Ir para conteúdo

POWERED BY:

Arquivado

Este tópico foi arquivado e está fechado para novas respostas.

Ionara

[Resolvido] Inicializacão e desligamento lentos

Recommended Posts

boa noite,

 

a inicialização e o desligamento

do pc estão lentos, assim como

a execuçãodas atividades, segue log

hijackthis....

 

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:41:38, on 02/07/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.17267)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe
C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dll
O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe -update activex
O4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files (x86)\4t Tray Minimizer\4t-min.exe
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: internetbankingpf.caixa.gov.br
O15 - Trusted Zone: www.caixa.gov.br
O16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10108 bytes

Compartilhar este post


Link para o post
Compartilhar em outros sites

Oi Ionara.

 

:seta: Faça o download do < ZHPDiag > < NicolasCoolman.jpg> ( ... de Nicolas Coolman )

 

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

 

2aa105k.jpg

 

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

 

Tutorial de instalação e execução do aplicativo ZHPDiag

 

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite,

 

desculpe a demora,

mas estou acessando com

usuario temporário esempre que vou

terminar de executar algo ou postar um

logo pc reinicia,perco tudo...

 

tá difícil, mas vou tentar postar

Compartilhar este post


Link para o post
Compartilhar em outros sites

..segue log...

 

 

~ Relatório do ZHPDiag v2014.7.27.109 - Nicolas Coolman (27/07/2014)
~ Iniciado por reparo (27/07/2014 14:39:42)
~ Endereço do Website : http://nicolascoolman.fr
~ Endereço do Webforum : http://forum.nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 30.0
GCIE: Google Chrome v36.0.1985.125

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 64-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.5.464
Kaspersky Security Scan v12.0.1.881
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.6.0.7

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8098 MB (75% free)
System Restore: Activé (Enable)
System drive C: has 405 GB (87%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CASA-PC
~ User Name: reparo
~ All Users Names: reparo, Nara, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\reparo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\reparo\AppData\Roaming\
~ %Desktop% : C:\Users\reparo\Desktop\
~ %Favorites% : C:\Users\reparo\Favorites\
~ %LocalAppData% : C:\Users\reparo\AppData\Local\
~ %StartMenu% : C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 405 Go of 466 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Free 2 Go of 2 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 03:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.8523338F749AC8C5300C125BC4B08275] - (.Microsoft Corporation - Internet Extensions para Win32.) (.02/03/2013 - 02:49:19.) -- C:\Windows\System32\wininet.dll [1198080]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:24:40.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 21:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 21:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/09/2012 - 14:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Favoris (My Favorites) : 1/21
~ Mon Bureau (My Desktop) : 1/3
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.4A73AB8412D3AA6CFAD24051FF9DBFA7] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160] [PID.1320]
[MD5.1E9B225DE829A6F666A0BA9B8A7984BF] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160] [PID.2764]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2852]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.1596]
[MD5.0DA8636ACBF55A4CA6350FEA7D789828] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8082432] [PID.3768]
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [520520] [PID.764]
[MD5.4C14746BCBF9985BDBF1CD1BEED96DF8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160] [PID.1248]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1412]
[MD5.4C14746BCBF9985BDBF1CD1BEED96DF8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160] [PID.1440]
[MD5.EFB2614E9142FA4427CE82EE6DC0CA7B] - (.Kaspersky Lab ZAO - Kaspersky Security Scan.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080] [PID.1532]
[MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.2100]
[MD5.8FFF9083252C16FE3960173722605E9E] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.3520]
[MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [325656] [PID.2392]
[MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280] [PID.2412]
~ Processes Running: Scanned in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
~ BHO: 10 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Wow6432Node\Run: [iAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Wow6432Node\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
~ Services: 11 Legitimates Filtered in 00mn 02s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) [0] =>Trojan.AutoKMS
[MD5.00000000000000000000000000000000] [APT] [{40A2A6DD-EF47-4EE5-9976-3A6BA7DD57F1}] (...) -- C:\Users\reparo\Downloads\PenDriveVirusRemover_Setup_En.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4E1B028A-72ED-40CA-818A-8A4B7F885B0E}] (...) -- C:\Users\reparo\AppData\Local\Temp\{78288FE1-140B-42B0-9BB1-31188808AD36}\InstallFlashPlayer.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{824D238E-E199-4B8D-B033-94B5BBAAFAD2}] (...) -- C:\Users\reparo\Downloads\iGBPCEF.exe (.not file.) [0]
[MD5.F196BD7D4F1F6EFBC1A210510D5DBB84] [APT] [{9B58F3CE-A602-49DC-BF64-ACCDAD7E3E74}] (...) -- C:\Program Files (x86)\Don\DoN Launcher.exe [3743808]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [268] =>Trojan.AutoKMS
O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [268] =>Trojan.AutoKMS
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1060]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1064]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 02s



---\\ Software instalados (042)
O42 - Logiciel: 4t Tray Minimizer Free 5.52 - (.4t Niagara Software.) [HKLM][64Bits] -- 4t Tray Minimizer_is1
O42 - Logiciel: Dynasty of Nordics versão 7.55 - (.Galaxy Games.) [HKLM][64Bits] -- {5DB4716B-1246-4C39-AE77-2FFEE36DC46D}_is1
O42 - Logiciel: Dynasty of Nordics versão 7.55 - (.Galaxy Games.) [HKLM][64Bits] -- {C8141479-83BC-4CCB-B70C-5C033F227E79}}_is1
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: New Destiny versão 7.57 - (.Star Group.) [HKLM][64Bits] -- {3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T7}_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: Star Destiny versão 3.7 - (.Star Group.) [HKLM][64Bits] -- {3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T4}_is1
O42 - Logiciel: WYD (remove only) - (...) [HKLM][64Bits] -- WYD
~ Logic: 27 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Bahamut]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
[HKLM\Software\Wow6432Node\Pando Networks]
~ Key Software: 156 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/11/2012 - 15:17:00 - [] ----D C:\Program Files (x86)\4t Tray Minimizer
O43 - CFD: 13/01/2014 - 09:01:36 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 21/07/2014 - 21:12:48 - [] ----D C:\Program Files (x86)\DoN
O43 - CFD: 17/07/2014 - 23:27:05 - [] ----D C:\Program Files (x86)\FDG
O43 - CFD: 21/07/2014 - 20:15:42 - [] ----D C:\Program Files (x86)\GUMD2F7.tmp
O43 - CFD: 21/07/2014 - 20:15:59 - [] ----D C:\Program Files (x86)\GUMDBCD.tmp
O43 - CFD: 06/02/2014 - 11:49:42 - [] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 09/03/2014 - 08:54:38 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 13/01/2014 - 09:06:05 - [] ----D C:\ProgramData\Baidu Security
~ Program Folder: 110 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0B72D5FE2BC97D3B74AFA1399B54BA8B] - 17/07/2014 - 23:51:16 ---A- . (...) -- C:\Windows\DirectX.log [9774]
O44 - LFC:[MD5.703E7433628DEA828F4F0010AE817E38] - 19/07/2014 - 14:57:30 ----- . (...) -- C:\bootsqm.dat [6576]
O44 - LFC:[MD5.B6F762113B8C51943219CC7A5F8F93C1] - 27/07/2014 - 10:12:52 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [4062]
O44 - LFC:[MD5.6D168297A9534E194DB590A9C48AF13E] - 27/07/2014 - 10:12:52 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [4254]
O44 - LFC:[MD5.C254D3E5751B7F33B2FF389DB6796149] - 27/07/2014 - 12:33:50 ---A- . (...) -- C:\Windows\ntbtlog.txt [4251988]
~ Files: 107 Legitimates Filtered in 00mn 37s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\RaidCall [Key] . (.RAIDCALL.COM - Raidcall.) -- C:\Program Files (x86)\RaidCall\raidcall.exe
~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:04/10/2012 - 14:07:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [47720]
O58 - SDL:17/03/2014 - 18:30:14 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 61 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 14/07/2014 - C:\Windows\System32\DRIVERS\avnetflt.sys (avnetflt) .(.Avira Operations GmbH & Co. KG - Avira WFP Network Driver.) - LEGACY_AVNETFLT
~ Legacy: 95 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.44B89BC0069FA73A8EAD7120A4293B5B] [sPRF][04/05/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{4F850645-2D5A-46FA-BA00-8984D78B8442}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Nara\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{3AB09CCB-4963-4C2E-BDB6-980C5CC62D0D}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Nara\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 02s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackup
HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackup
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 =>Toolbar.AVGSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\avg-secure-search-installer_RASMANCS =>Toolbar.AVGSearch
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASAPI32 =>Adware.MagniPic
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASMANCS =>Adware.MagniPic
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
~ BTK: 304 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Disabled 14/07/2014 1030224 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
SS - | Auto 02/03/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/03/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 26/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 14/07/2014 430160 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
SR - | Auto 14/07/2014 430160 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 26/02/2014 520520 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 05/11/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 15/06/2014 202080 | (KSS) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe
SR - | Auto 20/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
SR - | Auto 20/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
SR - | Auto 14/12/2010 27760 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 05s



---\\ Scâner Aditional (088)
Database Version : 13026 - (27/07/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

[HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
C:\Windows\Tasks\AutoKMS.job =>Trojan.AutoKMS^
C:\Windows\System32\Tasks\AutoKMS =>Trojan.AutoKMS^
~ Additionnel Scan: 191178 Items scanned in 00mn 16s



---\\ Informações complémentaires do módulos
~ =>.Internet Explorer, Gestão do Proxy (R5)
~ =>.Browser Helper Objects do navegador (02)
~ =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
=>Trojan.AutoKMS
=>PUP.MyPCBackup
=>Adware.MagniPic
http://nicolascoolman.fr/toolbar-ask%C2'> =>Toolbar.Ask
~ MSI: 4 link(s) detected in 00mn 00s



~ 710 Legitimates filtered by white list
End of the scan (420 lines in 01mn 25s)(0)

Compartilhar este post


Link para o post
Compartilhar em outros sites

:seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

 

Escolhendo Programas que Iniciam com o PC

 

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

 

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.

___________________________________________________________________________________________

 

:seta: No seu PC está constando a presença de dois antivirus: Kaspersky e Avira. É muito importante desinstalar um deles, porque dois ou mais antivirus causa lentidão e também pode causar conflitos entre eles.

____________________________________________________________________________________________

 

:seta: Acesse o site https://www.virustotal.com e envie este arquivo destacado em negrito abaixo para ser analisado:

 

C:\Program Files (x86)\Don\DoN Launcher.exe

 

Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo nesta postagem.

 

Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial:

 

Analise arquivos e links suspeitos de forma online e totalmente gratuita

________________________________________________________________________________________

 

:seta: Selecione e copie todo o texto destacado em vermelho que te passei.

_____________________________________________________________________________________________________________

 

:seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

 

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia,

 

estou com alguns problemas,

estava só reiniciando, travando,

executei duas tarefas e seguem abaixo,

como acessava somente com usuário

temporário, criei um novo usuário,

o que está evitando a perda de dados...

removi o avast, mas estou sem acesso

ao modo de segurança.....

 

1-

https://www.virustotal.com/pt/file/5014d4cfc2ff1a2608951e0f80ffbac8fa1f3cb88adff7b2481c31ec1d63423d/analysis/1406587031/

 

2-

 

Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by reparo at 29/07/2014 05:28:08
High Elevated Privileges : OK
Windows 7 Home Premium Edition, 64-bit (Build 7600)

Reciclagem vazia (00mn 03s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32
ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\avg-secure-search-installer_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\avg-secure-search-installer_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASMANCS
ELIMINÉ: HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (63) (108.273.607 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: AutoKMS
ELIMINÉ: AutoKMS
ELIMINÉ: {40A2A6DD-EF47-4EE5-9976-3A6BA7DD57F1}
ELIMINÉ: {4E1B028A-72ED-40CA-818A-8A4B7F885B0E}
ELIMINÉ: {824D238E-E199-4B8D-B033-94B5BBAAFAD2}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
9 : Chaves do Registo
1 : Pastas
2 : Ficheiros
5 : Tarefa planificada
1 : Restauração Sistema


End of clean in 00mn 23s

========== Caminho do ficheiro do relatório ==========
C:\Users\reparo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 29/07/2014 05:28:12 [1748]

 

 

 

Compartilhar este post


Link para o post
Compartilhar em outros sites

Abra novamente o ( ZHPDiag )

 

ZHPDiag_Pergaminho2_zps6e758639.jpg

 

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

 

ZHPDiag_Pesquisar_zps3acb0f25.jpg

 

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

 

zhpdia11.png

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite,

 

acessei o modo de de segurança,

rodei o antivirus, dois malwares foram removidos,

porém no outro usuário o logon ainda é temporário,

páginas abrem sozinhas e publicidade surge na tela

a todo momento, segue log solicitado....

 

~ Relatório do ZHPDiag v2014.7.27.109 - Nicolas Coolman (27/07/2014)
~ Iniciado por reparo (29/07/2014 19:07:05)
~ Endereço do Website : http://nicolascoolman.fr
~ Endereço do Webforum : http://forum.nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 30.0
GCIE: Google Chrome v36.0.1985.125 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 64-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Kaspersky PURE 3.0 v13.0.2.558
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.01

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.6.0.7

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8098 MB (79% free)
System Restore: Activé (Enable)
System drive C: has 406 GB (87%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CASA-PC
~ User Name: reparo
~ All Users Names: reparo, Nara, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\reparo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\reparo\AppData\Roaming\
~ %Desktop% : C:\Users\reparo\Desktop\
~ %Favorites% : C:\Users\reparo\Favorites\
~ %LocalAppData% : C:\Users\reparo\AppData\Local\
~ %StartMenu% : C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 406 Go of 466 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 03:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.8523338F749AC8C5300C125BC4B08275] - (.Microsoft Corporation - Internet Extensions para Win32.) (.02/03/2013 - 02:49:19.) -- C:\Windows\System32\wininet.dll [1198080]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:24:40.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 21:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 21:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/09/2012 - 14:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Favoris (My Favorites) : 1/22
~ Mon Bureau (My Desktop) : 1/6
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.4A73AB8412D3AA6CFAD24051FF9DBFA7] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160] [PID.1428]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.452]
[MD5.7E91655B4947EC1B18B3BC1645839145] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128] [PID.1488]
[MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3404]
[MD5.0DA8636ACBF55A4CA6350FEA7D789828] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8082432] [PID.4860]
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [520520] [PID.876]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1468]
[MD5.0B7E221689F370C87F640C6D2EED7D3F] - (.Infowatch - InfoWatch CryptoStorage Protected objects c.) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888] [PID.1544]
[MD5.24521F3E7001794E46CD12CE1E615EED] - (.Wajam Internet Technologies Inc. - Wajam Internet Enhancer Service.) -- C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [303616] [PID.1768] =>PUP.Wajam
[MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.2676]
[MD5.EDEAB1CDDA0D326BAAEFCC345A0BE221] - (.Wajam Internet Technologies Inc. - Wajam Internet Enhancer.) -- C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe [83968] [PID.3740] =>PUP.Wajam
[MD5.8FFF9083252C16FE3960173722605E9E] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.1352]
[MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [325656] [PID.920]
[MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280] [PID.4332]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\Preferences
G0 - GCSP: Preference [user Data\Default][HomePage] http://br.hao123.com

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 1 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com
~ IE Browser: 19 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:52809;https=127.0.0.1:52809; =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
~ BHO: 20 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Wow6432Node\Run: [iAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Teclado Virtual [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kbrd.ico
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Verificação de URLs [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
O23 - Service: Wajam Internet Enhancer Service (Wajam Internet Enhancer Service) . (.Wajam Internet Technologies Inc. - Wajam Internet Enhancer Service.) - C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe =>PUP.Wajam
~ Services: 12 Legitimates Filtered in 00mn 04s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [06e9d593-5ff0-49e6-b296-4431f32774f9-4] (...) -- C:\Program Files (x86)\PlusVid\06e9d593-5ff0-49e6-b296-4431f32774f9-4.exe (.not file.) [0] =>PUP.PlusVid
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1] (...) -- C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-codedownloader.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6] (...) -- C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-novainstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7] (...) -- C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-nova.exe (.not file.) [0]
[MD5.F196BD7D4F1F6EFBC1A210510D5DBB84] [APT] [{9B58F3CE-A602-49DC-BF64-ACCDAD7E3E74}] (...) -- C:\Program Files (x86)\Don\DoN Launcher.exe [3743808]
O39 - APT: 06e9d593-5ff0-49e6-b296-4431f32774f9-4 - (...) -- C:\Windows\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4.job [2232] =>PUP.CrossRider
O39 - APT: 06e9d593-5ff0-49e6-b296-4431f32774f9-4 - (...) -- C:\Windows\System32\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4 [2232] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1.job [1650] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 [1650] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11.job [3814]
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11 [3814]
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2.job [1386] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 [1386] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4.job [2450] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 [2450] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.job [1484] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 [1484] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user.job [1500]
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user [1500]
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6.job [1650] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 [1650] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7.job [1588] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 [1588] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [924]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [924]
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [928]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [928]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1060]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1064]
~ Scheduled Task: 44 Legitimates Filtered in 00mn 04s



---\\ Software instalados (042)
O42 - Logiciel: 4t Tray Minimizer Free 5.52 - (.4t Niagara Software.) [HKLM][64Bits] -- 4t Tray Minimizer_is1
O42 - Logiciel: Dynasty of Nordics versão 7.55 - (.Galaxy Games.) [HKLM][64Bits] -- {5DB4716B-1246-4C39-AE77-2FFEE36DC46D}_is1
O42 - Logiciel: Dynasty of Nordics versão 7.55 - (.Galaxy Games.) [HKLM][64Bits] -- {C8141479-83BC-4CCB-B70C-5C033F227E79}}_is1
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: New Destiny versão 7.57 - (.Star Group.) [HKLM][64Bits] -- {3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T7}_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: Star Destiny versão 3.7 - (.Star Group.) [HKLM][64Bits] -- {3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T4}_is1
O42 - Logiciel: WYD (remove only) - (...) [HKLM][64Bits] -- WYD
O42 - Logiciel: Wajam - (.Wajam.) [HKLM][64Bits] -- Wajam =>PUP.Wajam
O42 - Logiciel: Wifi Protector BI - (.WFprotect.) [HKLM][64Bits] -- Wifi Protector BI
~ Logic: 30 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKCU\Software\Wajam] =>PUP.Wajam
[HKLM\Software\Baidu Security]
[HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Bahamut]
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\Pando Networks]
~ Key Software: 187 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/11/2012 - 15:17:00 - [] ----D C:\Program Files (x86)\4t Tray Minimizer
O43 - CFD: 21/07/2014 - 21:12:48 - [] ----D C:\Program Files (x86)\DoN
O43 - CFD: 17/07/2014 - 23:27:05 - [] ----D C:\Program Files (x86)\FDG
O43 - CFD: 28/07/2014 - 19:50:30 - [] ----D C:\Program Files (x86)\FLVM Player
O43 - CFD: 06/02/2014 - 11:49:42 - [] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 09/03/2014 - 08:54:38 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 29/07/2014 - 06:52:34 - [] ----D C:\Program Files (x86)\Wajam =>PUP.Wajam
O43 - CFD: 28/07/2014 - 20:11:16 - [] ----D C:\Program Files (x86)\Wifi Protector BI
O43 - CFD: 29/07/2014 - 06:52:24 - [0] ----D C:\Users\reparo\AppData\Roaming\baidu
O43 - CFD: 28/07/2014 - 20:08:36 - [] ----D C:\Users\reparo\AppData\Roaming\Baidu Security
O43 - CFD: 28/07/2014 - 20:13:35 - [] ----D C:\Users\reparo\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 28/07/2014 - 19:50:28 - [] ----D C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
~ Program Folder: 118 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.B6F762113B8C51943219CC7A5F8F93C1] - 27/07/2014 - 10:12:52 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [4062]
O44 - LFC:[MD5.6D168297A9534E194DB590A9C48AF13E] - 27/07/2014 - 10:12:52 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [4254]
O44 - LFC:[MD5.04199CA5C4A6F6E935906A74EAFCA8E7] - 28/07/2014 - 21:44:13 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [84536]
O44 - LFC:[MD5.7D7F90460F1309B5205BF8CDFAD63E42] - 28/07/2014 - 21:44:15 ---A- . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66616]
~ Files: 109 Legitimates Filtered in 01mn 11s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\RaidCall [Key] . (.RAIDCALL.COM - Raidcall.) -- C:\Program Files (x86)\RaidCall\raidcall.exe
~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:02/06/2011 - 14:39:44 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [84536]
O58 - SDL:02/06/2011 - 14:39:44 ---A- . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66616]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:04/10/2012 - 14:07:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [47720]
O58 - SDL:17/03/2014 - 18:30:14 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 67 Legitimates Filtered in 00mn 05s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 04/12/2013 - C:\Windows\System32\DRIVERS\kneps.sys (kneps) .(.Kaspersky Lab ZAO - KNEPS Power.) - LEGACY_KNEPS
~ Legacy: 102 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: prefs.js [reparo - 9pa4sbmb.default] user_pref("extensions.crossrider.bic", "1477f3719312207c9d2ede9f8063be2b"); =>PUP.CrossRider
O69 - SBI: SearchScopes [HKCU] Web [DefaultScope] - (Web) - http://br.yhs4.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {FAA16D39-29DE-4F14-9869-0DBF17DBF21B} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.44B89BC0069FA73A8EAD7120A4293B5B] [sPRF][04/05/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{4F850645-2D5A-46FA-BA00-8984D78B8442}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Nara\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{3AB09CCB-4963-4C2E-BDB6-980C5CC62D0D}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Nara\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 08s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-codedownloader_RASAPI32 =>PUP.PlusVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-codedownloader_RASMANCS =>PUP.PlusVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-novainstaller_RASAPI32 =>PUP.PlusVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-novainstaller_RASMANCS =>PUP.PlusVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_2207-6c14163c_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_2207-6c14163c_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASMANCS =>PUP.Wajam
~ BTK: 338 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{11111111-1111-1111-1111-110611171160}] (PlusVid) =>PUP.PlusVid
[HKCR\CLSID\{22222222-2222-2222-2222-220622172250}] (CrossriderApp0061750.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220622172260}] (CrossriderApp0061760.Sandbox) =>PUP.CrossRider
~ BCK: 4344 Legitimates Filtered in 00mn 04s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 28/07/2014 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 28/07/2014 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Auto 02/03/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 02/03/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 26/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 04/12/2013 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
SR - | Auto 25/09/2013 818888 | (CSObjectsSrv) . (.Infowatch.) - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
SR - | Auto 26/02/2014 520520 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 05/11/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 20/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
SR - | Auto 20/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
SR - | Auto 14/12/2010 27760 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe
SR - | Auto 25/07/2014 303616 | (Wajam Internet Enhancer Service) . (.Wajam Internet Technologies Inc..) - C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe =>PUP.Wajam
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s



---\\ Scâner Aditional (088)
Database Version : 13026 - (27/07/2014)
Clés trouvées (Keys found) : 17
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 20

[HKLM\SYSTEM\CurrentControlSet\Services\Wajam Internet Enhancer Service] =>PUP.Wajam^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wajam] =>PUP.Wajam^
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622172250}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622172260}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110611171150}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622172250}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622172260}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider
C:\Program Files (x86)\Wajam =>PUP.Wajam^
C:\Users\reparo\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer^
C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe =>PUP.Wajam^
C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe =>PUP.Wajam^
C:\Windows\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 =>PUP.CrossRider^
[HKCU\Software\Wajam] =>PUP.Wajam^
[HKCR\CLSID\{11111111-1111-1111-1111-110611171160}] (PlusVid) =>PUP.PlusVid^
[HKCR\CLSID\{22222222-2222-2222-2222-220622172250}] (CrossriderApp0061750.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{22222222-2222-2222-2222-220622172260}] (CrossriderApp0061760.Sandbox) =>PUP.CrossRider^
~ Additionnel Scan: 200090 Items scanned in 00mn 21s



---\\ Informações complémentaires do módulos
~ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ =>.Internet Explorer, Gestão do Proxy (R5)
~ =>.Browser Helper Objects do navegador (02)
~ =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
=>PUP.Wajam
=>Hijacker.Proxy
=>PUP.PlusVid
=>PUP.CrossRider
=>Adware.IMBooster
=>Adware.VidSaver
http://nicolascoolman.fr/pup-contentexplorer%C2'> =>PUP.ContentExplorer
~ MSI: 7 link(s) detected in 00mn 00s



~ 804 Legitimates filtered by white list
End of the scan (551 lines in 02mn 31s)(0)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Como ontem após o gerar o log acima

apareceu a mensagem que o ZHPdiag

poderia não ter sido instalado corretamente,

baixei novamente, segue log recente....

 

~ Relatório do ZHPDiag v2014.7.29.110 - Nicolas Coolman (29/07/2014)
~ Iniciado por reparo (30/07/2014 06:36:30)
~ Endereço do Website : http://nicolascoolman.fr
~ Endereço do Webforum : http://forum.nicolascoolman.fr
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.7600.16385
MFIE: Mozilla Firefox 31.0 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Premium, 64-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Kaspersky PURE 3.0 v13.0.2.558
Malwarebytes Anti-Malware versão 2.0.2.1012
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.01

---\\ Softwares de partilha do PeerToPeer (P2P)
Pando Media Booster v2.6.0.7

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader X
Java 7 Update 51

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 8098 MB (79% free)
System Restore: Activé (Enable)
System drive C: has 406 GB (87%) free of 466 GB

---\\ Modo de conexão ao sistema
~ Computer Name: CASA-PC
~ User Name: reparo
~ All Users Names: reparo, Nara, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\reparo\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\reparo\AppData\Roaming\
~ %Desktop% : C:\Users\reparo\Desktop\
~ %Favorites% : C:\Users\reparo\Favorites\
~ %LocalAppData% : C:\Users\reparo\AppData\Local\
~ %StartMenu% : C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 406 Go of 466 Go)
D: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 41 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 03:23:14.) -- C:\Windows\Explorer.exe [2870272]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.8523338F749AC8C5300C125BC4B08275] - (.Microsoft Corporation - Internet Extensions para Win32.) (.02/03/2013 - 02:49:19.) -- C:\Windows\System32\wininet.dll [1198080]
[MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:24:40.) -- C:\Windows\System32\Winlogon.exe [389632]
[MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936]
[MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 21:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696]
[MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072]
[MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 21:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840]
[MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/09/2012 - 14:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes Favoris (My Favorites) : 1/22
~ Mon Bureau (My Desktop) : 1/4
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.4A73AB8412D3AA6CFAD24051FF9DBFA7] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160] [PID.2116]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3016]
[MD5.7E91655B4947EC1B18B3BC1645839145] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128] [PID.1496]
[MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507264] [PID.2296]
[MD5.9C41C4C252E978B5BABAF4C19BEC48CB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8083456] [PID.3812]
[MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [520520] [PID.916]
[MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1476]
[MD5.0B7E221689F370C87F640C6D2EED7D3F] - (.Infowatch - InfoWatch CryptoStorage Protected objects c.) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888] [PID.1536]
[MD5.8FFF9083252C16FE3960173722605E9E] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.888]
[MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [325656] [PID.1132]
[MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280] [PID.2732]
~ Processes Running: Scanned in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com
~ IE Browser: 19 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.Proxy
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll
~ BHO: 20 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Wow6432Node\Run: [iAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
O4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
O4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Teclado Virtual [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kbrd.ico
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Verificação de URLs [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\logo.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.254
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
~ Services: 10 Legitimates Filtered in 00mn 05s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [06e9d593-5ff0-49e6-b296-4431f32774f9-4] (...) -- C:\Program Files (x86)\PlusVid\06e9d593-5ff0-49e6-b296-4431f32774f9-4.exe (.not file.) [0] =>PUP.PlusVid
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1] (...) -- C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-codedownloader.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6] (...) -- C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-novainstaller.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7] (...) -- C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-nova.exe (.not file.) [0]
[MD5.F196BD7D4F1F6EFBC1A210510D5DBB84] [APT] [{9B58F3CE-A602-49DC-BF64-ACCDAD7E3E74}] (...) -- C:\Program Files (x86)\Don\DoN Launcher.exe [3743808]
O39 - APT: 06e9d593-5ff0-49e6-b296-4431f32774f9-4 - (...) -- C:\Windows\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4.job [2232] =>PUP.CrossRider
O39 - APT: 06e9d593-5ff0-49e6-b296-4431f32774f9-4 - (...) -- C:\Windows\System32\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4 [2232] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1.job [1650] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 [1650] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11.job [3814]
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11 [3814]
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2.job [1386] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 [1386] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4.job [2450] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 [2450] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.job [1484] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 [1484] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user.job [1500]
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user [1500]
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6.job [1650] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 [1650] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7.job [1588] =>PUP.CrossRider
O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 [1588] =>PUP.CrossRider
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [924]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [924]
O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [928]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [928]
~ Scheduled Task: 39 Legitimates Filtered in 00mn 03s



---\\ Software instalados (042)
O42 - Logiciel: 4t Tray Minimizer Free 5.52 - (.4t Niagara Software.) [HKLM][64Bits] -- 4t Tray Minimizer_is1
O42 - Logiciel: Dynasty of Nordics versão 7.55 - (.Galaxy Games.) [HKLM][64Bits] -- {5DB4716B-1246-4C39-AE77-2FFEE36DC46D}_is1
O42 - Logiciel: Dynasty of Nordics versão 7.55 - (.Galaxy Games.) [HKLM][64Bits] -- {C8141479-83BC-4CCB-B70C-5C033F227E79}}_is1
O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013
O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014
O42 - Logiciel: New Destiny versão 7.57 - (.Star Group.) [HKLM][64Bits] -- {3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T7}_is1
O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5
O42 - Logiciel: Star Destiny versão 3.7 - (.Star Group.) [HKLM][64Bits] -- {3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T4}_is1
O42 - Logiciel: WYD (remove only) - (...) [HKLM][64Bits] -- WYD
O42 - Logiciel: Wifi Protector BI - (.WFprotect.) [HKLM][64Bits] -- Wifi Protector BI
~ Logic: 29 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Baidu Security]
[HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Bahamut]
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver
[HKLM\Software\Wow6432Node\Pando Networks]
~ Key Software: 182 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 12/11/2012 - 15:17:00 - [] ----D C:\Program Files (x86)\4t Tray Minimizer
O43 - CFD: 21/07/2014 - 21:12:48 - [] ----D C:\Program Files (x86)\DoN
O43 - CFD: 17/07/2014 - 23:27:05 - [] ----D C:\Program Files (x86)\FDG
O43 - CFD: 28/07/2014 - 19:50:30 - [] ----D C:\Program Files (x86)\FLVM Player
O43 - CFD: 06/02/2014 - 11:49:42 - [] ----D C:\Program Files (x86)\Pando Networks
O43 - CFD: 09/03/2014 - 08:54:38 - [] ----D C:\Program Files (x86)\Programas RFB
O43 - CFD: 28/07/2014 - 20:11:16 - [] ----D C:\Program Files (x86)\Wifi Protector BI
O43 - CFD: 29/07/2014 - 06:52:24 - [0] ----D C:\Users\reparo\AppData\Roaming\baidu
O43 - CFD: 28/07/2014 - 20:08:36 - [] ----D C:\Users\reparo\AppData\Roaming\Baidu Security
O43 - CFD: 28/07/2014 - 20:13:35 - [] ----D C:\Users\reparo\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer
O43 - CFD: 28/07/2014 - 19:50:28 - [] ----D C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
~ Program Folder: 117 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.B6F762113B8C51943219CC7A5F8F93C1] - 27/07/2014 - 10:12:52 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [4062]
O44 - LFC:[MD5.6D168297A9534E194DB590A9C48AF13E] - 27/07/2014 - 10:12:52 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [4254]
O44 - LFC:[MD5.04199CA5C4A6F6E935906A74EAFCA8E7] - 28/07/2014 - 21:44:13 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [84536]
O44 - LFC:[MD5.7D7F90460F1309B5205BF8CDFAD63E42] - 28/07/2014 - 21:44:15 ---A- . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66616]
O44 - LFC:[MD5.D32B836ECD5A96D7662611D5A3660ED8] - 29/07/2014 - 19:55:36 ---A- . (...) -- C:\Windows\ntbtlog.txt [148024]
~ Files: 114 Legitimates Filtered in 00mn 04s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)
O53 - SMSR:HKLM\...\startupreg\RaidCall [Key] . (.RAIDCALL.COM - Raidcall.) -- C:\Program Files (x86)\RaidCall\raidcall.exe
~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:02/06/2011 - 14:39:44 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [84536]
O58 - SDL:02/06/2011 - 14:39:44 ---A- . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66616]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:04/10/2012 - 14:07:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [47720]
O58 - SDL:17/03/2014 - 18:30:14 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 71 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 04/12/2013 - C:\Windows\System32\DRIVERS\kneps.sys (kneps) .(.Kaspersky Lab ZAO - KNEPS Power.) - LEGACY_KNEPS
~ Legacy: 102 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web [DefaultScope] - (Web) - http://br.yhs4.search.yahoo.com
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.com
O69 - SBI: SearchScopes [HKCU] {FAA16D39-29DE-4F14-9869-0DBF17DBF21B} - (Bing) - http://www.bing.com
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.44B89BC0069FA73A8EAD7120A4293B5B] [sPRF][04/05/2013] (...) -- C:\ProgramData\ntuser.dat [262144]
~ Files: 2 Legitimates Filtered in 00mn 00s



---\\ Lista das exceções do FireWall (FirewallRules) (O87)
O87 - FAEL: "{4F850645-2D5A-46FA-BA00-8984D78B8442}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Nara\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
O87 - FAEL: "{3AB09CCB-4963-4C2E-BDB6-980C5CC62D0D}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Nara\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent
~ Firewall: 2 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASAPI32 =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASMANCS =>Adware.IMBooster
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-codedownloader_RASAPI32 =>PUP.PlusVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-codedownloader_RASMANCS =>PUP.PlusVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-novainstaller_RASAPI32 =>PUP.PlusVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-novainstaller_RASMANCS =>PUP.PlusVid
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_2207-6c14163c_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_2207-6c14163c_RASMANCS =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASAPI32 =>PUP.Wajam
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASMANCS =>PUP.Wajam
~ BTK: 340 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{11111111-1111-1111-1111-110611171160}] (PlusVid) =>PUP.PlusVid
[HKCR\CLSID\{22222222-2222-2222-2222-220622172250}] (CrossriderApp0061750.Sandbox) =>PUP.CrossRider
[HKCR\CLSID\{22222222-2222-2222-2222-220622172260}] (CrossriderApp0061760.Sandbox) =>PUP.CrossRider
~ BCK: 4344 Legitimates Filtered in 00mn 04s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 28/07/2014 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 28/07/2014 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe
SS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 17/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 04/12/2013 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe
SR - | Auto 25/09/2013 818888 | (CSObjectsSrv) . (.Infowatch.) - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe
SR - | Auto 26/02/2014 520520 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 05/11/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
SR - | Auto 20/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
SR - | Auto 20/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
SR - | Auto 14/12/2010 27760 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exe
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 05s



---\\ Scâner Aditional (088)
Database Version : 13026 - (29/07/2014)
Clés trouvées (Keys found) : 15
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 17

[HKCU\Software\Iminent] =>Adware.IMBooster
[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider
[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622172250}] =>PUP.CrossRider
[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622172260}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110611171150}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622172250}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622172260}] =>PUP.CrossRider
[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider
C:\Users\reparo\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer^
C:\Windows\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 =>PUP.CrossRider^
C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7.job =>PUP.CrossRider^
C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 =>PUP.CrossRider^
[HKCR\CLSID\{11111111-1111-1111-1111-110611171160}] (PlusVid) =>PUP.PlusVid^
[HKCR\CLSID\{22222222-2222-2222-2222-220622172250}] (CrossriderApp0061750.Sandbox) =>PUP.CrossRider^
[HKCR\CLSID\{22222222-2222-2222-2222-220622172260}] (CrossriderApp0061760.Sandbox) =>PUP.CrossRider^
~ Additionnel Scan: 199781 Items scanned in 00mn 16s



---\\ Informações complémentaires do módulos
~ =>.Internet Explorer, Gestão do Proxy (R5)
~ =>.Browser Helper Objects do navegador (02)
~ =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
=>Hijacker.Proxy
=>PUP.PlusVid
=>PUP.CrossRider
=>Adware.IMBooster
=>Adware.VidSaver
=>PUP.ContentExplorer
=>PUP.Wajam
~ MSI: 7 link(s) detected in 00mn 00s



~ 797 Legitimates filtered by white list
End of the scan (516 lines in 00mn 52s)(0)

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:

http://www.bleepingcomputer.com/download/adwcleaner/

 

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

 

Remova adwares e toolbars maliciosas com o Adwcleaner

 

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite,

segue log,

também exclui o outro usuário

só entrava muito lentamente

com perfil temporário.

 

# AdwCleaner v3.302 - Relatório criado 30/07/2014 às 21:29:27
# Atualizado 30/07/2014 por Xplode
# Sistema Operacional : Windows 7 Home Premium (64 bits)
# Usuário : reparo - CASA-PC
# Executando de : C:\Users\reparo\Downloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

[#] Serviço Deletada : globalUpdate
[#] Serviço Deletada : globalUpdatem

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\Program Files (x86)\FLVM Player
Pasta Deletada : C:\Program Files (x86)\globalUpdate
Pasta Deletada : C:\Program Files (x86)\Wifi Protector BI
[#] Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\reparo\AppData\Local\globalUpdate
Pasta Deletada : C:\Users\reparo\AppData\Roaming\baidu
Pasta Deletada : C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player
Arquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml

***** [ Tarefas ] *****

Tarefa Deletedo : globalUpdateUpdateTaskMachineCore
Tarefa Deletedo : globalUpdateUpdateTaskMachineUA
Tarefa Deletedo : 06e9d593-5ff0-49e6-b296-4431f32774f9-4
Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1
Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11
Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2
Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4
Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5
Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user
Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6
Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\lpoimibckejjdjcfbdnajaicnklhfplh
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171160}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172250}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172260}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175550}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175560}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176650}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176660}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171160}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611171160}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171160}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172250}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172260}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175550}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175560}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176650}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176660}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171160}
Chave Deletedo : HKCU\Software\GlobalUpdate
Chave Deletedo : HKCU\Software\Iminent
Chave Deletedo : HKCU\Software\InstalledBrowserExtensions
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\Wifi Protector BI
Chave Deletedo : HKLM\Software\GlobalUpdate
Chave Deletedo : HKLM\Software\InstalledBrowserExtensions
Chave Deletedo : HKLM\Software\Wifi Protector BI
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wifi Protector BI
Chave Deletedo : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions

***** [ Navegadores ] *****

-\\ Internet Explorer v8.0.7600.17267


-\\ Mozilla Firefox v31.0 (x86 pt-BR)

[ Arquivo : C:\Users\Nara\AppData\Roaming\Mozilla\Firefox\Profiles\4ej3vhqz.default\prefs.js ]


[ Arquivo : C:\Users\reparo\AppData\Roaming\Mozilla\Firefox\Profiles\rbh8i03t.default\prefs.js ]


[ Arquivo : C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\zdt96tt7.default\prefs.js ]


[ Arquivo : C:\Users\TEMP.casa-PC.000\AppData\Roaming\Mozilla\Firefox\Profiles\254nn8lo.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [10544 octets] - [30/07/2014 21:27:54]
AdwCleaner[R1].txt - [10605 octets] - [30/07/2014 21:28:44]
AdwCleaner[s0].txt - [10104 octets] - [30/07/2014 21:29:27]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10165 octets] ##########

Compartilhar este post


Link para o post
Compartilhar em outros sites

Desative temporariamente seu antivírus para evitar conflitos.

 

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:

http://www.hijackthis.nl/smeenk/

 

:veja: Para executá-lo corretamente siga as dicas deste tutorial:

 

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

 

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa noite,

 

segue log

 

 

Zoek.exe v5.0.0.0 Updated 31-07-2014
Tool run by reparo on 31/07/2014 at 18:16:26,78.
Microsoft Windows 7 Home Premium 6.1.7600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\reparo\Downloads\zoek.exe [scan all users] [script inserted]

==== System Restore Info ======================

31/07/2014 18:17:19 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright © 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Nara\AppData\Roaming\Mozilla\Firefox\Profiles\4ej3vhqz.default\prefs.js:
user_pref("browser.startup.homepage", "https://www.google.com.br/");
user_pref("browser.search.defaulturl", "");
user_pref("browser.search.defaultenginename,S", "");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.selectedEngine,S", "");
user_pref("browser.search.order.1,S", "");
user_pref("browser.search.useDBForOrder", "false");

Added to C:\Users\Nara\AppData\Roaming\Mozilla\Firefox\Profiles\4ej3vhqz.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\reparo\AppData\Roaming\Mozilla\Firefox\Profiles\rbh8i03t.default\prefs.js:

Added to C:\Users\reparo\AppData\Roaming\Mozilla\Firefox\Profiles\rbh8i03t.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Deleted from C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\zdt96tt7.default\prefs.js:

Added to C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\zdt96tt7.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\PROGRA~2\GUTD2F8.tmp deleted
C:\PROGRA~2\GUTDBCE.tmp deleted
C:\install.exe deleted
C:\Users\reparo\AppData\Roaming\ContentExplorer deleted
C:\Users\reparo\Searches deleted
C:\Windows\SysNative\config\systemprofile\Searches deleted
C:\Windows\SysWow64\AI_RecycleBin deleted
C:\Users\Nara\AppData\Roaming\Mozilla\Firefox\Profiles\4ej3vhqz.default\extensions\firefox@mega.co.nz.xpi deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [28/07/2014 22:45]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\reparo\AppData\Roaming\Mozilla\Firefox\Profiles\rbh8i03t.default
4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave Flash
C899B98999270821EDFFA56044DE2377 - C:\Users\Nara\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
dchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[04/12/2013 19:30]
hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[04/12/2013 19:30]
hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx[04/12/2013 19:26]
jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx[04/12/2013 19:26]
pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[04/12/2013 19:30]

Docs - Nara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Nara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Nara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - Nara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
GBBD Caixa Economica Federal - Nara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpei
Gmail - Nara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://br.hao123.com/?tn=brosoft_pay_hp_te_hao123_br"
"Search Page"="http://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{FAA16D39-29DE-4F14-9869-0DBF17DBF21B} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Nara\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Nara\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Nara\Desktop\AIKA.lnk - C:\OnGame\AIKA\AIKALauncher.exe
C:\Users\Nara\Desktop\Conexão local - Atalho.lnk -
C:\Users\Nara\Desktop\Documentos - Atalho.lnk - C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
C:\Users\Nara\Desktop\HiJackThis.lnk - C:\Users\Nara\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\Nara\Desktop\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Nara\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\Nara\Desktop\Play The Stomping Land.lnk - C:\GAMES\The Stomping Land\play-StompingLand.exe
C:\Users\Nara\Desktop\TeamSpeak 3 Client.lnk - C:\Users\Nara\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exe
C:\Users\Nara\Desktop\WYD.lnk - C:\OnGame\WYD\WYDLauncher.exe
C:\Users\reparo\Desktop\Safe Money.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe -hidden safebanking
C:\Users\reparo\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\Users\reparo\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader X.lnk -
C:\Users\Public\Desktop\CCleaner.lnk -
C:\Users\Public\Desktop\DoN Sandbox.lnk -
C:\Users\Public\Desktop\DoN.lnk -
C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk -
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -
C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk -
C:\Users\Public\Desktop\Mozilla Firefox.lnk -
C:\Users\Public\Desktop\NewLauncher.exe.lnk -
C:\Users\Public\Desktop\StrLauncher.exe.lnk -

==== shortcuts in Users Start Menu ======================

C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Nara\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_67467664.lnk - C:\Users\Nara\AppData\Local\Temp\_uninst_67467664.bat
C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Age of Empires III™.lnk -
C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DoN\DoN.lnk - C:\Program Files (x86)\DoN\DoN Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DoN Sandbox\DoN Sandbox.lnk - C:\GAMES\DoN Sandbox\DoN Sandbox Launcher.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Ajuda do Kaspersky PURE 3.0.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Doc\pt-BR\PURE\context.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Contrato de Licença do Usuário Final.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Kaspersky PURE 3.0.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Remover o Kaspersky PURE 3.0.lnk - C:\Windows\SysWOW64\msiexec.exe /i{D0702EE9-9DE4-419A-9C6C-4730B1C985BA} REMOVE=ALL
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Visitar a Kaspersky Lab na Web.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kl.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txt
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d78513a8998829c\pinned.lnk -
C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -
C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Maxthon Cloud Browser.lnk - C:\Program Files (x86)\Maxthon\Bin\Maxthon.exe
C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\DoN.lnk - C:\Program Files (x86)\DoN\DoN Launcher.exe
C:\Users\reparo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\reparo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\reparo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\reparo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\reparo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\reparo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyOverride"="<-loopback>"
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\AppData\Local\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\casa\Configurações locais\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Nara\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Nara\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\reparo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\reparo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Nara\AppData\Local\Mozilla\Firefox\Profiles\4ej3vhqz.default\Cache emptied successfully
C:\Users\reparo\AppData\Local\Mozilla\Firefox\Profiles\rbh8i03t.default\Cache emptied successfully
C:\Users\TEMP\AppData\Local\Mozilla\Firefox\Profiles\zdt96tt7.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\casa\AppData\Local\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Nara\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1367 folders=171 372986584 bytes)

==== Empty Temp Folders ======================

C:\Users\casa\AppData\Local\Temp will be emptied at reboot
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Gabriel\AppData\Local\Temp emptied successfully
C:\Users\Nara\AppData\Local\Temp emptied successfully
C:\Users\reparo\AppData\Local\Temp will be emptied at reboot
C:\Users\TEMP\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\reparo\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\reparo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found

==== EOF on 31/07/2014 at 18:42:20,67 ======================

Compartilhar este post


Link para o post
Compartilhar em outros sites

Faça um update (atualização) em seu Malwarebytes e depois disso siga as dicas abaixo para fazer a limpeza completa com ele:

 

Alterando o idioma do Malwarebytes para o português: (caso ele esteja em outro idioma)

 

Caso o idioma do seu Malwarebytes esteja em inglês é bem simples mudá-lo para nossa língua. Para isto abra o Malwarebytes e clique em Settings como mostra esta imagem:

 

tutorial-malwarebytes-2.jpg

 

Na próxima tela que surge, clique em Language e selecione a opção Portugueze (Brazil):

 

tutorial-malwarebytes-3.jpg

___________________________________________________________________________

 

Como executar uma verificação personalizada com o Malwarebytes:

 

- Abra o Malwarebytes > Clique em Verificar > clique em Verificação Personalizada > Clique em Verificar Agora:

 

malwarebytes-tutorial-11.jpg

 

Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas estas opções:

 

Verificar Objetos na Memória

Verificar as Configurações da Inicialização e do Registro

Verificar Arquivos Compactados

 

Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes.

 

Depois disto clique no botão Iniciar Verificação como mostra a imagem abaixo:

 

malwarebytes-tutorial-12.jpg

 

Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador:

 

malwarebytes-tutorial-13.jpg

 

Assim que a verificação terminar, caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows onde você clicará nela:

 

malwarebytes-tutorial-1.jpg

 

Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Você notará que ele já mostra uma ação padrão para os itens (que normalmente é a de mover para a quarentena).

 

Para remover as infecções, deixe a opção Quarentena no menu Ação selecionada em todos os itens e clique no botão Aplicar Ações, como mostra esta imagem:

 

malwarebytes-tutorial-2.jpg

 

Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, clique em Sim (ou Yes) como mostra esta imagem:

 

malwarebytes-tutorial-3.jpg

 

Depois disto é só postar o novo log de verificação que o Malwarebytes irá criar em sua próxima resposta.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Boa tarde,

 

rodei o malwarebytes como indicado,

porém como minha versão free já expirou,

acreditoque por isto não visualizo o log,

quatro ameaças foram detectadas, foram

para a quarentena e depois excluídas.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Baixe o programa Junkware Removal Tool no link abaixo:

http://thisisudax.org/downloads/JRT.exe

 

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

 

Tutorial do Junkware Removal Tool

 

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

 

Ficamos na espera.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Tentei baixar direto do seu post e da caixa de dicas,

uso windows 7 então ao executar como administrador

dá a mensagem de acesso negado,mesmo com

o antivírus desativado.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online:

 

Tutorial do antivirus Nod32 Online

 

Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador:

C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt

 

Na sua próxima resposta poste este log do Nod32 Online.

Compartilhar este post


Link para o post
Compartilhar em outros sites

Bom dia,

 

segue log...

 

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=4166e92481bfe944a1162389cf434cbc
# engine=19467
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-08-02 11:19:10
# local_time=2014-08-02 08:19:10 (-0300, Hora oficial do Brasil)
# country="Brazil"
# lang=1033
# osver=6.1.7600 NT
# compatibility_mode_1='Kaspersky PURE 3.0'
# compatibility_mode=1289 16777213 100 99 0 98292018 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 158525400 0 0
# scanned=220549
# found=17
# cleaned=17
# scan_time=3083
sh=9B887598BA32B96C6F440E28C999A03432141F98 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45.crx.vir"
sh=B05563F97CD00B43C8CFB580CB6AB986C46AD751 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45.xpi.vir"
sh=FE5602268DFA89EB01688600C4E883DD76EC0105 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wifi Protector BI\d7aebb74-e641-4a54-920f-f3448714333f.crx.vir"
sh=E830C41380C0D2F81D65E8F1853AEA4D5B3D45B4 ft=1 fh=80100b86c569921f vn="a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-buttonutil.dll.vir"
sh=88750E79DDE8F12E002AB593FD702A3AFA4FE0B5 ft=1 fh=0b6495df0dd3d0a8 vn="a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-buttonutil.exe.vir"
sh=D81DF792D76A044DD25F8B33F279755750521A18 ft=1 fh=cd8fc34e3ab9f70e vn="a variant of Win64/Toolbar.Crossrider.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-buttonutil64.dll.vir"
sh=60C28B79DEFA5D683340B8A740DED3E9039F8B41 ft=1 fh=9fb627c0a5d32f15 vn="a variant of Win64/Toolbar.Crossrider.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-buttonutil64.exe.vir"
sh=7F079C220E4448B3BEBED98F782330780B0EA90B ft=1 fh=1f02001914c7bed2 vn="probably a variant of Win32/Toolbar.CrossRider.AI potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-nova.dll.vir"
sh=4EEA7BE0DE33FED17B5F52FF5E6216F869C45AE5 ft=1 fh=351776d4d6274ee2 vn="a variant of MSIL/HackKMS.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Nara\Desktop\Ativador Office 2007\Ativador Office 2010.exe"
sh=9C75D4870D4989E56427A3821FD1EAC61595D714 ft=0 fh=0000000000000000 vn="a variant of MSIL/HackKMS.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Nara\Documents\Office 2010\Ativador Office 2010 100% Funcionando - By Felipooww.rar"
sh=5499E0C25D660E056FCBD38CC1C3E4D89BE1CB81 ft=1 fh=6b68483e67e9dd38 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Nara\Downloads\14282_avira_2012_antivirus_gratis_1200289.exe.exe"
sh=2FEC2BB06C11B711B37E7D1BAC0004F8F25A4C7B ft=1 fh=9586b0754c97a9e0 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Nara\Downloads\ccsetup401.exe"
sh=9BDA124FC88E26DF0E8057DA1849B8C268B35FEF ft=1 fh=4709d8f903593392 vn="a variant of Win32/OpenInstall potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Nara\Downloads\WinZip165Multi-language.exe"
sh=CAC2EE8DDF6A64B037A357017CA4C4221141BD70 ft=1 fh=6d3baa21187c5208 vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\zoek_backup\C_Users_Nara_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe"
sh=079F5212D0CC3059077736D55C4B04C6CBBFD2B8 ft=1 fh=573a726a370e6e65 vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\zoek_backup\C_Users_Nara_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe"
sh=95924D930E42925FCF9C31F268569AF088229675 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\zoek_backup\C_Users_Nara_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk"
sh=678148EE00B38B9AAD38C549719F66F1D4E16604 ft=1 fh=0b483d240f3d026b vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\zoek_backup\C_Users_Nara_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe"

Compartilhar este post


Link para o post
Compartilhar em outros sites
Visitante
Este tópico está impedido de receber novos posts.

×

Informação importante

Ao usar o fórum, você concorda com nossos Termos e condições.