Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

1sefirot1

[Resolvido] Computador cheio daqueles vírus padrões de internet.

Recommended Posts

Larguei meu notebook sem senha por uma semana aqui em casa, para utilização pela parte da família, e o resultado nao poderia ser outro: Está infestado de malwares. Browser travando a todo tempo, páginas de busca padrão, etc etc etc..

 

Gostaria de postar o log aqui para os senhores me ajudassem a ver o q esta acontecendo. Segue o log:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:38:03, on 25/05/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
Running processes:
C:\Users\Gustavo\Downloads\BitTorrent.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Quiknowledge - {323C6E6D-1621-470F-8A52-4FDEC4E75E40} - C:\Program Files (x86)\Quiknowledge\IE\QuiknowledgeClientIE.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O2 - BHO: webget - {dc264a72-fa75-4948-b881-ea8eff8e5dd2} - C:\Program Files (x86)\webget\webgetbho.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [baidu Antivirus] "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\daemon\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: GameRanger.lnk = Gustavo\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Quiknowledge Client Service (qksvc) - Quiknowledge - C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe
O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9770 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa Noite! Gsbad


|- Baixe: < 1268r49.png > ( ... by Oleg N. Scherbakov )

|- Salve-o no desktop!

|- Desabilite seu antivírus!

|- Para Windows 7 e 8,clique direito em JRT.exe e execute-o ... Executar_Administrador.jpg

|- Aguarde a conclusão e poste o relatório. ( JRT.txt )


-/-


|- Baixe: < AdwCleaner_Logo2_zps580bcd78.jpg > ( ... par Xplode )


|- Ao acessar,clique na imagem: < download-button-jdownloads.png >


|- Ps: Se utilizar o navegador IE9,desabilite o filtro "SmartScreen".

|- Salve-o no desktop!

|- Clique direito em adwcleaner.exe,e escolha sua execução como Executar_Administrador.jpg


advz4z8Y.jpg


|- Ps: Dê início ao scan,clicando em "Examinar".

|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.

|- Copie o log ou clique "Relatório".

|- Poste: < C:\AdwCleaner\AdwCleaner[s0].txt >


Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Segue os logs

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by Gustavo on 26/05/2014 at 22:40:17,47
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-3336594925-1444484530-2665733283-1001\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\\Start Page
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\mysearchdial
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\baidu
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\mysearchdial
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\baidu"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\Users\Gustavo\AppData\Roaming\baidu"
Successfully deleted: [Folder] "C:\Users\Gustavo\AppData\Roaming\mysearchdial"
Successfully deleted: [Folder] "C:\Program Files (x86)\mysearchdial"
Successfully deleted: [Folder] "C:\Program Files (x86)\quiknowledge"
~~~ FireFox
Successfully deleted: [File] C:\Users\Gustavo\AppData\Roaming\mozilla\firefox\profiles\pvngbors.default\user.js
Successfully deleted: [File] C:\Users\Gustavo\AppData\Roaming\mozilla\firefox\profiles\pvngbors.default\searchplugins\mysearchdial.xml
Successfully deleted: [Folder] "C:\Program Files (x86)\Mozilla Firefox\extensions\quiknowledge@quiknowledge.com"
Successfully deleted: [Folder] C:\Users\Gustavo\AppData\Roaming\mozilla\firefox\profiles\pvngbors.default\extensions\staged
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\quiknowledge@quiknowledge.com
Successfully deleted the following from C:\Users\Gustavo\AppData\Roaming\mozilla\firefox\profiles\pvngbors.default\prefs.js
user_pref("browser.startup.homepage", "hxxp://start.mysearchdial.com/?f=1&a=dsites02_14_20_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0CtDtAyE0A0E0DyCtD0FtN0D0Tzu0SzzyCtAtN1L2XzutBtFtB
user_pref("browser.search.selectedEngine", "Mysearchdial");
~~~ Chrome
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/05/2014 at 23:05:52,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

 

AdwCleaner.txt:

 

# AdwCleaner v3.211 - Relatório criado 26/05/2014 às 23:09:46
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 8 (64 bits)
# Usuário : Gustavo - GUSTAVO-NOTE2
# Executando de : C:\Users\Gustavo\Desktop\adwcleaner_3.211.exe
# Opção : Limpar
***** [ Serviços ] *****
Serviço Deletada : qknfd
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\Program Files (x86)\webget
Pasta Deletada : C:\Program Files\Quiknowledge
Pasta Deletada : C:\Users\Gustavo\AppData\Local\Temp\webget
Pasta Deletada : C:\Users\Gustavo\AppData\Roaming\1H1Q
Pasta Deletada : C:\Users\Public\Documents\baidu
Arquivo Deletada : C:\Windows\Tasks\MySearchDial.job
Arquivo Deletada : C:\Windows\System32\Tasks\MySearchDial
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DC264A72-FA75-4948-B881-EA8EFF8E5DD2}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DC264A72-FA75-4948-B881-EA8EFF8E5DD2}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DC264A72-FA75-4948-B881-EA8EFF8E5DD2}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DC264A72-FA75-4948-B881-EA8EFF8E5DD2}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{323C6E6D-1621-470F-8A52-4FDEC4E75E40}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKCU\Software\webget
Chave Deletedo : HKCU\Software\AppDataLow\Software
Chave Deletedo : HKLM\Software\webget
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\webget
***** [ Navegadores ] *****
-\\ Internet Explorer v10.0.9200.16537
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [start Page]
-\\ Mozilla Firefox v25.0 (pt-BR)
[ Arquivo : C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\pvngbors.default\prefs.js ]
-\\ Google Chrome v35.0.1916.114
[ Arquivo : C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [startup_urls] : hxxp://start.mysearchdial.com/?f=1&a=dsites02_14_20_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0CtDtAyE0A0E0DyCtD0FtN0D0Tzu0SzzyCtAtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0CtDtCzz0DyDzztG0DyByCtBtG0A0C0B0BtGtDtByD0DtGyC0B0EzyzytBzyyC0A0F0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0EyE0EtB0A0CtCtG0ByByEyDtGtD0D0B0DtGtAzz0E0FtGtAzzyEyEtB0F0E0FzztAtCzz2Q&cr=1171445982&ir=
Deletedo [Homepage] : hxxp://start.mysearchdial.com/?f=1&a=dsites02_14_20_ch&cd=2XzuyEtN2Y1L1Qzu0Bzzzzzz0EtA0CtDtAyE0A0E0DyCtD0FtN0D0Tzu0SzzyCtAtN1L2XzutBtFtBtDtFzytFtBtN1L1CzutCyEtDtAtDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyB0CtDtCzz0DyDzztG0DyByCtBtG0A0C0B0BtGtDtByD0DtGyC0B0EzyzytBzyyC0A0F0B0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0EyE0EtB0A0CtCtG0ByByEyDtGtD0D0B0DtGtAzz0E0FtGtAzzyEyEtB0F0E0FzztAtCzz2Q&cr=1171445982&ir=
Deletedo [Extension] : pflphaooapbgpeakohlggbpidpppgdff
*************************
AdwCleaner[R0].txt - [9053 octets] - [10/12/2013 11:28:22]
AdwCleaner[R1].txt - [4853 octets] - [26/05/2014 23:08:33]
AdwCleaner[s0].txt - [8433 octets] - [10/12/2013 11:29:31]
AdwCleaner[s1].txt - [4132 octets] - [26/05/2014 23:09:46]
########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [4192 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Gsbad

 

|- Baixe: < zoek > ( ... by Smeenk )
|- Ou aqui! < 51a612a8b27e2-Zoek.pngzoek.exe >
|- Salve-o e descompacte-o para o desktop!
|- Estarão disponíveis: zoek.com, zoek.scr, zoek.pif e zoek.exe
|- Desabilite seu antivírus!
|- Para Windows 7,execute zoek.exe como administrador.
hijackthis;
iedefaults;
chromelook;
shortcutfix;
autoclean;
emptyalltemp;
|- Copie e cole estas informações,em vermelho,no campo da ferramenta.
|- Clique "Run Script".

Zoek.exe is running now.

Do not start any browser windows, they will be closed automatically.
Please wait! This window will close when finished.
A logfile will open afterwards and can also be found on your systemdrive as zoek-results.log

 

|- Surgirão estas informações,pedindo-lhe que aguarde o surgimento do relatório.
|- Ps: Essas informações,podem permanecer estáticas na tela por 20 minutos ou mais.
Zoek_Reboot_zpscf60b3cf.jpg
|- Aceite e/ou confirme o reboot!

zoek.hta failed by unknown error.

Restart computer, and try again.

 

|- Ps: Ao obter algum erro,reinicie o PC e execute,novamente,a ferramenta.
|- Poste o relatório,que estará em C:\zoek-results.txt <<
Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

Zoek.exe v5.0.0.0 Updated 22-05-2014

Tool run by Gustavo on 27/05/2014 at 21:05:55,76.

Microsoft Windows 8 6.2.9200 x64

Running in: Normal Mode Internet Access Detected

Launched: C:\Users\Gustavo\Desktop\zoek.exe [scan all users] [script inserted]


==== System Restore Info ======================


27/05/2014 21:07:02 Zoek.exe System Restore Point Created Succesfully.


==== Deleting CLSID Registry Keys ======================


HKEY_USERS\S-1-5-21-3336594925-1444484530-2665733283-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully


==== Deleting CLSID Registry Values ======================



==== Deleting Services ======================



==== Deleting Files \ Folders ======================


C:\PROGRA~3\Baidu deleted

C:\windows\SysNative\tasks\Baidu Antivirus Update deleted

C:\Users\Gustavo\AppData\Roaming\unins000.exe deleted

C:\Users\Gustavo\AppData\Roaming\unins001.exe deleted


==== Firefox Extensions Registry ======================


[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]

"{87F8774F-B485-47E2-A755-A40A8A5E886D}"="C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\cef\xpi" [10/01/2014 17:04]


==== Firefox Extensions ======================


ProfilePath: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\pvngbors.default

- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}

- Firebug - %ProfilePath%\extensions\firebug@software.joehewitt.com.xpi

- leethax.net extension - %ProfilePath%\extensions\leethax@leethax.net.xpi

- webget - %ProfilePath%\extensions\{9edd0ea8-2819-47c2-8320-b007d5996f8a}.xpi


AppDir: C:\Program Files (x86)\Mozilla Firefox

- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}


==== Firefox Plugins ======================


Profilepath: C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\pvngbors.default

29B5096C332ECE24A72024212A2282EF - C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef.dll - Módulo de Proteção - Caixa Economica Federal

FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Gustavo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin

B52EFEC8EEF9A7809376795ED3699826 - C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll - Módulo de Proteção - Banco do Brasil

6405D35B002039122117B4EAD3EDD8BD - C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_cef_64.dll - Módulo de Proteção - Caixa Economica Federal



==== Chrome Look ======================


HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions

nnjbodopomfddehlalfilheomcahbpei - C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\cef\sf.crx[10/01/2014 17:04]

pgacfjdigcddmmncljpflgcfpfahebkh - C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\bb\sf.crx[24/05/2014 09:30]


GBBD Banco do Brasil - Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkeabchhfifpaaoefpockjhaphjmoapp

Google Wallet - Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

GBBD Caixa Economica Federal - Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei

GBBD Banco do Brasil - Gustavo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgacfjdigcddmmncljpflgcfpfahebkh


==== Set IE to Default ======================


Old Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

No DefaultScope Set For HKCU


New Values:

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]

"Start Page"="http://www.google.com"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]


[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]


[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]

"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"


==== All HKCU SearchScopes ======================


HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes

{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"



==== shortcuts on Users Desktops ======================


C:\Users\Gustavo\Desktop\bkp\fotos face\fotos\Favoritos - Atalho.lnk -

C:\Users\Gustavo\Desktop\bkp\Fotos mae\Favoritos - Atalho.lnk -


==== shortcuts on All Users Desktop ======================


C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe


==== shortcuts in All Users Start Menu ======================


C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1033-7B44-AB0000000001}\SC_Reader.ico

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk - C:\Program Files (x86)\Opera\launcher.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Baidu Antivirus.lnk - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Bav.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Baidu Antivirus\Uninstall.lnk - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\Uninstall.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft\Minecraft.lnk - C:\Program Files (x86)\Minecraft\Minecraft.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft\Uninstall.lnk - C:\Program Files (x86)\Minecraft\uninstall.exe

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer\Console do Trusteer Endpoint Protection.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer\Encerrar Trusteer Endpoint Protection.lnk -

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Proteção de Terminal Trusteer\Iniciar Trusteer Endpoint Protection.lnk -


==== shortcuts in Quick Launch ======================


C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BitTorrent.lnk - C:\Users\Gustavo\AppData\Roaming\BitTorrent\BitTorrent.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\BS.Player FREE.lnk - C:\Program Files (x86)\Webteh\BSPlayer\bsplayer.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\GameRanger.lnk - C:\Users\Gustavo\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Adobe Photoshop CS6 (64 Bit).lnk - C:\Program Files\Adobe\Adobe Photoshop CS6 (64 Bit)\Photoshop.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\BitTorrent.lnk - C:\Users\Gustavo\Downloads\BitTorrent.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Libraries

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

C:\Users\Gustavo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -

C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -


==== HijackThis Entries ======================


R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: UserInit=userinit.exe

O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll

O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll

O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll

O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"

O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

O4 - HKLM\..\Run: [baidu Antivirus] "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" -auto

O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver

O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\daemon\DAEMON Tools Lite\DTLite.exe" -autorun

O4 - Startup: GameRanger.lnk = Gustavo\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe

O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000

O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL

O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics

O15 - Trusted Zone: www.bancobrasil.com.br

O15 - Trusted Zone: www14.bancobrasil.com.br

O15 - Trusted Zone: www2.bancobrasil.com.br

O15 - Trusted Zone: www.bb.com.br

O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll

O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll

O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)

O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe

O23 - Service: Baidu Hips Service (BHipsSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe

O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe

O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)

O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)

O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe

O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe

O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)

O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: Quiknowledge Client Service (qksvc) - Unknown owner - C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe (file missing)

O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe

O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)

O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)

O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)

O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)

O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)

O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)

O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)

O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)

O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)

O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)


==== Empty IE Cache ======================


C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gustavo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Users\Gustavo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully

C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully


==== Empty FireFox Cache ======================


No FireFox Cache found


==== Empty Chrome Cache ======================


C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully


==== Empty All Flash Cache ======================


Flash Cache Emptied Successfully


==== Empty All Java Cache ======================


Java Cache cleared successfully


==== C:\zoek_backup content ======================


C:\zoek_backup (files=10 folders=2 1461686 bytes)


==== Empty Temp Folders ======================


C:\Users\Default\AppData\Local\Temp emptied successfully

C:\Users\Default User\AppData\Local\Temp emptied successfully

C:\Users\Gustavo\AppData\Local\Temp will be emptied at reboot

C:\Users\USURIO~1\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully

C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully

C:\Windows\Temp will be emptied at reboot


==== After Reboot ======================


==== Empty Temp Folders ======================


C:\Windows\Temp successfully emptied

C:\Users\Gustavo\AppData\Local\Temp successfully emptied


==== Empty Recycle Bin ======================


C:\$RECYCLE.BIN successfully emptied


==== EOF on 27/05/2014 at 21:34:27,57 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Gsbad

 

|- Baixe: < ZHPDiag2.exe > < NicolasCoolman.jpg > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
ZHPDiag_Pergaminho2_zps6e758639.jpg
|- Execute o ícone do pergaminho. ( ZHPDiag )
ZHPDiag_Pesquisar_zps3acb0f25.jpg
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
zhpdia11.png
|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Se o log for extenso,envie-o à Pjjoint.malekal.
|- Ou acesse: < Cjoint_Logo.jpg >
|- Maiores informações: < |Link| >
A+

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite senhores!!!!!!!

Segue o log:

 

 

~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/05/2014)
~ Iniciado por Gustavo (28/05/2014 20:37:21)
~ Endereço do Website : http://nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16899
MFIE: Mozilla Firefox 25.0
GCIE: Google Chrome v35.0.1916.114 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
Windows Defender W8 (Deactivate)
---\\ Softwares d'optimização do sistema
CCleaner v4.02
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader XI
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3909 MB (65% free)
System Restore: Activé (Enable)
System drive C: has 119 GB (40%) free of 298 GB
---\\ Modo de conexão ao sistema
~ Computer Name: GUSTAVO-NOTE2
~ User Name: Gustavo
~ All Users Names: HomeGroupUser$, Gustavo, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Gustavo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Gustavo\AppData\Roaming\
~ %Desktop% : C:\Users\Gustavo\Desktop\
~ %Favorites% : C:\Users\Gustavo\Favorites\
~ %LocalAppData% : C:\Users\Gustavo\AppData\Local\
~ %StartMenu% : C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 119 Go of 298 Go)
D: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Free 0 Go of 0 Go)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 44 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 21:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.75DD70A14145499C9F7D903CF9A8C91B] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.12/04/2014 - 06:10:31.) -- C:\Windows\System32\Winlogon.exe [578048]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/09/2012 - 03:08:44.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.7A761AEE58658378BBA45D360F874CB0] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.26/02/2014 - 20:18:55.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/37
~ Mes Favoris (My Favorites) : 1/3
~ Mes Documents (My Documents) : 2/22
~ Mon Bureau (My Desktop) : 3/12401
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 04s
---\\ Processos lançados
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2488]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507264] [PID.3384]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.2816]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.2344]
~ Processes Running: Scanned in 00mn 00s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G1 - GCS: Preference [user Data\Default] http://start.mysearchdial.com =>Adware.MyWebSearch
G2 - GCE: Preference [user Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [user Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [user Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)
G2 - GCE: Preference [user Data\Default] [nnjbodopomfddehlalfilheomcahbpei] GBBD Caixa Economica Federal v.3.5.0 (Désactivé)
G2 - GCE: Preference [user Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Gustavo\AppData\Roaming\Mozilla\Firefox\Profiles\pvngbors.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/cef] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Gustavo\AppData\Local\GAS Tecnologia\GBBD\npsf_CEF.dll
~ Firefox Browser: 6 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21
---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
~ BHO: 4 Legitimates Filtered in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\QuickLaunch [Gustavo]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Gustavo\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O4 - GS\TaskBar [Gustavo]: BitTorrent.lnk . (.BitTorrent Inc. - BitTorrent.) -- C:\Users\Gustavo\Downloads\BitTorrent.exe =>P2P.BitTorrent
~ Global Startup: 2 Legitimates Filtered in 00mn 01s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VDownloader] . (.Vitzo - VDownloader.) -- C:\Program Files\VDownloader\VDownloader.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] . (.Adobe Systems Incorporated - Adobe Updater Startup Utility.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe =>.Adobe Systems Incorporated
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\daemon\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [AdobeBridge] Chave orfã
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [switchBoard] . (.Adobe Systems Incorporated - SwitchBoard Server (32 bit).) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Wow6432Node\Run: [AdobeCS6ServiceManager] . (.Adobe Systems Incorporated - Adobe CS6 Service Manager.) -- C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe
O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-21-3336594925-1444484530-2665733283-1001\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-3336594925-1444484530-2665733283-1001\..\Run: [DAEMON Tools Lite] . (.Disc Soft Ltd - DAEMON Tools Lite.) -- C:\daemon\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-3336594925-1444484530-2665733283-1001\..\Run: [AdobeBridge] Chave orfã
~ Application: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{32BD5C2D-F218-4A1F-B170-3DDE941446CE}: DhcpNameServer = 189.6.0.138 189.6.0.137 189.6.0.73 201.6.4.116
O17 - HKLM\System\CCS\Services\Tcpip\..\{C164D1BC-80AB-4272-BC21-BD0247615029}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{32BD5C2D-F218-4A1F-B170-3DDE941446CE}: DhcpNameServer = 189.6.0.138 189.6.0.137 189.6.0.73 201.6.4.116
O17 - HKLM\System\CS1\Services\Tcpip\..\{C164D1BC-80AB-4272-BC21-BD0247615029}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 189.6.0.138 189.6.0.137 189.6.0.73 201.6.4.116
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: Quiknowledge Client Service (qksvc) . (...) - C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe (.not file.)
~ Services: 3 Legitimates Filtered in 00mn 03s
---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001Core [942]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3336594925-1444484530-2665733283-1001UA [964]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1094]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1098]
~ Scheduled Task: 13 Legitimates Filtered in 00mn 04s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 46 Legitimates Filtered in 00mn 00s
---\\ Software instalados (042)
O42 - Logiciel: GBBD Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: GBBD Caixa Econômica Federal - (...) [HKLM][64Bits] -- {5d01f486-f32d-462e-8830-cc1d116e8ece}_is1
~ Logic: 22 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\GbAs]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\GameVicio]
[HKLM\Software\Wow6432Node\Quiknowledge]
~ Key Software: 181 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/05/2014 - 11:52:37 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 22/07/2013 - 23:59:37 - [] ----D C:\Program Files (x86)\GameVicio
O43 - CFD: 27/05/2014 - 21:33:29 - [] ----D C:\ProgramData\Baidu
O43 - CFD: 27/05/2014 - 21:39:05 - [0] ----D C:\ProgramData\Baidu Security
O43 - CFD: 27/05/2014 - 21:37:55 - [] ----D C:\ProgramData\QUY
O43 - CFD: 20/06/2013 - 16:24:24 - [] ----D C:\ProgramData\REF
O43 - CFD: 13/08/2013 - 11:50:56 - [] ----D C:\ProgramData\ZTXXWV
O43 - CFD: 21/06/2013 - 03:10:09 - [] -SH-D C:\ProgramData\ZZD
O43 - CFD: 27/05/2014 - 21:38:37 - [] ----D C:\Users\Gustavo\AppData\Roaming\Baidu
O43 - CFD: 22/07/2013 - 23:59:37 - [] ----D C:\Users\Gustavo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameVicio
~ Program Folder: 123 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.ED4ADA933F7DA64672970FC9ECFDE439] - 26/05/2014 - 09:59:35 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\Bnbasex.sys [91616]
O44 - LFC:[MD5.FE058AE3038E9154665300DFB8BB6286] - 26/05/2014 - 09:59:47 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\Bndef.sys [70912]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 27/05/2014 - 21:04:00 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.2A594E33F66BD86CB3198E1ECF4F4E0F] - 27/05/2014 - 21:34:27 ---A- . (...) -- C:\zoek-results.log [19144]
~ Files: 46 Legitimates Filtered in 00mn 03s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "PromptOnSecureDesktop"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:26/05/2014 - 09:59:35 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\Bnbasex.sys [91616]
O58 - SDL:26/05/2014 - 09:59:47 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\Bndef.sys [70912]
O58 - SDL:19/10/2012 - 04:52:32 ---A- . (.Windows ® Win 7 DDK provider - IEEE-1284.4-1999 Driver.) -- C:\Windows\System32\Drivers\Dot4.sys [151968]
O58 - SDL:19/10/2012 - 04:52:30 ---A- . (.Windows ® Win 7 DDK provider - IEEE-1284.4 Print Class Driver.) -- C:\Windows\System32\Drivers\Dot4Prt.sys [27040]
O58 - SDL:20/06/2013 - 11:24:43 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [283200]
O58 - SDL:01/04/2014 - 16:59:44 ---A- . (.Quiknowledge - Quiknowledge Driver x64.) -- C:\Windows\System32\Drivers\qknfd.sys [58256]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.(www.devguru.co.kr) - SAMSUNG Android Modem Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudmdm.sys [206080]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:16/03/2014 - 12:58:47 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 45 Legitimates Filtered in 00mn 05s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - http://www.google.com
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.A392AC1A06E8C3235829D197559D11E2] [sPRF][06/02/2014] (...) -- C:\Users\Gustavo\AppData\Roaming\unins000.dat [31942]
[MD5.E7D230644DDDC73AA80AACEB6C06AE26] [sPRF][10/01/2014] (...) -- C:\Users\Gustavo\AppData\Roaming\unins001.dat [15806]
[MD5.9EC73884D7D7BFEC9EED7EAF3122A0BE] [sPRF][26/05/2014] (...) -- C:\Users\Gustavo\Desktop\adwcleaner_3.211.exe [1327971]
[MD5.352E8561E633B17ED22012366721FFDC] [sPRF][27/05/2014] (...) -- C:\Users\Gustavo\Desktop\zoek.exe [1285120]
~ Files: 5 Legitimates Filtered in 00mn 00s
---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{8C345E1F-BB4F-4EDC-B260-C739371E8628}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Gustavo\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{A9EA877C-D2B3-4BF9-A6EB-6C879A25D747}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\Users\Gustavo\AppData\Roaming\BitTorrent\BitTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "TCP Query User{07D55855-2BF5-49EE-BD69-B34093888478}C:\users\gustavo\downloads\bittorrent.exe" | In - Public - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\users\gustavo\downloads\bittorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{BE7D3351-779F-4CD8-B83E-554B8C9F8130}C:\users\gustavo\downloads\bittorrent.exe" | In - Public - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\users\gustavo\downloads\bittorrent.exe =>P2P.BitTorrent
O87 - FAEL: "TCP Query User{88126AA1-6EE7-46CB-8847-9DE9D87908DD}C:\users\gustavo\downloads\bittorrent.exe" | In - Private - P6 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\users\gustavo\downloads\bittorrent.exe =>P2P.BitTorrent
O87 - FAEL: "UDP Query User{3BBDB2CC-1B97-452C-8D85-CA42C410FEE0}C:\users\gustavo\downloads\bittorrent.exe" | In - Private - P17 - TRUE | .(.BitTorrent Inc. - BitTorrent.) -- C:\users\gustavo\downloads\bittorrent.exe =>P2P.BitTorrent
~ Firewall: 6 Legitimates Filtered in 00mn 02s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 13/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/12/2012 277616 | (cphs) . (.Intel Corporation.) - C:\Windows\SysWow64\IntelCpHeciSvc.exe
SS - | Demand 17/12/2012 137488 | (Futuremark SystemInfo Service) . (.Futuremark Corporation.) - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
SS - | Auto 15/05/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 15/05/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 13/11/2013 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 20/09/2012 29696 | C:\Windows\System32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SS - | Auto 10/07/1658 0 | (qksvc) . (...) - C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe
SS - | Demand 19/02/2010 517096 | (SwitchBoard) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
SS - | Demand 20/09/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 21/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 06/05/2014 528424 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
~ Services: Scanned in 00mn 10s
---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0
~ Additionnel Scan: 190990 Items scanned in 00mn 27s
---\\ Sumário das deteções encontradas na sua estação
~ MSI: 1 link(s) detected in 00mn 00s
~ 577 Legitimates filtered by white list
End of the scan (417 lines in 01mn 22s)(0)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom Dia! Gsbad

 


|- Execute este script na ferramenta ZHPFix.
|- Copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c
|- À seguir,minimize o Bloco de Notas.
script zhpfix
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1171445982&ir=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.mysearc...=1171445982&ir=
G1 - GCS: Preference [user Data\Default] http://start.mysearchdial.com =>Adware.MyWebSearch
O4 - HKCU\..\Run: [AdobeBridge] Chave orfã
O4 - HKUS\S-1-5-21-3336594925-1444484530-2665733283-1001\..\Run: [AdobeBridge] Chave orfã
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O43 - CFD: 27/05/2014 - 21:33:29 - [] ----D C:\ProgramData\Baidu
O43 - CFD: 27/05/2014 - 21:39:05 - [0] ----D C:\ProgramData\Baidu Security
O43 - CFD: 27/05/2014 - 21:38:37 - [] ----D C:\Users\Gustavo\AppData\Roaming\Baidu
O44 - LFC:[MD5.ED4ADA933F7DA64672970FC9ECFDE439] - 26/05/2014 - 09:59:35 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\Bnbasex.sys [91616]
O44 - LFC:[MD5.FE058AE3038E9154665300DFB8BB6286] - 26/05/2014 - 09:59:47 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\Bndef.sys [70912]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 27/05/2014 - 21:04:00 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.2A594E33F66BD86CB3198E1ECF4F4E0F] - 27/05/2014 - 21:34:27 ---A- . (...) -- C:\zoek-results.log [19144]
O58 - SDL:26/05/2014 - 09:59:35 ---A- . (.Baidu, Inc. - Baidu Antivirus NetBase Driver.) -- C:\Windows\System32\Drivers\Bnbasex.sys [91616]
O58 - SDL:26/05/2014 - 09:59:47 ---A- . (.Baidu, Inc. - Baidu Antivirus NetDefense Driver.) -- C:\Windows\System32\Drivers\Bndef.sys [70912]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\Software\Baidu Security]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
proxyfix
emptytemp
emptyclsid
emptyflash
firewallraz
sysrestore
|- Abra a ferramenta ZHPFix. < ZHPFix_logo2_zpsea0f2aa4.jpg >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!
A+

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia sr!!

Segue o relatorio:

 

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Gustavo at 30/05/2014 03:01:09
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)
Reciclagem vazia (00mn 04s)
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
========== Valores do Registo ==========
ELIMINÉ RunValue: AdobeBridge
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Domain) : {808F1451-4108-46FD-ADBB-F17324B5F0BD}
ELIMINÉ: FirewallRaz (Domain) : {E7985E1D-C36F-4787-80A8-6350D07E9266}
ELIMINÉ: FirewallRaz (Public) : TCP Query User{C930C8B7-0110-4499-8363-B79347134311}C:\users\gustavo\desktop\age of empires ii completo traduzido\empires2.exe
ELIMINÉ: FirewallRaz (Public) : UDP Query User{C853E63C-2790-4224-813C-399CC9CF4549}C:\users\gustavo\desktop\age of empires ii completo traduzido\empires2.exe
ELIMINÉ: FirewallRaz (Private) : TCP Query User{2C3E6242-010D-46DB-A918-BD5169BED50E}C:\users\gustavo\desktop\age of empires ii completo traduzido\age2_x1.exe
ELIMINÉ: FirewallRaz (Private) : UDP Query User{70119C63-CD55-4D00-B630-A683A134EA85}C:\users\gustavo\desktop\age of empires ii completo traduzido\age2_x1.exe
========== Elementos dos dados do Registo ==========
ELIMINÉ: R0 - Main,Start Page = KCU\Software\Microsoft\Internet Explorer\Main,Start Page
ELIMINÉ: R0 - Main,Start Page = KLM\Software\Microsoft\Internet Explorer\Main,Start Page
SUBSTITUI Value NoActiveDesktopChanges : Good (0) - Bad (1)
========== Preferências do navegador ==========
AGORA Chrome File: C:\Users\Gustavo\AppData\Local\Google\Chrome\User Data\Default\Preferences
ELIMINÉ Chrome Site: http://start.mysearchdial.com
ELIMINÉ Chrome Site: http://start.mysearchdial.com
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Flash Cookies (0)
========== Ficheiros ==========
ELIMINA REINICIAR: c:\windows\system32\drivers\bnbasex.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bndef.sys
ELIMINÉ: c:\windows\zoek-delete.exe
ELIMINÉ: c:\zoek-results.log
ELIMINÉ Temporários windows (0) (0 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
7 : Chaves do Registo
15 : Valores do Registo
3 : Elementos dos dados do Registo
2 : Pastas
6 : Ficheiros
3 : Preferências do navegador
1 : Restauração Sistema
End of clean in 00mn 30s
========== Caminho do ficheiro do relatório ==========
C:\Users\Gustavo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 30/05/2014 03:01:13 [3007]

Compartilhar este post


Link para o post
Compartilhar em outros sites
Boa Noite! Gsbad


AdwCleaner_Uninstall2.jpg


|- Abra a ferramenta AdwCleaner e clique em "Desinstalar".

|- Confirme a solicitação!


-/-


ZHP_uninstall_zps01617da3.jpg


|- Desinstale ZHPDiag,clicando em "ZHP_uninstall".

|- Poste HijackThis atualizado.

|- Tudo Ok?


Abs!


Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia amigo.. segue o log:

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:44:09, on 31/05/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal
Running processes:
C:\Users\Gustavo\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\hijackthis\Trend Micro\HiJackThis\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\PROGRAM FILES (X86)\GBPLUGIN\gbieh.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Gustavo\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\daemon\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - Startup: GameRanger.lnk = Gustavo\AppData\Roaming\GameRanger\GameRanger\GameRanger.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra 'Tools' menuitem: Console Sun Java - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - (no file)
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: www.bancobrasil.com.br
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: www.bb.com.br
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O20 - Winlogon Notify: GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Quiknowledge Client Service (qksvc) - Unknown owner - C:\Program Files (x86)\Quiknowledge\Service\qksvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 8167 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa Noite! Gsbad

 

|- Baixe: |DelFix| ( ... de Xplode )

DelFix_SetaVerde.jpg

|- Estando na página,clique na seta verde para o download.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.

 

aciCkcnc.jpg

 

|- Execute-a!
|- Com as duas checkbox marcadas!
|- Clique "Run".

|- Tudo Ok

 

Abs!

Compartilhar este post


Link para o post
Compartilhar em outros sites

PROBLEMA RESOLVIDO

 

Caso o autor necessite que o tópico seja reaberto basta enviar uma Mensagem Privada para um Moderador com um link para o tópico.

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.