Ir para conteúdo

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

leandro aislan

[Resolvido] Computador fechando paginas e lento - Analise de Log

Recommended Posts

Boa tarde segue meu logo para análise.

Muito Obrigado

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:17:21, on 12/05/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17041)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
C:\Users\Asafer\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files (x86)\common files\installshield\updateservice\isuspm.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\agent.exe
C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\stpass.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\klwtblfs.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\SigmaTEK\SigmaNEST81\SigmaNEST.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Windows\SysWOW64\prevhost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asafer\Desktop\back up leandro\Downloads\HijackThis.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.baixaki.com.br/portal/?utm_source=core&utm_medium=ppi&utm_campaign=portal
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\spIEBho.dll
O2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll
O2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão do Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\OnlineBanking\online_banking_bho.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Kaspersky Passsword Manager Toolbar - {215BA832-75A3-426E-A4FC-7C5B58CE6A10} - C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\spIEBho.dll
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [iSUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [HPUsageTrackingLEDM] "C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe" "C:\Program Files (x86)\HP\HP UT LEDM\"
O4 - HKLM\..\Run: [wdbraz_certm] C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
O4 - HKLM\..\Run: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Anti-phishing Domain Advisor] "C:\ProgramData\Anti-phishing Domain Advisor\visicom_antiphishing.exe"
O4 - HKCU\..\Run: [iSUSPM Startup] "c:\Program Files (x86)\Common Files\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - Startup: Dropbox.lnk = Asafer\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: &Enviar para o OneNote - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Adicionar ao Antibanner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ie_banner_deny.htm
O8 - Extra context menu item: Anexar a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Anexar destino do link a PDF existente - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Converter destino do link em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Converter em Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O9 - Extra button: Teclado Virtual - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Verificação de URLs - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\IEExt\UrlAdvisor\klwtbbho.dll
O9 - Extra button: Exibir ou ocultar HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O16 - DPF: {E37CB5F0-51F5-4395-A808-5FA49E399008} (GbPluginObj Class) - https://clickbanking.itau.com.br/itau/gbplugin/gbplugin2/cab/GbPluginUni.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O20 - Winlogon Notify: GbPluginUni - C:\PROGRA~2\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Active File Monitor V11 (AdobeActiveFileMonitor11.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Serviço do Kaspersky Anti-Virus (avp) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
O23 - Service: Serviço do Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: SW Distributed TS Coordinator Service (CoordinatorServiceHost) - Dassault Systèmes SolidWorks Corp. - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
O23 - Service: CryptoStorage control service (CSObjectsSrv) - Infowatch - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: HP LaserJet Service - HP - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: KMService - Unknown owner - C:\Windows\system32\srvany.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Protexis Licensing V2 x64 (PSI_SVC_2_x64) - arvato digital services llc - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: Watchdata CCID Moniter v3.4 (WDBrazMonitor34) - Beijing WatchData System Co., Ltd. - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 20414 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Olá Leandro.

 

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:

http://www.bleepingcomputer.com/download/adwcleaner/

 

:seta: Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

 

Remova adwares e toolbars maliciosas com o Adwcleaner

 

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites
# AdwCleaner v3.208 - Relatório criado 12/05/2014 às 16:13:43

# Atualizado 11/05/2014 por Xplode

# Sistema Operacional : Windows 7 Home Premium Service Pack 1 (64 bits)

# Usuário : Asafer - ASAFER-HP

# Executando de : C:\Users\Asafer\Downloads\AdwCleaner.exe

# Opção : Limpar


***** [ Serviços ] *****



***** [ Arquivos / Pastas ] *****


Pasta Deletada : C:\ProgramData\Anti-phishing Domain Advisor

Pasta Deletada : C:\Program Files (x86)\Mega Browse

Pasta Deletada : C:\Program Files (x86)\Toolbar Cleaner

Pasta Deletada : C:\Users\Asafer\AppData\Local\toolbarcleaner

Pasta Deletada : C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Toolbar Cleaner

Arquivo Deletada : C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\Extensions\{29b136c9-938d-4d3d-8df8-d649d9b74d02}.xpi


***** [ Atalhos ] *****



***** [ Registro ] *****


Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Anti-phishing Domain Advisor]

Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Chave Deletedo : HKCU\Software\InstallCore

Chave Deletedo : HKCU\Software\Mega Browse

Chave Deletedo : HKLM\Software\Description

Chave Deletedo : HKLM\Software\Mega Browse

Chave Deletedo : HKLM\Software\Toolbar Cleaner

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Mega Browse


***** [ Navegadores ] *****


-\\ Internet Explorer v11.0.9600.17041



-\\ Mozilla Firefox v28.0 (pt-BR)


[ Arquivo : C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\prefs.js ]



[ Arquivo : C:\Users\Asafer_2\AppData\Roaming\Mozilla\Firefox\Profiles\4hq3f3es.default\prefs.js ]


Linha deletada : user_pref("browser.startup.homepage", "hxxp://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1_1_4&ent=hp_4802");

Linha deletada : user_pref("keyword.URL", "hxxp://www.mystart.com/results.php?pr=vmn&id=toolbarcleaner&v=1_1_1_4&ent=bs_4802&q=");


-\\ Google Chrome v34.0.1847.131


[ Arquivo : C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\preferences ]


Deletedo [search Provider] : hxxp://br.ask.com/web?q={searchTerms}

Deletedo [search Provider] : hxxp://www.mystart.com/results.php?pr=vmn&id=toolbarcleaner&v=1_1_1_4&ent=ch_4802&q={searchTerms}


[ Arquivo : C:\Users\Asafer_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]


Deletedo [search Provider] : hxxp://br.ask.com/web?q={searchTerms}


*************************


AdwCleaner[R0].txt - [2792 octets] - [12/05/2014 15:48:20]

AdwCleaner[s0].txt - [2756 octets] - [12/05/2014 16:13:43]


########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2816 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivírus para evitar conflitos.

 

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

 

:seta: Para executá-lo corretamente siga as dicas deste tutorial:

 

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

 

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde, segue o mesmo.

 

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Asafer on 12/05/2014 at 17:07:42,01.
Microsoft Windows 7 Home Premium 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Asafer\Downloads\zoek.exe [scan all users] [script inserted]
==== System Restore Info ======================
12/05/2014 17:11:51 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\prefs.js:
user_pref("browser.search.defaultenginename", "Baixaki");
user_pref("browser.search.selectedEngine", "Baixaki");
user_pref("keyword.URL", "http://find.localstrike.net/?q=");
Added to C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
Deleted from C:\Users\Asafer_2\AppData\Roaming\Mozilla\Firefox\Profiles\4hq3f3es.default\prefs.js:
user_pref("browser.search.defaultenginename", "Yahoo");
user_pref("browser.search.selectedEngine", "Yahoo");
user_pref("browser.search.order.1", "Yahoo");
Added to C:\Users\Asafer_2\AppData\Roaming\Mozilla\Firefox\Profiles\4hq3f3es.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
ProfilePath: C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_052014_1721_.backup
ProfilePath: C:\Users\Asafer_2\AppData\Roaming\Mozilla\Firefox\Profiles\4hq3f3es.default
user.js not found
---- Lines browser.startup.page removed from prefs.js ----
user_pref("browser.startup.page", 1);
---- FireFox user.js and prefs.js backups ----
prefs_052014_1721_.backup
==== Deleting Files \ Folders ======================
C:\Users\Asafer\AppData\Roaming\ZoomBrowser EX deleted
C:\PROGRA~3\boost_interprocess deleted
C:\Windows\wininit.ini deleted
C:\Users\Asafer\AppData\Roaming\unins002.exe deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [02/04/2014 05:24]
[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" [04/12/2013 08:25]
==== Firefox Extensions ======================
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
Profilepath: C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default
9FD6A1990289B9290563CA069CB74EF9 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll - Shockwave Flash
29B5096C332ECE24A72024212A2282EF - C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal
7B32EC68B2D0EAE4C1333EEB53199571 - C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil
AFE3A71FF60C5A30DF58D43C2243A60B - C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll - Guardião Itaú 30 horas
6405D35B002039122117B4EAD3EDD8BD - C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal
4DC48F347E212C32BACCEC6FE3532300 - C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\npsf_bb_64.dll - Módulo de Proteção - Banco do Brasil
922F6A358C10A8BA4BCD3766227F3CAE - C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll - Guardião Itaú 30 horas
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[26/03/2013 12:08]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[26/03/2013 12:08]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx[04/11/2013 14:53]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx[04/11/2013 14:53]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[26/03/2013 12:08]
HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
caimihdmbpgddfpkbochehpehdglpcim - C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\uni\sf.crx[11/11/2013 07:58]
nnjbodopomfddehlalfilheomcahbpei - C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[19/08/2013 07:37]
pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[02/04/2014 16:21]
SocialReviver - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bfipfkeoidmndggnnpobeenlamiclald
YouTube - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
GBBD Guardi\u00E3o - Ita\u00FA 30 horas - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\caimihdmbpgddfpkbochehpehdglpcim
Google Search - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Password Manager plugin - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdnahjkclbpahfnjmpcbacidgllghba
Safe Money - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Content Blocker - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
Virtual Keyboard - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
GBBD Banco do Brasil - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkafhcogdnfhkmiepeebkkdbdphnjfll
GBBD Guardião - Itaú 30 horas - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg
F.B. Purity - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\ncdlagniojmheiklojdcpdaeepochckl
Google Wallet - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
GBBD Caixa Economica Federal - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
GBBD Caixa Economica Federal - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pbcaplhfkihhldmlbjhgajdeghjdbffi
GBBD Banco do Brasil - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh
Gmail - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - Asafer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman
Google Docs - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Kaspersky URL Advisor - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj
Safe Money - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hakdifolhalapjijoafobooafbilfakh
Content Blocker - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail
Virtual Keyboard - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh
Google Wallet - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Anti-Banner - Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{86c83f9e-48a4-4cd2-a763-64fea5df35f7} Unknown Url="Not_Found"
{F5D78999-D62D-4B36-94BD-7CAF7853C20A} Unknown Url="Not_Found"
==== Reset Google Chrome ======================
C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Asafer_2\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Internet Explorer\SearchScopes\{86c83f9e-48a4-4cd2-a763-64fea5df35f7} deleted successfully
HKEY_USERS\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F5D78999-D62D-4B36-94BD-7CAF7853C20A} deleted successfully
==== Deleting CLSID Registry Values ======================
==== shortcuts on Users Desktops ======================
C:\Users\Asafer\Desktop\Central de Soluções HP.lnk -
C:\Users\Asafer\Desktop\Dropbox.lnk - C:\Users\Asafer\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Asafer\Desktop\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Asafer\Desktop\Microsoft Outlook 2010.lnk - C:\Windows\Installer\{90140000-0011-0000-1000-0000000FF1CE}\outicon.exe
C:\Users\Asafer\Desktop\NC - Atalho.lnk - C:\SNDATA\NC
C:\Users\Asafer\Desktop\Photomatix Pro 3.lnk - C:\Program Files (x86)\PhotomatixPro3\PhotomatixPro.exe
C:\Users\Asafer\Desktop\Safe Money.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe -hidden safebanking
C:\Users\Asafer\Desktop\Skype (2) -.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe /secondary
C:\Users\Asafer\Desktop\Arquivos\Adobe Acrobat X Pro.lnk - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat.exe
C:\Users\Asafer\Desktop\Arquivos\Adobe Download Assistant.lnk - C:\Program Files (x86)\Adobe Download Assistant\Adobe Download Assistant.exe
C:\Users\Asafer\Desktop\Arquivos\Adobe Reader 9.lnk - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe
C:\Users\Asafer\Desktop\Arquivos\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
C:\Users\Asafer\Desktop\Arquivos\AquariusPlus.lnk - C:\Windows\Installer\{B47BED55-53BE-4348-AD26-E1CF7FA2016A}\app_icon.ico
C:\Users\Asafer\Desktop\Arquivos\Bitstream Font Navigator (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\FontNav64\FontNav.exe
C:\Users\Asafer\Desktop\Arquivos\Corel CAPTURE X6 (64-Bit).lnk - c:\Windows\Installer\{1967EF95-E00B-4669-8B1C-A589BE8BF24F}\NewShortcut6_C2D12190778B49D7B6847BAECAE7BE9D.exe
C:\Users\Asafer\Desktop\Arquivos\Corel CONNECT X6 (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X6\Connect64\Connect.exe
C:\Users\Asafer\Desktop\Arquivos\Corel PHOTO-PAINT X6 (64-Bit).lnk - c:\Windows\Installer\{D7C2687D-924E-4485-B367-C7D95CBF8DDD}\NewShortcut4_1B93EBAA624B47A7847E8976FF2E037B.exe
C:\Users\Asafer\Desktop\Arquivos\Execução Segura de Sites.lnk -
C:\Users\Asafer\Desktop\Arquivos\Google Chrome.lnk - C:\Users\Asafer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Asafer\Desktop\Arquivos\Google Earth (2).lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Asafer\Desktop\Arquivos\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Asafer\Desktop\Arquivos\HP Photosmart Essential 3.5.lnk - C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqpse.exe
C:\Users\Asafer\Desktop\Arquivos\Kaspersky PURE.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE\avp.exe
C:\Users\Asafer\Desktop\Arquivos\Manual de Cobrança.lnk -
C:\Users\Asafer\Desktop\Arquivos\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Asafer\Desktop\Arquivos\SISCOB.lnk - C:\Itau\Cobranca\Siscob.exe
C:\Users\Asafer\Desktop\Arquivos\backups\InterApp Control.lnk - C:\Program Files (x86)\qubnfe\qubnfe.exe
C:\Users\Asafer\Desktop\Arquivos\Exportação sem título\IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Asafer\Desktop\Arquivos\Exportação sem título\PokerStars.lnk -
C:\Users\Asafer\Desktop\Arquivos\Exportação sem título\Receitanet 1.03 .lnk -
C:\Users\Asafer\Desktop\Arquivos\Nova pasta\Program Files\MioMap\Destinator.lnk -
C:\Users\Asafer\Desktop\back up leandro\Gabriela\Atalho para Cópia de MODELO-COMISSÕES- 08 2009.xls.lnk -
C:\Users\Asafer\Desktop\back up leandro\navman ipiranga\Program Files\MioMap\Destinator.lnk -
C:\Users\Asafer_2\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asafer_2\Desktop\NC - Atalho.lnk - C:\SNDATA\NC
C:\Users\Asafer_2\Desktop\Safe Money.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe -hidden safebanking
C:\Users\Asafer_2\Desktop\Nova pasta\Adobe Photoshop Elements 11.lnk - C:\Program Files (x86)\Adobe\Elements 11 Organizer\Photoshop Elements 11.0.exe
C:\Users\Asafer_2\Desktop\Nova pasta\BB Token Admin Tool.lnk - C:\Program Files (x86)\Brazil\Brazil USB token Tool\BBAdmintool.exe
C:\Users\Asafer_2\Desktop\Nova pasta\Digital Photo Professional.lnk - C:\Program Files (x86)\Canon\Digital Photo Professional\DPPViewer.exe
C:\Users\Asafer_2\Desktop\Nova pasta\EOS Utility.lnk - C:\Program Files (x86)\Canon\EOS Utility\EOS Utility.exe
C:\Users\Asafer_2\Desktop\Nova pasta\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asafer_2\Desktop\Nova pasta\Google Earth.lnk - C:\Program Files (x86)\Google\Google Earth\client\googleearth.exe
C:\Users\Asafer_2\Desktop\Nova pasta\iTunes.lnk - C:\Program Files (x86)\iTunes\iTunes.exe
C:\Users\Asafer_2\Desktop\Nova pasta\Lightroom 3.5 64-bit.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop Lightroom 3.5\lightroom.exe
C:\Users\Asafer_2\Desktop\Nova pasta\Noiseware Professional Edition.lnk - C:\Program Files (x86)\Imagenomic\Noiseware Professional Edition\NoisewarePro.exe
C:\Users\Asafer_2\Desktop\Nova pasta\Perfect Effects 4.lnk - C:\Program Files\onOne Software\Perfect Effects 4\Perfect Effects 4.exe
C:\Users\Asafer_2\Desktop\Nova pasta\Picture Style Editor.lnk - C:\Program Files (x86)\Canon\Picture Style Editor\PSEditor.exe
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\AutoCAD 2011 - English.lnk - C:\Program Files (x86)\Autodesk\AutoCAD 2011\acad.exe
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\Users\Public\Desktop\CorelDRAW X6 (64-Bit).lnk - c:\Windows\Installer\{27AE72A4-B217-4CDC-B82B-3311E9D7460E}\NewShortcut1_41AAC0AC880545E6A1C81230F4159C30.exe
C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\QuickTime Player.lnk - C:\Program Files (x86)\QuickTime\QuickTimePlayer.exe
C:\Users\Public\Desktop\SigmaNEST Version 8.0.lnk - C:\Program Files (x86)\SigmaTEK\SigmaNEST81\SigmaNEST.exe
C:\Users\Public\Desktop\SolidWorks 2010 x64 Edition.lnk - C:\Windows\Installer\{E9173A5F-22A6-4152-848E-45851DB99162}\i386_SldWorks.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Asafer\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Asafer\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Ajuda do IRPF2014.lnk -
C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Desinstalar IRPF2014.lnk -
C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País.lnk -
C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014\IRPF - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva do País\Leia-me do IRPF2014.lnk -
C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Asafer\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==== shortcuts in Quick Launch ======================
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SolidWorks 2010 x64 Edition.lnk - C:\Windows\Installer\{E9173A5F-22A6-4152-848E-45851DB99162}\i386_SldWorks.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SolidWorks eDrawings 2010.lnk - C:\Program Files (x86)\SolidWorks Corp\SolidWorks eDrawings\EModelViewer.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\SolidWorks Explorer 2010.lnk - C:\Windows\Installer\{2D8D14CC-5B31-44B9-87FC-BEC3D8AFFD1D}\NewShortcut1.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\25bb2cdfb96af2d6\PokerStars.lnk - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk - C:\Program Files (x86)\CCleaner\CCleaner64.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\Windows\system32\notepad.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Sticky Notes.lnk -
C:\Users\Asafer\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HP MediaSmart.lnk - C:\Program Files (x86)\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\HPAdvisor.lnk - C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Asafer_2\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyOverride"="*.local"
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Asafer\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Asafer_2\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Asafer_2\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=6 folders=3 808102 bytes)
==== Empty Temp Folders ======================
C:\Users\Asafer\AppData\Local\Temp will be emptied at reboot
C:\Users\Asafer_2\AppData\Local\temp emptied successfully
C:\Users\Default\AppData\Local\temp emptied successfully
C:\Users\Default User\AppData\Local\temp emptied successfully
C:\Users\Public\AppData\Local\temp emptied successfully
C:\Users\USURIO~1\AppData\Local\temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Asafer\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 12/05/2014 at 17:35:00,98 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o programa Junkware Removal Tool no link abaixo:

http://thisisudax.org/downloads/JRT.exe

 

:seta: Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

 

Tutorial do Junkware Removal Tool

 

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia segue: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Asafer on 13/05/2014 at 8:08:32,78
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Emptied folder: C:\Users\Asafer\AppData\Roaming\mozilla\firefox\profiles\5r2g6265.default\minidumps [8 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 13/05/2014 at 8:16:50,74
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Compartilhar este post


Link para o post
Compartilhar em outros sites

* Faça o download do < ZHPDiag2.exe > < NicolasCoolman.jpg> ( ... de Nicolas Coolman )

 

:seta: Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

 

Tutorial de instalação e execução do aplicativo ZHPDiag

 

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia, segue o mesmo:

~ Relatório do ZHPDiag v2014.5.12.61 - Nicolas Coolman (12/05/2014)
~ Iniciado por Asafer (13/05/2014 10:59:20)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Blog de análise de software : http://nicolascoolman.byethost7.com/wordpress/
~ Fóruns de suporte gratuito para desinfecção : http://nicolascoolman.webs.com/apps/links/
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17105
MFIE: Mozilla Firefox 28.0
GCIE: Google Chrome v34.0.1847.131 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Key Management Service client information : KO
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Kaspersky PURE 3.0 v13.0.2.558
Malwarebytes Anti-Malware versão 2.0.1.1004
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v4.11
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI - Português
Java 7 Update 51
Java 7 Update 55
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3767 MB (23% free)
System Restore: Activé (Enable)
System drive C: has 629 GB (68%) free of 922 GB
---\\ Modo de conexão ao sistema
~ Computer Name: ASAFER-HP
~ User Name: Asafer
~ All Users Names: HomeGroupUser$, Convidado, Asafer_2, Asafer, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Asafer\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Asafer\AppData\Roaming\
~ %Desktop% : C:\Users\Asafer\Desktop\
~ %Favorites% : C:\Users\Asafer\Favorites\
~ %LocalAppData% : C:\Users\Asafer\AppData\Local\
~ %StartMenu% : C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 629 Go of 922 Go)
D: Hard drive, Flash drive, Thumb drive (Free 1 Go of 10 Go)
E: CD-ROM drive (Free 0 Go of 2 Go)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
H: Floppy drive, Flash card reader, USB Key (Not Inserted)
I: Floppy drive, Flash card reader, USB Key (Not Inserted)
J: Floppy drive, Flash card reader, USB Key (Not Inserted)
K: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 49 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 10:25:30.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 10:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 06:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 06:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 07:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 06:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 07:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 06:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 10:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/154
~ Mes musiques (My Musics) : 1/8
~ Mes Favoris (My Favorites) : 1/54
~ Mes Documents (My Documents) : 4/315
~ Mon Bureau (My Desktop) : 4/39439
~ Menu demarrer (Programs) : 1/37
~ Hidden Files: Scanned in 00mn 56s
---\\ Processos lançados
[MD5.41AD6110110A2E89957F831DCBFAF892] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe [6963512] [PID.2612]
[MD5.554A50B5310E702029D3A675459108FF] - (.Hewlett-Packard - hpsysdrv.) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe [62768] [PID.3124]
[MD5.63A648C5FEB5DE641E1174ACB6CF78C6] - (.No owner - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe [568888] [PID.3268]
[MD5.4C8942B8721813E5C8874D47112DCF73] - (.Hewlett-Packard Company - No Comment.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2741616] [PID.3540]
[MD5.9D4A0ECBF734E2EECDD5B473A2D705FE] - (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016] [PID.3724]
[MD5.B54921381A950C8215FB363B485C432B] - (.Hewlett-Packard Co. - HP Digital Imaging Monitor.) -- C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe [270336] [PID.3960]
[MD5.EBE6AD4AE1CB00559C10B206225673F8] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Asafer\AppData\Roaming\Dropbox\bin\Dropbox.exe [33604728] [PID.3992]
[MD5.6A35F79EBDEF04CFD462059B0C0AA431] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696] [PID.3868]
[MD5.5516C26A6AF8EB4E2CAB48EC98A74398] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe [54576] [PID.4032]
[MD5.7D58C9BDF9C0A3955BDCDE7387AD12AC] - (.Macrovision Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920] [PID.3672]
[MD5.1F7AC62EDE0BE2D9EB59030694A1CA0E] - (. Beijing WatchData System Co., Ltd. - WatchSAFE Background v3.4.) -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe [57488] [PID.3792]
[MD5.7E91655B4947EC1B18B3BC1645839145] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128] [PID.1872]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3944]
[MD5.085BE68B52CE5A5FA4621507AD518CF3] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.3232]
[MD5.145AD71E3A05A558FEF9705B5EA6E2D1] - (.Kaspersky Lab - Kaspersky Password Manager.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Kaspersky Password Manager\stpass.exe [16317248] [PID.5636]
[MD5.9F98821AE94E8CC78F7A5D423791B839] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe [12971328] [PID.4260]
[MD5.F16EEA6CCA9D8A7D1193AE80E43FBBC7] - (.Hewlett-Packard Co. - HP CUE Status Root.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe [168960] [PID.7112]
[MD5.9843F58DF3E2908D1FED4DF4B8747E51] - (.Hewlett-Packard Co. - HP CUE Alert Popup Window Objects.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe [559104] [PID.1584]
[MD5.883008A9B5BFF94A153D99DBA54CB5C1] - (.Hewlett-Packard - GPCore COM object.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe [362496] [PID.7972]
[MD5.EA5B870671079786F335AC7C10846C4F] - (.Adobe Systems Incorporated - AAM Updates Notifier Application.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe [295584] [PID.35652]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.1680]
[MD5.44553655E3D43B740DFDD4301472C10D] - (.SigmaTEK Systems LLC - SigmaNEST.) -- C:\Program Files (x86)\SigmaTEK\SigmaNEST81\SigmaNEST.exe [24296960] [PID.18988]
[MD5.0D67EEBB3F9A495AE0D7D9E52BDE3704] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7874048] [PID.34584]
[MD5.B99C37364701D19F2B5C0A0E1ECCDB80] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [519720] [PID.944]
[MD5.B1EA9681502EE57F87DB71D726288A5B] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65192] [PID.1700]
[MD5.F518545E5B7623AD49ABE7F8776EFA46] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1800]
[MD5.0F9FE82E229C039F0AC1996E44059653] - (.Infowatch - InfoWatch CryptoStorage Protected objects c.) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [819040] [PID.1920]
[MD5.F9BD48630768BD3413972F2AEB49974F] - (.SafeNet Inc. - Sentinel LDK License Manager Service.) -- C:\Windows\system32\hasplms.exe [4609928] [PID.1988]
[MD5.BCC4A8B2E2E902F52E7F2E7D8E125765] - (.Hewlett-Packard Company - HP Quick Synchronization Service.) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [94264] [PID.2144]
[MD5.4635935FC972C582632BF45C26BFCB0E] - (...) -- C:\Windows\SysWOW64\srvany.exe [8192] [PID.2196]
[MD5.C34411A244029F1C08687F7C752C4563] - (.Hewlett-Packard Company - LightScribe Service.) -- C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728] [PID.2220]
[MD5.82865FF17BC664C711EFA674759F9991] - (...) -- C:\Windows\KMService.exe [77824] [PID.2236] =>Hijacker.Office
[MD5.0E08BDD7326E657D59DB40BAD23D8169] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720] [PID.2304]
[MD5.A8E7F3DB083EB0839DFC1C763CDD2594] - (.Malwarebytes Corporation - Malwarebytes Anti-Malware.) -- C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912] [PID.2464]
[MD5.837608240884733792DDAE81E50B802A] - (.Microsoft Corporation - SQL Server Windows NT.) -- C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408] [PID.2568]
[MD5.86EBD8B1F23E743AAD21F4D5B4D40985] - (.Microsoft Corporation - SQL Browser Service EXE.) -- C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [238944] [PID.2992]
[MD5.97F6FFB8A305A77D25C6C0E07B71D252] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [5024576] [PID.1060]
[MD5.BA443FEFCF0C7E0AE441E0F21CCBD715] - (.Beijing WatchData System Co., Ltd. - WatchSAFE Service 3.4.) -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe [75680] [PID.4900]
[MD5.F627BC830EE548527966288E4968AAC0] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.4884]
[MD5.02CF67DC188222A92ED8818F7224442C] - (.TeamViewer GmbH - TeamViewer 9.) -- C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe [238400] [PID.4440]
[MD5.835CE0647E4E9F01BEB26201DA6705B4] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 11.0 (component).) -- C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [171600] [PID.6576]
~ Processes Running: Scanned in 00mn 04s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Asafer\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [user Data\Default] [caimihdmbpgddfpkbochehpehdglpcim] GBBD Guardião - Itaú 30 horas v.3.6.0 (Désactivé)
G2 - GCE: Preference [user Data\Default] [dchlnpcodkpfdpacogkljefecpegganj] Conselheiro de URLs da Kaspersky v.13.0.2.558 (Désactivé)
G2 - GCE: Preference [user Data\Default] [dhdnahjkclbpahfnjmpcbacidgllghba] Password Manager plugin v.7.0.3.11 (Activé)
G2 - GCE: Preference [user Data\Default] [hakdifolhalapjijoafobooafbilfakh] Dinheiro seguro v.13.0.2.558 (Désactivé)
G2 - GCE: Preference [user Data\Default] [hghkgaeecgjhjkannahfamoehjmkjail] Content Blocker v.13.0.2.614 (Désactivé)
G2 - GCE: Preference [user Data\Default] [jagncdcchgajhfhijbbhecadmaiegcmh] Virtual Keyboard v.13.0.2.614 (Désactivé)
G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [user Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [user Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.4.0 (Désactivé)
G2 - GCE: Preference [user Data\Default] [pjldcfjmnllhmgjclecdnfampinooman] Anti-Banner v.13.0.2.558 (Désactivé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 24 Legitimates Filtered in 00mn 01s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\prefs.js
M3 - MFPP: Plugins - [Asafer] -- C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\searchplugins\Baixaki.xml
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Asafer\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
P2 - FPN: [HKCU] [wacom.com/WacomTabletPlugin] - (...) -- C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (.not file.)
~ Firefox Browser: 26 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=systempropertiesperformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 22 Legitimates Filtered in 00mn 00s
---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [hpsysdrv] . (.Hewlett-Packard - hpsysdrv.) -- c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [smartMenu] . (.No owner - SmartMenu.) -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
O4 - HKLM\..\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Run: [Windows Mobile Device Center] . (.Microsoft Corporation - Windows Mobile Device Center.) -- C:\Windows\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [iSUSPM Startup] . (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - No Comment.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Notas Autoadesivas.) -- C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKCU\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
O4 - HKLM\..\Wow6432Node\Run: [iAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [iSUSScheduler] . (.Macrovision Corporation - InstallShield Update Service Scheduler.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
O4 - HKLM\..\Wow6432Node\Run: [HPUsageTrackingLEDM] . (.Hewlett-Packard Company - HP UT LEDM Driver.) -- C:\Program Files (x86)\HP\HP UT LEDM\bin\hppusg.exe
O4 - HKLM\..\Wow6432Node\Run: [wdbraz_certm] . (. Beijing WatchData System Co., Ltd. - WatchSAFE Background v3.4.) -- C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\BBCertM32.exe
O4 - HKLM\..\Wow6432Node\Run: [hpqSRMon] . (.Hewlett-Packard - HpqSRmon.) -- C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
O4 - HKLM\..\Wow6432Node\Run: [switchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
O4 - HKLM\..\Wow6432Node\Run: [APSDaemon] . (.Apple Inc. - Apple Push.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
O4 - HKLM\..\Wow6432Node\Run: [QuickTime Task] . (.Apple Inc. - QuickTime Task.) -- C:\Program Files (x86)\QuickTime\QTTask.exe
O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKUS\S-1-5-21-3731980268-2904590947-1619489453-1000\..\Run: [iSUSPM Startup] . (.Macrovision Corporation - InstallShield Update Service Update Manager.) -- C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe
O4 - HKUS\S-1-5-21-3731980268-2904590947-1619489453-1000\..\Run: [LightScribe Control Panel] . (.Hewlett-Packard Company - No Comment.) -- C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
O4 - HKUS\S-1-5-21-3731980268-2904590947-1619489453-1000\..\Run: [RESTART_STICKY_NOTES] . (.Microsoft Corporation - Notas Autoadesivas.) -- C:\Windows\System32\StikyNot.exe
O4 - HKUS\S-1-5-21-3731980268-2904590947-1619489453-1000\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-21-3731980268-2904590947-1619489453-1000\..\Run: [skype] . (.Skype Technologies S.A. - Skype.) -- C:\Program Files (x86)\Skype\Phone\Skype.exe =>.Skype Technologies S.A.
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Teclado Virtual [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kbrd.ico
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~3\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~3\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: Verificação de URLs [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{776A8908-6E25-4400-A29E-2D924479921A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{776A8908-6E25-4400-A29E-2D924479921A}: DhcpDomain = lan
O17 - HKLM\System\CS1\Services\Tcpip\..\{776A8908-6E25-4400-A29E-2D924479921A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{776A8908-6E25-4400-A29E-2D924479921A}: DhcpDomain = lan
O17 - HKLM\System\CS2\Services\Tcpip\..\{776A8908-6E25-4400-A29E-2D924479921A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{776A8908-6E25-4400-A29E-2D924479921A}: DhcpDomain = lan
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: KMService (KMService) . (...) - C:\Windows\SysWOW64\srvany.exe =>Hijacker.Office
O23 - Service: Watchdata CCID Moniter v3.4 (WDBrazMonitor34) . (.Beijing WatchData System Co., Ltd. - WatchSAFE Service 3.4.) - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
~ Services: 21 Legitimates Filtered in 00mn 09s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1066]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\HPCeeScheduleForAsafer [336]
~ Scheduled Task: 25 Legitimates Filtered in 00mn 05s
---\\ Software instalados (042)
O42 - Logiciel: AquariusPlus - (.GPS Aquarius.) [HKLM][64Bits] -- {E868D3AD-0F3D-4174-9BED-13B992EABFC0}
O42 - Logiciel: BBAdminTool - (.Watchdata Technologies Pte., Ltd..) [HKLM][64Bits] -- {95A34656-CD4A-45A0-BAB8-AB950EFCBEBF}
O42 - Logiciel: Fatalyzer - (...) [HKLM][64Bits] -- ST5UNST #1
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKCU][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: GBBD Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: PokerStars - (.PokerStars.) [HKLM][64Bits] -- PokerStars
O42 - Logiciel: SISCOB - (...) [HKLM][64Bits] -- {D5940AE3-7244-11D6-BAB7-00010332BA5B}
O42 - Logiciel: SigmaNEST 8.1 C112 - (.SigmaTEK.) [HKLM][64Bits] -- {483572BB-9119-4123-B2F2-365C140A269E}
~ Logic: 29 Legitimates Filtered in 00mn 01s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GPS Aquarius]
[HKCU\Software\GbAs]
[HKCU\Software\SigmaNEST]
[HKCU\Software\ToolbarCleaner]
[HKCU\Software\Uniko]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Banco Itaú Unibanco S.A.]
[HKLM\Software\Wow6432Node\SigmaNEST]
[HKLM\Software\Wow6432Node\SigmaTEK]
[HKLM\Software\Wow6432Node\sXe_Injected]
~ Key Software: 406 Legitimates Filtered in 00mn 01s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 18/11/2013 - 13:06:20 - [] ----D C:\Program Files (x86)\Brazil
O43 - CFD: 23/09/2011 - 15:21:42 - [] ----D C:\Program Files (x86)\Fatalyzer
O43 - CFD: 12/02/2014 - 08:13:14 - [] ----D C:\Program Files (x86)\GPS Aquarius
O43 - CFD: 27/12/2012 - 13:14:02 - [] ----D C:\Program Files (x86)\PokerStars
O43 - CFD: 31/08/2011 - 08:14:58 - [] ----D C:\Program Files (x86)\SigmaTEK
O43 - CFD: 05/09/2011 - 10:41:56 - [] ----D C:\Program Files (x86)\Common Files\SigmaTEK Shared
O43 - CFD: 13/02/2013 - 09:50:36 - [] ----D C:\ProgramData\Pictures
O43 - CFD: 05/09/2011 - 10:40:53 - [] ----D C:\ProgramData\SigmaTEK
O43 - CFD: 14/09/2011 - 08:00:28 - [] ----D C:\ProgramData\{D3B41B92-9BC2-43EB-916A-4FA9E8191837}
O43 - CFD: 31/08/2011 - 08:17:03 - [] ----D C:\Users\Asafer\AppData\Roaming\SigmaTEK
O43 - CFD: 28/08/2013 - 16:11:04 - [0] ----D C:\Users\Asafer\AppData\Local\DM
O43 - CFD: 12/02/2014 - 08:13:47 - [] ----D C:\Users\Asafer\AppData\Local\GPS Aquarius
O43 - CFD: 02/10/2013 - 16:54:56 - [0] -SH-D C:\Users\Asafer\AppData\Local\ms-drivers
O43 - CFD: 28/12/2012 - 15:51:55 - [] ----D C:\Users\Asafer\AppData\Local\PokerStars
O43 - CFD: 13/05/2014 - 09:15:44 - [] ----D C:\Users\Asafer\AppData\Local\SN
O43 - CFD: 22/10/2013 - 14:08:58 - [] ----D C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\KoshyJohn.com
O43 - CFD: 14/04/2014 - 09:54:48 - [] ----D C:\Users\Asafer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas RFB2014
~ Program Folder: 250 Legitimates Filtered in 00mn 01s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.82865FF17BC664C711EFA674759F9991] - 12/05/2014 - 13:47:11 ---A- . (...) -- C:\Windows\KMService.exe [77824] =>Hijacker.Office
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 12/05/2014 - 17:07:16 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.D48A1769EF73C9C7D19757F6F9D4A0C2] - 12/05/2014 - 17:35:00 ---A- . (...) -- C:\zoek-results.log [29895]
O44 - LFC:[MD5.1C01E17C7DF7887243992AA09F409EBB] - 13/05/2014 - 08:23:08 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [167342]
O44 - LFC:[MD5.F4920EC5D61F877BC6792836D5E8B96C] - 13/05/2014 - 08:23:08 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [760674]
~ Files: 19 Legitimates Filtered in 00mn 03s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:02/06/2011 - 13:39:44 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [84536]
O58 - SDL:02/06/2011 - 13:39:44 ---A- . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66616]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:03/12/2012 - 15:36:34 ---A- . (.Windows ® Win 7 DDK provider - Filter Driver for HID-KMDF Interface.) -- C:\Windows\System32\Drivers\hidkmdf.sys [13728]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:13/12/2012 - 13:50:36 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
O58 - SDL:08/05/2013 - 09:52:48 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [49536]
O58 - SDL:13/05/2014 - 08:03:44 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
O58 - SDL:16/05/2012 - 08:58:46 -SHA- . (...) -- C:\Windows\SysWOW64\KGyGaAvL.sys [848]
~ Drivers: 85 Legitimates Filtered in 00mn 05s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 12 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.04128EE979BBE14A5F53827BCA02C54B] [sPRF][04/11/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
[MD5.CE4DE5D4E2D96839DD62E4FA5E810BC9] [sPRF][18/10/2013] (...) -- C:\Users\Asafer\AppData\Roaming\unins000.dat [29426]
[MD5.0E9E747B7A6AD1405EE71883ED41C177] [sPRF][05/07/2013] (...) -- C:\Users\Asafer\AppData\Roaming\unins001.dat [12521]
[MD5.36C96F4310AC9A6FC761D8257156799C] [sPRF][04/12/2013] (...) -- C:\Users\Asafer\AppData\Roaming\unins002.dat [19438]
[MD5.D41D8CD98F00B204E9800998ECF8427E] [sPRF][31/08/2011] (...) -- C:\Users\Asafer\AppData\Roaming\wklnhst.dat [0]
~ Files: 10 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{40DBD9C9-D7E5-431C-8BD7-43B359FAA575}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Asafer\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{0699D5F1-1E95-4A9B-A4A4-4673FDD03800}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Asafer\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s
---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{2E83568E-0640-4025-B60D-A4A6AE7C6076}] (uiMeshPrepCompPage_c Class) =>PUP.iMesh
[HKCR\CLSID\{3366F6CE-2DDD-4F91-B80C-7960B169E02C}] (uiMeshDoctorPage_c Class) =>PUP.iMesh
[HKCR\CLSID\{33F346BB-F43E-455A-A633-5F5FC689D4D0}] (uiMeshDecoWizardPage_c Class) =>PUP.iMesh
[HKCR\CLSID\{AC1789A1-CEB9-479E-852B-6608F910033C}] (uiMeshManipulationPage Class) =>PUP.iMesh
[HKCR\CLSID\{D2DDE660-A14E-4D3D-A0CB-0C9AE7736085}] (uiMeshRelaxPage_c Class) =>PUP.iMesh
[HKCR\CLSID\{E3FCFE4B-1A8A-4D1D-85C6-F84B0E98B43B}] (uiMeshSplitPage_c Class) =>PUP.iMesh
[HKCR\CLSID\{F3AE0F4E-C3C6-41FB-BE1D-39F7A7A6319D}] (uiMeshSmoothPage_c Class) =>PUP.iMesh
~ BCK: 7197 Legitimates Filtered in 00mn 09s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 29/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 15/10/2009 87336 | (CoordinatorServiceHost) . (.Dassault Systèmes SolidWorks Corp..) - C:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe
SS - | Demand 20/10/2011 867080 | (FLEXnet Licensing Service) . (.Acresso Software Inc..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 30/09/2011 136176 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 30/09/2011 136176 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Auto 24/06/2009 136704 | (HP LaserJet Service) . (.HP.) - C:\Program Files (x86)\HP\HPLaserJetService\HPLaserJetService.exe
SS - | Demand 28/03/2011 799800 | (hpqwmiex) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
SS - | Demand 07/04/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 20/10/2011 79360 | (SolidWorks Licensing Service) . (.SolidWorks.) - C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SR - | Auto 23/09/2012 171600 | (AdobeActiveFileMonitor11.0) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
SR - | Auto 23/09/2012 65192 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 07/01/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 04/11/2013 356128 | (avp) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Auto 21/12/2012 819040 | (CSObjectsSrv) . (.Infowatch.) - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
SR - | Demand 01/09/2011 1436424 | (FLEXnet Licensing Service 64) . (.Acresso Software Inc..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 09/08/2013 4609928 | (hasplms) . (.SafeNet Inc..) - C:\Windows\system32\hasplms.exe
SR - | Auto 21/06/2011 85560 | (HP Support Assistant Service) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe =>.Hewlett-Packard Co
SR - | Auto 28/03/2011 94264 | (HPDrvMntSvc.exe) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
SR - | Demand 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll (hpqcxs08) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll (hpqddsvc) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.dll (HPSLPSVC) . (.Hewlett-Packard Co..) - C:\Windows\System32\svchost.exe
SR - | Auto 15/01/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Demand 20/01/2014 641352 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 10/07/1658 0 | (KMService) . (...) - C:\Windows\system32\srvany.exe =>Hijacker.Office
SR - | Auto 04/03/2011 73728 | (LightScribeService) . (.Hewlett-Packard Company.) - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
SR - | Auto 03/04/2014 1809720 | (MBAMScheduler) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
SR - | Auto 03/04/2014 857912 | (MBAMService) . (.Malwarebytes Corporation.) - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 30/11/2010 336824 | (PSI_SVC_2_x64) . (.arvato digital services llc.) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 25/04/2014 5024576 | (TeamViewer9) . (.TeamViewer GmbH.) - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
SR - | Auto 24/03/2011 75680 | (WDBrazMonitor34) . (.Beijing WatchData System Co., Ltd..) - C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 11s
---\\ Scâner Aditional (088)
Database Version : 13045 - (12/05/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 8
[HKLM\SYSTEM\CurrentControlSet\Services\KMService] =>Hijacker.Office^
C:\Windows\KMService.exe =>Hijacker.Office^
[HKCR\CLSID\{2E83568E-0640-4025-B60D-A4A6AE7C6076}] (uiMeshPrepCompPage_c Class) =>PUP.iMesh^
[HKCR\CLSID\{3366F6CE-2DDD-4F91-B80C-7960B169E02C}] (uiMeshDoctorPage_c Class) =>PUP.iMesh^
[HKCR\CLSID\{33F346BB-F43E-455A-A633-5F5FC689D4D0}] (uiMeshDecoWizardPage_c Class) =>PUP.iMesh^
[HKCR\CLSID\{AC1789A1-CEB9-479E-852B-6608F910033C}] (uiMeshManipulationPage Class) =>PUP.iMesh^
[HKCR\CLSID\{D2DDE660-A14E-4D3D-A0CB-0C9AE7736085}] (uiMeshRelaxPage_c Class) =>PUP.iMesh^
[HKCR\CLSID\{E3FCFE4B-1A8A-4D1D-85C6-F84B0E98B43B}] (uiMeshSplitPage_c Class) =>PUP.iMesh^
[HKCR\CLSID\{F3AE0F4E-C3C6-41FB-BE1D-39F7A7A6319D}] (uiMeshSmoothPage_c Class) =>PUP.iMesh^
~ Additionnel Scan: 772848 Items scanned in 01mn 15s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 2 link(s) detected in 00mn 00s
~ 995 Legitimates filtered by white list
End of the scan (546 lines in 03mn 38s)(0)

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.

_______________________________________________________________________

 

:seta: Selecione e copie todo o texto destacado em vermelho que te passei.

_____________________________________________________________________________________________________________

 

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

 

Copie este relatório e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Você fez uma verificação com o Malwarebytes depois deste problema começar a acontecer? Se tiver feito, poste o relatório dele aqui em seu tópico para podermos analisar.

____________________________________________________________________________

 

Caso não tenha feito uma verificação atualmente, faça desta forma abaixo por gentileza:

 

Alterando o idioma do Malwarebytes para o português:

 

Caso o idioma do seu Malwarebytes esteja em inglês é bem simples mudá-lo para nossa língua. Para isto abra o Malwarebytes e clique em Settings como mostra esta imagem:

 

tutorial-malwarebytes-2.jpg

 

Na próxima tela que surge, clique em Language e selecione a opção Portugueze (Brazil):

 

tutorial-malwarebytes-3.jpg

___________________________________________________________________________

 

Como executar uma verificação personalizada com o Malwarebytes:

 

- Abra o Malwarebytes > Clique em Verificar > clique em Verificação Personalizada > Clique em Verificar Agora:

 

malwarebytes-tutorial-11.jpg

 

Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas estas opções:

 

Verificar Objetos na Memória

Verificar as Configurações da Inicialização e do Registro

Verificar Arquivos Compactados

 

Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes.

 

Depois disto clique no botão Iniciar Verificação como mostra a imagem abaixo:

 

malwarebytes-tutorial-12.jpg

 

Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador:

 

malwarebytes-tutorial-13.jpg

 

Assim que a verificação terminar, caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows onde você clicará nela:

 

malwarebytes-tutorial-1.jpg

 

Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Você notará que ele já mostra uma ação padrão para os itens (que normalmente é a de mover para a quarentena).

 

Para remover as infecções, deixe a opção Quarentena no menu Ação selecionada em todos os itens e clique no botão Aplicar Ações, como mostra esta imagem:

 

malwarebytes-tutorial-2.jpg

 

Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, clique em Sim (ou Yes) como mostra esta imagem:

 

malwarebytes-tutorial-3.jpg

 

Depois disto é só postar o novo log de verificação que o Malwarebytes irá criar em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Malwarebytes Anti-Malware

www.malwarebytes.org


Data de Verificação: 16/04/2014

Hora da Verificação: 10:36:49

Logfile: 456.txt

Administrador: Sim


Versão: 2.00.1.1004

Malware Database: v2014.04.16.05

Rootkit Database: v2014.03.27.01

Licença: Premium

Proteção de Malware: Enabled

Proteção de Site Malicioso: Enabled

Chameleon: Desabilitado


OS: Windows 7 Service Pack 1

CPU: x64

Sistema de Arquivo: NTFS

Usuário: Asafer


Tipo da Verificação: Verificar Ameaça

Resultado: Completado

Arquivos Verificados: 375396

Tempo Decorrido: 28 min, 1 seg


Memória: Enabled

Inicialização: Enabled

Filesystem: Enabled

Arquivos: Enabled

Rootkits: Desabilitado

Shuriken: Enabled

PUP: Warn

PUM: Enabled


Processos: 0

(No malicious items detected)


Módulos: 0

(No malicious items detected)


Chaves de Registro: 4

PUP.Optional.MegaBrowse.A, HKLM\SOFTWARE\WOW6432NODE\Mega Browse, No Action By User, [e81dee3d403be1552d3f6e04cc36b44c],

PUP.Optional.MegaBrowse.A, HKU\S-1-5-21-3731980268-2904590947-1619489453-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Mega Browse, No Action By User, [848149e2abd066d0f37889e9eb17e11f],

PUP.Optional.InstallCore.A, HKU\S-1-5-21-3731980268-2904590947-1619489453-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE\1I1T1Q1S, No Action By User, [699cde4d3b4077bf4f797a010ef4758b],

PUP.Optional.InstallCore.A, HKU\S-1-5-21-3731980268-2904590947-1619489453-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE, No Action By User, [63a249e24f2cc472dc267c16649f2cd4],


Valores de Registro: 1

PUP.Optional.InstallCore.A, HKU\S-1-5-21-3731980268-2904590947-1619489453-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\INSTALLCORE|tb, 0H1R1Q1O0G2Z1I1E, No Action By User, [63a249e24f2cc472dc267c16649f2cd4]


Dados do Registro: 0

(No malicious items detected)


Pastas: 7

PUP.Optional.BlueSprig.A, C:\ProgramData\BlueSprig, No Action By User, [e32260cb1368b87ec2746dfbf90948b8],

PUP.Optional.BlueSprig.A, C:\ProgramData\BlueSprig\JetBoost, No Action By User, [e32260cb1368b87ec2746dfbf90948b8],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Backup, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Log, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Startup, No Action By User, [7293f8336615c175ae8893d5bb4739c7],


Arquivos: 21

PUP.Optional.MegaBrowse.A, C:\$RECYCLE.BIN\S-1-5-21-3731980268-2904590947-1619489453-1000\$RHSTZ9W.dll, No Action By User, [58ad59d2e19a2511ea4a510dae5322de],

PUP.Optional.InstallCore, C:\Users\Asafer\Downloads\icq-82-build-6893-32-bits.exe, No Action By User, [7c896bc0b7c47eb8962815ff828204fc],

PUP.Optional.ExtendedSetup, C:\Users\Asafer\Downloads\toolbar-cleaner-1301-32-bits (1).exe, No Action By User, [7d88092286f5ec4a16f3b00aa0636c94],

PUP.Optional.ExtendedSetup, C:\Users\Asafer\Downloads\toolbar-cleaner-1301-32-bits.exe, No Action By User, [8d78b378a8d3e155d831caf008fb02fe],

PUP.Optional.Bundle, C:\Users\Asafer\Downloads\utorrent-332-build-30570-32-bits.exe, No Action By User, [42c370bb7dfe85b1c1f479f29869f808],

PUP.RiskwareTool.CK, C:\Users\Asafer\Downloads\Crack Amtlib.dll 32bit & 64bit.rar, No Action By User, [c144f43789f21422d75e54815fa240c0],

PUP.Optional.MegaBrowse.A, C:\Users\Asafer\AppData\Roaming\Mozilla\Firefox\Profiles\5r2g6265.default\extensions\{29b136c9-938d-4d3d-8df8-d649d9b74d02}.xpi, No Action By User, [12f388a3f08be056739594dd857da060],

PUP.Optional.BlueSprig.A, C:\ProgramData\BlueSprig\JetBoost\FilterDB.db, No Action By User, [e32260cb1368b87ec2746dfbf90948b8],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Config.ini, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Ignore.ini, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Backup\JetCleanBackup-2012-10-31(08-10-24).reg, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Backup\JetCleanBackup-2012-10-31(14-45-54).reg, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Backup\JetCleanBackup-2012-12-10(11-11-33).reg, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Backup\JetCleanBackup-2013-01-03(11-19-49).reg, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Log\JetCleanLog-2012-10-31(08-10-45).txt, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Log\JetCleanLog-2012-10-31(14-46-02).txt, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Log\JetCleanLog-2012-12-10(11-12-10).txt, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Log\JetCleanLog-2013-01-03(11-20-21).txt, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.BlueSprig.A, C:\Users\Asafer\AppData\Roaming\BlueSprig\JetClean\Log\JetCleanLog-2013-05-23(13-18-58).txt, No Action By User, [7293f8336615c175ae8893d5bb4739c7],

PUP.Optional.MyStartTB.A, C:\Users\Asafer_2\AppData\Roaming\Mozilla\Firefox\Profiles\4hq3f3es.default\prefs.js, Good: (), Bad: (user_pref("browser.startup.homepage", "http://www.mystart.com/?pr=vmn&id=toolbarcleaner&v=1_1_1_4&ent=hp_4802");), No Action By User,[e81dbe6d1c5f3afc68bf1f31eb19ab55]

PUP.Optional.MyStartTB.A, C:\Users\Asafer_2\AppData\Roaming\Mozilla\Firefox\Profiles\4hq3f3es.default\prefs.js, Good: (), Bad: (user_pref("keyword.URL", "http://www.mystart.com/results.php?pr=vmn&id=toolbarcleaner&v=1_1_1_4&ent=bs_4802&q=");), No Action By User,[32d378b3e09bfa3c9cbf8fc148bcc838]


Physical Sectors: 0

(No malicious items detected)



(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Está constando no log que nenhuma ação foi tomada pelo usuário para remover as ameaças. Além disto foi feita só uma verificação simples com ele.

 

Faça, por gentileza, uma verificação seguindo exatamente os passos que te passei na resposta anterior e poste o resultado.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Malwarebytes Anti-Malware

www.malwarebytes.org


Data de Verificação: 14/05/2014

Hora da Verificação: 13:32:00

Logfile: 66789.txt

Administrador: Sim


Versão: 2.00.1.1004

Malware Database: v2014.05.14.03

Rootkit Database: v2014.03.27.01

Licença: Premium

Proteção de Malware: Enabled

Proteção de Site Malicioso: Enabled

Chameleon: Desabilitado


OS: Windows 7 Service Pack 1

CPU: x64

Sistema de Arquivo: NTFS

Usuário: Asafer


Tipo da Verificação: Verificação Personalizada

Resultado: Completado

Arquivos Verificados: 744965

Tempo Decorrido: 5 hr, 28 min, 59 seg


Memória: Enabled

Inicialização: Enabled

Filesystem: Enabled

Arquivos: Enabled

Rootkits: Desabilitado

Shuriken: Enabled

PUP: Enabled

PUM: Enabled


Processos: 1

RiskWare.Tool.CK, C:\Windows\KMService.exe, 1052, Delete-on-Reboot, [7ccf3819ff7cb97d44c9a112f60bc23e]


Módulos: 0

(No malicious items detected)


Chaves de Registro: 0

(No malicious items detected)


Valores de Registro: 1

Malware.Packer.T, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\SIGMATEK SHARED\HASP\WRTSIM80.EXE, 1, Quarantined, [70dbe07185f6979f442e6d37728e3dc3]


Dados do Registro: 0

(No malicious items detected)


Pastas: 0

(No malicious items detected)


Arquivos: 14

PUP.RiskwareTool.CK, C:\Users\Asafer\Desktop\back up leandro\A\Adobe Photoshop CS6-Ingles\Crack Amtlib.dll 32bit & 64bit.rar, No Action By User, [ec5f53feec8f290d3fbc0dd617ea4cb4],

PUP.RiskwareTool.CK, C:\Users\Asafer\Desktop\back up leandro\A\Adobe Photoshop CS6-Ingles\a-Crack\32-bit\amtlib.dll, No Action By User, [52f9d77a3744db5b8972d50ef30e966a],

PUP.RiskwareTool.CK, C:\Users\Asafer\Downloads\Crack Amtlib.dll 32bit & 64bit.rar, No Action By User, [d7746ae7c9b2eb4bb843d60d000139c7],

PUP.RiskwareTool.CK, C:\Users\Asafer\Dropbox\leandro-Danielle\Adobe Photoshop CS6\crack_PS6\32-bit\amtlib.dll, No Action By User, [1c2f62ef611a46f07586826106fba55b],

PUP.RiskwareTool.CK, C:\Users\Asafer\Dropbox\leandro-Danielle\Adobe Photoshop CS6\crack_PS6\64-bit\amtlib.dll, No Action By User, [56f51938d2a941f5fa0205de50b1f20e],

RiskWare.Tool.CK, C:\Windows\KMService.exe, Delete-on-Reboot, [7ccf3819ff7cb97d44c9a112f60bc23e],

PUP.RiskwareTool.CK, C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\AMTLib.dll, Quarantined, [33183e1334475fd736c6697a748dc838],

PUP.RiskwareTool.CK, C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\amtlib.dll, Quarantined, [65e6d879314af442b547b72c5ba658a8],

Malware.Packer.T, C:\Program Files (x86)\Common Files\SigmaTEK Shared\Hasp\Wrtsim80.exe, Quarantined, [70dbe07185f6979f442e6d37728e3dc3],

PUP.RiskwareTool.CK, C:\Users\Asafer\Desktop\back up leandro\A\Adobe Photoshop CS6-Ingles\a-Crack\64-bit\amtlib.dll, Quarantined, [123971e0f5861125ed0f479c2dd46b95],

Trojan.Agent.H, C:\Users\Asafer\Desktop\back up leandro\backup\xiter.rar, Quarantined, [72d9b59c2d4e7bbb738a0dc80cf518e8],

Hacktool.Agent, C:\Users\Asafer\Desktop\back up leandro\programas\Windows Loader v1.8.8.zip, Quarantined, [92b9bb968af103338592da6f669b827e],

Hacktool.Agent, C:\Users\Asafer\Desktop\back up leandro\programas\Windows Loader\Windows Loader.exe, Quarantined, [e863c988562593a371a687c2e31e8a76],

Hacktool.Agent, C:\Users\Asafer\Desktop\back up leandro\programas\Windows Loader v1.8.8\Windows Loader\Windows Loader.exe, Quarantined, [a7a4b29ff982270f7f98ab9eb64b0af6],


Physical Sectors: 0

(No malicious items detected)



(end)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivirus para evitar conflitos.

Baixe: < Pre_Scan > ( de g3n-h@ckm@n )
|- Ao acessar o link acima, role a página e clique em Télécharger para fazer o download: 530637d6efc63.png

:seta: Execute-o da forma indicada nesta postagem:

Tutorial de instalação e execução do Pre_Scan

Assim que a limpeza for concluída, poste o log (relatório) que estará em C:\Pre_Scan\Pre_Scan_07_05_2014_17_05_22.txt (estes números em vermelho irão variar pois eles mostram a data e hora em que o escaneamento foi realizado).

Compartilhar este post


Link para o post
Compartilhar em outros sites
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ Pre_Scan | g3n-h@ckm@n | 4.05.06.1 ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤


¤¤¤¤¤ XP | Vista | 7 | 8 - 32/64 bits ¤¤¤¤¤ - Start 14:58:35


Updated 06/05/2014 | 10.55 by g3n-h@ckm@n





[Asafer (Administrator)] - [ASAFER-HP]

SID = S-1-5-21-3731980268-2904590947-1619489453-1000


Starting up : Normal

System : Windows 7 Home Premium (64 bits) HomePremium Service Pack 1

ProcessorNameString : Intel® Core i3 CPU 540 @ 3.07GHz

Identifier : Intel64 Family 6 Model 37 Stepping 2



Memory RAM = Total (MB) : 3857 | Free (MB) : 2228

Pagefile = Total (MB) : 7713 | Free (MB) : 5940

Virtual = Total (MB) : 4194 | Free (MB) : 3966


¤¤¤¤¤¤¤¤¤¤ | Components of starting up


C:\Windows\Setup\Scripts\oobe.cmd

C:\Windows\Setup\Scripts\SetupComplete.cmd


¤¤¤¤¤¤¤¤¤¤¤ | Drives


C:\-> [Fixed] | [OS] | Total : 943730 Mo | Free : 642000 Mo -> NTFS

D:\-> [Fixed] | [HP_RECOVERY] | Total : 10030 Mo | Free : 1220 Mo -> NTFS

E:\-> [CDROM] | [Office14] | Total : 2110 Mo | Free : 0 Mo -> CDFS

F:\-> [Removable] | [] | Total : 1910 Mo | Free : 1610 Mo -> FAT


¤¤¤¤¤¤¤¤¤¤ | Windows updates


No detected update !!!



¤¤¤¤¤¤¤¤¤¤ | Sessions


C:\Windows\system32\config\systemprofile

C:\Windows\ServiceProfiles\LocalService

C:\Windows\ServiceProfiles\NetworkService

C:\Users\Asafer

C:\Users\Asafer_2


Registry saved , to restore : C:\Pre_Scan\Save\Scan\ERDNT.exe


stand-by mode deleted !



¤¤¤¤¤¤¤¤¤¤ | Browsers


IE : 11.0.9600.17041 (© Microsoft Corporation. Todos os direitos reservados.)

FF : 28.0.0.5186 (©Firefox and Mozilla Developers; available under the MPL 2 license.)

GC : 34.0.1847.137 (Copyright 2012 Google Inc.)


¤¤¤¤¤¤¤¤¤¤ | FlashPlayer


FlashPlayer ActiveX : 13.0.0.214

FlashPlayer Plugin : 13.0.0.214


¤¤¤¤¤¤¤¤¤¤ | Security


AS : Windows Defender Enabled

WU: Windows Update Service [Auto(2)] = Running

AS: Windows Defender [Auto(2)] = Running

FW: Windows FireWall Service [Auto(2)] = Running


¤¤¤¤¤¤¤¤¤¤ | Stopped processes


944 | [Owner : |Parent : 760] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) - (3.1.6.3) = C:\PROGRA~2\GbPlugin\gbpsv.exe

1360 | [Owner : |Parent : 760] - (.Microsoft Corporation - Aplicativo de subsistema de spooler.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe

1604 | [Owner : SISTEMA |Parent : 760] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) - (1.7.0.0) = C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

1668 | [Owner : SISTEMA |Parent : 760] - (.Apple Inc. - YSLoader.exe.) - (17.327.4.11) = C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

1788 | [Owner : SISTEMA |Parent : 760] - (.Infowatch - InfoWatch CryptoStorage Protected objects controller service.) - (2.0.201.0) = C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe

1840 | [Owner : SISTEMA |Parent : 760] - (.SafeNet Inc. - Sentinel LDK License Manager Service.) - (15.0.1.36539) = C:\Windows\System32\hasplms.exe

1300 | [Owner : SISTEMA |Parent : 760] - (.Hewlett-Packard Company - HP Quick Synchronization Service.) - (4.0.112.1) = C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe

1796 | [Owner : SISTEMA |Parent : 760] - (.Hewlett-Packard Company - LightScribe Service.) - (1.18.22.2) = C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

2228 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - SQL Server Windows NT.) - (2005.90.5000.0) = C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe

2392 | [Owner : SISTEMA |Parent : 760] - (.arvato digital services llc - PsiService PsiService.) - (3.1.0.56) = C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe

2468 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - SQL Browser Service EXE.) - (2005.90.5000.0) = C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

2516 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - SQL Server VSS Writer - 64 Bit.) - (2005.90.5000.0) = C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe

2672 | [Owner : SISTEMA |Parent : 760] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

3044 | [Owner : SISTEMA |Parent : 760] - (.Beijing WatchData System Co., Ltd. - WatchSAFE Service 3.4.) - (3.4.0.0) = C:\Windows\SysWOW64\Watchdata\Watchdata Brazil CSP v1.0\WDBrazMon34.exe

2916 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

3328 | [Owner : SISTEMA |Parent : 760] - (.Intel Corporation - IAStorDataSvc.) - (9.5.7.1002) = C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

3352 | [Owner : SISTEMA |Parent : 2916] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

4636 | [Owner : SERVIÇO LOCAL |Parent : 640] - (.Microsoft Corporation - Windows Driver Foundation - Processo de Host da Estrutura de Driver de Modo de Usuário.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe

4108 | [Owner : SISTEMA |Parent : 760] - (.Adobe Systems Incorporated - Adobe Photoshop Elements 11.0 (component).) - (11.0.0.0) = C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe

4260 | [Owner : SISTEMA |Parent : 760] - (.Hewlett-Packard Company - HP Support Assistant Service.) - (6.0.5.4) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

4360 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - Serviço de Compartilhamento de Rede do Windows Media Player.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe

4464 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Indexador do Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe

4164 | [Owner : Asafer |Parent : 760] - (.Microsoft Corporation - Processo de Host para Tarefas do Windows.) - (6.1.7601.18010) = C:\Windows\System32\taskhost.exe

4160 | [Owner : Asafer |Parent : 4512] - (.Microsoft Corporation - Windows Explorer.) - (6.1.7601.17567) = C:\Windows\explorer.exe

4920 | [Owner : Asafer |Parent : 4160] - (.Intel Corporation - hkcmd Module.) - (8.15.10.2040) = C:\Windows\System32\hkcmd.exe

4972 | [Owner : Asafer |Parent : 876] - (.Intel Corporation - igfxsrvc Module.) - (8.15.10.2040) = C:\Windows\System32\igfxsrvc.exe

4644 | [Owner : Asafer |Parent : 4160] - (.Intel Corporation - persistence Module.) - (8.15.10.2040) = C:\Windows\System32\igfxpers.exe

5288 | [Owner : Asafer |Parent : 4160] - (.Microsoft Corporation - Notas Autoadesivas.) - (6.1.7600.16385) = C:\Windows\System32\StikyNot.exe

5420 | [Owner : Asafer |Parent : 4160] - (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) - (6.1.7601.17514) = C:\Program Files\Windows Sidebar\sidebar.exe

5440 | [Owner : Asafer |Parent : 2672] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

5992 | [Owner : Asafer |Parent : 5632] - (.Intel Corporation - IAStorIcon.) - (9.5.7.1002) = C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

1000 | [Owner : SISTEMA |Parent : 2672] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

5328 | [Owner : SISTEMA |Parent : 2672] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

1500 | [Owner : Asafer |Parent : 876] - (.Kaspersky Lab - Kaspersky Password Manager.) - (7.0.3.11) = C:\PROGRA~2\KASPER~1\KASPER~2.0\KASPER~2\stpass.exe

2476 | [Owner : SISTEMA |Parent : 4464] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchProtocolHost.exe

5036 | [Owner : Asafer |Parent : 4160] - (.Google Inc. - Google Chrome.) - (34.0.1847.131) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

4992 | [Owner : Asafer |Parent : 5036] - (.Google Inc. - Google Chrome.) - (34.0.1847.131) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

5188 | [Owner : Asafer |Parent : 5036] - (.Google Inc. - Google Chrome.) - (34.0.1847.131) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

7136 | [Owner : Asafer |Parent : 5036] - (.Google Inc. - Google Chrome.) - (34.0.1847.131) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

5432 | [Owner : Asafer |Parent : 4160] - (.Microsoft Corporation - Microsoft Outlook.) - (14.0.7113.5000) = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE

6396 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - Microsoft Office Software Protection Platform Service.) - (14.0.370.400) = C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

3360 | [Owner : Asafer |Parent : 5036] - (.Google Inc. - Google Chrome.) - (34.0.1847.131) = C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


¤¤¤¤¤¤¤¤¤¤ | Running processes


424 | [Owner : SISTEMA |Parent : 4] - (.Microsoft Corporation - Gerenciador de Sessão do Windows.) - (6.1.7601.18229) = C:\Windows\System32\smss.exe

592 | [Owner : SISTEMA |Parent : 576] - (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe

652 | [Owner : SISTEMA |Parent : 636] - (.Microsoft Corporation - Processo do tempo de Execução do Servidor do Cliente.) - (6.1.7600.16385) = C:\Windows\System32\csrss.exe

660 | [Owner : SISTEMA |Parent : 576] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) - (6.1.7600.16385) = C:\Windows\System32\wininit.exe

700 | [Owner : SISTEMA |Parent : 636] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) - (6.1.7601.18409) = C:\Windows\System32\winlogon.exe

760 | [Owner : SISTEMA |Parent : 660] - (.Microsoft Corporation - Aplicativo de serviços e controle.) - (6.1.7600.16385) = C:\Windows\System32\services.exe

768 | [Owner : SISTEMA |Parent : 660] - (.Microsoft Corporation - Local Security Authority Process.) - (6.1.7601.18443) = C:\Windows\System32\lsass.exe

776 | [Owner : SISTEMA |Parent : 660] - (.Microsoft Corporation - Serviço do Gerenciador de Sessão Local.) - (6.1.7601.17514) = C:\Windows\System32\lsm.exe

876 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1004 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

604 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

640 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

568 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1020 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1212 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1416 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1452 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

1744 | [Owner : SISTEMA |Parent : 760] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) - (13.0.2.628) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

1472 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\SysWOW64\svchost.exe

2284 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

2328 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

2892 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

3536 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

3264 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

4876 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

4856 | [Owner : Asafer |Parent : 640] - (.Microsoft Corporation - Gerenciador de Janelas da Área de Trabalho.) - (6.1.7600.16385) = C:\Windows\System32\dwm.exe

4608 | [Owner : Asafer |Parent : 5632] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) - (13.0.2.628) = C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe

4116 | [Owner : SERVIÇO LOCAL |Parent : 760] - (.Microsoft Corporation - Processo de Host para Serviços do Windows.) - (6.1.7600.16385) = C:\Windows\System32\svchost.exe

7012 | [Owner : Asafer |Parent : 5036] - (. - .) - (0.0.0.0) = C:\Users\Asafer\Downloads\Pre_Scan.exe

6572 | [Owner : SISTEMA |Parent : 760] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) - (3.1.6.3) = C:\PROGRA~2\GbPlugin\gbpsv.exe

5532 | [Owner : SERVIÇO LOCAL |Parent : 640] - (.Microsoft Corporation - Windows Driver Foundation - Processo de Host da Estrutura de Driver de Modo de Usuário.) - (6.2.9200.16384) = C:\Windows\System32\WUDFHost.exe

980 | [Owner : SISTEMA |Parent : 760] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe

6216 | [Owner : Asafer |Parent : 876] - (.Microsoft Corporation - Processo de host do Windows (Rundll32).) - (6.1.7600.16385) = C:\Windows\System32\rundll32.exe

260 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corp. - Microsoft® Windows Live ID Service.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

2492 | [Owner : SISTEMA |Parent : 260] - (.Microsoft Corp. - Microsoft® Windows Live ID Service Monitor.) - (7.250.4232.0) = C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE

6852 | [Owner : Asafer |Parent : 980] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe

4524 | [Owner : SISTEMA |Parent : 980] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe

5556 | [Owner : SISTEMA |Parent : 980] - (.TeamViewer GmbH - TeamViewer 9.) - (9.0.28223.0) = C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe

7040 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Indexador do Microsoft Windows Search.) - (7.0.7601.17610) = C:\Windows\System32\SearchIndexer.exe

4816 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - Serviço de Compartilhamento de Rede do Windows Media Player.) - (12.0.7601.17514) = C:\Program Files\Windows Media Player\wmpnetwk.exe

5852 | [Owner : SISTEMA |Parent : 7040] - (.Microsoft Corporation - Microsoft Windows Search Protocol Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchProtocolHost.exe

2784 | [Owner : SISTEMA |Parent : 760] - (.Microsoft Corporation - Aplicativo de subsistema de spooler.) - (6.1.7601.17777) = C:\Windows\System32\spoolsv.exe

5356 | [Owner : SISTEMA |Parent : 760] - (.Apple Inc. - YSLoader.exe.) - (17.327.4.11) = C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

6752 | [Owner : SERVIÇO DE REDE |Parent : 760] - (.Microsoft Corporation - SQL Browser Service EXE.) - (2005.90.5000.0) = C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe

2544 | [Owner : SISTEMA |Parent : 760] - (.Hewlett-Packard Company - HP Support Assistant Service.) - (6.0.5.4) = C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

6516 | [Owner : SISTEMA |Parent : 7040] - (.Microsoft Corporation - Microsoft Windows Search Filter Host.) - (7.0.7601.17610) = C:\Windows\System32\SearchFilterHost.exe



¤¤¤¤¤¤¤¤¤¤ | Winlogon user : OK !



¤¤¤¤¤¤¤¤¤¤ | Winlogon machine


Modified : [64][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0

Modified : [32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]|[AutoRestartShell] : 1 -> 0

Repaired : [64][HKLM | Winlogon]|[userinit] : C:\Windows\system32\userinit.exe, -> C:\Windows\SysWOW64\userinit.exe,


¤¤¤¤¤¤¤¤¤¤ | Associations


Repaired : [64][HKLM\Software\Classes\Folder\shell\open\command] : %SystemRoot%\Explorer.exe -> C:\Windows\Explorer.exe



¤


Repaired : [64][HKLM\Software\Clients\StartMenuInternet\IExplore.exe\shell\open\command] : C:\Program Files\Internet Explorer\iexplore.exe -> "C:\Program Files (x86)\Internet Explorer\iexplore.exe"

Repaired : [64][HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] : http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s

Repaired : [32][HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Associations] : http://go.microsoft.com/fwlink/?LinkId=57426&Ext=%s -> http://shell.windows.com/fileassoc/%04x/xml/redir.asp?Ext=%s


¤¤¤¤¤¤¤¤¤¤ | Registry


Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0

Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{9343812e-1c37-4a49-a12e-4b2d810d956b}] : 1 -> 0

Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0

Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{F02C1A0D-BE21-4350-88B0-7367FC96EF3C}] : 1 -> 0

Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0

Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{20D04FE0-3AEA-1069-A2D8-08002B30309D}] : 1 -> 0

Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0

Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{208D2C60-3AEA-1069-A2D7-08002B30309D}] : 1 -> 0

Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0

Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{871C5380-42A0-1069-A2EA-08002B30309D}] : 1 -> 0

Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0

Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}] : 1 -> 0

Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0

Repaired : [32][HKLM\software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel]|[{59031a47-3f72-44a7-89c5-5595fe6b30ee}] : 1 -> 0

Repaired : [64][HKLM\software\Microsoft\Windows\CurrentVersion\policies\Explorer]|[NoDriveTypeAutoRun] : 60 -> 145

Repaired : [HKU\S-1-5-21-3731980268-2904590947-1619489453-1000\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]|[Hidden] : 2 -> 0

Repaired : [HKU\S-1-5-21-3731980268-2904590947-1619489453-1000\software\Microsoft\Windows\CurrentVersion\Explorer\ControlPanel]|[AllItemsIconView] : 0 -> 1

Repaired : [HKU\S-1-5-21-3731980268-2904590947-1619489453-1000\software\Microsoft\Windows\CurrentVersion\Policies\Explorer]|[NoDriveTypeAutoRun] : 0 -> 145


¤¤¤¤¤¤¤¤¤¤ | Access to the registry and to the administrator of the tasks




¤¤¤¤¤¤¤¤¤¤ | SafeBoot


Safeboot Keys are O.K


Alternate shell is OK !


¤


Safeboot Minimal Subkeys : O.K !


¤


Safeboot Network Subkeys : O.K !


¤¤¤¤¤¤¤¤¤¤ | IFEO



¤¤¤¤¤¤¤¤¤¤ | Mountpoints2




¤¤¤¤¤¤¤¤¤¤ | Windows


[64][HKLM\Software\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]|[] : @SYS:DoesNotExist

[64][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\Autorun.inf]|[] : @SYS:Software\Swearware\dump

[64][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\system.ini\Boot]|[shell] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon

[32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\IniFileMapping\win.ini]|[winlogon] : SYS:Microsoft\Windows NT\CurrentVersion\Winlogon


Winsrv : OK !



[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] :


[HKLM64\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[AppInit_DLLS] :

[64][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0

[32][HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]|[LoadAppInit_DLLs] : 0


¤¤¤¤¤¤¤¤¤¤ | Security center











¤¤¤¤¤¤¤¤¤¤ | Correction of the services



Repaired : [Compbatt] : 3 -> 0

Repaired : [agp440] : 3 -> 2

Repaired : [bits] : 3 -> 2

Repaired : [EapHost] : 3 -> 2

Repaired : [Wlansvc] : 3 -> 2

Repaired : [wudfsvc] : 3 -> 2

Repaired : [WerSvc] : 3 -> 2


¤¤¤¤¤¤¤¤¤¤ | Internet Explorer


Repaired : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Main]|[start Page] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome -> http://www.google.com/

Repaired : [HKU\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\system32\blank.htm -> C:\Windows\SysWOW64\blank.htm

Repaired : [HKU\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Internet Explorer\Main]|[Default_Search_URL] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> http://go.microsoft.com/fwlink/?LinkId=54896

Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Search]|[searchAssistant] : http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm -> http://www.google.com/ie

Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[search Bar] : http://search.msn.com/spbasic.htm -> http://www.google.com/

Repaired : [32][HKLM\Software\Microsoft\Internet Explorer\Main]|[Local Page] : C:\Windows\System32\blank.htm -> C:\Windows\SysWOW64\blank.htm

Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Search_URL] : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> http://go.microsoft.com/fwlink/?LinkId=54896

Repaired : [64][HKLM\Software\Microsoft\Internet Explorer\Main]|[Default_Page_URL] : http://go.microsoft.com/fwlink/p/?LinkId=255141 -> http://go.microsoft.com/fwlink/?LinkId=69157


¤


Repaired : [HKU\S-1-5-21-3731980268-2904590947-1619489453-1000\Software\Microsoft\Windows\CurrentVersion\Internet settings]|[WarnonZoneCrossing] : 0 -> 1


¤¤¤¤¤¤¤¤¤¤ | Hosts


C:\Windows\System32\Drivers\etc\hosts : Cleaned


¤¤¤¤¤¤¤¤¤¤ | reparsepoint




¤¤¤¤¤¤¤¤¤¤ | Detection of offsets



¤¤¤¤¤¤¤¤¤¤ | Files | Folders | Registry


stopped : KMService

Deleted service : KMService

Deleted : HKLM\..\ControlSet002\Services\KMService


Deleted : C:\$Recycle.bin\S-1-5-21-3731980268-2904590947-1619489453-1000



Moved to quarantine successfully : C:\Users\Asafer\AppData\Roaming\wklnhst.dat

Moved to quarantine successfully : C:\Users\Asafer\AppData\Roaming\unins001.dat

Moved to quarantine successfully : C:\Users\Asafer\AppData\Roaming\unins000.dat

Moved to quarantine successfully : C:\Users\Asafer\AppData\Roaming\unins002.dat

Moved to quarantine successfully : C:\Windows\system32\srvany.exe

Will be moved in quarantine in the restart : C:\Windows\AutoKMS

Moved to quarantine successfully : C:\ProgramData\ntuser.dat{a8b18732-4536-11e3-9301-1cc1debeb8de}.TMContainer00000000000000000001.regtrans-ms

Moved to quarantine successfully : C:\ProgramData\ntuser.dat{a8b18732-4536-11e3-9301-1cc1debeb8de}.TMContainer00000000000000000002.regtrans-ms

Moved to quarantine successfully : C:\ProgramData\ntuser.dat{a8b18749-4536-11e3-9301-1cc1debeb8de}.TMContainer00000000000000000001.regtrans-ms

Moved to quarantine successfully : C:\ProgramData\ntuser.dat{a8b18749-4536-11e3-9301-1cc1debeb8de}.TMContainer00000000000000000002.regtrans-ms

Moved to quarantine successfully : C:\ProgramData\ntuser.dat{a8b18732-4536-11e3-9301-1cc1debeb8de}.TM.blf

Moved to quarantine successfully : C:\ProgramData\ntuser.dat{a8b18749-4536-11e3-9301-1cc1debeb8de}.TM.blf

Moved to quarantine successfully : C:\Users\Asafer\AppData\Local\microsoft\windows\WebCacheLock.dat

Moved to quarantine successfully : C:\Users\Asafer\AppData\Roaming\EurekaLog

Moved to quarantine successfully : C:\Windows\assembly\tmp\

Moved to quarantine successfully : C:\Users\Asafer\AppData\LocalLow\Sun\Java\Deployment\cache\6.0

Moved to quarantine successfully : C:\Users\Asafer\AppData\LocalLow\Sun\Java\Deployment\cache\security


Prefetch -> cleaned




D:\ : Vaccinated (Vaccin created by Usbfix)

E:\ : Impossible to vaccinate

F:\ : Vaccinated (Vaccin created by Pre_Scan)


¤¤¤¤¤¤¤¤¤¤ | Hidden files


~ [Drive D:] : Hidden : 7 | Restored : 7

~ [Drive F:] : Hidden : 6 | Restored : 6

~ [Drive C:] : Hidden : 1 | Restored : 1

~ [Program Files] : Hidden : 8 | Restored : 8

~ [users] : Hidden : 4 | Restored : 4

~ [Music] : Hidden : 2 | Restored : 2

~ [Pictures] : Hidden : 23 | Restored : 23

~ [Documents] : Hidden : 6 | Restored : 6

~ [Desktop] : Hidden : 802 | Restored : 802

~ [searches] : Hidden : 2 | Restored : 2

~ [Windows] : Hidden : 45 | Restored : 45

~ [start Menu | Programs | Startup] : Hidden : 1 | Restored : 1

~ [Libraries] : Hidden : 53 | Restored : 53



¤¤¤¤¤¤¤¤¤¤ | Control of the partitions


Disk: 0 Size=954G

Pos MBRndx Type/Name Size Active Hide Start Sector Sectors

--- ------ ---------- ---- ------ ---- ------------ ------------

0 0 07-NTFS 100M Yes No 2,048 204,800

1 1 07-NTFS 944G No No 206,848 932,769,280

2 2 07-NTFS 10G No No 932,976,128 20,545,536


¤¤¤¤¤¤¤¤¤¤


[HKLM | Winlogon] | AutoRestartShell : 0 -> 1

[HKLM64 | Winlogon] | AutoRestartShell : 0 -> 1


End : 15:19:33



Standby-mode restored

¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤ - 367

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivirus para evitar conflitos.

 

Baixe: < Shortcut_Module > ( de g3n-h@ckm@n )

|- Ao acessar o link acima, role a página e clique em Télécharger para fazer o download: 530637d6efc63.png

 

Execute-o da forma indicada nesta postagem:

 

Desinfecte atalhos infectados e exclua adwares com a ferramenta Shortcut_Module

 

Assim que a limpeza for concluída, poste o log (relatório) que estará em C:\Shortcut_Module_07_05_2014_17_05_22.txt (estes números em vermelho irão variar pois eles mostram a data e hora em que o escaneamento foi realizado).

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.