[Arquivado] suspeita de vírus + note esquentando..

[Manoela 0]

Olá pessoal,

acho que estou com virus no meu notebook. Vez ou outra abre uma nova aba no navegador falando que tem spywere no meu note e dizendo q é pra eu clicar para limpar. Claro q nunca clico...

Depois desses eventos, fiz uma limpa com antivirus avira - o q não acusou nenhum virus; e malwerebytes o que acusou 60 malweres...selecionei todos e exlcui. Tbm usei o MV regclean e limpei com ele e com o CCcleaner..

Outra coisa: Sinto que o note está esquentando mais do q o normal, até o touchpad e teclado ficam quentes e na lateral dele onde tem a ventilação tbm fica quente. O barulho q imagino q seja do processador ou hd, não sei, tbm me parece q está mais alto q o normal, nada assim muuuuito alto, mas tá diferente..tem a ver com virus ou será q talvez eu tenha q formatar (eu tenho esse notebook a uns 3/4 anos e nunca formatei...)

 

Segue meu log no hijack this:

 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 13:42:27, on 09/11/2013

Platform: Windows 7 SP1 (WinNT 6.00.3505)

MSIE: Internet Explorer v10.0 (10.00.9200.16720)

Boot mode: Normal

Running processes:

C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE

C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe

C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe

C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe

C:\Program Files (x86)\LG Software\LG Smart Share\Update\SmartShareTray.exe

C:\Program Files (x86)\LG Software\LG Smart Share\DMS\SmartShareDMS.exe

C:\Program Files (x86)\LG Software\LG Smart Share\DMR\SmartShareDMR.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe

C:\Program Files (x86)\LG Software\LG Smart Share\DMC\Aggregation.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreamsDownloader.exe

C:\Users\Manoela Maia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Manoela Maia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Manoela Maia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Manoela Maia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Manoela Maia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Manoela Maia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Manoela Maia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Manoela Maia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Manoela Maia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Manoela Maia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Manoela Maia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Manoela Maia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Users\Manoela Maia\AppData\Local\Google\Chrome\Application\chrome.exe

C:\Hijack this\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.microsoft.com/fwlink/?linkid=54896

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com.br/

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} - C:\Program Files (x86)\GbPlugin\gbiehabn.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll

O4 - HKLM\..\Run: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe

O4 - HKCU\..\Run: [Google Update] "C:\Users\Manoela Maia\AppData\Local\Google\Update\GoogleUpdate.exe" /c

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Manoela Maia\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

O4 - HKCU\..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

O4 - HKCU\..\Run: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"

O4 - HKUS\S-1-5-19\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')

O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')

O4 - .DEFAULT User Startup: Dell Dock First Run.lnk = C:\Program Files\Dell\DellDock\DellDock.exe (User 'Default user')

O8 - Extra context menu item: Enviar imagem para Dispositivo &Bluetooth... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Enviar página para Dispositivo &Bluetooth ... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra 'Tools' menuitem: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)

O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Enviar para Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: Enviar para Dispositivo &Bluetooth... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O15 - Trusted Zone: www.santander.com.br

O15 - Trusted Zone: www.santanderempresarial.com.br

O15 - Trusted Zone: www.santandernet.com.br

O15 - Trusted Zone: wwws.santandernet.com.br

O15 - Trusted Zone: wwws2.santandernet.com.br

O15 - Trusted Zone: www.santandernetibe.com.br

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL

O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

O20 - Winlogon Notify: GbPluginAbn - C:\Program Files (x86)\GbPlugin\gbiehAbn.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

O23 - Service: Dock Login Service (DockLoginService) - Stardock Corporation - C:\Program Files\Dell\DellDock\DockLogin.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: GoToAssist - Citrix Online, a division of Citrix Systems, Inc. - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - (no file)

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: SoftThinks Agent Service (SftService) - SoftThinks SAS - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE

O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SupportSoft Sprocket Service (DellSupportCenter) (sprtsvc_DellSupportCenter) - SupportSoft, Inc. - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe

O23 - Service: TurboBoost - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: Intel® Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: DW WLAN Tray Service (wltrysvc) - Dell Inc. - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.EXE

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: WMPNetworkSvc - Unknown owner - (no file)

--

End of file - 15404 bytes

abraços,

 

[DigRam 144]

Boa Tarde! Manoela

|- Baixe: < > ( ... par Xplode )

|- Ao acessar,clique na imagem: < >

|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".
|- Salve-o no desktop!
|- Clique direito em adwcleaner.exe,e escolha sua execução como



|- Ps: Dê início à ferramenta,clicando em "Scan".
|- Ao concluir,clique "Clean" >> Clique "Report".
|- Poste: < C:\AdwCleaner\AdwCleaner[s1].txt >

-/-

|- Baixe: < ZHPDiag2.exe > < > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Execute o ícone do pergaminho. ( ZHPDiag )



|- Clique: "CONFIGURE"



|- Clique: "Options" >> "All" >> OK



|- Clique: "CONFIGURE" >> "Full Analysis"
|- Aguarde a conclusão!
|- Caso ocorra travamentos e não possa obter o log,aborte a verificação completa e faça a customizada.
|- Volte a janela principal da ferramenta.



|- Clique "SEARCH" e aguarde a conclusão!
|- Ou clique "Options" >> "None".



|- Marque,apenas,a opção "Additional Scan (O88)".

~ Unselected Option:

O1,039,O40,O41,O42,O43,O44,O45,O46,O47,
O48,O49,O50,O51,O52,O53,O54,O55,O56,O57,
O58,O59,O60,O61,O62,O63,O64,O65,O66,O67,
O68,O69,O80,O81,O82,O83,O84,O85,O86,O87,
O89,O90,O91,O92
####

|- Desta forma,estas opções serão desabilitadas!



|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.

|- Ou acesse: < >

|- Maiores informações: < |Link| >

A+

[Manoela 0]

Oii, segue o diagnóstico do adwcleaner: qndo terminou o scan, cloquei em limpar e logo dps pediu p reiniciar o pc e assim fez. Qndo reiniciou automaticamente abriu o relatório. Vc me pediu o S1 e só tem [s0]

 

# AdwCleaner v3.001 - Report created 30/08/2013 at 12:30:35

# Updated 24/08/2013 by Xplode

# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)

# Username : Manoela Maia - MANOELAMAIA-PC

# Running from : C:\Users\Manoela Maia\Downloads\adwcleaner.exe

# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\eSafe

Folder Deleted : C:\Program Files (x86)\MyPC Backup

Folder Deleted : C:\Program Files (x86)\tuguu sl

Folder Deleted : C:\Users\MANOEL~1\AppData\Local\Temp\eIntaller

File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\portaldosites.xml

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\Manoela Maia\Desktop\Google Chrome.lnk

Shortcut Disinfected : C:\Users\Manoela Maia\Desktop\Mozilla Firefox.lnk

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

Shortcut Disinfected : C:\Users\Manoela Maia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk

Shortcut Disinfected : C:\Users\Manoela Maia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk

Shortcut Disinfected : C:\Users\Manoela Maia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk

Shortcut Disinfected : C:\Users\Manoela Maia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk

Shortcut Disinfected : C:\Users\Manoela Maia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS

Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031257.BHO

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031257.Sandbox

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0031257.Sandbox.1

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_atube-catcher_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_atube-catcher_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_coreldraw_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_coreldraw_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_media-player-classic (1)_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_media-player-classic (1)_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_media-player-classic_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_media-player-classic_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_media-player-codec-pack_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_media-player-codec-pack_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_nero-10-gratis_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_nero-10-gratis_RASMANCS

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKLM\Software\eSafeSecControl

Key Deleted : HKLM\Software\portaldositesSoftware

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16660

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [start Page]

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v22.0 (pt-BR)

[ File : C:\Users\Manoela Maia\AppData\Roaming\Mozilla\Firefox\Profiles\z1tlmjde.default\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "portaldosites");

Line Deleted : user_pref("browser.search.order.1", "portaldosites");

Line Deleted : user_pref("browser.search.selectedEngine", "portaldosites");

Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.portaldosites.com/?utm_source=b&utm_medium=tugs&from=tugs&uid=ST9500325AS_5VEE7TK4XXXX5VEE7TK4&ts=1376770506");

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.backgroundjs", "\n\n/*****************************************************************************[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.cache/5cdf8a7ef2ec84abac286c67587b78d9.value", "%22function%20tcmMarkWindow%28a%29%7Bva[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.cache/62cce7d26ab5636bceb113b988d56c59_BR.value", "%22var%20cat_62cce7d26ab5636bceb113b[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.internaldb.cache/d965aead622233a60676ef2349956f38_BR.value", "%22var%20cat_d965aead622233a60676ef2[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.js", "\n\n /************************************************************************************\[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_1.code", "appAPI._cr_config={appID:function(){var a=appAPI.appInfo;if(a){return app[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_102.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_104.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_119.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_120.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_123.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_13.name", "CrossriderAppUtils");

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_138.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_14.name", "CrossriderUtils");

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_155.code", "if (typeof appAPI.internal.monetization === \"undefined\") {\n appAP[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_16.code", "if((typeof isBackground===\"undefined\"||isBackground!==true)&&(typeof _[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_21.code", "var CrossriderDebugManager=(function(h){var f={appId:appAPI._cr_config.a[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_22.code", "(function(a){appAPI.queueManager={queue:[],register:function(b){this.que[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_28.code", "var CrossriderInitializerPlugin=(function(e){var c={appId:appAPI._cr_con[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a);};}());[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_78.name", "CrossriderInfo");

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_87.code", "var CROSSRIDER_PLATFORM=true;var JQ=bbrsJQ=$jquery;if(appAPI.platform==\[...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_91.code", "(function(h){var p=(function(){var R=0;var Z=\"\";function Q(ac){return [...]

Line Deleted : user_pref("extensions.a509508ef0b144616a5570d58601be33dc4a581e90ea646dba18558e021ee138ccom31257.31257.plugins.plugin_92.code", "if(typeof appAPI.internal.monetization===\"undefined\"){appAPI.internal.[...]

Line Deleted : user_pref("extensions.crossrider.bic", "140a2a3050bab9dd64e208e88e432236");

-\\ Google Chrome v

[ File : C:\Users\Manoela Maia\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [13751 octets] - [30/08/2013 12:28:28]

AdwCleaner[s0].txt - [11405 octets] - [30/08/2013 12:30:35]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [11466 octets] ##########

# AdwCleaner v3.012 - Relatório criado 11/11/2013 às 12:15:31

# Atualizado 11/11/2013 por Xplode

# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)

# Usuário : Manoela Maia - MANOELAMAIA-PC

# Executando de : C:\Users\Manoela Maia\Desktop\adwcleaner.exe

# Opção : Limpar

***** [ Serviços ] *****

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\boost_interprocess

Pasta Deletada : C:\ProgramData\NCH Software

Pasta Deletada : C:\Program Files (x86)\BonanzaDeals

Pasta Deletada : C:\Program Files (x86)\NCH Software

Pasta Deletada : C:\Users\Manoela Maia\AppData\Roaming\digitalsite

Pasta Deletada : C:\Users\Manoela Maia\AppData\Roaming\NCH Software

Pasta Deletada : C:\Users\Manoela Maia\AppData\Roaming\UpdaterEX

Arquivo Deletada : C:\Windows\Tasks\digitalsite.job

Arquivo Deletada : C:\Windows\System32\Tasks\digitalsite

Arquivo Deletada : C:\Windows\Tasks\UpdaterEX.job

Arquivo Deletada : C:\Windows\System32\Tasks\UpdaterEX

***** [ Atalhos ] *****

***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs

Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}

Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}

Chave Deletedo : HKCU\Software\Conduit

Chave Deletedo : HKCU\Software\dsiteproducts

Chave Deletedo : HKCU\Software\NCH Software

Chave Deletedo : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider

Chave Deletedo : HKLM\Software\NCH Software

Chave Deletedo : [x64] HKLM\SOFTWARE\DivX\Install\Setup\WizardLayout\ConduitToolbar

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16720

Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]

Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]

-\\ Mozilla Firefox v22.0 (pt-BR)

[ Arquivo : C:\Users\Manoela Maia\AppData\Roaming\Mozilla\Firefox\Profiles\z1tlmjde.default\prefs.js ]

-\\ Google Chrome v

[ Arquivo : C:\Users\Manoela Maia\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [16793 octets] - [30/08/2013 13:28:28]

AdwCleaner[s0].txt - [14008 octets] - [30/08/2013 13:30:35]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [14069 octets] ##########

log do ZHP:

~ Relatório do ZHPDiag v2013.11.11.25 - Nicolas Coolman (11/11/2013)

~ Iniciado por Manoela Maia (11/11/2013 15:54:14)

~ Endereço do Website : http://nicolascoolman.webs.com

~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/

~ Tradução pelo utilizador

~ Estatuto da versão :

~ Lista Branca : Ativado pelo programa

~ Elevação dos Privilégios : OK

~ Controle de Conta de Utilizador : Activate by user

---\\ Navegadores Internet

MSIE: Internet Explorer v10.0.9200.16721

MFIE: Mozilla Firefox 22.0

GCIE: Google Chrome v30.0.1599.101 (Defaut)

---\\ Informações sobre os produtos Windows

~ Langage: Portugais

Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Windows Server License Manager Script : OK

---\\ Softwares de proteçao do sistema

Avira Free Antivirus v13.0.0.4052

Malwarebytes Anti-Malware versão 1.75.0.1300

Windows Defender W7

---\\ Softwares d'optimização do sistema

CCleaner v3.01 =>Piriform Ltd

---\\ Softwares de partilha do PeerToPeer (P2P)

µTorrent v3.1.3 =>P2P.µTorrent

---\\ Monitoramento dos softwares

Adobe Flash Player 11 Plugin

Adobe Reader X

Java 7 Update 45

---\\ Informações sobre o sistema

~ Processor: Intel64 Family 6 Model 37 Stepping 5, GenuineIntel

~ Operating System: 64 Bits

Boot mode: Normal (Normal boot)

Total RAM: 3894 MB (48% free)

System Restore: Activé (Enable)

System drive C: has 84 GB (18%) free of 456 GB

---\\ Modo de conexão ao sistema

~ Computer Name: MANOELAMAIA-PC

~ User Name: Manoela Maia

~ All Users Names: Manoela Maia, HomeGroupUser$, Convidado, ASPNET, Administrador,

~ Unselected Option: None

Logged in as Administrator

---\\ As variáveis de ambiente

~ System Unit : C:\

~ %AppZHP% : C:\Users\Manoela Maia\AppData\Roaming\ZHP\

~ %AppData% : C:\Users\Manoela Maia\AppData\Roaming\

~ %Desktop% : C:\Users\Manoela Maia\Desktop\

~ %Favorites% : C:\Users\Manoela Maia\Favorites\

~ %LocalAppData% : C:\Users\Manoela Maia\AppData\Local\

~ %StartMenu% : C:\Users\Manoela Maia\AppData\Roaming\Microsoft\Windows\Start Menu\

~ %Windir% : C:\Windows\

~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos

C: Hard drive, Flash drive, Thumb drive (Free 84 Go of 456 Go)

D: CD-ROM drive (Not Inserted)

Q: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)

---\\ Estado do Centro de Segurança do Windows

~ Security Center: 49 Legitimates Filtered in 00mn 00s

---\\ Pesquisa particular de ficheiros genéricos

[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]

[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]

[MD5.D28B35DE88D27EFB27DF4B1E8319E3C0] - (.Microsoft Corporation - Internet Extensions para Win32.) (.22/09/2013 - 19:55:10.) -- C:\Windows\System32\wininet.dll [2241024]

[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]

[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]

[MD5.314C17917AC8523EC77A710215012A65] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 22:10:19.) -- C:\Windows\system32\Drivers\AFD.sys [497152]

[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]

[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]

[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]

[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]

[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]

[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]

[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]

[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]

[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]

[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]

[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]

[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]

[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]

[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]

[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]

~ Generic Processes: Scanned in 00mn 00s

---\\ Estatuto dos ficheiros ocultos (Oculto/Total)

~ Mes images (My Pictures) : 3/11305

~ Mes musiques (My Musics) : 7/22054

~ Mes Videos (My Videos) : 2/338

~ Mes Favoris (My Favorites) : 1/24

~ Mes Documents (My Documents) : 2/5946

~ Mon Bureau (My Desktop) : 2/1876

~ Menu demarrer (Programs) : 1/39

~ Hidden Files: Scanned in 01mn 26s

---\\ Processos lançados

[MD5.5883D86F8C22B1E5F78627E4AF19B234] - (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [59720] [PID.3844]

[MD5.23C2FCAA50C4F80F7D1B8A0771D45328] - (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720] [PID.3924]

[MD5.D6B3AF9E3CE610B69AB1D38262DAE833] - (.Plex, Inc. - Plex Media Server.) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [2699344] [PID.3988]

[MD5.80B62FF105908EC9E4B072AFB1CFC824] - (.Creative Technology Ltd - WebcamDell2.exe.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe [409744] [PID.4076]

[MD5.FBF6E77769F2452885E68B5AC6DFBDDE] - (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [347192] [PID.2016]

[MD5.E3AECB28EBE04FFD535745912839D72D] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.3328]

[MD5.47833576F0BEE0AD7B45109982B769BD] - (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe [59720] [PID.3124]

[MD5.9921C2433D4F2CE89C17AC9ABD6E1D76] - (...) -- C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe [33360] [PID.5248]

[MD5.3E399A1328181C2A352472369DE2A93A] - (.Google Inc. - Google Chrome.) -- C:\Users\Manoela Maia\AppData\Local\Google\Chrome\Application\chrome.exe [844752] [PID.2688]

[MD5.0248882379D37F3DC3EA1C721803B645] - (.Nicolas Coolman - ZHPDiag.) -- C:\ZHPDiag\ZHPDiag.exe [8202752] [PID.6868]

~ Processes Running: Scanned in 00mn 00s

---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)

C:\Users\Manoela Maia\AppData\Local\Google\Chrome\User Data\Default\Preferences

G2 - GCE: Preference [user Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.0.0.4.1, (Désactivé) =>PUP.Elex

~ Google Browser: 13 Legitimates Filtered in 00mn 07s

---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)

C:\Users\Manoela Maia\AppData\Roaming\Mozilla\Firefox\Profiles\z1tlmjde.default\prefs.js

P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Manoela Maia\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll

P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Manoela Maia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll

~ Firefox Browser: 22 Legitimates Filtered in 00mn 00s

---\\ Internet Explorer, Gestão do Proxy (R5)

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1

R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll

~ Proxy management: Scanned in 00mn 00s

---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas

F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,

F2 - REG:system.ini: Shell=C:\Windows\explorer.exe

F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe

~ Keys: Scanned in 00mn 00s

---\\ Redireção do ficheiro Hosts (01)

~ Le fichier hosts est sain (The hosts file is clean).

~ Hosts File: Scanned in 00mn 00s

~ Nombre de lignes (Lines number): 20

---\\ Browser Helper Objects do navegador (02)

O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll

O2 - BHO: G-Buster Browser Defense Banco Real [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehabn.dll

~ BHO: 6 Legitimates Filtered in 00mn 00s

---\\ Barras do Internet Explorer (03))

O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã

~ Toolbar: Scanned in 00mn 00s

---\\ Outras conexões do utilizador (04)

O4 - GS\Desktop [Public]: aTube Catcher.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe

O4 - GS\Desktop [Public]: Lightroom 3.2 64-bit.lnk . (...) -- C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 3.2\lightroom.exe (.not file.)

O4 - GS\Desktop [Public]: SmartShare.lnk . (.LG Electronics Inc. - SmartShare.) -- C:\Program Files (x86)\LG Software\LG Smart Share\DMC\SmartShare.exe

O4 - GS\Desktop [Public]: Video Search.lnk . (.DsNET - aTube Catcher to download and convert video.) -- C:\Program Files (x86)\DsNET Corp\aTube Catcher 2.0\yct.exe

O4 - GS\Desktop [Public]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent

O4 - GS\Program [Public]: Documentação de ajuda da Dell.lnk . (...) -- C:\Program Files (x86)\Dell Inc\Dell Edoc Viewer\EDocs.exe (.not file.)

O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O4 - GS\QuickLaunch [Manoela Maia]: BS.Player FREE.lnk . (.AB Team - BS.Player.) -- C:\Program Files (x86)\Webteh\BSplayer\bsplayer.exe

O4 - GS\QuickLaunch [Manoela Maia]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

O4 - GS\QuickLaunch [Manoela Maia]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O4 - GS\QuickLaunch [Manoela Maia]: µTorrent.lnk . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent

O4 - GS\Program [Manoela Maia]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\SystemTools [Manoela Maia]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe

O4 - GS\Desktop [Manoela Maia]: BS.Player FREE.lnk . (.AB Team - BS.Player.) -- C:\Program Files (x86)\Webteh\BSplayer\bsplayer.exe

O4 - GS\Desktop [Manoela Maia]: DVD Shrink 3.2.lnk . (.DVD Shrink - DVD Shrink 3.2.) -- C:\Program Files (x86)\DVD Shrink\DVD Shrink 3.2.exe

O4 - GS\Desktop [Manoela Maia]: Google Chrome.lnk . (.Google Inc. - Google Chrome.) -- C:\Users\Manoela Maia\AppData\Local\Google\Chrome\Application\chrome.exe

O4 - GS\Desktop [Manoela Maia]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O4 - GS\Desktop [Manoela Maia]: MPC-HC x64.lnk . (...) -- C:\Program Files (x86)\MPC-HC\mpc-hc64.exe (.not file.)

O4 - GS\Desktop [Manoela Maia]: MV RegClean 5.9.lnk . (...) -- C:\Program Files (x86)\Marcos Velasco Security\MV RegClean 5.9\MVREGCLEAN.exe

~ Global Startup: 78 Legitimates Filtered in 00mn 03s

---\\ Aplicações iniciadas por registo & pastas (04)

O4 - HKLM\..\Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)

O4 - HKLM\..\Run: [sysTrayApp] . (.IDT, Inc. - IDT PC Audio.) -- C:\Program Files\IDT\WDM\sttray64.exe

O4 - HKLM\..\Run: [broadcom Wireless Manager UI] . (.Dell Inc. - DW WLAN Card Wireless Network Tray Applet.) -- C:\Program Files\Dell\DW WLAN Card\WLTRAY.exe

O4 - HKLM\..\Run: [QuickSet] . (.Dell Inc. - QuickSet.) -- C:\Program Files\Dell\QuickSet\QuickSet.exe

O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe

O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Notas Autoadesivas.) -- C:\Windows\System32\StikyNot.exe

O4 - HKCU\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Manoela Maia\AppData\Local\Google\Update\GoogleUpdate.exe

O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Manoela Maia\AppData\Local\Facebook\Update\FacebookUpdate.exe

O4 - HKCU\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

O4 - HKCU\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

O4 - HKCU\..\Run: [Plex Media Server] . (.Plex, Inc. - Plex Media Server.) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe

O4 - HKLM\..\Wow6432Node\Run: [Dell Webcam Central] . (.Creative Technology Ltd - WebcamDell2.exe.) -- C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe

O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated

O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira System Tray Tool.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe

O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe

O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation

O4 - HKUS\S-1-5-21-3063265555-1165545007-2759652853-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Notas Autoadesivas.) -- C:\Windows\System32\StikyNot.exe

O4 - HKUS\S-1-5-21-3063265555-1165545007-2759652853-1000\..\Run: [Google Update] . (.Google Inc. - Google Installer.) -- C:\Users\Manoela Maia\AppData\Local\Google\Update\GoogleUpdate.exe

O4 - HKUS\S-1-5-21-3063265555-1165545007-2759652853-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Manoela Maia\AppData\Local\Facebook\Update\FacebookUpdate.exe

O4 - HKUS\S-1-5-21-3063265555-1165545007-2759652853-1000\..\Run: [ApplePhotoStreams] . (.Apple Inc. - Apple Photostreams Uploader Executable.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

O4 - HKUS\S-1-5-21-3063265555-1165545007-2759652853-1000\..\Run: [iCloudServices] . (.Apple Inc. - iCloud.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

O4 - HKUS\S-1-5-21-3063265555-1165545007-2759652853-1000\..\Run: [Plex Media Server] . (.Plex, Inc. - Plex Media Server.) -- C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe

~ Application: Scanned in 00mn 00s

---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)

O9 - Extra button: @c:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 [64Bits] - {CCA281CA-C863-46ef-9331-5C8D4460577F} . (...) -- c:\Program Files\WIDCOMM\Bluetooth Software\bt_hot_icon.ico

~ IE Extra Buttons: Scanned in 00mn 00s

---\\ Site na zona confiavél do Internet Explorer (05)

O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] *.santander.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] *.santanderempresarial.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br

O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br

~ IE Zone Confiance: Scanned in 00mn 00s

---\\ Objets ActiveX (Downloaded Program Files)(O16)

O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} ((no name)) - https://support.dell.com/systemprofiler/SysProExe.CAB

~ Objets ActiveX: Scanned in 00mn 00s

---\\ Alteração Dominio/Clientes DNS (017)

O17 - HKLM\System\CCS\Services\Tcpip\..\{1B36F08E-8BD5-40D6-A2C1-D862B00F1FBF}: DhcpNameServer = 200.220.227.56 200.142.130.202

O17 - HKLM\System\CCS\Services\Tcpip\..\{294CBF2D-4C32-4EA2-88E5-3C85AEF07112}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CCS\Services\Tcpip\..\{8BEA3EE4-FC98-4487-853E-4EC066E9A0FD}: DhcpNameServer = 200.220.227.56 200.142.130.202

O17 - HKLM\System\CS1\Services\Tcpip\..\{1B36F08E-8BD5-40D6-A2C1-D862B00F1FBF}: DhcpNameServer = 200.220.227.56 200.142.130.202

O17 - HKLM\System\CS1\Services\Tcpip\..\{294CBF2D-4C32-4EA2-88E5-3C85AEF07112}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS1\Services\Tcpip\..\{8BEA3EE4-FC98-4487-853E-4EC066E9A0FD}: DhcpNameServer = 200.220.227.56 200.142.130.202

O17 - HKLM\System\CS2\Services\Tcpip\..\{1B36F08E-8BD5-40D6-A2C1-D862B00F1FBF}: DhcpNameServer = 200.220.227.56 200.142.130.202

O17 - HKLM\System\CS2\Services\Tcpip\..\{294CBF2D-4C32-4EA2-88E5-3C85AEF07112}: DhcpNameServer = 192.168.1.1

O17 - HKLM\System\CS2\Services\Tcpip\..\{8BEA3EE4-FC98-4487-853E-4EC066E9A0FD}: DhcpNameServer = 200.220.227.56 200.142.130.202

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1

~ Domain: Scanned in 00mn 00s

---\\ Protocolo adicional (018)

O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --

O18 - Filter: application/x-msdownload [64Bits] - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation

~ Protocole Additionnel: Scanned in 00mn 00s

---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)

O20 - Winlogon Notify: GoToAssist . (...) -- C:\Program Files (x86)\Citrix\GoToAssist\514\G2AWinLogon_x64.dll (.not file.)

O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll

~ Winlogon: Scanned in 00mn 00s

---\\ Lista dos serviços NT não Microsoft e não desativados (023)

O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe

O23 - Service: DW WLAN Tray Service (wltrysvc) . (.Dell Inc. - DW WLAN Card Wireless Network Service.) - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.exe

~ Services: 18 Legitimates Filtered in 00mn 04s

---\\ Software instalados (042)

O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1

O42 - Logiciel: IRPF2012 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2012

O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013

O42 - Logiciel: Maia Mechanics Imaging - (.Jovian Archive Software.) [HKLM][64Bits] -- {B3C4A6E7-AAAA-4B37-A412-B6AB947829EA}

O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5

~ Logic: 115 Legitimates Filtered in 00mn 00s

---\\ HKCU & HKLM Software Keys

[HKCU\Software\AutoHelpDesk]

[HKCU\Software\Baidu Security]

[HKCU\Software\GbAs]

[HKCU\Software\MMI]

[HKCU\Software\SERPRO]

[HKCU\Software\UltraDownloads.com.br]

[HKCU\Software\UpdaterEX] =>Adware.Boxore

[HKCU\Software\WSVCUPlugin]

[HKLM\Software\Wow6432Node\AutoHelpDesk]

[HKLM\Software\Wow6432Node\MMI]

~ Key Software: 234 Legitimates Filtered in 00mn 00s

---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)

O43 - CFD: 14/10/2013 - 21:44:05 - [0] ----D C:\Program Files (x86)\Baidu Security

O43 - CFD: 03/12/2010 - 10:06:32 - [3,151] ----D C:\Program Files (x86)\Marcos Velasco Security

O43 - CFD: 22/04/2013 - 15:29:43 - [8,843] ----D C:\Program Files (x86)\Programas RFB

O43 - CFD: 17/08/2013 - 18:33:57 - [4,404] ----D C:\Program Files (x86)\SupportInfo

O43 - CFD: 14/10/2013 - 21:58:31 - [2,604] ----D C:\ProgramData\Baidu Security

O43 - CFD: 11/11/2013 - 15:44:46 - [0] ----D C:\ProgramData\boost_interprocess

O43 - CFD: 14/06/2013 - 20:47:01 - [0] ----D C:\ProgramData\levelup downloader

O43 - CFD: 18/08/2011 - 14:29:52 - [0] --H-D C:\ProgramData\Rpcnet

O43 - CFD: 03/11/2013 - 20:48:22 - [0] ----D C:\ProgramData\xml_param

O43 - CFD: 14/10/2013 - 21:44:05 - [2,773] ----D C:\Users\Manoela Maia\AppData\Roaming\Baidu Security

O43 - CFD: 03/11/2013 - 20:47:18 - [0] ----D C:\Users\Manoela Maia\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}

O43 - CFD: 14/06/2013 - 20:47:00 - [0,014] ----D C:\Users\Manoela Maia\AppData\Local\Level Up!

O43 - CFD: 23/04/2012 - 15:23:07 - [0,004] ----D C:\Users\Manoela Maia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2012

O43 - CFD: 22/04/2013 - 15:28:46 - [0,004] ----D C:\Users\Manoela Maia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2013

~ 1 Dossiers CLSID vides (CLSID Empty Folders)

~ Program Folder: 255 Legitimates Filtered in 01mn 05s

---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)

O44 - LFC:[MD5.82113B281E45D6F4EA573B79AF9EB8F8] - 11/11/2013 - 11:25:34 ---A- . (...) -- C:\Windows\SysNative\prfc0416.dat [151828]

O44 - LFC:[MD5.830904A249A98A609A18B1E4253185ED] - 11/11/2013 - 11:25:34 ---A- . (...) -- C:\Windows\SysNative\prfh0416.dat [713754]

O44 - LFC:[MD5.82113B281E45D6F4EA573B79AF9EB8F8] - 11/11/2013 - 11:25:34 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [151828]

O44 - LFC:[MD5.830904A249A98A609A18B1E4253185ED] - 11/11/2013 - 11:25:34 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [713754]

O44 - LFC:[MD5.371578BE08327F38D9DB6F73188D3488] - 11/11/2013 - 11:27:18 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [22464]

O44 - LFC:[MD5.371578BE08327F38D9DB6F73188D3488] - 11/11/2013 - 11:27:18 --HA- . (...) -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [22464]

O44 - LFC:[MD5.371578BE08327F38D9DB6F73188D3488] - 11/11/2013 - 11:27:18 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [22464]

O44 - LFC:[MD5.371578BE08327F38D9DB6F73188D3488] - 11/11/2013 - 11:27:18 --HA- . (...) -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [22464]

~ Files: 20 Legitimates Filtered in 01mn 12s

---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)

O51 - MPSK:{2d14f11f-5cc5-11e2-af16-a2bb51f74005}\AutoRun\command - Chave orfã

O51 - MPSK:{2d14f144-5cc5-11e2-af16-a2bb51f74005}\AutoRun\command - Chave orfã

O51 - MPSK:{2d14f151-5cc5-11e2-af16-a2bb51f74005}\AutoRun\command - Chave orfã

O51 - MPSK:{2d14f15d-5cc5-11e2-af16-a2bb51f74005}\AutoRun\command - Chave orfã

O51 - MPSK:{2d14f184-5cc5-11e2-af16-a2bb51f74005}\AutoRun\command - Chave orfã

~ Keys: Scanned in 00mn 00s

---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)

O53 - SMSR:HKLM\...\startupreg\uTorrent [Key] . (.BitTorrent Inc. - µTorrent.) -- C:\Program Files (x86)\uTorrent\uTorrent.exe =>P2P.BitTorrent

~ SMSR Keys: 16 Legitimates Filtered in 00mn 00s

---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)

O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0

O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0

O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0

~ MWPS: 21 Legitimates Filtered in 00mn 00s

---\\ Lista dos drivers do sistema (SDL) (O58)

O58 - SDL:[MD5.F338F29E06D24AC1C162131C1C908FB5] - 17/09/2012 - 19:58:30 R--A- . (.360.cn - 360HipsOEM.) -- C:\Windows\System32\Drivers\360FltOEM.sys [288688]

O58 - SDL:[MD5.8F866DF9A974BFFDCB2001D303BC0695] - 08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]

~ Drivers: 21 Legitimates Filtered in 00mn 50s

---\\ Últimos ficheiros alterados ou criados (Utilizador) (061)

O61 - LFC: 08/11/2013 - 16:11:18 ---A- . (.ADRIANA DANTAS MARIZ.) -- C:\Users\Manoela Maia\Downloads\11_06-Carta participantes retiro - final.doc [41984]

O61 - LFC: 09/11/2013 - 15:59:23 ---A- . (...) -- C:\Users\Manoela Maia\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx [44225]

O61 - LFC: 09/11/2013 - 15:59:23 ---A- . (...) -- C:\Users\Manoela Maia\AppData\Local\GAS Tecnologia\GBBD\bb\sf.xpi [16205]

O61 - LFC: 09/11/2013 - 15:59:23 ---A- . (...) -- C:\Users\Manoela Maia\AppData\Local\GAS Tecnologia\GBBD\bb\update.xml [290]

O61 - LFC: 09/11/2013 - 15:59:23 ---A- . (...) -- C:\Users\Manoela Maia\AppData\Local\GAS Tecnologia\GBBD\bb\xpi\chrome.manifest [276]

O61 - LFC: 09/11/2013 - 15:59:23 ---A- . (...) -- C:\Users\Manoela Maia\AppData\Local\GAS Tecnologia\GBBD\bb\xpi\components\main.js [3691]

O61 - LFC: 09/11/2013 - 15:59:23 ---A- . (...) -- C:\Users\Manoela Maia\AppData\Local\GAS Tecnologia\GBBD\bb\xpi\content\dc.js [1433]

O61 - LFC: 09/11/2013 - 15:59:23 ---A- . (...) -- C:\Users\Manoela Maia\AppData\Local\GAS Tecnologia\GBBD\bb\xpi\content\ipo.js [757]

O61 - LFC: 09/11/2013 - 15:59:23 ---A- . (...) -- C:\Users\Manoela Maia\AppData\Local\GAS Tecnologia\GBBD\bb\xpi\content\pi.js [2236]

O61 - LFC: 09/11/2013 - 15:59:24 ---A- . (...) -- C:\Users\Manoela Maia\AppData\Local\GAS Tecnologia\GBBD\bb\xpi\content\pta.js [2248]

O61 - LFC: 09/11/2013 - 15:59:24 ---A- . (...) -- C:\Users\Manoela Maia\AppData\Local\GAS Tecnologia\GBBD\bb\xpi\content\s.js [1361]

O61 - LFC: 09/11/2013 - 15:59:24 ---A- . (...) -- C:\Users\Manoela Maia\AppData\Local\GAS Tecnologia\GBBD\bb\xpi\content\sdc.js [366]

O61 - LFC: 09/11/2013 - 15:59:24 ---A- . (...) -- C:\Users\Manoela Maia\AppData\Local\GAS Tecnologia\GBBD\bb\xpi\install.rdf [731]

O61 - LFC: 09/11/2013 - 15:59:24 ---A- . (.GAS Tecnologia.) -- C:\Users\Manoela Maia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll [2421800]

O61 - LFC: 11/11/2013 - 15:59:23 ---A- . (...) -- C:\Users\Manoela Maia\AppData\Local\GAS Tecnologia\GBBD\bb\muninn [3115]

O61 - LFC: 11/11/2013 - 15:59:24 ---A- . (.GAS Tecnologia.) -- C:\Users\Manoela Maia\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll [4617256]

O61 - LFC: 11/11/2013 - 16:00:12 ---A- . (...) -- C:\Users\Manoela Maia\AppData\Local\Google\Chrome\User Data\Local State [57800]

O61 - LFC: 11/11/2013 - 16:09:38 ---A- . (...) -- C:\Users\Manoela Maia\AppData\Roaming\ZHP\Log.txt [17452] =>.Nicolas Coolman

O61 - LFC: 11/11/2013 - 16:09:38 ---A- . (...) -- C:\Users\Manoela Maia\AppData\Roaming\ZHP\TestsZHPDiag.txt [2983] =>.Nicolas Coolman

O61 - LFC: 11/11/2013 - 16:11:19 ---A- . (...) -- C:\Users\Manoela Maia\Downloads\GerarPDF_11112013121123.pdf [72829]

O61 - LFC: 11/11/2013 - 16:11:20 ---A- . (...) -- C:\Users\Manoela Maia\Links\Fotos do iCloud.lnk [164]

~ 4 Fichiers temporaires (Temporary files)

~ Files: 6042 Legitimates Filtered in 18mn 18s

---\\ Lista das ferramentas de remoção de vírus (LAT) (063)

O63 - Logiciel: ZHPDiag 2013 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman

~ ADS: Scanned in 00mn 00s

---\\ Associações Shell Spawning (O67)

O67 - Shell Spawning: <.html> <DragonHTML>[HKLM\..\open\Command] (.Not Key.)

~ FASS Keys: 11 Legitimates Filtered in 00mn 00s

---\\ Menu de inicialização Internet (068)

O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Users\Manoela Maia\AppData\Local\Google\Chrome\Application\chrome.exe

O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe

~ Keys: Scanned in 00mn 00s

---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)

O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Funmoods) - http://searchfunmoods.com =>PUP.Funmoods

O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {0A3AECB6-5DD1-7D84-7FE3-35D4DDDC44E3} - (Bing) - http://www.bing.com

O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - http://www.google.com

~ Keys: Scanned in 00mn 00s

---\\ Listagem dos ficheiros Crack & Keygen (CKF) (O82)

C:\Users\Manoela Maia\Documents\Luxor.3.Cracked.rar

C:\Users\Manoela Maia\Documents\Luxor.Amun.Rising.v1.558.Cracked-F4CG==.zip

C:\Users\Manoela Maia\Documents\Luxor.3.Cracked.rar

C:\Users\Manoela Maia\Documents\Luxor.Amun.Rising.v1.558.Cracked-F4CG==.zip

~ Files: Scanned in 00mn 48s

---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)

[MD5.77671379B1CD434A7D93507AB4DE0896] [sPRF][25/05/2011] (...) -- C:\ProgramData\E9184909B1.sys [88]

[MD5.87DF63AE89887BAA8DEA7920B2881365] [sPRF][10/12/2010] (...) -- C:\ProgramData\ezsidmv.dat [56]

[MD5.82629D20448E21302A1D264ECF793767] [sPRF][25/05/2011] (...) -- C:\ProgramData\KGyGaAvL.sys [2516]

[MD5.89C9C5E566ED9B55C411A2756F8DA8C1] [sPRF][17/12/2010] (...) -- C:\Users\Manoela Maia\AppData\Local\fusioncache.dat [100]

[MD5.B5B2829B37336BB266B179700398B421] [sPRF][13/09/2013] (.Ask.com - Offercast - APN Install Manager.) -- C:\Users\Manoela Maia\AppData\Local\Temp\AskPIP_FF_.exe [1021872]

[MD5.16E53BFC96CE14021C0E07EB1C198478] [sPRF][19/01/2011] (...) -- C:\Users\Manoela Maia\AppData\Roaming\inst.exe [99384]

[MD5.949953ABA70B111D41C9072EA441B096] [sPRF][04/06/2013] (...) -- C:\Users\Manoela Maia\AppData\Roaming\unins000.dat [14004]

[MD5.E82D66AC55A9BF757EA2C5419CF43F06] [sPRF][10/09/2013] (...) -- C:\Users\Manoela Maia\AppData\Roaming\unins001.dat [29548]

[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [sPRF][10/09/2013] (.No owner - Setup/Uninstall.) -- C:\Users\Manoela Maia\AppData\Roaming\unins001.exe [720082]

[MD5.9812917FE2FCDEA2FD800573D7842E5D] [sPRF][11/11/2013] (...) -- C:\Users\Manoela Maia\Desktop\adwcleaner.exe [1085542]

~ Files: 13 Legitimates Filtered in 00mn 01s

---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)

[MD5.413FA8D5DCFBF86A2C56D36262613AD8] [WIS][17/12/2010] (.Jovian Archive Software - Maia Mechanics Imaging.) -- C:\Windows\Installer\1324470.msi [15180288]

[MD5.0003D9969DF849B9FC84920A0B7B3274] [WIS][26/11/2011] (.Plex, Inc. - Plex Media Server for Windows.) -- C:\Windows\Installer\ee1ce95.msi [53235712]

~ WIS: 100 Legitimates Filtered in 00mn 22s

---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)

SR - | Auto 10/05/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

SR - | Demand 16/10/2013 257416 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

SR - | Auto 03/03/2009 89600 | (AESTFilters) . (.Andrea Electronics Corporation.) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\AESTSr64.exe

SR - | Auto 09/09/2013 84024 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe

SR - | Auto 09/09/2013 108088 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe

SR - | Auto 07/09/2013 55624 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe

SR - | Auto 29/12/2009 873248 | (btwdins) . (.Broadcom Corporation..) - c:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe

SR - | Auto 09/06/2009 155648 | (DockLoginService) . (.Stardock Corporation.) - C:\Program Files\Dell\DellDock\DockLogin.exe

SR - | Auto 23/09/2013 451640 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe

SR - | Demand 16/11/2010 16680 | (GoToAssist) . (.Citrix Online, a division of Citrix Systems.) - C:\Program Files (x86)\Citrix\GoToAssist\514\g2aservice.exe

SR - | Auto 03/12/2010 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SR - | Demand 03/12/2010 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

SR - | Demand 07/02/2011 136120 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe

SR - | Demand 19/10/2013 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe

SR - | Auto 04/11/2009 268824 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

SR - | Demand 22/07/2013 117144 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

SR - | Auto 04/05/2010 503080 | (NAUpdate) . (.Nero AG.) - C:\Program Files (x86)\Nero\Update\NASvc.exe

SR - | Auto 22/09/2010 249136 | (SeaPort) . (.Microsoft Corporation.) - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

SR - | Auto 18/08/2011 1692480 | (SftService) . (.SoftThinks SAS.) - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.exe

SR - | Auto 13/07/2012 160944 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe

SR - | Auto 21/05/2009 206064 | (sprtsvc_DellSupportCenter) . (.SupportSoft, Inc..) - C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe

SR - | Auto 21/01/2010 244736 | (STacSV) . (.IDT, Inc..) - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_58afa5ca50c7b5e7\STacSV64.exe

SR - | Demand 02/11/2009 126352 | (TurboBoost) . (.Intel® Corporation.) - C:\Program Files\Intel\TurboBoost\TurboBoost.exe

SR - | Auto 04/11/2009 2320920 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

SR - | Auto 17/12/2009 48128 | (wltrysvc) . (.Dell Inc..) - C:\Program Files\Dell\DW WLAN Card\WLTRYSVC.exe

SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe

~ Services: Scanned in 00mn 27s

---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBR) (080)

Run by Manoela Maia at 11/11/2013 16:19:06

~ OS 64 not supported by MBR tool

~ MBR: 0 Legitimates Filtered in 00mn 00s

---\\ Pesquisa de infeção no Registo Mestre de Inicialização (MBRCheck) (080)

Written by ad13, http://ad13.geekstog

Run by Manoela Maia at 11/11/2013 16:19:08

********* Dump file Name *********

C:\PhysicalDisk0_MBR.bin

~ MBR: Scanned in 00mn 02s

---\\ Scâner Aditional (088)

Database Version : 12994 - (11/11/2013)

Clés trouvées (Keys found) : 2

Valeurs trouvées (Values found) : 2

Dossiers trouvés (Folders found) : 1

Fichiers trouvés (Files found) : 1

[HKLM\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex^

[HKLM\Software\Microsoft\Shared Tools\MSConfig\startupreg\uTorrent] =>P2P.BitTorrent^

C:\Users\Manoela Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo =>PUP.Elex^

[HKCU\Software\UpdaterEX] =>Adware.Boxore^

~ Additionnel Scan: 402421 Items scanned in 00mn 22s

---\\ Sumário das deteções encontradas na sua estação

~ http://nicolascoolman.webs.com/apps/blog/show/33479906-pup-elex =>PUP.Elex

~ http://nicolascoolman.webs.com/apps/blog/show/26626977-adware-boxore =>Adware.Boxore

~ http://nicolascoolman.webs.com/apps/blog/show/27630986-pup-funmoods =>PUP.Funmoods

~ MSI: 3 link(s) detected in 00mn 22s

~ 7280 Legitimates filtered by white list

End of the scan (544 lines in 25mn 17s)(4)

abraços,

[DigRam 144]

Bom Dia! Manoela

|- Se não lhe for fundamental,desinstale: µTorrent v3.1.3 =>P2P.µTorrent

-/-

Outra coisa: Sinto que o note está esquentando mais do q o normal, até o touchpad e teclado ficam quentes e na lateral dele onde tem a ventilação tbm fica quente. O barulho q imagino q seja do processador ou hd, não sei, tbm me parece q está mais alto q o normal, nada assim muuuuito alto, mas tá diferente..tem a ver com virus ou será q talvez eu tenha q formatar (eu tenho esse notebook a uns 3/4 anos e nunca formatei...)

|- Pode não estar associado a vírus e ser a ventoinha avariada.

-/-

|- Execute este script na ferramenta ZHPFix.
|- Copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c
|- À seguir,minimize o Bloco de Notas.

script zhpfix
G2 - GCE: Preference [user Data\Default] [ifohbjbgfchkkfhphahclmkpgejiplfo] Lightning Newtab v.0.0.4.1, (Désactivé) =>PUP.Elex
[MD5.B5B2829B37336BB266B179700398B421] [sPRF][13/09/2013] (.Ask.com - Offercast - APN Install Manager.) -- C:\Users\Manoela Maia\AppData\Local\Temp\AskPIP_FF_.exe [1021872]
[MD5.AD6E810B9CE3D8C0C1FF0203C68C6FA6] [sPRF][10/09/2013] (.No owner - Setup/Uninstall.) -- C:\Users\Manoela Maia\AppData\Roaming\unins001.exe [720082]
O3 - Toolbar\WebBrowser: (no name) [64Bits] - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã
O4 - GS\Desktop [Public]: Lightroom 3.2 64-bit.lnk . (...) -- C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 3.2\lightroom.exe (.not file.)
O4 - GS\Program [Public]: Documentação de ajuda da Dell.lnk . (...) -- C:\Program Files (x86)\Dell Inc\Dell Edoc Viewer\EDocs.exe (.not file.)
O4 - GS\Desktop [Manoela Maia]: MPC-HC x64.lnk . (...) -- C:\Program Files (x86)\MPC-HC\mpc-hc64.exe (.not file.)
O43 - CFD: 11/11/2013 - 15:44:46 - [0] ----D C:\ProgramData\boost_interprocess
O43 - CFD: 18/08/2011 - 14:29:52 - [0] --H-D C:\ProgramData\Rpcnet
O43 - CFD: 03/11/2013 - 20:48:22 - [0] ----D C:\ProgramData\xml_param
O51 - MPSK:{2d14f11f-5cc5-11e2-af16-a2bb51f74005}\AutoRun\command - Chave orfã
O51 - MPSK:{2d14f144-5cc5-11e2-af16-a2bb51f74005}\AutoRun\command - Chave orfã
O51 - MPSK:{2d14f151-5cc5-11e2-af16-a2bb51f74005}\AutoRun\command - Chave orfã
O51 - MPSK:{2d14f15d-5cc5-11e2-af16-a2bb51f74005}\AutoRun\command - Chave orfã
O51 - MPSK:{2d14f184-5cc5-11e2-af16-a2bb51f74005}\AutoRun\command - Chave orfã
O69 - SBI: SearchScopes [HKCU] ${searchCLSID} - (Funmoods) - http://searchfunmoods.com =>PUP.Funmoods
C:\Users\Manoela Maia\Documents\Luxor.3.Cracked.rar
C:\Users\Manoela Maia\Documents\Luxor.Amun.Rising.v1.558.Cracked-F4CG==.zip
C:\Users\Manoela Maia\Documents\Luxor.3.Cracked.rar
C:\Users\Manoela Maia\Documents\Luxor.Amun.Rising.v1.558.Cracked-F4CG==.zip
C:\Users\Manoela Maia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo =>PUP.Elex^

[HKCU\Software\UpdaterEX] =>Adware.Boxore
[HKLM\Software\Google\Chrome\Extensions\ifohbjbgfchkkfhphahclmkpgejiplfo] =>PUP.Elex^
[HKCU\Software\UpdaterEX] =>Adware.Boxore^
emptyclsid

emptytemp

firewallraz

|- Abra a ferramenta ZHPFix.
|- Clique IMPORTAÇÃO >> OK >> Acione o atalho "ctrl+v". ( Colar )
|- Clique "GO".
|- Poste o relatório!

A+

[Manoela 0]

Olá,

segue o relatório:

 

Rapport de ZHPFix 2013.11.4.1 par Nicolas Coolman, Update du 03/11/2013

Fichier d'export Registre :

Run by Manoela Maia at 21/11/2013 18:54:38

High Elevated Privileges : OK

Windows 7 Home Premium Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 03s)

========== Processo memória ==========

ELIMINÉ: Memory Process: C:\Users\Manoela Maia\AppData\Local\Temp\AskPIP_FF_.exe

ELIMINÉ: Memory Process: C:\Users\Manoela Maia\AppData\Roaming\unins001.exe

========== Chaves do Registo ==========

ELIMINÉ CLSID MPSK: {2d14f11f-5cc5-11e2-af16-a2bb51f74005}

ELIMINÉ CLSID MPSK: {2d14f144-5cc5-11e2-af16-a2bb51f74005}

ELIMINÉ CLSID MPSK: {2d14f151-5cc5-11e2-af16-a2bb51f74005}

ELIMINÉ CLSID MPSK: {2d14f15d-5cc5-11e2-af16-a2bb51f74005}

ELIMINÉ CLSID MPSK: {2d14f184-5cc5-11e2-af16-a2bb51f74005}

ELIMINÉ: HKCU\Software\UpdaterEX

========== Valores do Registo ==========

ELIMINÉ: Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068}

Ausente Valor Perfil Padrão: FirewallRaz :

Ausente Valor Perfil Domínio FirewallRaz :

========== Pastas ==========

ELIMINÉ: C:\Users\Manoela Maia\AppData\Local\{7900E1C0-D55E-4516-96EE-955CBFD6FA4C}

ELIMINÉ Temporários windows (19) (0 octets)

========== Ficheiros ==========

ELIMINÉ: c:\users\manoela maia\appdata\local\google\chrome\user data\default\preferences

ELIMINÉ: c:\users\public\desktop\lightroom 3.2 64-bit.lnk

ELIMINÉ: c:\programdata\microsoft\windows\start menu\programs\documentação de ajuda da dell.lnk

ELIMINÉ: c:\users\manoela maia\desktop\mpc-hc x64.lnk

ELIMINÉ: C:\Users\Manoela Maia\Documents\Luxor.3.Cracked.rar

ELIMINÉ: C:\Users\Manoela Maia\Documents\Luxor.Amun.Rising.v1.558.Cracked-F4CG==.zip

ELIMINÉ Temporários windows (0) (0 octets)

========== Recapitulativo ==========

2 : Processo memória

6 : Chaves do Registo

3 : Valores do Registo

2 : Pastas

7 : Ficheiros

End of clean in 00mn 22s

========== Caminho do ficheiro do relatório ==========

C:\Users\Manoela Maia\AppData\Roaming\ZHP\ZHPFix[R1].txt - 21/11/2013 18:54:41 [1963]

se for ventoinha avariada, só trocando, né?!

Pq apagar o utorrent?

abraços,

[DigRam 144]

Boa Noite! Manoela

se for ventoinha avariada, só trocando, né?!

Pq apagar o utorrent?

|- Somente substituindo a ventoinha.
|- O utorrent pode ser caminho para infecções exploits,mas...fica ao seu critério a remoção.

-/-

|- Baixe: < zoek > ( ... by Smeenk )

|- Ou aqui! < zoek.exe >

|- Salve-o e descompacte-o para o desktop!
|- Estarão disponíveis: zoek.com, zoek.scr, zoek.pif e zoek.exe
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.

hijackthis;
iedefaults;
chromelook;
shortcutfix;
autoclean;
emptyalltemp;

|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.
Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

|- Surgirão estas informações,pedindo-lhe que aguarde o relatório.



|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.
Restart computer, and try again.

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<

A+

 

[DigRam 144]

Tópico Arquivado

 

Como o autor não respondeu por mais de 10 dias, o tópico foi arquivado.

 

Caso você seja o autor do tópico e quer reabrir, envie uma mensagem privada para um moderador da área juntamente com o link para este tópico e explique o motivo da reabertura.