Ionara 2 Denunciar post Postado Julho 2, 2014 boa noite, a inicialização e o desligamento do pc estão lentos, assim como a execuçãodas atividades, segue log hijackthis.... Logfile of Trend Micro HijackThis v2.0.4Scan saved at 20:41:38, on 02/07/2014Platform: Windows 7 (WinNT 6.00.3504)MSIE: Internet Explorer v8.00 (8.00.7600.17267)Boot mode: Normal Running processes:C:\Program Files (x86)\4t Tray Minimizer\4t-min.exeC:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEC:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeC:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeC:\Program Files (x86)\Common Files\Java\Java Update\jusched.exeC:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exeC:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = PreserveR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =F2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: Facilitador de Leitor de Link Adobe PDF - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dllO2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLLO2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dllO2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLLO2 - BHO: G-Buster Browser Defense CEF - {C41A1C0E-EA6C-11D4-B1B8-444553540003} - C:\Program Files (x86)\GbPlugin\gbiehcef.dllO2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dllO4 - HKLM\..\Run: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeO4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -rO4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /minO4 - HKLM\..\Run: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServicesO4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"O4 - HKCU\..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_13_0_0_214_ActiveX.exe -update activexO4 - Startup: 4t Tray Minimizer.lnk = C:\Program Files (x86)\4t Tray Minimizer\4t-min.exeO4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXEO9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dllO9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dllO12 - Plugin for .spop: C:\Program Files (x86)\Internet Explorer\Plugins\NPDocBox.dllO15 - Trusted Zone: imagem.caixa.gov.brO15 - Trusted Zone: internetbanking.caixa.gov.brO15 - Trusted Zone: internetbankingpf.caixa.gov.brO15 - Trusted Zone: www.caixa.gov.brO16 - DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} (DLM Control) - http://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.6.2.cabO16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cabO18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLLO18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLLO20 - Winlogon Notify: GbPluginCef - C:\Program Files (x86)\GbPlugin\gbiehCef.dllO23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeO23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeO23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exeO23 - Service: Serviço do Google Update (gupdate) (gupdate) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Unknown owner - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (file missing)O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeO23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeO23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - C:\Windows\system32\viakaraokesrv.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) --End of file - 10108 bytes Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 12, 2014 Oi Ionara. :seta: Faça o download do < ZHPDiag > < > ( ... de Nicolas Coolman ) Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo: Para instalá-lo e executá-lo corretamente siga as dicas deste artigo: Tutorial de instalação e execução do aplicativo ZHPDiag * Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Julho 22, 2014 Boa noite, desculpe a demora, mas estou acessando com usuario temporário esempre que vou terminar de executar algo ou postar um logo pc reinicia,perco tudo... tá difícil, mas vou tentar postar Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 22, 2014 Ok, fico no aguardo. Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Julho 27, 2014 ..segue log... ~ Relatório do ZHPDiag v2014.7.27.109 - Nicolas Coolman (27/07/2014)~ Iniciado por reparo (27/07/2014 14:39:42)~ Endereço do Website : http://nicolascoolman.fr~ Endereço do Webforum : http://forum.nicolascoolman.fr~ Tradução pelo utilizador~ Estatuto da versão : Versão atualizada.~ Lista Branca : Ativado pelo programa~ Elevação dos Privilégios : OK~ Controle de Conta de Utilizador : Activate by user---\\ Navegadores InternetMSIE: Internet Explorer v8.0.7600.16385MFIE: Mozilla Firefox 30.0GCIE: Google Chrome v36.0.1985.125---\\ Informações sobre os produtos Windows~ Langage: PortugaisWindows 7 Home Premium, 64-bit (Build 7600)Windows Server License Manager Script : OKSoftware Protection Service (Protection logicielle) : OKWindows Automatic Updates : OKWindows Activation Technologies : OK---\\ Softwares de proteçao do sistemaAvira Free Antivirus v14.0.5.464Kaspersky Security Scan v12.0.1.881Windows Defender W7 (Activate)---\\ Softwares d'optimização do sistema---\\ Softwares de partilha do PeerToPeer (P2P)Pando Media Booster v2.6.0.7---\\ Monitoramento dos softwaresAdobe Flash Player 14 PluginAdobe Reader XJava 7 Update 51---\\ Informações sobre o sistema~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel~ Operating System: 64 BitsBoot mode: Normal (Normal boot)Total RAM: 8098 MB (75% free)System Restore: Activé (Enable)System drive C: has 405 GB (87%) free of 466 GB---\\ Modo de conexão ao sistema~ Computer Name: CASA-PC~ User Name: reparo~ All Users Names: reparo, Nara, Convidado, Administrador,~ Unselected Option: 045,061,O62,065,066,080,O82,089Logged in as Administrator---\\ As variáveis de ambiente~ System Unit : C:\~ %AppZHP% : C:\Users\reparo\AppData\Roaming\ZHP\~ %AppData% : C:\Users\reparo\AppData\Roaming\~ %Desktop% : C:\Users\reparo\Desktop\~ %Favorites% : C:\Users\reparo\Favorites\~ %LocalAppData% : C:\Users\reparo\AppData\Local\~ %StartMenu% : C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\~ %Windir% : C:\Windows\~ %System% : C:\Windows\System32\---\\ Enumeração das unidades dos discosC: Hard drive, Flash drive, Thumb drive (Free 405 Go of 466 Go)D: CD-ROM drive (Not Inserted)E: Floppy drive, Flash card reader, USB Key (Free 2 Go of 2 Go)---\\ Estado do Centro de Segurança do Windows[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified~ Security Center: 41 Legitimates Filtered in 00mn 00s---\\ Pesquisa particular de ficheiros genéricos[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 03:23:14.) -- C:\Windows\Explorer.exe [2870272][MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024][MD5.8523338F749AC8C5300C125BC4B08275] - (.Microsoft Corporation - Internet Extensions para Win32.) (.02/03/2013 - 02:49:19.) -- C:\Windows\System32\wininet.dll [1198080][MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:24:40.) -- C:\Windows\System32\Winlogon.exe [389632][MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936][MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200][MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128][MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160][MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456][MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400][MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 21:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368][MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472][MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224][MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696][MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072][MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096][MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280][MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 21:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048][MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184][MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840][MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/09/2012 - 14:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792]~ Generic Processes: Scanned in 00mn 00s---\\ Estatuto dos ficheiros ocultos (Oculto/Total)~ Mes Favoris (My Favorites) : 1/21~ Mon Bureau (My Desktop) : 1/3~ Menu demarrer (Programs) : 1/23~ Hidden Files: Scanned in 00mn 00s---\\ Processos lançados[MD5.4A73AB8412D3AA6CFAD24051FF9DBFA7] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160] [PID.1320][MD5.1E9B225DE829A6F666A0BA9B8A7984BF] - (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [750160] [PID.2764][MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2852][MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.1596][MD5.0DA8636ACBF55A4CA6350FEA7D789828] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8082432] [PID.3768][MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [520520] [PID.764][MD5.4C14746BCBF9985BDBF1CD1BEED96DF8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [430160] [PID.1248][MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1412][MD5.4C14746BCBF9985BDBF1CD1BEED96DF8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [430160] [PID.1440][MD5.EFB2614E9142FA4427CE82EE6DC0CA7B] - (.Kaspersky Lab ZAO - Kaspersky Security Scan.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exe [202080] [PID.1532][MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.2100][MD5.8FFF9083252C16FE3960173722605E9E] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.3520][MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [325656] [PID.2392][MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280] [PID.2412]~ Processes Running: Scanned in 00mn 00s---\\ Internet Explorer, Gestão do Proxy (R5)R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no keyR5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll~ Proxy management: Scanned in 00mn 00s---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programasF2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,F2 - REG:system.ini: Shell=C:\Windows\explorer.exeF2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe~ Keys: Scanned in 00mn 00s---\\ Redireção do ficheiro Hosts (01)~ Le fichier hosts est sain (The hosts file is clean).~ Hosts File: Scanned in 00mn 00s~ Nombre de lignes (Lines number): 21---\\ Browser Helper Objects do navegador (02)O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll~ BHO: 10 Legitimates Filtered in 00mn 00s---\\ Aplicações iniciadas por registo & pastas (04)O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Wow6432Node\Run: [iAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeO4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exeO4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems IncorporatedO4 - HKLM\..\Wow6432Node\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Avira system tray application.) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exeO4 - HKLM\..\Wow6432Node\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft CorporationO4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle CorporationO4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exeO4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exeO4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft CorporationO4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation~ Application: Scanned in 00mn 00s---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft CorporationO9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft Corporation~ IE Extra Buttons: Scanned in 00mn 00s---\\ Alteração Dominio/Clientes DNS (017)O17 - HKLM\System\CCS\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254O17 - HKLM\System\CS1\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129O17 - HKLM\System\CS1\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254O17 - HKLM\System\CS2\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129O17 - HKLM\System\CS2\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.254~ Domain: Scanned in 00mn 00s---\\ Protocolo adicional (018)O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dllO18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation~ Protocole Additionnel: Scanned in 00mn 00s---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll~ Winlogon: Scanned in 00mn 00s---\\ Lista dos serviços NT não Microsoft e não desativados (023)O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe~ Services: 11 Legitimates Filtered in 00mn 02s---\\ Tarefas planificadas automaticamente (039)[MD5.00000000000000000000000000000000] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe (.not file.) [0] =>Trojan.AutoKMS[MD5.00000000000000000000000000000000] [APT] [{40A2A6DD-EF47-4EE5-9976-3A6BA7DD57F1}] (...) -- C:\Users\reparo\Downloads\PenDriveVirusRemover_Setup_En.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [{4E1B028A-72ED-40CA-818A-8A4B7F885B0E}] (...) -- C:\Users\reparo\AppData\Local\Temp\{78288FE1-140B-42B0-9BB1-31188808AD36}\InstallFlashPlayer.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [{824D238E-E199-4B8D-B033-94B5BBAAFAD2}] (...) -- C:\Users\reparo\Downloads\iGBPCEF.exe (.not file.) [0][MD5.F196BD7D4F1F6EFBC1A210510D5DBB84] [APT] [{9B58F3CE-A602-49DC-BF64-ACCDAD7E3E74}] (...) -- C:\Program Files (x86)\Don\DoN Launcher.exe [3743808]O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [268] =>Trojan.AutoKMSO39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [268] =>Trojan.AutoKMSO39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1060]O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1064]~ Scheduled Task: 17 Legitimates Filtered in 00mn 02s---\\ Software instalados (042)O42 - Logiciel: 4t Tray Minimizer Free 5.52 - (.4t Niagara Software.) [HKLM][64Bits] -- 4t Tray Minimizer_is1O42 - Logiciel: Dynasty of Nordics versão 7.55 - (.Galaxy Games.) [HKLM][64Bits] -- {5DB4716B-1246-4C39-AE77-2FFEE36DC46D}_is1O42 - Logiciel: Dynasty of Nordics versão 7.55 - (.Galaxy Games.) [HKLM][64Bits] -- {C8141479-83BC-4CCB-B70C-5C033F227E79}}_is1O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014O42 - Logiciel: New Destiny versão 7.57 - (.Star Group.) [HKLM][64Bits] -- {3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T7}_is1O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5O42 - Logiciel: Star Destiny versão 3.7 - (.Star Group.) [HKLM][64Bits] -- {3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T4}_is1O42 - Logiciel: WYD (remove only) - (...) [HKLM][64Bits] -- WYD~ Logic: 27 Legitimates Filtered in 00mn 00s---\\ HKCU & HKLM Software Keys[HKLM\Software\Wow6432Node\AutoHelpDesk][HKLM\Software\Wow6432Node\Bahamut][HKLM\Software\Wow6432Node\Baidu Security][HKLM\Software\Wow6432Node\Baidu_Drp_pos][HKLM\Software\Wow6432Node\Pando Networks]~ Key Software: 156 Legitimates Filtered in 00mn 00s---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)O43 - CFD: 12/11/2012 - 15:17:00 - [] ----D C:\Program Files (x86)\4t Tray MinimizerO43 - CFD: 13/01/2014 - 09:01:36 - [] ----D C:\Program Files (x86)\Baidu SecurityO43 - CFD: 21/07/2014 - 21:12:48 - [] ----D C:\Program Files (x86)\DoNO43 - CFD: 17/07/2014 - 23:27:05 - [] ----D C:\Program Files (x86)\FDGO43 - CFD: 21/07/2014 - 20:15:42 - [] ----D C:\Program Files (x86)\GUMD2F7.tmpO43 - CFD: 21/07/2014 - 20:15:59 - [] ----D C:\Program Files (x86)\GUMDBCD.tmpO43 - CFD: 06/02/2014 - 11:49:42 - [] ----D C:\Program Files (x86)\Pando NetworksO43 - CFD: 09/03/2014 - 08:54:38 - [] ----D C:\Program Files (x86)\Programas RFBO43 - CFD: 13/01/2014 - 09:06:05 - [] ----D C:\ProgramData\Baidu Security~ Program Folder: 110 Legitimates Filtered in 00mn 00s---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)O44 - LFC:[MD5.0B72D5FE2BC97D3B74AFA1399B54BA8B] - 17/07/2014 - 23:51:16 ---A- . (...) -- C:\Windows\DirectX.log [9774]O44 - LFC:[MD5.703E7433628DEA828F4F0010AE817E38] - 19/07/2014 - 14:57:30 ----- . (...) -- C:\bootsqm.dat [6576]O44 - LFC:[MD5.B6F762113B8C51943219CC7A5F8F93C1] - 27/07/2014 - 10:12:52 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [4062]O44 - LFC:[MD5.6D168297A9534E194DB590A9C48AF13E] - 27/07/2014 - 10:12:52 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [4254]O44 - LFC:[MD5.C254D3E5751B7F33B2FF389DB6796149] - 27/07/2014 - 12:33:50 ---A- . (...) -- C:\Windows\ntbtlog.txt [4251988]~ Files: 107 Legitimates Filtered in 00mn 37s---\\ Operações e funções ao arranque do Windows Explorer (046)O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLLO46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL~ ShellExecuteHooks: Scanned in 00mn 00s---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)O53 - SMSR:HKLM\...\startupreg\RaidCall [Key] . (.RAIDCALL.COM - Raidcall.) -- C:\Program Files (x86)\RaidCall\raidcall.exe~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0~ MWPS: 16 Legitimates Filtered in 00mn 00s---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s---\\ Lista dos drivers do sistema (SDL) (O58)O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]O58 - SDL:04/10/2012 - 14:07:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [47720]O58 - SDL:17/03/2014 - 18:30:14 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]~ Drivers: 61 Legitimates Filtered in 00mn 00s---\\ Lista das ferramentas de remoção de vírus (LAT) (063)O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas CoolmanO63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}~ ADS: Scanned in 00mn 00s---\\ Lista dos serviços Legacy du registo (064)O64 - Services: CurCS - 14/07/2014 - C:\Windows\System32\DRIVERS\avnetflt.sys (avnetflt) .(.Avira Operations GmbH & Co. KG - Avira WFP Network Driver.) - LEGACY_AVNETFLT~ Legacy: 95 Legitimates Filtered in 00mn 00s---\\ Menu de inicialização Internet (068)O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exeO68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exeO68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe~ Keys: Scanned in 00mn 00s---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)[MD5.44B89BC0069FA73A8EAD7120A4293B5B] [sPRF][04/05/2013] (...) -- C:\ProgramData\ntuser.dat [262144]~ Files: 2 Legitimates Filtered in 00mn 00s---\\ Lista das exceções do FireWall (FirewallRules) (O87)O87 - FAEL: "{4F850645-2D5A-46FA-BA00-8984D78B8442}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Nara\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrentO87 - FAEL: "{3AB09CCB-4963-4C2E-BDB6-980C5CC62D0D}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Nara\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent~ Firewall: 2 Legitimates Filtered in 00mn 02s---\\ Search Tracing Registry Key (O100)HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32 =>PUP.MyPCBackupHKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCS =>PUP.MyPCBackupHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\avg-secure-search-installer_RASAPI32 =>Toolbar.AVGSearchHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\avg-secure-search-installer_RASMANCS =>Toolbar.AVGSearchHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASAPI32 =>Adware.MagniPicHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASMANCS =>Adware.MagniPicHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrentHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrent~ BTK: 304 Legitimates Filtered in 00mn 00s---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeSS - | Disabled 14/07/2014 1030224 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exeSS - | Auto 02/03/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeSS - | Demand 02/03/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeSS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeSS - | Demand 26/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exeSR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSR - | Auto 14/07/2014 430160 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exeSR - | Auto 14/07/2014 430160 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exeSR - | Auto 26/02/2014 520520 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exeSR - | Auto 05/11/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeSR - | Auto 15/06/2014 202080 | (KSS) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Security Scan 2.0\kss.exeSR - | Auto 20/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeSR - | Auto 20/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeSR - | Auto 14/12/2010 27760 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exeSR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exeSR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft CorporationSR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe~ Services: Scanned in 00mn 05s---\\ Scâner Aditional (088)Database Version : 13026 - (27/07/2014)Clés trouvées (Keys found) : 1Valeurs trouvées (Values found) : 0Dossiers trouvés (Folders found) : 0Fichiers trouvés (Files found) : 2[HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.AskC:\Windows\Tasks\AutoKMS.job =>Trojan.AutoKMS^C:\Windows\System32\Tasks\AutoKMS =>Trojan.AutoKMS^~ Additionnel Scan: 191178 Items scanned in 00mn 16s---\\ Informações complémentaires do módulos~ =>.Internet Explorer, Gestão do Proxy (R5) ~ =>.Browser Helper Objects do navegador (02) ~ =>.Aplicações iniciadas por registo & pastas (04) ~ AMI: 3 Legitimates Filtered in 00mn 00s---\\ Sumário das deteções encontradas na sua estação =>Trojan.AutoKMS =>PUP.MyPCBackup =>Adware.MagniPic http://nicolascoolman.fr/toolbar-ask%C2'> =>Toolbar.Ask ~ MSI: 4 link(s) detected in 00mn 00s~ 710 Legitimates filtered by white listEnd of the scan (420 lines in 01mn 25s)(0) Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 27, 2014 :seta: Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial: Escolhendo Programas que Iniciam com o PC De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows. Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC. ___________________________________________________________________________________________ :seta: No seu PC está constando a presença de dois antivirus: Kaspersky e Avira. É muito importante desinstalar um deles, porque dois ou mais antivirus causa lentidão e também pode causar conflitos entre eles. ____________________________________________________________________________________________ :seta: Acesse o site https://www.virustotal.com e envie este arquivo destacado em negrito abaixo para ser analisado: C:\Program Files (x86)\Don\DoN Launcher.exe Assim que a análise dele for concluída, copie o link que aparecerá na barra de endereços de seu navegador e poste este link em sua próxima resposta juntamente com o relatório do ZHPFix pedido abaixo nesta postagem. Maiores informações de como analisar arquivos no site Virus Total você encontra neste tutorial: Analise arquivos e links suspeitos de forma online e totalmente gratuita ________________________________________________________________________________________ :seta: Selecione e copie todo o texto destacado em vermelho que te passei. _____________________________________________________________________________________________________________ :seta: Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total. Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Julho 29, 2014 Bom dia, estou com alguns problemas, estava só reiniciando, travando, executei duas tarefas e seguem abaixo, como acessava somente com usuário temporário, criei um novo usuário, o que está evitando a perda de dados... removi o avast, mas estou sem acesso ao modo de segurança..... 1- https://www.virustotal.com/pt/file/5014d4cfc2ff1a2608951e0f80ffbac8fa1f3cb88adff7b2481c31ec1d63423d/analysis/1406587031/ 2- Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014Fichier d'export Registre :Run by reparo at 29/07/2014 05:28:08High Elevated Privileges : OKWindows 7 Home Premium Edition, 64-bit (Build 7600)Reciclagem vazia (00mn 03s)Reparação de atalhos do navegador========== Chaves do Registo ==========ELIMINÉ: HKLM\Software\Wow6432Node\Baidu SecurityELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_posELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASAPI32ELIMINÉ:* HKLM\SOFTWARE\Microsoft\Tracing\BackupStack_RASMANCSELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\avg-secure-search-installer_RASAPI32ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\avg-secure-search-installer_RASMANCSELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASAPI32ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\setup_magnipic_RASMANCSELIMINÉ: HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}========== Pastas ==========Nenhuma pasta CLSID local utilizador vazia========== Ficheiros ==========ELIMINÉ Temporários windows (63) (108.273.607 octets)ELIMINÉ Flash Cookies (0) (0 octets)========== Tarefa planificada ==========ELIMINÉ: AutoKMSELIMINÉ: AutoKMSELIMINÉ: {40A2A6DD-EF47-4EE5-9976-3A6BA7DD57F1}ELIMINÉ: {4E1B028A-72ED-40CA-818A-8A4B7F885B0E}ELIMINÉ: {824D238E-E199-4B8D-B033-94B5BBAAFAD2}========== Restauração Sistema ==========Ponto de restauro do sistema criado com sucesso========== Recapitulativo ==========9 : Chaves do Registo1 : Pastas2 : Ficheiros5 : Tarefa planificada1 : Restauração SistemaEnd of clean in 00mn 23s========== Caminho do ficheiro do relatório ==========C:\Users\reparo\AppData\Roaming\ZHP\ZHPFix[R1].txt - 29/07/2014 05:28:12 [1748] Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 29, 2014 Abra novamente o ( ZHPDiag ) |- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão. |- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Julho 29, 2014 Boa noite, acessei o modo de de segurança, rodei o antivirus, dois malwares foram removidos, porém no outro usuário o logon ainda é temporário, páginas abrem sozinhas e publicidade surge na tela a todo momento, segue log solicitado.... ~ Relatório do ZHPDiag v2014.7.27.109 - Nicolas Coolman (27/07/2014)~ Iniciado por reparo (29/07/2014 19:07:05)~ Endereço do Website : http://nicolascoolman.fr~ Endereço do Webforum : http://forum.nicolascoolman.fr~ Tradução pelo utilizador~ Estatuto da versão : Nova Versão disponivel~ Lista Branca : Ativado pelo programa~ Elevação dos Privilégios : OK~ Controle de Conta de Utilizador : Deactivate by user---\\ Navegadores InternetMSIE: Internet Explorer v8.0.7600.16385MFIE: Mozilla Firefox 30.0GCIE: Google Chrome v36.0.1985.125 (Defaut)---\\ Informações sobre os produtos Windows~ Langage: PortugaisWindows 7 Home Premium, 64-bit (Build 7600)Windows Server License Manager Script : OKSoftware Protection Service (Protection logicielle) : OKWindows Automatic Updates : OKWindows Activation Technologies : OK---\\ Softwares de proteçao do sistemaKaspersky PURE 3.0 v13.0.2.558Windows Defender W7 (Activate)---\\ Softwares d'optimização do sistemaCCleaner v4.01---\\ Softwares de partilha do PeerToPeer (P2P)Pando Media Booster v2.6.0.7---\\ Monitoramento dos softwaresAdobe Flash Player 14 PluginAdobe Reader XJava 7 Update 51---\\ Informações sobre o sistema~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel~ Operating System: 64 BitsBoot mode: Normal (Normal boot)Total RAM: 8098 MB (79% free)System Restore: Activé (Enable)System drive C: has 406 GB (87%) free of 466 GB---\\ Modo de conexão ao sistema~ Computer Name: CASA-PC~ User Name: reparo~ All Users Names: reparo, Nara, Convidado, Administrador,~ Unselected Option: 045,061,O62,065,066,080,O82,089Logged in as Administrator---\\ As variáveis de ambiente~ System Unit : C:\~ %AppZHP% : C:\Users\reparo\AppData\Roaming\ZHP\~ %AppData% : C:\Users\reparo\AppData\Roaming\~ %Desktop% : C:\Users\reparo\Desktop\~ %Favorites% : C:\Users\reparo\Favorites\~ %LocalAppData% : C:\Users\reparo\AppData\Local\~ %StartMenu% : C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\~ %Windir% : C:\Windows\~ %System% : C:\Windows\System32\---\\ Enumeração das unidades dos discosC: Hard drive, Flash drive, Thumb drive (Free 406 Go of 466 Go)D: CD-ROM drive (Not Inserted)---\\ Estado do Centro de Segurança do Windows[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified~ Security Center: 41 Legitimates Filtered in 00mn 00s---\\ Pesquisa particular de ficheiros genéricos[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 03:23:14.) -- C:\Windows\Explorer.exe [2870272][MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024][MD5.8523338F749AC8C5300C125BC4B08275] - (.Microsoft Corporation - Internet Extensions para Win32.) (.02/03/2013 - 02:49:19.) -- C:\Windows\System32\wininet.dll [1198080][MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:24:40.) -- C:\Windows\System32\Winlogon.exe [389632][MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936][MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200][MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128][MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160][MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456][MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400][MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 21:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368][MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472][MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224][MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696][MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072][MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096][MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280][MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 21:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048][MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184][MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840][MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/09/2012 - 14:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792]~ Generic Processes: Scanned in 00mn 00s---\\ Estatuto dos ficheiros ocultos (Oculto/Total)~ Mes Favoris (My Favorites) : 1/22~ Mon Bureau (My Desktop) : 1/6~ Menu demarrer (Programs) : 1/23~ Hidden Files: Scanned in 00mn 00s---\\ Processos lançados[MD5.4A73AB8412D3AA6CFAD24051FF9DBFA7] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160] [PID.1428][MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.452][MD5.7E91655B4947EC1B18B3BC1645839145] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128] [PID.1488][MD5.B1E01D636350983E94171E229C759468] - (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe [275568] [PID.3404][MD5.0DA8636ACBF55A4CA6350FEA7D789828] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8082432] [PID.4860][MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [520520] [PID.876][MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1468][MD5.0B7E221689F370C87F640C6D2EED7D3F] - (.Infowatch - InfoWatch CryptoStorage Protected objects c.) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888] [PID.1544][MD5.24521F3E7001794E46CD12CE1E615EED] - (.Wajam Internet Technologies Inc. - Wajam Internet Enhancer Service.) -- C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe [303616] [PID.1768] =>PUP.Wajam[MD5.397D14958D6C9C2B365469A857B2AC4E] - (.Google Inc. - Google Crash Handler.) -- C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe [230792] [PID.2676][MD5.EDEAB1CDDA0D326BAAEFCC345A0BE221] - (.Wajam Internet Technologies Inc. - Wajam Internet Enhancer.) -- C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe [83968] [PID.3740] =>PUP.Wajam[MD5.8FFF9083252C16FE3960173722605E9E] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.1352][MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [325656] [PID.920][MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280] [PID.4332]~ Processes Running: Scanned in 00mn 00s---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)C:\Users\reparo\AppData\Local\Google\Chrome\User Data\Default\PreferencesG0 - GCSP: Preference [user Data\Default][HomePage] http://br.hao123.com---\\ Pasta de extensão do Google Chrome~ Google Lines Browser: 1 Legitimates Filtered in 00mn 00s---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com~ IE Browser: 19 Legitimates Filtered in 00mn 00s---\\ Internet Explorer, Gestão do Proxy (R5)R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.ProxyR5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:52809;https=127.0.0.1:52809; =>Hijacker.ProxyR5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll~ Proxy management: Scanned in 00mn 00s---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programasF2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,F2 - REG:system.ini: Shell=C:\Windows\explorer.exeF2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe~ Keys: Scanned in 00mn 00s---\\ Redireção do ficheiro Hosts (01)~ Le fichier hosts est sain (The hosts file is clean).~ Hosts File: Scanned in 00mn 00s~ Nombre de lignes (Lines number): 21---\\ Browser Helper Objects do navegador (02)O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll~ BHO: 20 Legitimates Filtered in 00mn 00s---\\ Aplicações iniciadas por registo & pastas (04)O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Wow6432Node\Run: [iAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeO4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exeO4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems IncorporatedO4 - HKLM\..\Wow6432Node\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft CorporationO4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle CorporationO4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exeO4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exeO4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft CorporationO4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation~ Application: Scanned in 00mn 00s---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)O9 - Extra button: Teclado Virtual [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kbrd.icoO9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft CorporationO9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft CorporationO9 - Extra button: Verificação de URLs [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\logo.ico~ IE Extra Buttons: Scanned in 00mn 00s---\\ Alteração Dominio/Clientes DNS (017)O17 - HKLM\System\CCS\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254O17 - HKLM\System\CS1\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129O17 - HKLM\System\CS1\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254O17 - HKLM\System\CS2\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129O17 - HKLM\System\CS2\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.254~ Domain: Scanned in 00mn 00s---\\ Protocolo adicional (018)O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dllO18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation~ Protocole Additionnel: Scanned in 00mn 00s---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll~ Winlogon: Scanned in 00mn 00s---\\ Lista dos serviços NT não Microsoft e não desativados (023)O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exeO23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exeO23 - Service: Wajam Internet Enhancer Service (Wajam Internet Enhancer Service) . (.Wajam Internet Technologies Inc. - Wajam Internet Enhancer Service.) - C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe =>PUP.Wajam~ Services: 12 Legitimates Filtered in 00mn 04s---\\ Tarefas planificadas automaticamente (039)[MD5.00000000000000000000000000000000] [APT] [06e9d593-5ff0-49e6-b296-4431f32774f9-4] (...) -- C:\Program Files (x86)\PlusVid\06e9d593-5ff0-49e6-b296-4431f32774f9-4.exe (.not file.) [0] =>PUP.PlusVid[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1] (...) -- C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-codedownloader.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6] (...) -- C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-novainstaller.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7] (...) -- C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-nova.exe (.not file.) [0][MD5.F196BD7D4F1F6EFBC1A210510D5DBB84] [APT] [{9B58F3CE-A602-49DC-BF64-ACCDAD7E3E74}] (...) -- C:\Program Files (x86)\Don\DoN Launcher.exe [3743808]O39 - APT: 06e9d593-5ff0-49e6-b296-4431f32774f9-4 - (...) -- C:\Windows\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4.job [2232] =>PUP.CrossRiderO39 - APT: 06e9d593-5ff0-49e6-b296-4431f32774f9-4 - (...) -- C:\Windows\System32\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4 [2232] =>PUP.CrossRiderO39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1.job [1650] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 [1650] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11.job [3814]O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11 [3814]O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2.job [1386] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 [1386] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4.job [2450] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 [2450] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.job [1484] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 [1484] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user.job [1500]O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user [1500]O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6.job [1650] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 [1650] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7.job [1588] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 [1588] =>PUP.CrossRiderO39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [924]O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [924]O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [928]O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [928]O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1060]O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1064]~ Scheduled Task: 44 Legitimates Filtered in 00mn 04s---\\ Software instalados (042)O42 - Logiciel: 4t Tray Minimizer Free 5.52 - (.4t Niagara Software.) [HKLM][64Bits] -- 4t Tray Minimizer_is1O42 - Logiciel: Dynasty of Nordics versão 7.55 - (.Galaxy Games.) [HKLM][64Bits] -- {5DB4716B-1246-4C39-AE77-2FFEE36DC46D}_is1O42 - Logiciel: Dynasty of Nordics versão 7.55 - (.Galaxy Games.) [HKLM][64Bits] -- {C8141479-83BC-4CCB-B70C-5C033F227E79}}_is1O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014O42 - Logiciel: New Destiny versão 7.57 - (.Star Group.) [HKLM][64Bits] -- {3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T7}_is1O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5O42 - Logiciel: Star Destiny versão 3.7 - (.Star Group.) [HKLM][64Bits] -- {3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T4}_is1O42 - Logiciel: WYD (remove only) - (...) [HKLM][64Bits] -- WYDO42 - Logiciel: Wajam - (.Wajam.) [HKLM][64Bits] -- Wajam =>PUP.WajamO42 - Logiciel: Wifi Protector BI - (.WFprotect.) [HKLM][64Bits] -- Wifi Protector BI~ Logic: 30 Legitimates Filtered in 00mn 00s---\\ HKCU & HKLM Software Keys[HKCU\Software\Baidu Security][HKCU\Software\Baidu][HKCU\Software\Iminent] =>Adware.IMBooster[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver[HKCU\Software\Wajam] =>PUP.Wajam[HKLM\Software\Baidu Security][HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver[HKLM\Software\Wow6432Node\AutoHelpDesk][HKLM\Software\Wow6432Node\Bahamut][HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver[HKLM\Software\Wow6432Node\Pando Networks]~ Key Software: 187 Legitimates Filtered in 00mn 00s---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)O43 - CFD: 12/11/2012 - 15:17:00 - [] ----D C:\Program Files (x86)\4t Tray MinimizerO43 - CFD: 21/07/2014 - 21:12:48 - [] ----D C:\Program Files (x86)\DoNO43 - CFD: 17/07/2014 - 23:27:05 - [] ----D C:\Program Files (x86)\FDGO43 - CFD: 28/07/2014 - 19:50:30 - [] ----D C:\Program Files (x86)\FLVM PlayerO43 - CFD: 06/02/2014 - 11:49:42 - [] ----D C:\Program Files (x86)\Pando NetworksO43 - CFD: 09/03/2014 - 08:54:38 - [] ----D C:\Program Files (x86)\Programas RFBO43 - CFD: 29/07/2014 - 06:52:34 - [] ----D C:\Program Files (x86)\Wajam =>PUP.WajamO43 - CFD: 28/07/2014 - 20:11:16 - [] ----D C:\Program Files (x86)\Wifi Protector BIO43 - CFD: 29/07/2014 - 06:52:24 - [0] ----D C:\Users\reparo\AppData\Roaming\baiduO43 - CFD: 28/07/2014 - 20:08:36 - [] ----D C:\Users\reparo\AppData\Roaming\Baidu SecurityO43 - CFD: 28/07/2014 - 20:13:35 - [] ----D C:\Users\reparo\AppData\Roaming\ContentExplorer =>PUP.ContentExplorerO43 - CFD: 28/07/2014 - 19:50:28 - [] ----D C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player~ Program Folder: 118 Legitimates Filtered in 00mn 01s---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)O44 - LFC:[MD5.B6F762113B8C51943219CC7A5F8F93C1] - 27/07/2014 - 10:12:52 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [4062]O44 - LFC:[MD5.6D168297A9534E194DB590A9C48AF13E] - 27/07/2014 - 10:12:52 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [4254]O44 - LFC:[MD5.04199CA5C4A6F6E935906A74EAFCA8E7] - 28/07/2014 - 21:44:13 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [84536]O44 - LFC:[MD5.7D7F90460F1309B5205BF8CDFAD63E42] - 28/07/2014 - 21:44:15 ---A- . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66616]~ Files: 109 Legitimates Filtered in 01mn 11s---\\ Operações e funções ao arranque do Windows Explorer (046)O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLLO46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL~ ShellExecuteHooks: Scanned in 00mn 00s---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)O53 - SMSR:HKLM\...\startupreg\RaidCall [Key] . (.RAIDCALL.COM - Raidcall.) -- C:\Program Files (x86)\RaidCall\raidcall.exe~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0~ MWPS: 16 Legitimates Filtered in 00mn 00s---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s---\\ Lista dos drivers do sistema (SDL) (O58)O58 - SDL:02/06/2011 - 14:39:44 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [84536]O58 - SDL:02/06/2011 - 14:39:44 ---A- . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66616]O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]O58 - SDL:04/10/2012 - 14:07:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [47720]O58 - SDL:17/03/2014 - 18:30:14 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]~ Drivers: 67 Legitimates Filtered in 00mn 05s---\\ Lista das ferramentas de remoção de vírus (LAT) (063)O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas CoolmanO63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}~ ADS: Scanned in 00mn 00s---\\ Lista dos serviços Legacy du registo (064)O64 - Services: CurCS - 04/12/2013 - C:\Windows\System32\DRIVERS\kneps.sys (kneps) .(.Kaspersky Lab ZAO - KNEPS Power.) - LEGACY_KNEPS~ Legacy: 102 Legitimates Filtered in 00mn 00s---\\ Associações Shell Spawning (O67)O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)~ FASS Keys: 11 Legitimates Filtered in 00mn 00s---\\ Menu de inicialização Internet (068)O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exeO68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exeO68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe~ Keys: Scanned in 00mn 00s---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)O69 - SBI: prefs.js [reparo - 9pa4sbmb.default] user_pref("extensions.crossrider.bic", "1477f3719312207c9d2ede9f8063be2b"); =>PUP.CrossRiderO69 - SBI: SearchScopes [HKCU] Web [DefaultScope] - (Web) - http://br.yhs4.search.yahoo.comO69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.comO69 - SBI: SearchScopes [HKCU] {FAA16D39-29DE-4F14-9869-0DBF17DBF21B} - (Bing) - http://www.bing.com~ Keys: Scanned in 00mn 00s---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)[MD5.44B89BC0069FA73A8EAD7120A4293B5B] [sPRF][04/05/2013] (...) -- C:\ProgramData\ntuser.dat [262144]~ Files: 2 Legitimates Filtered in 00mn 00s---\\ Lista das exceções do FireWall (FirewallRules) (O87)O87 - FAEL: "{4F850645-2D5A-46FA-BA00-8984D78B8442}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Nara\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrentO87 - FAEL: "{3AB09CCB-4963-4C2E-BDB6-980C5CC62D0D}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Nara\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent~ Firewall: 2 Legitimates Filtered in 00mn 08s---\\ Search Tracing Registry Key (O100)HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASAPI32 =>Adware.IMBoosterHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASMANCS =>Adware.IMBoosterHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-codedownloader_RASAPI32 =>PUP.PlusVidHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-codedownloader_RASMANCS =>PUP.PlusVidHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-novainstaller_RASAPI32 =>PUP.PlusVidHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-novainstaller_RASMANCS =>PUP.PlusVidHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrentHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrentHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32 =>PUP.WajamHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCS =>PUP.WajamHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.WajamHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.WajamHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_2207-6c14163c_RASAPI32 =>PUP.WajamHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_2207-6c14163c_RASMANCS =>PUP.WajamHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASAPI32 =>PUP.WajamHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASMANCS =>PUP.Wajam~ BTK: 338 Legitimates Filtered in 00mn 00s---\\ Search CLSID Registry Key (O101)[HKCR\CLSID\{11111111-1111-1111-1111-110611171160}] (PlusVid) =>PUP.PlusVid[HKCR\CLSID\{22222222-2222-2222-2222-220622172250}] (CrossriderApp0061750.Sandbox) =>PUP.CrossRider[HKCR\CLSID\{22222222-2222-2222-2222-220622172260}] (CrossriderApp0061760.Sandbox) =>PUP.CrossRider~ BCK: 4344 Legitimates Filtered in 00mn 04s---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeSS - | Auto 28/07/2014 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exeSS - | Demand 28/07/2014 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exeSS - | Auto 02/03/2013 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeSS - | Demand 02/03/2013 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeSS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeSS - | Demand 26/06/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exeSR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSR - | Auto 04/12/2013 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exeSR - | Auto 25/09/2013 818888 | (CSObjectsSrv) . (.Infowatch.) - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exeSR - | Auto 26/02/2014 520520 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exeSR - | Auto 05/11/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeSR - | Auto 20/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeSR - | Auto 20/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeSR - | Auto 14/12/2010 27760 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exeSR - | Auto 25/07/2014 303616 | (Wajam Internet Enhancer Service) . (.Wajam Internet Technologies Inc..) - C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe =>PUP.WajamSR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exeSR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft CorporationSR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe~ Services: Scanned in 00mn 09s---\\ Scâner Aditional (088)Database Version : 13026 - (27/07/2014)Clés trouvées (Keys found) : 17Valeurs trouvées (Values found) : 0Dossiers trouvés (Folders found) : 2Fichiers trouvés (Files found) : 20[HKLM\SYSTEM\CurrentControlSet\Services\Wajam Internet Enhancer Service] =>PUP.Wajam^[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Wajam] =>PUP.Wajam^[HKCU\Software\Iminent] =>Adware.IMBooster[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622172250}] =>PUP.CrossRider[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622172260}] =>PUP.CrossRider[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110611171150}] =>PUP.CrossRider[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622172250}] =>PUP.CrossRider[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622172260}] =>PUP.CrossRider[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRiderC:\Program Files (x86)\Wajam =>PUP.Wajam^C:\Users\reparo\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer^C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe =>PUP.Wajam^C:\Program Files (x86)\Wajam\Wajam Internet Enhancer\WajamInternetEnhancer.exe =>PUP.Wajam^C:\Windows\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4.job =>PUP.CrossRider^C:\Windows\System32\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4 =>PUP.CrossRider^C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1.job =>PUP.CrossRider^C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 =>PUP.CrossRider^C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2.job =>PUP.CrossRider^C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 =>PUP.CrossRider^C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4.job =>PUP.CrossRider^C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 =>PUP.CrossRider^C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.job =>PUP.CrossRider^C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 =>PUP.CrossRider^C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6.job =>PUP.CrossRider^C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 =>PUP.CrossRider^C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7.job =>PUP.CrossRider^C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 =>PUP.CrossRider^[HKCU\Software\Wajam] =>PUP.Wajam^[HKCR\CLSID\{11111111-1111-1111-1111-110611171160}] (PlusVid) =>PUP.PlusVid^[HKCR\CLSID\{22222222-2222-2222-2222-220622172250}] (CrossriderApp0061750.Sandbox) =>PUP.CrossRider^[HKCR\CLSID\{22222222-2222-2222-2222-220622172260}] (CrossriderApp0061760.Sandbox) =>PUP.CrossRider^~ Additionnel Scan: 200090 Items scanned in 00mn 21s---\\ Informações complémentaires do módulos~ =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2) ~ =>.Internet Explorer, Gestão do Proxy (R5) ~ =>.Browser Helper Objects do navegador (02) ~ =>.Aplicações iniciadas por registo & pastas (04) ~ AMI: 4 Legitimates Filtered in 00mn 00s---\\ Sumário das deteções encontradas na sua estação =>PUP.Wajam =>Hijacker.Proxy =>PUP.PlusVid =>PUP.CrossRider =>Adware.IMBooster =>Adware.VidSaver http://nicolascoolman.fr/pup-contentexplorer%C2'> =>PUP.ContentExplorer ~ MSI: 7 link(s) detected in 00mn 00s~ 804 Legitimates filtered by white listEnd of the scan (551 lines in 02mn 31s)(0) Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Julho 30, 2014 Como ontem após o gerar o log acima apareceu a mensagem que o ZHPdiag poderia não ter sido instalado corretamente, baixei novamente, segue log recente.... ~ Relatório do ZHPDiag v2014.7.29.110 - Nicolas Coolman (29/07/2014)~ Iniciado por reparo (30/07/2014 06:36:30)~ Endereço do Website : http://nicolascoolman.fr~ Endereço do Webforum : http://forum.nicolascoolman.fr~ Tradução pelo utilizador~ Estatuto da versão : Versão atualizada.~ Lista Branca : Ativado pelo programa~ Elevação dos Privilégios : OK~ Controle de Conta de Utilizador : Deactivate by user---\\ Navegadores InternetMSIE: Internet Explorer v8.0.7600.16385MFIE: Mozilla Firefox 31.0 (Defaut)---\\ Informações sobre os produtos Windows~ Langage: PortugaisWindows 7 Home Premium, 64-bit (Build 7600)Windows Server License Manager Script : OKSoftware Protection Service (Protection logicielle) : OKWindows Automatic Updates : OKWindows Activation Technologies : OK---\\ Softwares de proteçao do sistemaKaspersky PURE 3.0 v13.0.2.558Malwarebytes Anti-Malware versão 2.0.2.1012Windows Defender W7 (Activate)---\\ Softwares d'optimização do sistemaCCleaner v4.01---\\ Softwares de partilha do PeerToPeer (P2P)Pando Media Booster v2.6.0.7---\\ Monitoramento dos softwaresAdobe Flash Player 14 PluginAdobe Reader XJava 7 Update 51---\\ Informações sobre o sistema~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel~ Operating System: 64 BitsBoot mode: Normal (Normal boot)Total RAM: 8098 MB (79% free)System Restore: Activé (Enable)System drive C: has 406 GB (87%) free of 466 GB---\\ Modo de conexão ao sistema~ Computer Name: CASA-PC~ User Name: reparo~ All Users Names: reparo, Nara, Convidado, Administrador,~ Unselected Option: 045,061,O62,065,066,080,O82,089Logged in as Administrator---\\ As variáveis de ambiente~ System Unit : C:\~ %AppZHP% : C:\Users\reparo\AppData\Roaming\ZHP\~ %AppData% : C:\Users\reparo\AppData\Roaming\~ %Desktop% : C:\Users\reparo\Desktop\~ %Favorites% : C:\Users\reparo\Favorites\~ %LocalAppData% : C:\Users\reparo\AppData\Local\~ %StartMenu% : C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\~ %Windir% : C:\Windows\~ %System% : C:\Windows\System32\---\\ Enumeração das unidades dos discosC: Hard drive, Flash drive, Thumb drive (Free 406 Go of 466 Go)D: CD-ROM drive (Not Inserted)---\\ Estado do Centro de Segurança do Windows[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified~ Security Center: 41 Legitimates Filtered in 00mn 00s---\\ Pesquisa particular de ficheiros genéricos[MD5.0862495E0C825893DB75EF44FAEA8E93] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 03:23:14.) -- C:\Windows\Explorer.exe [2870272][MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024][MD5.8523338F749AC8C5300C125BC4B08275] - (.Microsoft Corporation - Internet Extensions para Win32.) (.02/03/2013 - 02:49:19.) -- C:\Windows\System32\wininet.dll [1198080][MD5.DA3E2A6FA9660CC75B471530CE88453A] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:24:40.) -- C:\Windows\System32\Winlogon.exe [389632][MD5.75341574F21E766748732BDF530C74BD] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:41:54.) -- C:\Windows\System32\sppcomapi.dll [231936][MD5.DB9D6C6B2CD95A9CA414D045B627422E] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.28/12/2011 - 00:59:11.) -- C:\Windows\system32\Drivers\AFD.sys [499200][MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128][MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160][MD5.83D2D75E1EFB81B3450C18131443F7DB] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:19:54.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456][MD5.9C253CE7311CA60FC11C774692A13208] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:57:40.) -- C:\Windows\system32\Drivers\DfsC.sys [102400][MD5.0A49913402747A0B67DE940FB42CBDBB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 21:06:13.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368][MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472][MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224][MD5.040D62A9D8AD28922632137ACDD984F2] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:51:08.) -- C:\Windows\system32\Drivers\MRxSmb.sys [157696][MD5.9162B273A44AB9DCE5B44362731D062A] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:21:29.) -- C:\Windows\system32\Drivers\netBT.sys [259072][MD5.9A6089B056EA1B83B36424FC9D0A300E] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 11:36:37.) -- C:\Windows\system32\Drivers\ntfs.sys [1653096][MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280][MD5.87A6E852A22991580D6D39ADC4790463] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 21:10:12.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [130048][MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184][MD5.079125C4B17B01FCAEEBCE0BCB290C0F] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:21:15.) -- C:\Windows\system32\Drivers\tdx.sys [99840][MD5.9E425AC5C9A5A973273D169F43B4F5E1] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/09/2012 - 14:38:18.) -- C:\Windows\system32\Drivers\volsnap.sys [295792]~ Generic Processes: Scanned in 00mn 01s---\\ Estatuto dos ficheiros ocultos (Oculto/Total)~ Mes Favoris (My Favorites) : 1/22~ Mon Bureau (My Desktop) : 1/4~ Menu demarrer (Programs) : 1/23~ Hidden Files: Scanned in 00mn 00s---\\ Processos lançados[MD5.4A73AB8412D3AA6CFAD24051FF9DBFA7] - (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160] [PID.2116][MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.3016][MD5.7E91655B4947EC1B18B3BC1645839145] - (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exe [356128] [PID.1496][MD5.7DCE7A74764EB7C67D21A32BC579453D] - (.Oracle Corporation - Java Update Checker.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe [507264] [PID.2296][MD5.9C41C4C252E978B5BABAF4C19BEC48CB] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8083456] [PID.3812][MD5.ED5501CBCA525947FF6985B38253B872] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [520520] [PID.916][MD5.B362181ED3771DC03B4141927C80F801] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65432] [PID.1476][MD5.0B7E221689F370C87F640C6D2EED7D3F] - (.Infowatch - InfoWatch CryptoStorage Protected objects c.) -- C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe [818888] [PID.1536][MD5.8FFF9083252C16FE3960173722605E9E] - (.Intel Corporation - IAStorDataSvc.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [13336] [PID.888][MD5.2ED1786B7542CDA261029F6B526EDF44] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [325656] [PID.1132][MD5.7E5E1603D0FF2D240AE70295C5C3FEFC] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2656280] [PID.2732]~ Processes Running: Scanned in 00mn 00s---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://br.hao123.com~ IE Browser: 19 Legitimates Filtered in 00mn 00s---\\ Internet Explorer, Gestão do Proxy (R5)R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback> =>Hijacker.ProxyR5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no keyR5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll~ Proxy management: Scanned in 00mn 00s---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programasF2 - REG:system.ini: USERINIT=C:\Windows\System32\Userinit.exe,F2 - REG:system.ini: Shell=C:\Windows\explorer.exeF2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe~ Keys: Scanned in 00mn 00s---\\ Redireção do ficheiro Hosts (01)~ Le fichier hosts est sain (The hosts file is clean).~ Hosts File: Scanned in 00mn 00s~ Nombre de lignes (Lines number): 21---\\ Browser Helper Objects do navegador (02)O2 - BHO: G-Buster Browser Defense CEF [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540003} . (.Caixa Economica Federal - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehcef.dll~ BHO: 20 Legitimates Filtered in 00mn 00s---\\ Aplicações iniciadas por registo & pastas (04)O4 - HKLM\..\Run: [igfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exeO4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exeO4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exeO4 - HKLM\..\Wow6432Node\Run: [iAStorIcon] . (.Intel Corporation - IAStorIcon.) -- C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exeO4 - HKLM\..\Wow6432Node\Run: [HDAudDeck] . (.VIA - VIA HD Audio CPL.) -- C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exeO4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems IncorporatedO4 - HKLM\..\Wow6432Node\Run: [bCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft CorporationO4 - HKLM\..\Wow6432Node\Run: [sunJavaUpdateSched] . (.Oracle Corporation - Java Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle CorporationO4 - HKLM\..\Wow6432Node\Run: [AVP] . (.Kaspersky Lab ZAO - Kaspersky Anti-Virus.) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exeO4 - HKUS\S-1-5-19\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exeO4 - HKUS\S-1-5-20\..\Run: [sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exeO4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft CorporationO4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation~ Application: Scanned in 00mn 00s---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)O9 - Extra button: Teclado Virtual [64Bits] - {0C4CC089-D306-440D-9772-464E226F6539} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kbrd.icoO9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll =>.Microsoft CorporationO9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll =>.Microsoft CorporationO9 - Extra button: Verificação de URLs [64Bits] - {CCF151D8-D089-449F-A5A4-D9909053F20F} . (...) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\logo.ico~ IE Extra Buttons: Scanned in 00mn 00s---\\ Alteração Dominio/Clientes DNS (017)O17 - HKLM\System\CCS\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129O17 - HKLM\System\CCS\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254O17 - HKLM\System\CS1\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129O17 - HKLM\System\CS1\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254O17 - HKLM\System\CS2\Services\Tcpip\..\{1052C388-4064-4760-B401-5C8F1BF2459F}: DhcpNameServer = 192.168.42.129O17 - HKLM\System\CS2\Services\Tcpip\..\{CD8E810E-3C48-497C-A835-61684ED1D898}: DhcpNameServer = 172.16.0.254O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.16.0.254~ Domain: Scanned in 00mn 00s---\\ Protocolo adicional (018)O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft ®.) -- C:\Windows\System32\mshtml.dllO18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation~ Protocole Additionnel: Scanned in 00mn 00s---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll~ Winlogon: Scanned in 00mn 00s---\\ Lista dos serviços NT não Microsoft e não desativados (023)O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exeO23 - Service: globalUpdate Update Service (globalUpdate) (globalUpdate) . (.globalUpdate - globalUpdate Update.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe~ Services: 10 Legitimates Filtered in 00mn 05s---\\ Tarefas planificadas automaticamente (039)[MD5.00000000000000000000000000000000] [APT] [06e9d593-5ff0-49e6-b296-4431f32774f9-4] (...) -- C:\Program Files (x86)\PlusVid\06e9d593-5ff0-49e6-b296-4431f32774f9-4.exe (.not file.) [0] =>PUP.PlusVid[MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1] (...) -- C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-codedownloader.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user] (...) -- C:\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6] (...) -- C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-novainstaller.exe (.not file.) [0][MD5.00000000000000000000000000000000] [APT] [b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7] (...) -- C:\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-nova.exe (.not file.) [0][MD5.F196BD7D4F1F6EFBC1A210510D5DBB84] [APT] [{9B58F3CE-A602-49DC-BF64-ACCDAD7E3E74}] (...) -- C:\Program Files (x86)\Don\DoN Launcher.exe [3743808]O39 - APT: 06e9d593-5ff0-49e6-b296-4431f32774f9-4 - (...) -- C:\Windows\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4.job [2232] =>PUP.CrossRiderO39 - APT: 06e9d593-5ff0-49e6-b296-4431f32774f9-4 - (...) -- C:\Windows\System32\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4 [2232] =>PUP.CrossRiderO39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1.job [1650] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 [1650] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11.job [3814]O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11 [3814]O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2.job [1386] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 [1386] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4.job [2450] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 [2450] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.job [1484] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 [1484] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user.job [1500]O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_user [1500]O39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6.job [1650] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 [1650] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 - (...) -- C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7.job [1588] =>PUP.CrossRiderO39 - APT: b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 - (...) -- C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 [1588] =>PUP.CrossRiderO39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineCore.job [924]O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineCore [924]O39 - APT: - (..) -- C:\Windows\Tasks\globalUpdateUpdateTaskMachineUA.job [928]O39 - APT: - (..) -- C:\Windows\System32\Tasks\globalUpdateUpdateTaskMachineUA [928]~ Scheduled Task: 39 Legitimates Filtered in 00mn 03s---\\ Software instalados (042)O42 - Logiciel: 4t Tray Minimizer Free 5.52 - (.4t Niagara Software.) [HKLM][64Bits] -- 4t Tray Minimizer_is1O42 - Logiciel: Dynasty of Nordics versão 7.55 - (.Galaxy Games.) [HKLM][64Bits] -- {5DB4716B-1246-4C39-AE77-2FFEE36DC46D}_is1O42 - Logiciel: Dynasty of Nordics versão 7.55 - (.Galaxy Games.) [HKLM][64Bits] -- {C8141479-83BC-4CCB-B70C-5C033F227E79}}_is1O42 - Logiciel: IRPF2013 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2013O42 - Logiciel: IRPF2014 - Declaração de Ajuste Anual, Final de Espólio e Saída Definitiva - (.Receita Federal do Brasil.) [HKLM][64Bits] -- IRPF2014O42 - Logiciel: New Destiny versão 7.57 - (.Star Group.) [HKLM][64Bits] -- {3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T7}_is1O42 - Logiciel: Receitanet - (.Serpro - Serviço Federal de Processamento de Dados.) [HKLM][64Bits] -- ECC16E3C-16D1-4DC2-9D8A-6AC06B3005A5O42 - Logiciel: Star Destiny versão 3.7 - (.Star Group.) [HKLM][64Bits] -- {3E61DDE5-0D27-40E8-AA2C-D6C9E343D7T4}_is1O42 - Logiciel: WYD (remove only) - (...) [HKLM][64Bits] -- WYDO42 - Logiciel: Wifi Protector BI - (.WFprotect.) [HKLM][64Bits] -- Wifi Protector BI~ Logic: 29 Legitimates Filtered in 00mn 00s---\\ HKCU & HKLM Software Keys[HKCU\Software\Baidu Security][HKCU\Software\Baidu][HKCU\Software\Iminent] =>Adware.IMBooster[HKCU\Software\InstalledBrowserExtensions] =>Adware.VidSaver[HKLM\Software\Baidu Security][HKLM\Software\InstalledBrowserExtensions] =>Adware.VidSaver[HKLM\Software\Wow6432Node\AutoHelpDesk][HKLM\Software\Wow6432Node\Bahamut][HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>Adware.VidSaver[HKLM\Software\Wow6432Node\Pando Networks]~ Key Software: 182 Legitimates Filtered in 00mn 00s---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)O43 - CFD: 12/11/2012 - 15:17:00 - [] ----D C:\Program Files (x86)\4t Tray MinimizerO43 - CFD: 21/07/2014 - 21:12:48 - [] ----D C:\Program Files (x86)\DoNO43 - CFD: 17/07/2014 - 23:27:05 - [] ----D C:\Program Files (x86)\FDGO43 - CFD: 28/07/2014 - 19:50:30 - [] ----D C:\Program Files (x86)\FLVM PlayerO43 - CFD: 06/02/2014 - 11:49:42 - [] ----D C:\Program Files (x86)\Pando NetworksO43 - CFD: 09/03/2014 - 08:54:38 - [] ----D C:\Program Files (x86)\Programas RFBO43 - CFD: 28/07/2014 - 20:11:16 - [] ----D C:\Program Files (x86)\Wifi Protector BIO43 - CFD: 29/07/2014 - 06:52:24 - [0] ----D C:\Users\reparo\AppData\Roaming\baiduO43 - CFD: 28/07/2014 - 20:08:36 - [] ----D C:\Users\reparo\AppData\Roaming\Baidu SecurityO43 - CFD: 28/07/2014 - 20:13:35 - [] ----D C:\Users\reparo\AppData\Roaming\ContentExplorer =>PUP.ContentExplorerO43 - CFD: 28/07/2014 - 19:50:28 - [] ----D C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM Player~ Program Folder: 117 Legitimates Filtered in 00mn 00s---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)O44 - LFC:[MD5.B6F762113B8C51943219CC7A5F8F93C1] - 27/07/2014 - 10:12:52 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [4062]O44 - LFC:[MD5.6D168297A9534E194DB590A9C48AF13E] - 27/07/2014 - 10:12:52 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [4254]O44 - LFC:[MD5.04199CA5C4A6F6E935906A74EAFCA8E7] - 28/07/2014 - 21:44:13 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [84536]O44 - LFC:[MD5.7D7F90460F1309B5205BF8CDFAD63E42] - 28/07/2014 - 21:44:15 ---A- . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66616]O44 - LFC:[MD5.D32B836ECD5A96D7662611D5A3660ED8] - 29/07/2014 - 19:55:36 ---A- . (...) -- C:\Windows\ntbtlog.txt [148024]~ Files: 114 Legitimates Filtered in 00mn 04s---\\ Operações e funções ao arranque do Windows Explorer (046)O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLLO46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL~ ShellExecuteHooks: Scanned in 00mn 00s---\\ Enumeração das chaves do registo StartupReg (SMSR) (O53)O53 - SMSR:HKLM\...\startupreg\RaidCall [Key] . (.RAIDCALL.COM - Raidcall.) -- C:\Program Files (x86)\RaidCall\raidcall.exe~ SMSR Keys: 1 Legitimates Filtered in 00mn 00s---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorUser"=0O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0~ MWPS: 16 Legitimates Filtered in 00mn 00s---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1~ MWPE Keys: 3 Legitimates Filtered in 00mn 00s---\\ Lista dos drivers do sistema (SDL) (O58)O58 - SDL:02/06/2011 - 14:39:44 ---A- . (.Infowatch - Cryptographic Algorithm Lib Driver..) -- C:\Windows\System32\Drivers\CSCrySec.sys [84536]O58 - SDL:02/06/2011 - 14:39:44 ---A- . (.Infowatch - Virtual Volume Container Driver (wnet).) -- C:\Windows\System32\Drivers\CSVirtualDiskDrv.sys [66616]O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]O58 - SDL:04/10/2012 - 14:07:24 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpkm.sys [47720]O58 - SDL:17/03/2014 - 18:30:14 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]~ Drivers: 71 Legitimates Filtered in 00mn 00s---\\ Lista das ferramentas de remoção de vírus (LAT) (063)O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas CoolmanO63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}~ ADS: Scanned in 00mn 00s---\\ Lista dos serviços Legacy du registo (064)O64 - Services: CurCS - 04/12/2013 - C:\Windows\System32\DRIVERS\kneps.sys (kneps) .(.Kaspersky Lab ZAO - KNEPS Power.) - LEGACY_KNEPS~ Legacy: 102 Legitimates Filtered in 00mn 00s---\\ Menu de inicialização Internet (068)O68 - StartMenuInternet: <FIREFOX.EXE> <Mozilla Firefox>[HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exeO68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe~ Keys: Scanned in 00mn 00s---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)O69 - SBI: SearchScopes [HKCU] Web [DefaultScope] - (Web) - http://br.yhs4.search.yahoo.comO69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - http://www.bing.comO69 - SBI: SearchScopes [HKCU] {FAA16D39-29DE-4F14-9869-0DBF17DBF21B} - (Bing) - http://www.bing.com~ Keys: Scanned in 00mn 00s---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)[MD5.44B89BC0069FA73A8EAD7120A4293B5B] [sPRF][04/05/2013] (...) -- C:\ProgramData\ntuser.dat [262144]~ Files: 2 Legitimates Filtered in 00mn 00s---\\ Lista das exceções do FireWall (FirewallRules) (O87)O87 - FAEL: "{4F850645-2D5A-46FA-BA00-8984D78B8442}" | In - None - P6 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Nara\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrentO87 - FAEL: "{3AB09CCB-4963-4C2E-BDB6-980C5CC62D0D}" | In - None - P17 - TRUE | .(.BitTorrent Inc. - µTorrent.) -- C:\Users\Nara\AppData\Roaming\uTorrent\uTorrent.exe =>P2P.BitTorrent~ Firewall: 2 Legitimates Filtered in 00mn 01s---\\ Search Tracing Registry Key (O100)HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASAPI32 =>Adware.IMBoosterHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASMANCS =>Adware.IMBoosterHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-codedownloader_RASAPI32 =>PUP.PlusVidHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-codedownloader_RASMANCS =>PUP.PlusVidHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-novainstaller_RASAPI32 =>PUP.PlusVidHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\PlusVid-novainstaller_RASMANCS =>PUP.PlusVidHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASAPI32 =>P2P.µTorrentHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\uTorrent_RASMANCS =>P2P.µTorrentHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32 =>PUP.WajamHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCS =>PUP.WajamHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32 =>PUP.WajamHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS =>PUP.WajamHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_2207-6c14163c_RASAPI32 =>PUP.WajamHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_2207-6c14163c_RASMANCS =>PUP.WajamHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASAPI32 =>PUP.WajamHKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\wajam_install_RASMANCS =>PUP.Wajam~ BTK: 340 Legitimates Filtered in 00mn 00s---\\ Search CLSID Registry Key (O101)[HKCR\CLSID\{11111111-1111-1111-1111-110611171160}] (PlusVid) =>PUP.PlusVid[HKCR\CLSID\{22222222-2222-2222-2222-220622172250}] (CrossriderApp0061750.Sandbox) =>PUP.CrossRider[HKCR\CLSID\{22222222-2222-2222-2222-220622172260}] (CrossriderApp0061760.Sandbox) =>PUP.CrossRider~ BCK: 4344 Legitimates Filtered in 00mn 04s---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)SS - | Demand 08/07/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeSS - | Auto 28/07/2014 68608 | (globalUpdate) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exeSS - | Demand 28/07/2014 68608 | (globalUpdatem) . (.globalUpdate.) - C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exeSS - | Demand 04/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeSS - | Demand 17/07/2014 119408 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeSS - | Auto 23/10/2013 172192 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exeSR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exeSR - | Auto 04/12/2013 356128 | (AVP) . (.Kaspersky Lab ZAO.) - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\avp.exeSR - | Auto 25/09/2013 818888 | (CSObjectsSrv) . (.Infowatch.) - C:\Program Files (x86)\Common Files\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exeSR - | Auto 26/02/2014 520520 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exeSR - | Auto 05/11/2010 13336 | (IAStorDataMgrSvc) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exeSR - | Auto 20/12/2010 325656 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exeSR - | Auto 20/12/2010 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeSR - | Auto 14/12/2010 27760 | (VIAKaraokeService) . (.VIA Technologies, Inc..) - C:\Windows\System32\viakaraokesrv.exeSR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exeSR - | Auto 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft CorporationSR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe~ Services: Scanned in 00mn 05s---\\ Scâner Aditional (088)Database Version : 13026 - (29/07/2014)Clés trouvées (Keys found) : 15Valeurs trouvées (Values found) : 0Dossiers trouvés (Folders found) : 1Fichiers trouvés (Files found) : 17[HKCU\Software\Iminent] =>Adware.IMBooster[HKCU\Software\AppDataLow\Software\Crossrider] =>PUP.CrossRider[HKCU\Software\InstalledBrowserExtensions\] =>PUP.CrossRider[HKCU\Software\InstalledBrowserExtensions] =>PUP.CrossRider[HKLM\Software\InstalledBrowserExtensions] =>PUP.CrossRider[HKLM\Software\Wow6432Node\InstalledBrowserExtensions] =>PUP.CrossRider[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622172250}] =>PUP.CrossRider[HKLM\Software\Classes\CLSID\{22222222-2222-2222-2222-220622172260}] =>PUP.CrossRider[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110611171150}] =>PUP.CrossRider[HKLM\Software\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRider[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622172250}] =>PUP.CrossRider[HKLM\Software\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220622172260}] =>PUP.CrossRider[HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171160}] =>PUP.CrossRiderC:\Users\reparo\AppData\Roaming\ContentExplorer =>PUP.ContentExplorer^C:\Windows\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4.job =>PUP.CrossRider^C:\Windows\System32\Tasks\06e9d593-5ff0-49e6-b296-4431f32774f9-4 =>PUP.CrossRider^C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1.job =>PUP.CrossRider^C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1 =>PUP.CrossRider^C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2.job =>PUP.CrossRider^C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2 =>PUP.CrossRider^C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4.job =>PUP.CrossRider^C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4 =>PUP.CrossRider^C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5.job =>PUP.CrossRider^C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5 =>PUP.CrossRider^C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6.job =>PUP.CrossRider^C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6 =>PUP.CrossRider^C:\Windows\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7.job =>PUP.CrossRider^C:\Windows\System32\Tasks\b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7 =>PUP.CrossRider^[HKCR\CLSID\{11111111-1111-1111-1111-110611171160}] (PlusVid) =>PUP.PlusVid^[HKCR\CLSID\{22222222-2222-2222-2222-220622172250}] (CrossriderApp0061750.Sandbox) =>PUP.CrossRider^[HKCR\CLSID\{22222222-2222-2222-2222-220622172260}] (CrossriderApp0061760.Sandbox) =>PUP.CrossRider^~ Additionnel Scan: 199781 Items scanned in 00mn 16s---\\ Informações complémentaires do módulos~ =>.Internet Explorer, Gestão do Proxy (R5) ~ =>.Browser Helper Objects do navegador (02) ~ =>.Aplicações iniciadas por registo & pastas (04) ~ AMI: 3 Legitimates Filtered in 00mn 00s---\\ Sumário das deteções encontradas na sua estação =>Hijacker.Proxy =>PUP.PlusVid =>PUP.CrossRider =>Adware.IMBooster =>Adware.VidSaver =>PUP.ContentExplorer =>PUP.Wajam ~ MSI: 7 link(s) detected in 00mn 00s~ 797 Legitimates filtered by white listEnd of the scan (516 lines in 00mn 52s)(0) Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 30, 2014 Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer: http://www.bleepingcomputer.com/download/adwcleaner/ Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial: Remova adwares e toolbars maliciosas com o Adwcleaner * Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[s0].txt Ficamos na espera. Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Julho 31, 2014 Boa noite, segue log, também exclui o outro usuário só entrava muito lentamente com perfil temporário. # AdwCleaner v3.302 - Relatório criado 30/07/2014 às 21:29:27# Atualizado 30/07/2014 por Xplode# Sistema Operacional : Windows 7 Home Premium (64 bits)# Usuário : reparo - CASA-PC# Executando de : C:\Users\reparo\Downloads\AdwCleaner.exe# Opção : Limpar***** [ Serviços ] *****[#] Serviço Deletada : globalUpdate[#] Serviço Deletada : globalUpdatem***** [ Arquivos / Pastas ] *****Pasta Deletada : C:\Program Files (x86)\FLVM PlayerPasta Deletada : C:\Program Files (x86)\globalUpdatePasta Deletada : C:\Program Files (x86)\Wifi Protector BI[#] Pasta Deletada : C:\Users\Public\Documents\baiduPasta Deletada : C:\Users\reparo\AppData\Local\globalUpdatePasta Deletada : C:\Users\reparo\AppData\Roaming\baiduPasta Deletada : C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FLVM PlayerArquivo Deletada : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\SearchTheWeb.xml***** [ Tarefas ] *****Tarefa Deletedo : globalUpdateUpdateTaskMachineCoreTarefa Deletedo : globalUpdateUpdateTaskMachineUATarefa Deletedo : 06e9d593-5ff0-49e6-b296-4431f32774f9-4Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-1Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-11Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-2Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-4Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-5_userTarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-6Tarefa Deletedo : b5d9e10c-f343-45c0-97d2-2fc7ace89d45-7***** [ Atalhos ] ********** [ Registro ] *****Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\lpoimibckejjdjcfbdnajaicnklhfplhChave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachineChave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsyncChave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClassChave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClassChave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachineChave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineChave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallbackChave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvcChave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncherChave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassServiceChave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineChave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallbackChave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0Chave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvcChave Deletedo : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsChave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASAPI32Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_1712-b2fcad5e_RASMANCSChave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancsChave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCSChave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCSChave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171160}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172250}Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172260}Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175550}Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175560}Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176650}Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176660}Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171160}Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110611171160}Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110611171160}Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172250}Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220622172260}Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175550}Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550655175560}Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176650}Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660666176660}Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110611171160}Chave Deletedo : HKCU\Software\GlobalUpdateChave Deletedo : HKCU\Software\IminentChave Deletedo : HKCU\Software\InstalledBrowserExtensionsChave Deletedo : HKCU\Software\AppDataLow\Software\CrossriderChave Deletedo : HKCU\Software\AppDataLow\Software\Wifi Protector BIChave Deletedo : HKLM\Software\GlobalUpdateChave Deletedo : HKLM\Software\InstalledBrowserExtensionsChave Deletedo : HKLM\Software\Wifi Protector BIChave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Wifi Protector BIChave Deletedo : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions***** [ Navegadores ] *****-\\ Internet Explorer v8.0.7600.17267-\\ Mozilla Firefox v31.0 (x86 pt-BR)[ Arquivo : C:\Users\Nara\AppData\Roaming\Mozilla\Firefox\Profiles\4ej3vhqz.default\prefs.js ][ Arquivo : C:\Users\reparo\AppData\Roaming\Mozilla\Firefox\Profiles\rbh8i03t.default\prefs.js ][ Arquivo : C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\zdt96tt7.default\prefs.js ][ Arquivo : C:\Users\TEMP.casa-PC.000\AppData\Roaming\Mozilla\Firefox\Profiles\254nn8lo.default\prefs.js ]*************************AdwCleaner[R0].txt - [10544 octets] - [30/07/2014 21:27:54]AdwCleaner[R1].txt - [10605 octets] - [30/07/2014 21:28:44]AdwCleaner[s0].txt - [10104 octets] - [30/07/2014 21:29:27]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [10165 octets] ########## Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 31, 2014 Desative temporariamente seu antivírus para evitar conflitos. * Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe: http://www.hijackthis.nl/smeenk/ :veja: Para executá-lo corretamente siga as dicas deste tutorial: Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek * Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Julho 31, 2014 Boa noite, segue log Zoek.exe v5.0.0.0 Updated 31-07-2014Tool run by reparo on 31/07/2014 at 18:16:26,78.Microsoft Windows 7 Home Premium 6.1.7600 x64Running in: Normal Mode Internet Access DetectedLaunched: C:\Users\reparo\Downloads\zoek.exe [scan all users] [script inserted]==== System Restore Info ======================31/07/2014 18:17:19 Zoek.exe System Restore Point Created Succesfully.==== Reset Hosts File ======================# Copyright © 1993-2006 Microsoft Corp.## This is a sample HOSTS file used by Microsoft TCP/IP for Windows.## This file contains the mappings of IP addresses to host names. Each# entry should be kept on an individual line. The IP address should# be placed in the first column followed by the corresponding host name.# The IP address and the host name should be separated by at least one# space.## Additionally, comments (such as these) may be inserted on individual# lines or following the machine name denoted by a '#' symbol.## For example:## 102.54.94.97 rhino.acme.com # source server# 38.25.63.10 x.acme.com # x client host# localhost name resolution is handle within DNS itself.127.0.0.1 localhost::1 localhost==== Deleting CLSID Registry Keys ========================== Deleting CLSID Registry Values ========================== Deleting Services ========================== FireFox Fix ======================Deleted from C:\Users\Nara\AppData\Roaming\Mozilla\Firefox\Profiles\4ej3vhqz.default\prefs.js:user_pref("browser.startup.homepage", "https://www.google.com.br/");user_pref("browser.search.defaulturl", "");user_pref("browser.search.defaultenginename,S", "");user_pref("browser.search.selectedEngine", "Google");user_pref("browser.search.selectedEngine,S", "");user_pref("browser.search.order.1,S", "");user_pref("browser.search.useDBForOrder", "false");Added to C:\Users\Nara\AppData\Roaming\Mozilla\Firefox\Profiles\4ej3vhqz.default\prefs.js:user_pref("browser.startup.homepage", "http://www.google.com");user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");user_pref("browser.newtab.url", "http://www.google.com/");user_pref("browser.search.defaultengine", "Google");user_pref("browser.search.defaultenginename", "Google");user_pref("browser.search.selectedEngine", "Google");user_pref("browser.search.order.1", "Google");user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");user_pref("browser.search.suggest.enabled", true);user_pref("browser.search.useDBForOrder", true);Deleted from C:\Users\reparo\AppData\Roaming\Mozilla\Firefox\Profiles\rbh8i03t.default\prefs.js:Added to C:\Users\reparo\AppData\Roaming\Mozilla\Firefox\Profiles\rbh8i03t.default\prefs.js:user_pref("browser.startup.homepage", "http://www.google.com");user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");user_pref("browser.newtab.url", "http://www.google.com/");user_pref("browser.search.defaultengine", "Google");user_pref("browser.search.defaultenginename", "Google");user_pref("browser.search.selectedEngine", "Google");user_pref("browser.search.order.1", "Google");user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");user_pref("browser.search.suggest.enabled", true);user_pref("browser.search.useDBForOrder", true);Deleted from C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\zdt96tt7.default\prefs.js:Added to C:\Users\TEMP\AppData\Roaming\Mozilla\Firefox\Profiles\zdt96tt7.default\prefs.js:user_pref("browser.startup.homepage", "http://www.google.com");user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");user_pref("browser.newtab.url", "http://www.google.com/");user_pref("browser.search.defaultengine", "Google");user_pref("browser.search.defaultenginename", "Google");user_pref("browser.search.selectedEngine", "Google");user_pref("browser.search.order.1", "Google");user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");user_pref("browser.search.suggest.enabled", true);user_pref("browser.search.useDBForOrder", true);==== Deleting Files \ Folders ======================C:\PROGRA~2\GUTD2F8.tmp deletedC:\PROGRA~2\GUTDBCE.tmp deletedC:\install.exe deletedC:\Users\reparo\AppData\Roaming\ContentExplorer deletedC:\Users\reparo\Searches deletedC:\Windows\SysNative\config\systemprofile\Searches deletedC:\Windows\SysWow64\AI_RecycleBin deletedC:\Users\Nara\AppData\Roaming\Mozilla\Firefox\Profiles\4ej3vhqz.default\extensions\firefox@mega.co.nz.xpi deleted==== Firefox Extensions Registry ======================[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]"online_banking@kaspersky.com"="C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\FFExt\online_banking@kaspersky.com" [28/07/2014 22:45]==== Firefox Extensions ======================AppDir: C:\Program Files (x86)\Mozilla Firefox- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}==== Firefox Plugins ======================Profilepath: C:\Users\reparo\AppData\Roaming\Mozilla\Firefox\Profiles\rbh8i03t.default4390CCD3790F8D9C427C0C29590C62D7 - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll - Shockwave FlashC899B98999270821EDFFA56044DE2377 - C:\Users\Nara\AppData\Roaming\raidcall\plugins\nprcplugin.dll - Raidcall plugin==== Chrome Look ======================HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensionsdchlnpcodkpfdpacogkljefecpegganj - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\urladvisor.crx[04/12/2013 19:30]hakdifolhalapjijoafobooafbilfakh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\online_banking_chrome.crx[04/12/2013 19:30]hghkgaeecgjhjkannahfamoehjmkjail - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\content_blocker_chrome.crx[04/12/2013 19:26]jagncdcchgajhfhijbbhecadmaiegcmh - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\virtkbd.crx[04/12/2013 19:26]pjldcfjmnllhmgjclecdnfampinooman - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\ChromeExt\ab.crx[04/12/2013 19:30]Docs - Nara\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokakeGoogle Drive - Nara\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalfYouTube - Nara\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeoGoogle Search - Nara\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpfGBBD Caixa Economica Federal - Nara\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnjbodopomfddehlalfilheomcahbpeiGmail - Nara\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia==== Set IE to Default ======================Old Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Start Page"="http://br.hao123.com/?tn=brosoft_pay_hp_te_hao123_br""Search Page"="http://br.yhs4.search.yahoo.com/yhs/search?hspart=baixaki&hsimp=yhs-baixaki_br_solimba_01&p={searchTerms}"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]No DefaultScope Set For HKCUNew Values:[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896""Start Page"="http://www.google.com"[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"==== All HKCU SearchScopes ======================HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"{FAA16D39-29DE-4F14-9869-0DBF17DBF21B} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"==== Reset Google Chrome ======================C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Google\Chrome\User Data\Default\preferences was reset successfullyC:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfullyC:\Users\Nara\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Google\Chrome\User Data\Default\Web Data was reset successfullyC:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfullyC:\Users\Nara\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully==== shortcuts on Users Desktops ======================C:\Users\Nara\Desktop\AIKA.lnk - C:\OnGame\AIKA\AIKALauncher.exeC:\Users\Nara\Desktop\Conexão local - Atalho.lnk - C:\Users\Nara\Desktop\Documentos - Atalho.lnk - C:\Users\reparo\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-msC:\Users\Nara\Desktop\HiJackThis.lnk - C:\Users\Nara\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exeC:\Users\Nara\Desktop\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Nara\Desktop\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Users\Nara\Desktop\Play The Stomping Land.lnk - C:\GAMES\The Stomping Land\play-StompingLand.exeC:\Users\Nara\Desktop\TeamSpeak 3 Client.lnk - C:\Users\Nara\AppData\Local\TeamSpeak 3 Client\ts3client_win32.exeC:\Users\Nara\Desktop\WYD.lnk - C:\OnGame\WYD\WYDLauncher.exeC:\Users\reparo\Desktop\Safe Money.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exe -hidden safebankingC:\Users\reparo\Desktop\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exeC:\Users\reparo\Desktop\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe==== shortcuts on All Users Desktop ======================C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Users\Public\Desktop\CCleaner.lnk - C:\Users\Public\Desktop\DoN Sandbox.lnk - C:\Users\Public\Desktop\DoN.lnk - C:\Users\Public\Desktop\Kaspersky PURE 3.0.lnk - C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Users\Public\Desktop\Maxthon Cloud Browser.lnk - C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Users\Public\Desktop\NewLauncher.exe.lnk - C:\Users\Public\Desktop\StrLauncher.exe.lnk - ==== shortcuts in Users Start Menu ======================C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Nara\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exeC:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_67467664.lnk - C:\Users\Nara\AppData\Local\Temp\_uninst_67467664.batC:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chmC:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txtC:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk - C:\Users\Nara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exeC:\Users\reparo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games\Age of Empires III™.lnk - C:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\TEMP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff==== shortcuts in All Users Start Menu ======================C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner64.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner\Uninstall CCleaner.lnk - C:\Program Files\CCleaner\uninst.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\DoN\DoN.lnk - C:\Program Files (x86)\DoN\DoN Launcher.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\DoN Sandbox\DoN Sandbox.lnk - C:\GAMES\DoN Sandbox\DoN Sandbox Launcher.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Ajuda do Kaspersky PURE 3.0.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\Doc\pt-BR\PURE\context.chmC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Contrato de Licença do Usuário Final.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Kaspersky PURE 3.0.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\starter_avp.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Remover o Kaspersky PURE 3.0.lnk - C:\Windows\SysWOW64\msiexec.exe /i{D0702EE9-9DE4-419A-9C6C-4730B1C985BA} REMOVE=ALLC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky PURE 3.0\Visitar a Kaspersky Lab na Web.lnk - C:\Program Files (x86)\Kaspersky Lab\Kaspersky PURE 3.0\kl.urlC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chmC:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Ajuda do WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.chmC:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\Manual do Console RAR.lnk - C:\Program Files (x86)\WinRAR\Rar.txtC:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\O que há de novo na última versão.lnk - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR\WinRAR.lnk - C:\Program Files (x86)\WinRAR\WinRAR.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe==== shortcuts in Quick Launch ======================C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exeC:\Users\casa\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Gabriel\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exeC:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d78513a8998829c\pinned.lnk - C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk - C:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Maxthon Cloud Browser.lnk - C:\Program Files (x86)\Maxthon\Bin\Maxthon.exeC:\Users\Nara\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\DoN.lnk - C:\Program Files (x86)\DoN\DoN Launcher.exeC:\Users\reparo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\reparo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\reparo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\reparo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Users\reparo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exeC:\Users\reparo\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk - C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk - C:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exeC:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files (x86)\Mozilla Firefox\firefox.exeC:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exeC:\Users\TEMP\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1==== Reset IE Proxy ======================Value(s) before fix:"ProxyOverride"="<-loopback>""ProxyEnable"=dword:00000000Value(s) after fix:"ProxyEnable"=dword:00000000==== Empty IE Cache ======================C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\AppData\Local\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Dados de aplicativos\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\casa\Configurações locais\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Gabriel\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Nara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Nara\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\Nara\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\Nara\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfullyC:\Users\reparo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\TEMP\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfullyC:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfullyC:\Users\reparo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot==== Empty FireFox Cache ======================C:\Users\Nara\AppData\Local\Mozilla\Firefox\Profiles\4ej3vhqz.default\Cache emptied successfullyC:\Users\reparo\AppData\Local\Mozilla\Firefox\Profiles\rbh8i03t.default\Cache emptied successfullyC:\Users\TEMP\AppData\Local\Mozilla\Firefox\Profiles\zdt96tt7.default\Cache emptied successfully==== Empty Chrome Cache ======================C:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\casa\AppData\Local\Dados de aplicativos\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\casa\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfullyC:\Users\Nara\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully==== Empty All Flash Cache ======================Flash Cache Emptied Successfully==== Empty All Java Cache ======================Java Cache cleared successfully==== C:\zoek_backup content ======================C:\zoek_backup (files=1367 folders=171 372986584 bytes)==== Empty Temp Folders ======================C:\Users\casa\AppData\Local\Temp will be emptied at rebootC:\Users\Default\AppData\Local\Temp emptied successfullyC:\Users\Default User\AppData\Local\Temp emptied successfullyC:\Users\Gabriel\AppData\Local\Temp emptied successfullyC:\Users\Nara\AppData\Local\Temp emptied successfullyC:\Users\reparo\AppData\Local\Temp will be emptied at rebootC:\Users\TEMP\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfullyC:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfullyC:\Windows\Temp will be emptied at reboot==== After Reboot ========================== Empty Temp Folders ======================C:\Windows\Temp successfully emptiedC:\Users\reparo\AppData\Local\Temp successfully emptied==== Empty Recycle Bin ======================C:\$RECYCLE.BIN successfully emptied==== Deleting Files / Folders ======================"C:\Users\reparo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found==== EOF on 31/07/2014 at 18:42:20,67 ====================== Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Julho 31, 2014 Faça um update (atualização) em seu Malwarebytes e depois disso siga as dicas abaixo para fazer a limpeza completa com ele: Alterando o idioma do Malwarebytes para o português: (caso ele esteja em outro idioma) Caso o idioma do seu Malwarebytes esteja em inglês é bem simples mudá-lo para nossa língua. Para isto abra o Malwarebytes e clique em Settings como mostra esta imagem: Na próxima tela que surge, clique em Language e selecione a opção Portugueze (Brazil): ___________________________________________________________________________ Como executar uma verificação personalizada com o Malwarebytes: - Abra o Malwarebytes > Clique em Verificar > clique em Verificação Personalizada > Clique em Verificar Agora: Surgirá mais esta tela abaixo na qual você marcará todas as caixinhas do lado direito da tela para que todas as áreas de seu PC e mídias removíveis ligadas a ele possam ser escaneadas. E do lado esquerdo da tela deixe marcadas estas opções: Verificar Objetos na Memória Verificar as Configurações da Inicialização e do Registro Verificar Arquivos Compactados Quanto ao restante, deixe da forma já pré-configurada pelo Malwarebytes. Depois disto clique no botão Iniciar Verificação como mostra a imagem abaixo: Aguarde enquanto o escaneamento é realizado. Ele demora de acordo com a quantidade de arquivos que você possua em seu computador: Assim que a verificação terminar, caso seja detectada alguma ameaça em seu PC surgirá uma mensagem como esta abaixo próximo ao relógio do Windows onde você clicará nela: Neste momento aparecerá quais os malwares e itens potencialmente indesejáveis que foram detectados e os locais onde eles se encontram. Você notará que ele já mostra uma ação padrão para os itens (que normalmente é a de mover para a quarentena). Para remover as infecções, deixe a opção Quarentena no menu Ação selecionada em todos os itens e clique no botão Aplicar Ações, como mostra esta imagem: Alguns malwares são rebeldes e podem necessitar de uma reinicialização do PC para que sejam removidos. Caso isto seja solicitado pelo Malwarebytes, clique em Sim (ou Yes) como mostra esta imagem: Depois disto é só postar o novo log de verificação que o Malwarebytes irá criar em sua próxima resposta. Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Agosto 1, 2014 Boa tarde, rodei o malwarebytes como indicado, porém como minha versão free já expirou, acreditoque por isto não visualizo o log, quatro ameaças foram detectadas, foram para a quarentena e depois excluídas. Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 1, 2014 Baixe o programa Junkware Removal Tool no link abaixo: http://thisisudax.org/downloads/JRT.exe Para executar corretamente o programa acima é só seguir as dicas deste tutorial: Tutorial do Junkware Removal Tool * Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt Ficamos na espera. Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Agosto 2, 2014 Tentei baixar direto do seu post e da caixa de dicas, uso windows 7 então ao executar como administrador dá a mensagem de acesso negado,mesmo com o antivírus desativado. Compartilhar este post Link para o post Compartilhar em outros sites
Power Max 54 Denunciar post Postado Agosto 2, 2014 Siga, por gentileza, as dicas deste tutorial para fazer um escaneamento de seu PC pelo Nod32 Online: Tutorial do antivirus Nod32 Online Após o término do escaneamento será gerado um relatório (log) que estará no seguinte local do seu computador: C:\Arquivos de programas\Eset\Eset Online Scanner\log.txt Na sua próxima resposta poste este log do Nod32 Online. Compartilhar este post Link para o post Compartilhar em outros sites
Ionara 2 Denunciar post Postado Agosto 2, 2014 Bom dia, segue log... ESETSmartInstaller@High as downloader log:all ok# product=EOS# version=8# OnlineScannerApp.exe=1.0.0.1# OnlineScanner.ocx=1.0.0.7623# api_version=3.0.2# EOSSerial=4166e92481bfe944a1162389cf434cbc# engine=19467# end=finished# remove_checked=true# archives_checked=true# unwanted_checked=true# unsafe_checked=true# antistealth_checked=true# utc_time=2014-08-02 11:19:10# local_time=2014-08-02 08:19:10 (-0300, Hora oficial do Brasil)# country="Brazil"# lang=1033# osver=6.1.7600 NT# compatibility_mode_1='Kaspersky PURE 3.0'# compatibility_mode=1289 16777213 100 99 0 98292018 0 0# compatibility_mode_1=''# compatibility_mode=5893 16776573 100 94 0 158525400 0 0# scanned=220549# found=17# cleaned=17# scan_time=3083sh=9B887598BA32B96C6F440E28C999A03432141F98 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45.crx.vir"sh=B05563F97CD00B43C8CFB580CB6AB986C46AD751 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wifi Protector BI\b5d9e10c-f343-45c0-97d2-2fc7ace89d45.xpi.vir"sh=FE5602268DFA89EB01688600C4E883DD76EC0105 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.B potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wifi Protector BI\d7aebb74-e641-4a54-920f-f3448714333f.crx.vir"sh=E830C41380C0D2F81D65E8F1853AEA4D5B3D45B4 ft=1 fh=80100b86c569921f vn="a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-buttonutil.dll.vir"sh=88750E79DDE8F12E002AB593FD702A3AFA4FE0B5 ft=1 fh=0b6495df0dd3d0a8 vn="a variant of Win32/Toolbar.CrossRider.AA potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-buttonutil.exe.vir"sh=D81DF792D76A044DD25F8B33F279755750521A18 ft=1 fh=cd8fc34e3ab9f70e vn="a variant of Win64/Toolbar.Crossrider.G potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-buttonutil64.dll.vir"sh=60C28B79DEFA5D683340B8A740DED3E9039F8B41 ft=1 fh=9fb627c0a5d32f15 vn="a variant of Win64/Toolbar.Crossrider.H potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-buttonutil64.exe.vir"sh=7F079C220E4448B3BEBED98F782330780B0EA90B ft=1 fh=1f02001914c7bed2 vn="probably a variant of Win32/Toolbar.CrossRider.AI potentially unwanted application (deleted - quarantined)" ac=C fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\Wifi Protector BI\Wifi Protector BI-nova.dll.vir"sh=4EEA7BE0DE33FED17B5F52FF5E6216F869C45AE5 ft=1 fh=351776d4d6274ee2 vn="a variant of MSIL/HackKMS.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Nara\Desktop\Ativador Office 2007\Ativador Office 2010.exe"sh=9C75D4870D4989E56427A3821FD1EAC61595D714 ft=0 fh=0000000000000000 vn="a variant of MSIL/HackKMS.A potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Nara\Documents\Office 2010\Ativador Office 2010 100% Funcionando - By Felipooww.rar"sh=5499E0C25D660E056FCBD38CC1C3E4D89BE1CB81 ft=1 fh=6b68483e67e9dd38 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Nara\Downloads\14282_avira_2012_antivirus_gratis_1200289.exe.exe"sh=2FEC2BB06C11B711B37E7D1BAC0004F8F25A4C7B ft=1 fh=9586b0754c97a9e0 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application (deleted - quarantined)" ac=C fn="C:\Users\Nara\Downloads\ccsetup401.exe"sh=9BDA124FC88E26DF0E8057DA1849B8C268B35FEF ft=1 fh=4709d8f903593392 vn="a variant of Win32/OpenInstall potentially unwanted application (deleted - quarantined)" ac=C fn="C:\Users\Nara\Downloads\WinZip165Multi-language.exe"sh=CAC2EE8DDF6A64B037A357017CA4C4221141BD70 ft=1 fh=6d3baa21187c5208 vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\zoek_backup\C_Users_Nara_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe"sh=079F5212D0CC3059077736D55C4B04C6CBBFD2B8 ft=1 fh=573a726a370e6e65 vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\zoek_backup\C_Users_Nara_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe"sh=95924D930E42925FCF9C31F268569AF088229675 ft=0 fh=0000000000000000 vn="a variant of Android/Mobserv.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\zoek_backup\C_Users_Nara_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\MUServer.apk"sh=678148EE00B38B9AAD38C549719F66F1D4E16604 ft=1 fh=0b483d240f3d026b vn="a variant of Win32/Mobogenie.A potentially unwanted application (deleted - quarantined)" ac=C fn="C:\zoek_backup\C_Users_Nara_AppData_Local_Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe" Compartilhar este post Link para o post Compartilhar em outros sites
