pref("extensions.delta.rvrt", "false");
Linha deletada : user_pref("extensions.delta.smplGrp", "none");
Linha deletada : user_pref("extensions.delta.tlbrId", "base");
Linha deletada : user_pref("extensions.delta.tlbrSrchUrl", "");
Linha deletada : user_pref("extensions.delta.vrsn", "1.8.16.16");
Linha deletada : user_pref("extensions.delta.vrsni", "1.8.16.16");
Linha deletada : user_pref("extensions.delta.vrsnTs", "1.8.16.1611:38:09");
-\\ Google Chrome v28.0.1500.95
[ Arquivo : C:\Users\Janaina\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [10720 octets] - [15/09/2013 20:56:22]
AdwCleaner[s0].txt - [10075 octets] - [15/09/2013 20:57:10]
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10136 octets] ##########
# AdwCleaner v3.004 - Relatório criado 15/09/2013 no 21:00:21
# Atualizado 15/09/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Janaina - JANAINA-PC
# Executando de : C:\Users\Janaina\Desktop\adwcleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Arquivo Deletado : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\searchplugins\Babylon.xml
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Chave Deleteda : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Mozilla Firefox v23.0.1 (pt-BR)
[ Arquivo : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\prefs.js ]
-\\ Google Chrome v28.0.1500.95
[ Arquivo : C:\Users\Janaina\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [10720 octets] - [15/09/2013 20:56:22]
AdwCleaner[R1].txt - [1409 octets] - [15/09/2013 20:59:52]
AdwCleaner[s0].txt - [10221 octets] - [15/09/2013 20:57:10]
AdwCleaner[s1].txt - [1321 octets] - [15/09/2013 21:00:21]
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [1381 octets] ##########
# AdwCleaner v3.004 - Relatório criado 15/09/2013 no 21:03:40
# Atualizado 15/09/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Janaina - JANAINA-PC
# Executando de : C:\Users\Janaina\Desktop\adwcleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Mozilla Firefox v23.0.1 (pt-BR)
[ Arquivo : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\prefs.js ]
-\\ Google Chrome v28.0.1500.95
[ Arquivo : C:\Users\Janaina\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [10720 octets] - [15/09/2013 20:56:22]
AdwCleaner[R1].txt - [1409 octets] - [15/09/2013 20:59:52]
AdwCleaner[R2].txt - [1167 octets] - [15/09/2013 21:02:29]
AdwCleaner[s0].txt - [10221 octets] - [15/09/2013 20:57:10]
AdwCleaner[s1].txt - [1461 octets] - [15/09/2013 21:00:21]
AdwCleaner[s2].txt - [1086 octets] - [15/09/2013 21:03:40]
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1146 octets] ##########
# AdwCleaner v3.004 - Relatório criado 15/09/2013 no 21:03:40
# Atualizado 15/09/2013 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Janaina - JANAINA-PC
# Executando de : C:\Users\Janaina\Desktop\adwcleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Mozilla Firefox v23.0.1 (pt-BR)
[ Arquivo : C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\prefs.js ]
-\\ Google Chrome v28.0.1500.95
[ Arquivo : C:\Users\Janaina\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [10720 octets] - [15/09/2013 20:56:22]
AdwCleaner[R1].txt - [1409 octets] - [15/09/2013 20:59:52]
AdwCleaner[R2].txt - [1167 octets] - [15/09/2013 21:02:29]
AdwCleaner[s0].txt - [10221 octets] - [15/09/2013 20:57:10]
AdwCleaner[s1].txt - [1461 octets] - [15/09/2013 21:00:21]
AdwCleaner[s2].txt - [1086 octets] - [15/09/2013 21:03:40]
########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1146 octets] ##########

 

------------------------------------- FIM ADCLEANER ------------------------------------

 

 

------------------------------------- INÍCIO ZHP DIAG 2 ------------------------------------

 

~ Relatório do ZHPDiag v2013.9.14.26 - Nicolas Coolman (14/09/2013)
~ Iniciado por Janaina (15/09/2013 21:29:26)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador :
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16660
MFIE: Mozilla Firefox 23.0.1
GCIE: Google Chrome v28.0.1500.95 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Avira Free Antivirus v13.0.0.3885
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.04 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 9 ActiveX
Java 7 Update 25
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8125 MB (81% free)
System Restore: Activé (Enable)
System drive C: has 385 GB (82%) free of 466 GB
---\\ Modo de conexão ao sistema
~ Computer Name: JANAINA-PC
~ User Name: Janaina
~ All Users Names: UpdatusUser, Janaina, Convidado, Administrador,
~ Unselected Option: 01,039,040,041,042,O43,044,045,046,047,048, 49,O50,O51,O52,O53,O54,O55,O56,057,O58,O59, 60,061,O62,063,064,065,066,O67,068,069,080,O81,O82,O83,ados,O84,O85,O86,O87,089, O2,090,091,O92,NTFS,O36, O4
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppData% : C:\Users\Janaina\AppData\Roaming\
~ %Desktop% : C:\Users\Janaina\Desktop\
~ %Favorites% : C:\Users\Janaina\Favorites\
~ %LocalAppData% : C:\Users\Janaina\AppData\Local\
~ %StartMenu% : C:\Users\Janaina\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C:\ Hard drive, Flash drive, Thumb drive (Free 385 Go of 466 Go)
D:\ CD-ROM drive (Not Inserted)
E:\ CD-ROM drive (Not Inserted)
F:\ Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install] LastSuccessTime : Out Of Date
~ Security Center: 29 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.AC155DD9BD1E6D3B740826A4D1C68AAE] - (.Microsoft Corporation - Internet Extensions para Win32.) (.26/07/2013 - 02:13:37.) -- C:\Windows\System32\wininet.dll [2241024]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.1C7857B62DE5994A75B054A9FD4C3825] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:24.) -- C:\Windows\system32\Drivers\AFD.sys [498688]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 08:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Videos (My Videos) : 1/5
~ Mes Favoris (My Favorites) : 1/16
~ Mes Documents (My Documents) : 1/6
~ Mon Bureau (My Desktop) : 0/1
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.4EE76D4CB055E8EC281177771345E8B3] - (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe [312376] [PID.3184]
[MD5.1FAACF63CAC0084137E6C62A5A0451F5] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [345144] [PID.3204]
[MD5.D15FE044EF9776466FBA00D7FBD7B7B6] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7953408] [PID.2984]
[MD5.81F177C1954453AF407604160BD149CB] - (.NVIDIA Corporation - Stereo Vision Control Panel API Server.) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [383264] [PID.900]
[MD5.0E68A0BD86C3F2461C7DB224368AE438] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\GbpSv.exe [410152] [PID.928]
[MD5.2E2B1A491CB78C7D8C8A265C004B1F79] - (.Avira Operations GmbH & Co. KG - Avira Scheduler.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [84024] [PID.1428]
[MD5.249A44DCFA2500EB1C020E33A3E9F25B] - (.Adobe Systems Incorporated - Adobe® Flash® Player Update Service 11.6 r6.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [163328] [PID.1592]
[MD5.AAE3238C2A0B2CF17851B3D06C8EA8C0] - (.Avira Operations GmbH & Co. KG - Avira On-Access Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [108088] [PID.1632]
[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Program Files (x86)\Bonjour\mDNSResponder.exe [229376] [PID.1660]
[MD5.1D82A01A368255FE78C65CF66B5B8281] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [268824] [PID.1708]
[MD5.879F46329B7DC4D109345AA96F1AB47F] - (.TeamViewer GmbH - TeamViewer 8.) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [4150112] [PID.1916]
[MD5.506708142BC63DABA64F2D3AD1DCD5BF] - (.Google Inc. - Google Installer.) -- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [116648] [PID.2216]
[MD5.8726802EA4FBFFA3FD54FD2449BF51D4] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.21.153\GoogleCrashHandler.exe [217992] [PID.2276]
[MD5.C6142B8CB72558D91CEA8E38F1B7D905] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2320920] [PID.3800]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Janaina\AppData\Local\Google\Chrome\User Data\Default\Preferences
~ Google Browser: 6 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default\prefs.js
M0 - MFSP: prefs.js [Janaina - 785vapo5.default] http://br.hao123.com
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Janaina\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com
R0 - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com
R0 - HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com
~ IE Browser: 14 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Wow6432Node\Run: [PWRISOVM.EXE] . (.Power Software Ltd - PowerISO Virtual Drive Manager.) -- C:\Program Files (x86)\PowerISO\PWRISOVM.exe
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe
~ Application: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EE9868F-EC6A-43EA-A01D-A0DD32D9E3FA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3EE9868F-EC6A-43EA-A01D-A0DD32D9E3FA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3EE9868F-EC6A-43EA-A01D-A0DD32D9E3FA}: NameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\GbpSv.exe
O23 - Service: Intel® Management & Security Applicati (UNS) . (.Intel Corporation - User Notification Service.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
~ Services: 14 Legitimates Filtered in 00mn 02s
---\\ Scâner Aditional (088)
Database Version : 12917 - (14/09/2013)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 402292 Items scanned in 00mn 16s
~ 73 Legitimates filtered by white list
End of the scan (233 lines in 00mn 22s)(0)

 

------------------------------------- FIM ZHP DIAG 2 ------------------------------------

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Boa Noite! jucca

 

|- Baixe: < 1268r49.png > ( ... by Oleg N. Scherbakov )
|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,clique direito em JRT.exe e execute-o ... Executar_Administrador.jpg
|- Aguarde a conclusão e poste o relatório. ( JRT.txt )

 

-/-

 

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < 51a612a8b27e2-Zoek.png zoek.exe >

|- Salve-o no desktop!
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

 

hijackthis;
iedefaults;
autoclean;
emptyalltemp;

 

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

 

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.

 

Zoek_Reboot_zpscf60b3cf.jpg

|- Aceite e/ou confirme o reboot!

 

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

 

 

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

jucca    0

jucca
Postado

Seguem novos relatórios. O Zoek não acusou erro.w

 

 

 

JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.1 (09.15.2013:1)
OS: Windows 7 Ultimate x64
Ran by Janaina on 15/09/2013 at 23:04:10,83
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-826875353-3454032394-1481404987-1000\Software\SweetIM
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted the following from C:\Users\Janaina\AppData\Roaming\mozilla\firefox\profiles\785vapo5.default\prefs.js
user_pref("browser.newtab.url", "hxxp://br.hao123.com/?tn=bbl_pay_hp_01_hao123_br&babsrc=NT_ss&mntrId=D0BE7071BC6BD6C8");
user_pref("browser.startup.homepage", "hxxp://br.hao123.com/?tn=bbl_pay_hp_01_hao123_br&babsrc=HP_ss&mntrId=D0BE7071BC6BD6C8");
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/09/2013 at 23:08:47,50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ZOEK:
Zoek.exe Version 4.0.0.4 Updated 14-September-2013
Tool run by Janaina on 15/09/2013 at 23:13:14,42.
Microsoft Windows 7 Ultimate 6.1.7601 Service Pack 1 x64
Running in: Normal Mode No Internet Access Detected
Launched: C:\Users\Janaina\Desktop\zoek.exe [script inserted]
==== System Restore Info ======================
15/09/2013 23:13:52 Zoek.exe System Restore Point Created Succesfully.
==== Creating Sample_092013_2316.zip ======================
Copied file C:\Users\Janaina\AppData\Roaming\unins000.exe to sample\unins000.exe
sample\unins000.exe renamed to AD6E810B9CE3D8C0C1FF0203C68C6FA6
C:\Users\Public\Desktop\sample_092013_2316.zip created successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default
user.js not found
---- Lines delta removed from prefs.js ----
---- Lines delta modified from prefs.js ----
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"web2pdfextension@web2pdf.adobedotcom\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Adobe\\\\Acrobat 10.0\\\\Acrobat\\\\Browser\\\\WCFirefoxExtn\",\"mtime\":1361217188790,\"rdfTime\":1315242308000}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\browser\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1376868343988,\"rdfTime\":1376868343769}}},{\"name\":\"winreg-app-user\",\"addons\":{\"{87F8774F-B485-47E2-A755-A40A8A5E886C}\":{\"descriptor\":\"C:\\\\Users\\\\Janaina\\\\AppData\\\\Local\\\\GAS Tecnologia\\\\GBBD\\\\bb\\\\sf.xpi\",\"mtime\":1375832996947}}},{\"name\":\"app-profile\",\"addons\":{\"ffxtlbr@delta.com\":{\"descriptor\":\"C:\\\\Users\\\\Janaina\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\785vapo5.default\\\\extensions\\\\ffxtlbr@delta.com\",\"mtime\":1368196689318,\"rdfTime\":1352283188000}}}]");
---- FireFox user.js and prefs.js backups ----
prefs_092013_2317_.backup
==== Deleting Files \ Folders ======================
"C:\Users\Janaina\AppData\Roaming\unins000.exe" deleted
"C:\Windows\SysWow64\searchplugins" deleted
"C:\Windows\SysWow64\Extensions" deleted
==== Firefox Extensions ======================
==== Firefox Plugins ======================
Profilepath: C:\Users\Janaina\AppData\Roaming\Mozilla\Firefox\Profiles\785vapo5.default
02266A21529DA473F2ADEA228E54D8C6 - C:\Users\Janaina\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
D7324EB1EDCB8990F8522DE0311359E9 - C:\Windows\SysWOW64\npDeployJava1.dll - Java Deployment Toolkit 7.0.250.17
EDF220A1DCDB2CB01DCEA8E80B1435C5 - C:\Windows\SysWOW64\NPSWF32.dll - Shockwave Flash
15E298B5EC5B89C5994A59863969D9FF - C:\Windows\SysWOW64\npmproxy.dll - Microsoft® Windows® Operating System
==== Chrome Look ======================
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Janaina\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[21/11/2012 15:32]
GBBD Banco do Brasil - Janaina - Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
==== HijackThis Entries ======================
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE -startup
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: entrada.bat
O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Converter destino do link em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O17 - HKLM\System\CCS\Services\Tcpip\..\{3EE9868F-EC6A-43EA-A01D-A0DD32D9E3FA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{3EE9868F-EC6A-43EA-A01D-A0DD32D9E3FA}: NameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{3EE9868F-EC6A-43EA-A01D-A0DD32D9E3FA}: NameServer = 192.168.1.1
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Janaina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Janaina\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\UpdatusUser\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
C:\Users\Janaina\AppData\Local\Mozilla\Firefox\Profiles\785vapo5.default\Cache emptied successfully
==== Empty Chrome Cache ======================
C:\Users\Janaina\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Janaina\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 15/09/2013 at 23:19:55,03 ======================

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado
Bom Dia! jucca


< O4 - Startup: entrada.bat >


|- Foi vc que estabeleceu este batchfile? ( entrada.bat )


"Start Page"="http://www.baixaki.c...campaign=portal"


|- É de seu agrado esta página inicial?


-/-



|- Extraia o conteúdo e execute o arquivo "CIntRep.exe".


aciFUkoR.jpg


|- Marque,apenas,as checkbox:


Reset Internet Protocol (TCP/IP)

Repair Winsock (Reset Catalog)

Renew Internet Connections

Flush DNS Resolver Cache

Flush DNS Resolver Cache


|- Clique "Go!".

|- Ao concluir,reinicie o computador!

|- À seguir,acesse a pasta "Complete Internet Repair" >> "Logging".

|- Duplo-clique em "CIntRep.log".

|- Poste o log resultante!


A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

jucca    0

jucca
Postado

Olá DigRam. O entrada.bat foi definido por mim sim, pode deixar.

A página inicial pode zerar. Qualquer coisa mudo.

 

Segue relatório do CIntRep.log:

 

./
(o o)
--------------------------------------oOOo-(_)-oOOo--------------------------------------
[16/09/2013 09:03:28] Resetting all TCP/IP Interfaces, Please wait.....
-----------------------------------------------------------------------------------------
[16/09/2013 09:03:31] TCP/IP interfaces reset successful.
[16/09/2013 09:03:31] TCP/IP v6 interfaces reset successful.
[16/09/2013 09:03:31] You may need to restart your computer for the settings to take effect.
[16/09/2013 09:03:31] Finished resetting the Internet Protocol (TCP/IP).
-----------------------------------------------------------------------------------------
[16/09/2013 09:03:31] Attempting to reset Winsock catalog, Please wait.....
-----------------------------------------------------------------------------------------
[16/09/2013 09:03:31] Successfully reset the Winsock Catalog.
[16/09/2013 09:03:31] Finished repairing Winsock
-----------------------------------------------------------------------------------------
[16/09/2013 09:03:31] Releasing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[16/09/2013 09:03:32] Successfully released TCP/IP connections.
-----------------------------------------------------------------------------------------
[16/09/2013 09:03:32] Renewing TCP/IP connections, Please wait.....
-----------------------------------------------------------------------------------------
[16/09/2013 09:03:32] Successfully renewed TCP/IP adapters.
-----------------------------------------------------------------------------------------
[16/09/2013 09:03:32] Configuring the Windows Event Log Service, Please wait.....
-----------------------------------------------------------------------------------------
[16/09/2013 09:03:32] Windows Event Log Service Configured.
[16/09/2013 09:03:32] Starting the Windows Event Log Service.....
[16/09/2013 09:03:33] Windows Event Log Service Started Successfully.
-----------------------------------------------------------------------------------------
[16/09/2013 09:03:33] Flushing DNS Resolver Cache, Please wait.....
-----------------------------------------------------------------------------------------
[16/09/2013 09:03:33] Successfully flushed DNS Resolver Cache.
[16/09/2013 09:03:33] Refreshing all DHCP leases and re-registering DNS names, Please wait.....
[16/09/2013 09:03:36] Registration of the DNS resource records has been initiated.
[16/09/2013 09:03:36] Note: Any errors will be reported in the 'Event Viewer' in about 15 minutes.
[16/09/2013 09:03:36] Note: Click on 'File' and then 'Event Viewer...' to open the Event Viewer.
-----------------------------------------------------------------------------------------
[16/09/2013 09:03:36] You will need to reboot your computer before the settings will take effect.
-----------------------------------------------------------------------------------------
[16/09/2013 09:03:39] Your computer is restarting now.....
-----------------------------------------------------------------------------------------

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

Bom Dia! jucca

|- Remova as ferramentas empregadas,com o DelFix.

 

-/-

 

|- Baixe: |http://general-changelog-team.fr/fr/downloads/viewdownload/20-outils-de-xplode/9-delfix'>DelFix| ( ... de Xplode )

DelFix_SetaVerde.jpg

|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

http://home.kpn.nl/stefsmeenk/delfix.gif'>delfix.gif

|- Execute-a!
|- Com as 3 checkbox marcadas!
|- Clique "Run".

|- Tudo Ok?

 

A+

Compartilhar este post

Link para o post
Compartilhar em outros sites

jucca    0

jucca
Postado
Muito obrigado DigRam. Deu tudo certo. Já voltei com a máquina na rede e tudo ok.

Agradeço muito pela ajuda.


Segue log do DelFix.



# DelFix v10.4 - Logfile created 16/09/2013 at 16:22:33

# Updated 19/07/2013 by Xplode

# Username : Janaina - JANAINA-PC

# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)


~ Removing disinfection tools ...


Deleted : C:\ZHP

Deleted : C:\Program Files (x86)\ZHPDiag

Deleted : C:\Program Files (x86)\Hijackthis

Deleted : C:\ZHPDiag2-2013.9.14.26.exe

Deleted : C:\zoek-results.log

Deleted : C:\Users\Janaina\Desktop\adwcleaner.exe

Deleted : C:\Users\Janaina\Desktop\JRT.exe

Deleted : C:\Users\Janaina\Desktop\JRT.txt

Deleted : C:\Users\Janaina\Desktop\ZHPDiag.txt

Deleted : C:\Users\Janaina\Desktop\ZHPDiag2-2013.9.14.26.exe

Deleted : C:\Users\Janaina\Desktop\zoek.exe

Deleted : C:\Users\Public\Desktop\ZHPDiag.lnk

Deleted : C:\Users\Public\Desktop\ZHPFix.lnk

Deleted : HKLM\SOFTWARE\AdwCleaner

Deleted : HKLM\SOFTWARE\TrendMicro\Hijackthis

Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZHPDiag_is1


~ Cleaning system restore ...


Deleted : RP #46 [Ponto de Verificação Agendado | 08/05/2013 15:38:44]

Deleted : RP #47 [Ponto de Verificação Agendado | 08/13/2013 15:24:51]

Deleted : RP #48 [Windows Update | 08/14/2013 11:17:51]

Deleted : RP #49 [Ponto de Verificação Agendado | 09/01/2013 16:14:53]

Deleted : RP #50 [Ponto de Verificação Agendado | 09/15/2013 19:50:13]

Deleted : RP #51 [zoek.exe restore point | 09/16/2013 02:13:39]


New restore point created !


~ Resetting system settings ... OK


########## - EOF - ##########

Compartilhar este post

Link para o post
Compartilhar em outros sites

DigRam    144

DigRam
Postado

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post

Link para o post
Compartilhar em outros sites
Ir para a lista de tópicos Tópicos Resolvidos (Seguranca & Malwares)
×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.

  Aceito