Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 15 usuários online :: 0 registrados, 0 invisíveis e 15 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
Vírus no PC
2 participantes
Página 1 de 1
Vírus no PC
Meu pc ta com vírus, os navegadores google crome e o mozila fecham sozinho, como faço para remover esse vírus ?
Eliciana- Iniciante
- Mensagens : 21
Reputação : 0
Data de inscrição : 25/02/2014
Re: Vírus no PC
Oi Eliciana.
Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
*Execute-o e clique no botão Main Menu.
* Na próxima tela que surgirá clique em [Do a system scan and save a logfile].
*Um relatório será apresentado.
*Selecione todo o conteúdo deste relatório e copie (Ctrl+c).
Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado.
Ficamos no aguardo de sua resposta.
Faça o download do [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
*Execute-o e clique no botão Main Menu.
* Na próxima tela que surgirá clique em [Do a system scan and save a logfile].
*Um relatório será apresentado.
*Selecione todo o conteúdo deste relatório e copie (Ctrl+c).
Depois disso é só voltar aqui no fórum e postar este log do Hijackthis para que ele possa ser analisado.
Ficamos no aguardo de sua resposta.
Última edição por Power Max em Dom 02 Mar 2014, 10:48, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Vírus no PC
O relatório foi esse:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:20:46, on 25/02/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Eliciana\Local Settings\Apps\F.lux\flux.exe
C:\Windows\System32\wscript.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\abo.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe
C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N0UJC8F\HijackThis.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [F.lux] "C:\Users\Eliciana\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [mugen] wscript.exe //B "C:\Users\Eliciana\AppData\Local\Temp\mugen.vbs"
O4 - Startup: abo.exe
O4 - Startup: mugen.vbs
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 4988 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:20:46, on 25/02/2014
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16476)
Boot mode: Normal
Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Eliciana\Local Settings\Apps\F.lux\flux.exe
C:\Windows\System32\wscript.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\abo.exe
C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\HPCustPartic.exe
C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N0UJC8F\HijackThis.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [F.lux] "C:\Users\Eliciana\Local Settings\Apps\F.lux\flux.exe" /noshow
O4 - HKCU\..\Run: [mugen] wscript.exe //B "C:\Users\Eliciana\AppData\Local\Temp\mugen.vbs"
O4 - Startup: abo.exe
O4 - Startup: mugen.vbs
O8 - Extra context menu item: Add to Google Photos Screensa&ver - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: imagem.caixa.gov.br
O15 - Trusted Zone: internetbanking.caixa.gov.br
O15 - Trusted Zone: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
--
End of file - 4988 bytes
Eliciana- Iniciante
- Mensagens : 21
Reputação : 0
Data de inscrição : 25/02/2014
Re: Vírus no PC
Siga, por gentileza, as dicas do tutorial abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste, por gentileza, o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Última edição por Power Max em Dom 02 Mar 2014, 10:49, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Vírus no PC
# AdwCleaner v3.019 - Relatório criado 25/02/2014 às 14:57:28
# Atualizado 17/02/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (32 bits)
# Usuário : Eliciana - ELICIANA-PC
# Executando de : C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N0UJC8F\AdwCleaner.exe
# Opção : Examinar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Arquivo Encontrado : C:\Users\Eliciana\AppData\Local\funmoods.crx
Arquivo Encontrado : C:\Users\Eliciana\AppData\Local\funmoods-speeddial.crx
Arquivo Encontrado : C:\Windows\System32\Tasks\Funmoods
Pasta Encontrado C:\Program Files\Claro
Pasta Encontrado C:\Program Files\DealPly
Pasta Encontrado C:\Program Files\Desk 365
Pasta Encontrado C:\ProgramData\Ask
Pasta Encontrado C:\ProgramData\Babylon
Pasta Encontrado C:\ProgramData\baidu
Pasta Encontrado C:\Users\Eliciana\AppData\Roaming\337
Pasta Encontrado C:\Users\Eliciana\AppData\Roaming\Babylon
Pasta Encontrado C:\Users\Eliciana\AppData\Roaming\baidu
Pasta Encontrado C:\Users\Eliciana\AppData\Roaming\Claro
Pasta Encontrado C:\Users\Eliciana\AppData\Roaming\Desk 365
Pasta Encontrado C:\Users\Eliciana\AppData\Roaming\Funmoods
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Encontrada : HKCU\Software\Funmoods
Chave Encontrada : HKCU\Software\InstallCore
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Chave Encontrada : HKLM\Software\Babylon
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Encontrada : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chave Encontrada : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Encontrada : HKLM\SOFTWARE\Classes\Prod.cap
Chave Encontrada : HKLM\Software\Iminent
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Funmoods
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD2E9EBF-BC80-47C4-8AEA-4CE570D8E2D3}
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16476
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
-\\ Mozilla Firefox v27.0.1 (pt-BR)
[ Arquivo : C:\Users\Eliciana\AppData\Roaming\Mozilla\Firefox\Profiles\di1ysjdq.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [6283 octets] - [25/02/2014 14:57:28]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6343 octets] ##########
# AdwCleaner v3.019 - Relatório criado 26/02/2014 às 11:04:17
# Atualizado 17/02/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (32 bits)
# Usuário : Eliciana - ELICIANA-PC
# Executando de : C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DU1V0KO\AdwCleaner.exe
# Opção : Examinar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Arquivo Encontrado : C:\Windows\System32\Tasks\Funmoods
Pasta Encontrado C:\Program Files\DealPly
Pasta Encontrado C:\ProgramData\baidu
Pasta Encontrado C:\Users\Eliciana\AppData\Roaming\Claro
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Encontrada : HKCU\Software\Funmoods
Chave Encontrada : HKCU\Software\InstallCore
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Chave Encontrada : HKLM\Software\Babylon
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Encontrada : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chave Encontrada : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Encontrada : HKLM\SOFTWARE\Classes\Prod.cap
Chave Encontrada : HKLM\Software\Iminent
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Funmoods
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD2E9EBF-BC80-47C4-8AEA-4CE570D8E2D3}
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16476
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
-\\ Mozilla Firefox v27.0.1 (pt-BR)
[ Arquivo : C:\Users\Eliciana\AppData\Roaming\Mozilla\Firefox\Profiles\di1ysjdq.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [12103 octets] - [25/02/2014 14:57:28]
AdwCleaner[R1].txt - [974 octets] - [25/02/2014 17:07:28]
AdwCleaner[S0].txt - [5771 octets] - [25/02/2014 16:28:25]
AdwCleaner[S1].txt - [1031 octets] - [25/02/2014 17:11:21]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12343 octets] ##########
# Atualizado 17/02/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (32 bits)
# Usuário : Eliciana - ELICIANA-PC
# Executando de : C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N0UJC8F\AdwCleaner.exe
# Opção : Examinar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Arquivo Encontrado : C:\Users\Eliciana\AppData\Local\funmoods.crx
Arquivo Encontrado : C:\Users\Eliciana\AppData\Local\funmoods-speeddial.crx
Arquivo Encontrado : C:\Windows\System32\Tasks\Funmoods
Pasta Encontrado C:\Program Files\Claro
Pasta Encontrado C:\Program Files\DealPly
Pasta Encontrado C:\Program Files\Desk 365
Pasta Encontrado C:\ProgramData\Ask
Pasta Encontrado C:\ProgramData\Babylon
Pasta Encontrado C:\ProgramData\baidu
Pasta Encontrado C:\Users\Eliciana\AppData\Roaming\337
Pasta Encontrado C:\Users\Eliciana\AppData\Roaming\Babylon
Pasta Encontrado C:\Users\Eliciana\AppData\Roaming\baidu
Pasta Encontrado C:\Users\Eliciana\AppData\Roaming\Claro
Pasta Encontrado C:\Users\Eliciana\AppData\Roaming\Desk 365
Pasta Encontrado C:\Users\Eliciana\AppData\Roaming\Funmoods
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Encontrada : HKCU\Software\Funmoods
Chave Encontrada : HKCU\Software\InstallCore
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Chave Encontrada : HKLM\Software\Babylon
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Encontrada : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chave Encontrada : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Encontrada : HKLM\SOFTWARE\Classes\Prod.cap
Chave Encontrada : HKLM\Software\Iminent
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Funmoods
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD2E9EBF-BC80-47C4-8AEA-4CE570D8E2D3}
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16476
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
-\\ Mozilla Firefox v27.0.1 (pt-BR)
[ Arquivo : C:\Users\Eliciana\AppData\Roaming\Mozilla\Firefox\Profiles\di1ysjdq.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [6283 octets] - [25/02/2014 14:57:28]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6343 octets] ##########
# AdwCleaner v3.019 - Relatório criado 26/02/2014 às 11:04:17
# Atualizado 17/02/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (32 bits)
# Usuário : Eliciana - ELICIANA-PC
# Executando de : C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DU1V0KO\AdwCleaner.exe
# Opção : Examinar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Arquivo Encontrado : C:\Windows\System32\Tasks\Funmoods
Pasta Encontrado C:\Program Files\DealPly
Pasta Encontrado C:\ProgramData\baidu
Pasta Encontrado C:\Users\Eliciana\AppData\Roaming\Claro
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Encontrada : HKCU\Software\Funmoods
Chave Encontrada : HKCU\Software\InstallCore
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Chave Encontrada : HKLM\Software\Babylon
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Chave Encontrada : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Chave Encontrada : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Encontrada : HKLM\SOFTWARE\Classes\Prod.cap
Chave Encontrada : HKLM\Software\Iminent
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\Funmoods
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AD2E9EBF-BC80-47C4-8AEA-4CE570D8E2D3}
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16476
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
-\\ Mozilla Firefox v27.0.1 (pt-BR)
[ Arquivo : C:\Users\Eliciana\AppData\Roaming\Mozilla\Firefox\Profiles\di1ysjdq.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [12103 octets] - [25/02/2014 14:57:28]
AdwCleaner[R1].txt - [974 octets] - [25/02/2014 17:07:28]
AdwCleaner[S0].txt - [5771 octets] - [25/02/2014 16:28:25]
AdwCleaner[S1].txt - [1031 octets] - [25/02/2014 17:11:21]
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [12343 octets] ##########
Eliciana- Iniciante
- Mensagens : 21
Reputação : 0
Data de inscrição : 25/02/2014
Re: Vírus no PC
Este que você postou é o relatório da pesquisa. Poste, por gentileza, o relatório que está em C:\AdwCleaner\AdwCleaner[S0].txt
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Vírus no PC
# AdwCleaner v3.019 - Relatório criado 25/02/2014 às 17:11:21
# Atualizado 17/02/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (32 bits)
# Usuário : Eliciana - ELICIANA-PC
# Executando de : C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DU1V0KO\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16476
-\\ Mozilla Firefox v27.0.1 (pt-BR)
[ Arquivo : C:\Users\Eliciana\AppData\Roaming\Mozilla\Firefox\Profiles\di1ysjdq.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [6423 octets] - [25/02/2014 14:57:28]
AdwCleaner[R1].txt - [974 octets] - [25/02/2014 17:07:28]
AdwCleaner[S0].txt - [5771 octets] - [25/02/2014 16:28:25]
AdwCleaner[S1].txt - [893 octets] - [25/02/2014 17:11:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [952 octets] ##########
# AdwCleaner v3.019 - Relatório criado 26/02/2014 às 11:30:29
# Atualizado 17/02/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (32 bits)
# Usuário : Eliciana - ELICIANA-PC
# Executando de : C:\Users\Eliciana\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16476
-\\ Mozilla Firefox v27.0.1 (pt-BR)
[ Arquivo : C:\Users\Eliciana\AppData\Roaming\Mozilla\Firefox\Profiles\di1ysjdq.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [12424 octets] - [25/02/2014 14:57:28]
AdwCleaner[R1].txt - [1944 octets] - [25/02/2014 17:07:28]
AdwCleaner[S0].txt - [11065 octets] - [25/02/2014 16:28:25]
AdwCleaner[S1].txt - [1859 octets] - [25/02/2014 17:11:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1919 octets] ##########
# Atualizado 17/02/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (32 bits)
# Usuário : Eliciana - ELICIANA-PC
# Executando de : C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5DU1V0KO\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16476
-\\ Mozilla Firefox v27.0.1 (pt-BR)
[ Arquivo : C:\Users\Eliciana\AppData\Roaming\Mozilla\Firefox\Profiles\di1ysjdq.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [6423 octets] - [25/02/2014 14:57:28]
AdwCleaner[R1].txt - [974 octets] - [25/02/2014 17:07:28]
AdwCleaner[S0].txt - [5771 octets] - [25/02/2014 16:28:25]
AdwCleaner[S1].txt - [893 octets] - [25/02/2014 17:11:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [952 octets] ##########
# AdwCleaner v3.019 - Relatório criado 26/02/2014 às 11:30:29
# Atualizado 17/02/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate (32 bits)
# Usuário : Eliciana - ELICIANA-PC
# Executando de : C:\Users\Eliciana\Downloads\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
***** [ Navegadores ] *****
-\\ Internet Explorer v9.0.8112.16476
-\\ Mozilla Firefox v27.0.1 (pt-BR)
[ Arquivo : C:\Users\Eliciana\AppData\Roaming\Mozilla\Firefox\Profiles\di1ysjdq.default\prefs.js ]
*************************
AdwCleaner[R0].txt - [12424 octets] - [25/02/2014 14:57:28]
AdwCleaner[R1].txt - [1944 octets] - [25/02/2014 17:07:28]
AdwCleaner[S0].txt - [11065 octets] - [25/02/2014 16:28:25]
AdwCleaner[S1].txt - [1859 octets] - [25/02/2014 17:11:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1919 octets] ##########
Eliciana- Iniciante
- Mensagens : 21
Reputação : 0
Data de inscrição : 25/02/2014
Re: Vírus no PC
Siga, por gentileza, as dicas deste tutorial para fazer uma limpeza de seu PC com o Malwarebytes:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Na sua próxima resposta poste este log do Malwarebytes.
Ficamos no aguardo.
Última edição por Power Max em Dom 02 Mar 2014, 10:49, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Vírus no PC
Não tive como postar o log, pq quando o pc estava reiniciando apareceu uam mensagem dizendo que um arquivo não lembro bem se foi arquivo adicionado recentemente não deixava continuar a verificação ai o pc reiniciou totalmente e não apareceu nada do diagnótico, o anivirus ficou por uma hora e meia e encontrou 9 vírus.
Eliciana- Iniciante
- Mensagens : 21
Reputação : 0
Data de inscrição : 25/02/2014
Re: Vírus no PC
Desative temporariamente seu antivírus para evitar conflitos.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Dom 02 Mar 2014, 10:49, editado 2 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Vírus no PC
Zoek.exe v5.0.0.0 Updated 19-February-2014
Tool run by Eliciana on 27/02/2014 at 15:30:13,22.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N0UJC8F\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
27/02/2014 15:33:17 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Creating Sample_022014_1550.zip ======================
Process iexplore.exe killed
Copied file C:\Users\Eliciana\Msn 2011.exe to sample\Msn 2011.exe
sample\Msn 2011.exe renamed to 956F4C48D40800A3498EAFCD0CC2EA25
C:\Users\Public\Desktop\sample_022014_1550.zip created successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2340315626-2471596129-2043743183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{22C51D79-22F8-4F38-9608-6B523AE2D4C0} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Eliciana\AppData\Roaming\Mozilla\Firefox\Profiles\di1ysjdq.default\prefs.js:
Added to C:\Users\Eliciana\AppData\Roaming\Mozilla\Firefox\Profiles\di1ysjdq.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\extensions.sqlite deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\found.003 deleted
C:\Users\Eliciana\AppData\Roaming\awesomehp deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mugen.vbs deleted
C:\user.js deleted
C:\Users\Eliciana\Msn 2011.exe deleted
"C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" deleted
"C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" deleted
"C:\Program Files\Hosts_Anti_Adwares_PUPs" not deleted
"C:\Program Files\Hosts_Anti_Adwares_PUPs" not deleted
==== Firefox Extensions ======================
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/03/2013 20:29]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com.br/"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{AECDC46A-AC1B-449F-852F-7F81C44BB141}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{AECDC46A-AC1B-449F-852F-7F81C44BB141} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz="
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2340315626-2471596129-2043743183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
==== Deleting CLSID Registry Values ======================
==== shortcuts on Users Desktops ======================
C:\Users\Eliciana\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -uninstall
C:\Users\Eliciana\Desktop\Downloads - Atalho.lnk - C:\Users\Eliciana\Downloads
C:\Users\Eliciana\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Eliciana\Desktop\Windows Live Messenger.lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Eliciana\Desktop\Ativ.Educ.Infantil\ATIVIDADE CORTE E RECORTE EDUCATIVO HIGIENE - Atalho.lnk - C:\Users\Eliciana\Downloads\ATIVIDADE CORTE E RECORTE EDUCATIVO HIGIENE.jpg
C:\Users\Eliciana\Desktop\Ativ.Educ.Infantil\DESENHO (12) - Atalho.lnk - C:\Users\Eliciana\Downloads\DESENHO (12).jpg
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux\Flux.lnk - C:\Users\Eliciana\Local Settings\Apps\F.lux\flux.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux\Uninstall.lnk - C:\Users\Eliciana\Local Settings\Apps\F.lux\uninstall.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk - C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Messenger.lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Eliciana\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Eliciana\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Eliciana\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N0UJC8F will be deleted at reboot
C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DNFVM6SD will be deleted at reboot
C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Eliciana\AppData\Local\Mozilla\Firefox\Profiles\di1ysjdq.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=25 folders=9 197732352 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Eliciana\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Eliciana\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Program Files\Hosts_Anti_Adwares_PUPs" not found
"C:\Program Files\Hosts_Anti_Adwares_PUPs" not found
"C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N0UJC8F" not found
"C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DNFVM6SD" deleted
==== EOF on 27/02/2014 at 16:11:06,09 ======================
Tool run by Eliciana on 27/02/2014 at 15:30:13,22.
Microsoft Windows 7 Ultimate 6.1.7600 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N0UJC8F\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
27/02/2014 15:33:17 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost
==== Creating Sample_022014_1550.zip ======================
Process iexplore.exe killed
Copied file C:\Users\Eliciana\Msn 2011.exe to sample\Msn 2011.exe
sample\Msn 2011.exe renamed to 956F4C48D40800A3498EAFCD0CC2EA25
C:\Users\Public\Desktop\sample_022014_1550.zip created successfully
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2340315626-2471596129-2043743183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{22C51D79-22F8-4F38-9608-6B523AE2D4C0} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== FireFox Fix ======================
Deleted from C:\Users\Eliciana\AppData\Roaming\Mozilla\Firefox\Profiles\di1ysjdq.default\prefs.js:
Added to C:\Users\Eliciana\AppData\Roaming\Mozilla\Firefox\Profiles\di1ysjdq.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);
==== Deleting Files \ Folders ======================
C:\extensions.sqlite deleted
C:\found.000 deleted
C:\found.001 deleted
C:\found.002 deleted
C:\found.003 deleted
C:\Users\Eliciana\AppData\Roaming\awesomehp deleted
C:\PROGRA~2\FileSplitUpLoad.dll deleted
C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mugen.vbs deleted
C:\user.js deleted
C:\Users\Eliciana\Msn 2011.exe deleted
"C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" deleted
"C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe" deleted
"C:\Program Files\Hosts_Anti_Adwares_PUPs" not deleted
"C:\Program Files\Hosts_Anti_Adwares_PUPs" not deleted
==== Firefox Extensions ======================
AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
==== Firefox Plugins ======================
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
icmlaeflemplmjndnaapfdbbnpncnbda - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[06/03/2013 20:29]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com.br/"
"Search Page"="http://www.google.com"
"Search Bar"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
@="http://www.google.com/search?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com/ie"
"Default_Search_URL"="http://www.google.com/ie"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="https://www.google.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="http://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{AECDC46A-AC1B-449F-852F-7F81C44BB141}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{AECDC46A-AC1B-449F-852F-7F81C44BB141} Google Url="http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8&rlz="
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-2340315626-2471596129-2043743183-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
==== Deleting CLSID Registry Values ======================
==== shortcuts on Users Desktops ======================
C:\Users\Eliciana\Desktop\Desinstaller_HOSTS_Anti-PUPs.lnk - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe -uninstall
C:\Users\Eliciana\Desktop\Downloads - Atalho.lnk - C:\Users\Eliciana\Downloads
C:\Users\Eliciana\Desktop\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Eliciana\Desktop\Windows Live Messenger.lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Eliciana\Desktop\Ativ.Educ.Infantil\ATIVIDADE CORTE E RECORTE EDUCATIVO HIGIENE - Atalho.lnk - C:\Users\Eliciana\Downloads\ATIVIDADE CORTE E RECORTE EDUCATIVO HIGIENE.jpg
C:\Users\Eliciana\Desktop\Ativ.Educ.Infantil\DESENHO (12) - Atalho.lnk - C:\Users\Eliciana\Downloads\DESENHO (12).jpg
==== shortcuts on All Users Desktop ======================
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Users\Public\Desktop\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
==== shortcuts in Users Start Menu ======================
C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux\Flux.lnk - C:\Users\Eliciana\Local Settings\Apps\F.lux\flux.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux\Uninstall.lnk - C:\Users\Eliciana\Local Settings\Apps\F.lux\uninstall.exe
==== shortcuts in All Users Start Menu ======================
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.chm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
==== shortcuts in Quick Launch ======================
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Foxit Reader.lnk - C:\Program Files\Foxit Software\Foxit Reader\Foxit Reader.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk - C:\Program Files\Google\Picasa3\Picasa3.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Live Messenger.lnk - C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Users\Eliciana\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Empty IE Cache ======================
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Eliciana\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Eliciana\AppData\Local\Temp\Low\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Eliciana\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N0UJC8F will be deleted at reboot
C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DNFVM6SD will be deleted at reboot
C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
==== Empty FireFox Cache ======================
C:\Users\Eliciana\AppData\Local\Mozilla\Firefox\Profiles\di1ysjdq.default\Cache emptied successfully
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=25 folders=9 197732352 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Eliciana\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\Eliciana\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== Deleting Files / Folders ======================
"C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Program Files\Hosts_Anti_Adwares_PUPs" not found
"C:\Program Files\Hosts_Anti_Adwares_PUPs" not found
"C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2N0UJC8F" not found
"C:\Users\Eliciana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DNFVM6SD" deleted
==== EOF on 27/02/2014 at 16:11:06,09 ======================
Eliciana- Iniciante
- Mensagens : 21
Reputação : 0
Data de inscrição : 25/02/2014
Re: Vírus no PC
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )
|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Última edição por Power Max em Dom 02 Mar 2014, 10:50, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Vírus no PC
Relatório do ZHPDiag v2014.2.23.20 - Nicolas Coolman (23/02/2014)
~ Iniciado por Eliciana (27/02/2014 17:58:58)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 27.0.1 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v8.0.1483.0
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v3.26 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Java 7 Update 15
---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 503 MB (14% free)
System Restore: Activé (Enable)
System drive C: has 16 GB (42%) free of 37 GB
---\\ Modo de conexão ao sistema
~ Computer Name: ELICIANA-PC
~ User Name: Eliciana
~ All Users Names: HomeGroupUser$, Eliciana, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Eliciana\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Eliciana\AppData\Roaming\
~ %Desktop% : C:\Users\Eliciana\Desktop\
~ %Favorites% : C:\Users\Eliciana\Favorites\
~ %LocalAppData% : C:\Users\Eliciana\AppData\Local\
~ %StartMenu% : C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 16 Go of 37 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 02:33:07.) -- C:\Windows\Explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Internet Extensions para Win32.) (.22/02/2013 - 00:38:00.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.A8F59428E9F361C7AC42A94AC1560BC9] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:58:11.) -- C:\Windows\system32\Drivers\ntfs.sys [1210728]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/09/2012 - 13:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 03s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/79
~ Mes musiques (My Musics) : 1/2
Mes Videos (My Videos) : 3/3 (Modified)
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 6/11
~ Mon Bureau (My Desktop) : 1/18
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304] [PID.2940]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2964]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848] [PID.2976]
[MD5.A1F86A5A0DA1BEC12B7DD19C6234BB15] - (...) -- C:\Users\Eliciana\Local Settings\Apps\F.lux\flux.exe [966656] [PID.3052]
[MD5.86FD69B36E9168D87E5372313F159D5D] - (.Greatis Software - Advanced Windows Analyser.) -- C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\abo.exe [1440256] [PID.3108]
[MD5.32732CEDE2A1106B736EF3D84054EE04] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757376] [PID.2460]
[MD5.3D6890507128BF3BC7EEED5C0BE1B6AC] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe [841096] [PID.3884]
[MD5.42FEDBCB3ED926F6F529E0FDDF750BE0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8339968] [PID.872]
~ Processes Running: Scanned in 00mn 02s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 02s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Eliciana]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Eliciana]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Eliciana]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Eliciana]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Eliciana]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Eliciana]: Downloads - Atalho.lnk . (...) -- C:\Users\Eliciana\Downloads
O4 - GS\Desktop [Eliciana]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 55 Legitimates Filtered in 00mn 07s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe (.not file.)
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [F.lux] . (...) -- C:\Users\Eliciana\Local Settings\Apps\F.lux\flux.exe
O4 - HKCU\..\Run: [mugen] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2340315626-2471596129-2043743183-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-2340315626-2471596129-2043743183-1000\..\Run: [F.lux] . (...) -- C:\Users\Eliciana\Local Settings\Apps\F.lux\flux.exe
O4 - HKUS\S-1-5-21-2340315626-2471596129-2043743183-1000\..\Run: [mugen] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{13CB4C4B-4D26-42FB-9675-87AEFFCF042C}: DhcpNameServer = 10.10.10.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA597E56-3594-43EE-87ED-369173A63BC2}: DhcpNameServer = 177.22.193.6 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{13CB4C4B-4D26-42FB-9675-87AEFFCF042C}: DhcpNameServer = 10.10.10.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{DA597E56-3594-43EE-87ED-369173A63BC2}: DhcpNameServer = 177.22.193.6 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{13CB4C4B-4D26-42FB-9675-87AEFFCF042C}: DhcpNameServer = 10.10.10.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{DA597E56-3594-43EE-87ED-369173A63BC2}: DhcpNameServer = 177.22.193.6 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 177.22.193.6 8.8.8.8
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{21850EC4-8BCA-4EE2-B37D-CBB75C93317E}] (...) -- E:\Claro\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4EEA6CE8-4F9E-4C39-8AFD-A85BC13522B5}] (...) -- C:\Users\Eliciana\Downloads\iGBPCEFsf (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6AA3306D-43F4-4691-B4CC-E8F4A3E78F9D}] (...) -- C:\Users\Eliciana\Downloads\iGBPCEFsf.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{947C6DA9-77F8-492A-AC46-850CE9AFE081}] (...) -- C:\Users\Eliciana\Downloads\iGBPCEFsf (3).exe (.not file.) [0]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 18s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 78 Legitimates Filtered in 00mn 03s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\baidu] =>Adware.BDSearch
~ Key Software: 132 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/02/2014 - 19:20:05 - [0] ----D C:\Program Files\Baidu Security =>Adware.BDSearch
O43 - CFD: 22/02/2014 - 19:14:38 - [0] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
~ 1 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 110 Legitimates Filtered in 01mn 24s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.6BE803747C1A7B8FC714532F988E62F6] - 24/02/2014 - 13:14:47 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [401008]
O44 - LFC:[MD5.9147BB9EA479A35BA8D67125C48F99EF] - 24/02/2014 - 13:14:47 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [949774]
O44 - LFC:[MD5.8B6D1DD530FECC6B16C39AE8DA825381] - 25/02/2014 - 14:14:58 ---A- . (...) -- C:\DelFix.txt [389]
O44 - LFC:[MD5.F0B88868B66D52FBFC4C0C6F7D598B1F] - 25/02/2014 - 16:59:53 ---A- . (...) -- C:\sc-cleaner.txt [1780]
O44 - LFC:[MD5.2634FDF4ED3EE8937D46E4BB3250276B] - 27/02/2014 - 07:45:35 ---A- . (...) -- C:\Windows\ntbtlog.txt [153464]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 27/02/2014 - 15:28:44 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.C310E56896E9855E3D10840B22267CFB] - 27/02/2014 - 16:11:06 ---A- . (...) -- C:\zoek-results.log [15238]
~ Files: 19 Legitimates Filtered in 00mn 08s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{320aeff4-e0cd-11e2-bedc-00123ffe32d2}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{320af004-e0cd-11e2-bedc-00123ffe32d2}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{41c2bbe7-8d09-11e3-9545-c7c475aacc16}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{65d7cc12-05a9-11e3-832c-8d3ba557aa12}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{65d7cc20-05a9-11e3-832c-8d3ba557aa12}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{936a46bc-8d07-11e3-bd69-806e6f6e6963}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{936a46fb-8d07-11e3-bd69-e100a8108e18}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{abff8748-e649-11e2-bdb2-00123ffe32d2}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.657A61979F40D67CA29716149766FFA7] - 06/03/2013 - 20:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49248]
O58 - SDL:[MD5.EDB0C9BA44B748E420CCA989FD8B826E] - 06/03/2013 - 20:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [164736]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 23s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Eliciana\AppData\Local\Google\Chrome\Application\old_chrome.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {AECDC46A-AC1B-449F-852F-7F81C44BB141} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.9DBDEE49DADD657065836572BE8CE383] [SPRF][22/02/2014] (...) -- C:\Users\Eliciana\Desktop\flux-setup.exe [559424]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 22/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 02/03/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 10/07/1658 0 | (HOSTS Anti-PUPs) . (...) - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
SS - | Demand 12/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 06/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 49s
---\\ Scâner Aditional (088)
Database Version : 13031 - (23/02/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 4
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus] =>Adware.BDSearch
C:\Program Files\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\baidu] =>Adware.BDSearch^
~ Additionnel Scan: 178200 Items scanned in 01mn 19s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ MSI: 1 link(s) detected in 01mn 19s
~ 846 Legitimates filtered by white list
End of the scan (380 lines in 06mn 27s)(0)
~ Iniciado por Eliciana (27/02/2014 17:58:58)
~ Endereço do Website : http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user
---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421
MFIE: Mozilla Firefox 27.0.1 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 32-bit (Build 7600)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
avast! Free Antivirus v8.0.1483.0
Malwarebytes Anti-Malware versão 1.75.0.1300
Windows Defender W7
---\\ Softwares d'optimização do sistema
CCleaner v3.26 =>Piriform Ltd
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Java 7 Update 15
---\\ Informações sobre o sistema
~ Processor: x86 Family 15 Model 4 Stepping 1, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 503 MB (14% free)
System Restore: Activé (Enable)
System drive C: has 16 GB (42%) free of 37 GB
---\\ Modo de conexão ao sistema
~ Computer Name: ELICIANA-PC
~ User Name: Eliciana
~ All Users Names: HomeGroupUser$, Eliciana, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Eliciana\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Eliciana\AppData\Roaming\
~ %Desktop% : C:\Users\Eliciana\Desktop\
~ %Favorites% : C:\Users\Eliciana\Favorites\
~ %LocalAppData% : C:\Users\Eliciana\AppData\Local\
~ %StartMenu% : C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
A: Floppy drive, Flash card reader, USB Key (Not Inserted)
C: Hard drive, Flash drive, Thumb drive (Free 16 Go of 37 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 42 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.2AF58D15EDC06EC6FDACCE1F19482BBF] - (.Microsoft Corporation - Windows Explorer.) (.26/02/2011 - 02:33:07.) -- C:\Windows\Explorer.exe [2614784]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.C5B6468422DB1C8AA36C32CBB0197E5E] - (.Microsoft Corporation - Internet Extensions para Win32.) (.22/02/2013 - 00:38:00.) -- C:\Windows\System32\wininet.dll [1129472]
[MD5.37CDB7E72EB66BA85A87CBE37E7F03FD] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.28/10/2009 - 03:17:59.) -- C:\Windows\System32\Winlogon.exe [285696]
[MD5.58C94EAE54BF0C5E2B80B2E5E7744D4C] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.13/07/2009 - 22:16:15.) -- C:\Windows\System32\sppcomapi.dll [193024]
[MD5.0DB7A48388D54D154EBEC120461A0FCD] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.24/04/2011 - 23:35:40.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BA6E70AA0E6091BC39DE29477D866A77] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.13/07/2009 - 20:11:26.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.83D1ECEA8FAAE75604C0FA49AC7AD996] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.26/04/2011 - 23:33:46.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.717A2207FD6F13AD3E664C7D5A43C7BF] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.13/07/2009 - 20:50:56.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.CA7570E42522E24324A12161DB14EC02] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.03/05/2011 - 23:43:41.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123392]
[MD5.DD52A733BF4CA5AF84562A5E2F963B91] - (.Microsoft Corporation - MBT Transport driver.) (.13/07/2009 - 20:12:21.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.A8F59428E9F361C7AC42A94AC1560BC9] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.12/04/2013 - 10:58:11.) -- C:\Windows\system32\Drivers\ntfs.sys [1210728]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.C5FF95883FFEF704D50C40D21CFB3AB5] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/07/2009 - 21:02:58.) -- C:\Windows\system32\Drivers\rdpdr.sys [133120]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.CB39E896A2A83702D1737BFD402B3542] - (.Microsoft Corporation - TDI Translation Driver.) (.13/07/2009 - 20:12:11.) -- C:\Windows\system32\Drivers\tdx.sys [74240]
[MD5.59F06B4968E58BC83DFC56CA4517960E] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.06/09/2012 - 13:48:29.) -- C:\Windows\system32\Drivers\volsnap.sys [245616]
~ Generic Processes: Scanned in 00mn 03s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 3/79
~ Mes musiques (My Musics) : 1/2
Mes Videos (My Videos) : 3/3 (Modified)
~ Mes Favoris (My Favorites) : 1/18
~ Mes Documents (My Documents) : 6/11
~ Mon Bureau (My Desktop) : 1/18
~ Menu demarrer (Programs) : 1/28
~ Hidden Files: Scanned in 00mn 01s
---\\ Processos lançados
[MD5.148C545849C1379A3D4448F5DE768E86] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [4767304] [PID.2940]
[MD5.D658AB1B55127D18DCFBCAC8CAAEA522] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2964]
[MD5.12916E0642E92561C98B18A2A2D01B14] - (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [252848] [PID.2976]
[MD5.A1F86A5A0DA1BEC12B7DD19C6234BB15] - (...) -- C:\Users\Eliciana\Local Settings\Apps\F.lux\flux.exe [966656] [PID.3052]
[MD5.86FD69B36E9168D87E5372313F159D5D] - (.Greatis Software - Advanced Windows Analyser.) -- C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\abo.exe [1440256] [PID.3108]
[MD5.32732CEDE2A1106B736EF3D84054EE04] - (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe [757376] [PID.2460]
[MD5.3D6890507128BF3BC7EEED5C0BE1B6AC] - (.Adobe Systems Incorporated - Adobe® Flash® Player Installer/Uninstaller.) -- C:\Windows\system32\Macromed\Flash\FlashUtil32_12_0_0_70_ActiveX.exe [841096] [PID.3884]
[MD5.42FEDBCB3ED926F6F529E0FDDF750BE0] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [8339968] [PID.872]
~ Processes Running: Scanned in 00mn 02s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 02s
~ Nombre de lignes (Lines number): 21
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: avast! WebRep - [HKLM]{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} . (.AVAST Software - avast! WebRep Plugin.) -- C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
~ Toolbar: Scanned in 00mn 00s
---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Public]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\QuickLaunch [Eliciana]: Launch Internet Explorer Browser.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Eliciana]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\TaskBar [Eliciana]: Mozilla Firefox.lnk . (.Mozilla Corporation - Firefox.) -- C:\Program Files\Mozilla Firefox\firefox.exe
O4 - GS\Program [Eliciana]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\SystemTools [Eliciana]: Internet Explorer (No Add-ons).lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
O4 - GS\Desktop [Eliciana]: Downloads - Atalho.lnk . (...) -- C:\Users\Eliciana\Downloads
O4 - GS\Desktop [Eliciana]: Internet Explorer.lnk . (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Global Startup: 55 Legitimates Filtered in 00mn 07s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [avast] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\avastUI.exe
O4 - HKLM\..\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Sun Microsystems, Inc. - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe (.not file.)
O4 - HKCU\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKCU\..\Run: [F.lux] . (...) -- C:\Users\Eliciana\Local Settings\Apps\F.lux\flux.exe
O4 - HKCU\..\Run: [mugen] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2340315626-2471596129-2043743183-1000\..\Run: [msnmsgr] . (.Microsoft Corporation - Windows Live Messenger.) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe
O4 - HKUS\S-1-5-21-2340315626-2471596129-2043743183-1000\..\Run: [F.lux] . (...) -- C:\Users\Eliciana\Local Settings\Apps\F.lux\flux.exe
O4 - HKUS\S-1-5-21-2340315626-2471596129-2043743183-1000\..\Run: [mugen] . (.Microsoft Corporation - Microsoft ® Windows Based Script Host.) -- C:\Windows\System32\wscript.exe
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Program Files\Microsoft Office\Office12\REFBARH.ICO
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.caixa.gov.br
~ IE Zone Confiance: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{13CB4C4B-4D26-42FB-9675-87AEFFCF042C}: DhcpNameServer = 10.10.10.254
O17 - HKLM\System\CCS\Services\Tcpip\..\{DA597E56-3594-43EE-87ED-369173A63BC2}: DhcpNameServer = 177.22.193.6 8.8.8.8
O17 - HKLM\System\CS1\Services\Tcpip\..\{13CB4C4B-4D26-42FB-9675-87AEFFCF042C}: DhcpNameServer = 10.10.10.254
O17 - HKLM\System\CS1\Services\Tcpip\..\{DA597E56-3594-43EE-87ED-369173A63BC2}: DhcpNameServer = 177.22.193.6 8.8.8.8
O17 - HKLM\System\CS2\Services\Tcpip\..\{13CB4C4B-4D26-42FB-9675-87AEFFCF042C}: DhcpNameServer = 10.10.10.254
O17 - HKLM\System\CS2\Services\Tcpip\..\{DA597E56-3594-43EE-87ED-369173A63BC2}: DhcpNameServer = 177.22.193.6 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 177.22.193.6 8.8.8.8
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Visualizador de HTML da Microsoft (R).) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{21850EC4-8BCA-4EE2-B37D-CBB75C93317E}] (...) -- E:\Claro\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4EEA6CE8-4F9E-4C39-8AFD-A85BC13522B5}] (...) -- C:\Users\Eliciana\Downloads\iGBPCEFsf (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6AA3306D-43F4-4691-B4CC-E8F4A3E78F9D}] (...) -- C:\Users\Eliciana\Downloads\iGBPCEFsf.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{947C6DA9-77F8-492A-AC46-850CE9AFE081}] (...) -- C:\Users\Eliciana\Downloads\iGBPCEFsf (3).exe (.not file.) [0]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 18s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
~ Drivers: 78 Legitimates Filtered in 00mn 03s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\baidu] =>Adware.BDSearch
~ Key Software: 132 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 22/02/2014 - 19:20:05 - [0] ----D C:\Program Files\Baidu Security =>Adware.BDSearch
O43 - CFD: 22/02/2014 - 19:14:38 - [0] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
~ 1 Dossiers CLSID vides (CLSID Empty Folders)
~ Program Folder: 110 Legitimates Filtered in 01mn 24s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.6BE803747C1A7B8FC714532F988E62F6] - 24/02/2014 - 13:14:47 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [401008]
O44 - LFC:[MD5.9147BB9EA479A35BA8D67125C48F99EF] - 24/02/2014 - 13:14:47 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [949774]
O44 - LFC:[MD5.8B6D1DD530FECC6B16C39AE8DA825381] - 25/02/2014 - 14:14:58 ---A- . (...) -- C:\DelFix.txt [389]
O44 - LFC:[MD5.F0B88868B66D52FBFC4C0C6F7D598B1F] - 25/02/2014 - 16:59:53 ---A- . (...) -- C:\sc-cleaner.txt [1780]
O44 - LFC:[MD5.2634FDF4ED3EE8937D46E4BB3250276B] - 27/02/2014 - 07:45:35 ---A- . (...) -- C:\Windows\ntbtlog.txt [153464]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 27/02/2014 - 15:28:44 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.C310E56896E9855E3D10840B22267CFB] - 27/02/2014 - 16:11:06 ---A- . (...) -- C:\zoek-results.log [15238]
~ Files: 19 Legitimates Filtered in 00mn 08s
---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{320aeff4-e0cd-11e2-bedc-00123ffe32d2}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{320af004-e0cd-11e2-bedc-00123ffe32d2}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{41c2bbe7-8d09-11e3-9545-c7c475aacc16}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{65d7cc12-05a9-11e3-832c-8d3ba557aa12}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{65d7cc20-05a9-11e3-832c-8d3ba557aa12}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{936a46bc-8d07-11e3-bd69-806e6f6e6963}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{936a46fb-8d07-11e3-bd69-e100a8108e18}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{abff8748-e649-11e2-bdb2-00123ffe32d2}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.657A61979F40D67CA29716149766FFA7] - 06/03/2013 - 20:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49248]
O58 - SDL:[MD5.EDB0C9BA44B748E420CCA989FD8B826E] - 06/03/2013 - 20:33:24 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [164736]
O58 - SDL:[MD5.0ED67910C8C326796FAA00B2BF6D9D3C] - 13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:[MD5.C44E3C2BAB6837DB337DDEE7544736DB] - 13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:[MD5.DB32D325C192B801DF274BFD12A7E72B] - 13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:[MD5.8AAD333C876590293F72B315E162BCC7] - 13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:[MD5.E6BC0F98FECEF245A0010D350C1A0B9B] - 13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:[MD5.492090267B9608C62B956CD29BE3AFB7] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:[MD5.FFFF296A08DBF2AC0126C62E3778AC0D] - 13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:[MD5.2E4112FB7D1B76E11ADFD7487B5D0E95] - 13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:[MD5.A98EBD4C2DF983665BF2D1AF49949974] - 13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:[MD5.3F7E6406EDEF197C5CAAB2240EEF6F48] - 13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:[MD5.3E64D681B776CC57BDC38A46D881F85B] - 13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:[MD5.D86B6435729231C171432B4E77801BDB] - 13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 16 Legitimates Filtered in 00mn 23s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKCU] {AECDC46A-AC1B-449F-852F-7F81C44BB141} [DefaultScope] - (Google) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.9DBDEE49DADD657065836572BE8CE383] [SPRF][22/02/2014] (...) -- C:\Users\Eliciana\Desktop\flux-setup.exe [559424]
~ Files: 1 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 22/02/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 02/03/2013 194032 | (gusvc) . (.Google.) - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 10/07/1658 0 | (HOSTS Anti-PUPs) . (...) - C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware.exe
SS - | Demand 12/02/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
SR - | Auto 06/03/2013 45248 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 49s
---\\ Scâner Aditional (088)
Database Version : 13031 - (23/02/2014)
Clés trouvées (Keys found) : 1
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 2
Fichiers trouvés (Files found) : 4
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus] =>Adware.BDSearch
C:\Program Files\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\baidu] =>Adware.BDSearch^
~ Additionnel Scan: 178200 Items scanned in 01mn 19s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.BDSearch
~ MSI: 1 link(s) detected in 01mn 19s
~ 846 Legitimates filtered by white list
End of the scan (380 lines in 06mn 27s)(0)
Eliciana- Iniciante
- Mensagens : 21
Reputação : 0
Data de inscrição : 25/02/2014
Re: Vírus no PC
No momento estou no trabalho acessando pelo celular, mas amanhã te passo o próximo procedimento.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Eliciana- Iniciante
- Mensagens : 21
Reputação : 0
Data de inscrição : 25/02/2014
Re: Vírus no PC
Copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até SysRestore)
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Abra o Zhpfix > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.
Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Dom 02 Mar 2014, 10:50, editado 2 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Vírus no PC
O4 - HKLM\..\Run: [HOSTS Anti-Adware_PUPs] C:\Program Files\Hosts_Anti_Adwares_PUPs\HOSTS_Anti-Adware_main.exe (.not file.)
[MD5.00000000000000000000000000000000] [APT] [{21850EC4-8BCA-4EE2-B37D-CBB75C93317E}] (...) -- E:\Claro\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4EEA6CE8-4F9E-4C39-8AFD-A85BC13522B5}] (...) -- C:\Users\Eliciana\Downloads\iGBPCEFsf (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6AA3306D-43F4-4691-B4CC-E8F4A3E78F9D}] (...) -- C:\Users\Eliciana\Downloads\iGBPCEFsf.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{947C6DA9-77F8-492A-AC46-850CE9AFE081}] (...) -- C:\Users\Eliciana\Downloads\iGBPCEFsf (3).exe (.not file.) [0]
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\baidu] =>Adware.BDSearch
O43 - CFD: 22/02/2014 - 19:20:05 - [0] ----D C:\Program Files\Baidu Security =>Adware.BDSearch
O43 - CFD: 22/02/2014 - 19:14:38 - [0] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O51 - MPSK:{320aeff4-e0cd-11e2-bedc-00123ffe32d2}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{320af004-e0cd-11e2-bedc-00123ffe32d2}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{41c2bbe7-8d09-11e3-9545-c7c475aacc16}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{65d7cc12-05a9-11e3-832c-8d3ba557aa12}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{65d7cc20-05a9-11e3-832c-8d3ba557aa12}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{936a46bc-8d07-11e3-bd69-806e6f6e6963}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{936a46fb-8d07-11e3-bd69-e100a8108e18}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{abff8748-e649-11e2-bdb2-00123ffe32d2}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Eliciana\AppData\Local\Google\Chrome\Application\old_chrome.exe (.not file.)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus] =>Adware.BDSearch
C:\Program Files\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\baidu] =>Adware.BDSearch^
ShortcutFix
ProxyFix
EmptyTemp
EmptyFlash
emptyclsid
SysRestore
[MD5.00000000000000000000000000000000] [APT] [{21850EC4-8BCA-4EE2-B37D-CBB75C93317E}] (...) -- E:\Claro\Setup.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{4EEA6CE8-4F9E-4C39-8AFD-A85BC13522B5}] (...) -- C:\Users\Eliciana\Downloads\iGBPCEFsf (1).exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{6AA3306D-43F4-4691-B4CC-E8F4A3E78F9D}] (...) -- C:\Users\Eliciana\Downloads\iGBPCEFsf.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{947C6DA9-77F8-492A-AC46-850CE9AFE081}] (...) -- C:\Users\Eliciana\Downloads\iGBPCEFsf (3).exe (.not file.) [0]
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
[HKCU\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu Security] =>Adware.BDSearch
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch
[HKLM\Software\baidu] =>Adware.BDSearch
O43 - CFD: 22/02/2014 - 19:20:05 - [0] ----D C:\Program Files\Baidu Security =>Adware.BDSearch
O43 - CFD: 22/02/2014 - 19:14:38 - [0] ----D C:\ProgramData\Baidu Security =>Adware.BDSearch
O51 - MPSK:{320aeff4-e0cd-11e2-bedc-00123ffe32d2}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{320af004-e0cd-11e2-bedc-00123ffe32d2}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{41c2bbe7-8d09-11e3-9545-c7c475aacc16}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{65d7cc12-05a9-11e3-832c-8d3ba557aa12}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{65d7cc20-05a9-11e3-832c-8d3ba557aa12}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{936a46bc-8d07-11e3-bd69-806e6f6e6963}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{936a46fb-8d07-11e3-bd69-e100a8108e18}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{abff8748-e649-11e2-bdb2-00123ffe32d2}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Users\Eliciana\AppData\Local\Google\Chrome\Application\old_chrome.exe (.not file.)
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus] =>Adware.BDSearch
C:\Program Files\Baidu Security =>Adware.BDSearch^
C:\ProgramData\Baidu Security =>Adware.BDSearch^
[HKCU\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu Security] =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos] =>Adware.BDSearch^
[HKLM\Software\baidu] =>Adware.BDSearch^
ShortcutFix
ProxyFix
EmptyTemp
EmptyFlash
emptyclsid
SysRestore
Eliciana- Iniciante
- Mensagens : 21
Reputação : 0
Data de inscrição : 25/02/2014
(RESOLVIDO) Vírus no PC
apport de ZHPFix 2014.2.16.5 par Nicolas Coolman, Update du 16/02/2014
Fichier d'export Registre :
Run by Eliciana at 28/02/2014 17:16:23
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\abo.exe
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\baidu
ELIMINÉ CLSID MPSK: {320aeff4-e0cd-11e2-bedc-00123ffe32d2}
ELIMINÉ CLSID MPSK: {320af004-e0cd-11e2-bedc-00123ffe32d2}
ELIMINÉ CLSID MPSK: {41c2bbe7-8d09-11e3-9545-c7c475aacc16}
ELIMINÉ CLSID MPSK: {65d7cc12-05a9-11e3-832c-8d3ba557aa12}
ELIMINÉ CLSID MPSK: {65d7cc20-05a9-11e3-832c-8d3ba557aa12}
ELIMINÉ CLSID MPSK: {936a46bc-8d07-11e3-bd69-806e6f6e6963}
ELIMINÉ CLSID MPSK: {936a46fb-8d07-11e3-bd69-e100a8108e18}
ELIMINÉ CLSID MPSK: {abff8748-e649-11e2-bdb2-00123ffe32d2}
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus
========== Valores do Registo ==========
ELIMINÉ RunValue: HOSTS Anti-Adware_PUPs
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
ELIMINÉ: C:\Users\Eliciana\AppData\Local\{4ECEDD2A-161A-464F-9189-E4767069C4F5}
ELIMINÉ: C:\Users\Eliciana\AppData\Local\{5BE79098-91B7-44F1-9A9F-1E258248DB39}
ELIMINÉ: C:\Users\Eliciana\AppData\Local\{CC736DD2-9D3F-4B9D-B7B0-21547531B9DA}
========== Ficheiros ==========
ELIMINÉ Temporários windows (1241) (18.660.578 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {21850EC4-8BCA-4EE2-B37D-CBB75C93317E}
ELIMINÉ: {4EEA6CE8-4F9E-4C39-8AFD-A85BC13522B5}
ELIMINÉ: {6AA3306D-43F4-4691-B4CC-E8F4A3E78F9D}
ELIMINÉ: {947C6DA9-77F8-492A-AC46-850CE9AFE081}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Processo memória
16 : Chaves do Registo
7 : Valores do Registo
3 : Pastas
2 : Ficheiros
4 : Tarefa planificada
1 : Restauração Sistema
End of clean in 01mn 46s
========== Caminho do ficheiro do relatório ==========
C:\Users\Eliciana\AppData\Roaming\ZHP\ZHPFix[R1].txt - 28/02/2014 17:16:28 [2586]
Fichier d'export Registre :
Run by Eliciana at 28/02/2014 17:16:23
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\abo.exe
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\baidu
ELIMINÉ CLSID MPSK: {320aeff4-e0cd-11e2-bedc-00123ffe32d2}
ELIMINÉ CLSID MPSK: {320af004-e0cd-11e2-bedc-00123ffe32d2}
ELIMINÉ CLSID MPSK: {41c2bbe7-8d09-11e3-9545-c7c475aacc16}
ELIMINÉ CLSID MPSK: {65d7cc12-05a9-11e3-832c-8d3ba557aa12}
ELIMINÉ CLSID MPSK: {65d7cc20-05a9-11e3-832c-8d3ba557aa12}
ELIMINÉ CLSID MPSK: {936a46bc-8d07-11e3-bd69-806e6f6e6963}
ELIMINÉ CLSID MPSK: {936a46fb-8d07-11e3-bd69-e100a8108e18}
ELIMINÉ CLSID MPSK: {abff8748-e649-11e2-bdb2-00123ffe32d2}
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus
========== Valores do Registo ==========
ELIMINÉ RunValue: HOSTS Anti-Adware_PUPs
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
ELIMINÉ: C:\Users\Eliciana\AppData\Local\{4ECEDD2A-161A-464F-9189-E4767069C4F5}
ELIMINÉ: C:\Users\Eliciana\AppData\Local\{5BE79098-91B7-44F1-9A9F-1E258248DB39}
ELIMINÉ: C:\Users\Eliciana\AppData\Local\{CC736DD2-9D3F-4B9D-B7B0-21547531B9DA}
========== Ficheiros ==========
ELIMINÉ Temporários windows (1241) (18.660.578 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {21850EC4-8BCA-4EE2-B37D-CBB75C93317E}
ELIMINÉ: {4EEA6CE8-4F9E-4C39-8AFD-A85BC13522B5}
ELIMINÉ: {6AA3306D-43F4-4691-B4CC-E8F4A3E78F9D}
ELIMINÉ: {947C6DA9-77F8-492A-AC46-850CE9AFE081}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Processo memória
16 : Chaves do Registo
7 : Valores do Registo
3 : Pastas
2 : Ficheiros
4 : Tarefa planificada
1 : Restauração Sistema
End of clean in 01mn 46s
========== Caminho do ficheiro do relatório ==========
C:\Users\Eliciana\AppData\Roaming\ZHP\ZHPFix[R1].txt - 28/02/2014 17:16:28 [2586]
Eliciana- Iniciante
- Mensagens : 21
Reputação : 0
Data de inscrição : 25/02/2014
(RESOLVIDO) Vírus no PC
Rapport de ZHPFix 2014.2.16.5 par Nicolas Coolman, Update du 16/02/2014
Fichier d'export Registre : C:\Users\Eliciana\AppData\Roaming\ZHP\ZHPExportRegistry-28-02-2014-17-16-31.txt
Run by Eliciana at 28/02/2014 17:16:23
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\abo.exe
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\baidu
ELIMINÉ CLSID MPSK: {320aeff4-e0cd-11e2-bedc-00123ffe32d2}
ELIMINÉ CLSID MPSK: {320af004-e0cd-11e2-bedc-00123ffe32d2}
ELIMINÉ CLSID MPSK: {41c2bbe7-8d09-11e3-9545-c7c475aacc16}
ELIMINÉ CLSID MPSK: {65d7cc12-05a9-11e3-832c-8d3ba557aa12}
ELIMINÉ CLSID MPSK: {65d7cc20-05a9-11e3-832c-8d3ba557aa12}
ELIMINÉ CLSID MPSK: {936a46bc-8d07-11e3-bd69-806e6f6e6963}
ELIMINÉ CLSID MPSK: {936a46fb-8d07-11e3-bd69-e100a8108e18}
ELIMINÉ CLSID MPSK: {abff8748-e649-11e2-bdb2-00123ffe32d2}
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus
========== Valores do Registo ==========
ELIMINÉ RunValue: HOSTS Anti-Adware_PUPs
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
ELIMINÉ: C:\Users\Eliciana\AppData\Local\{4ECEDD2A-161A-464F-9189-E4767069C4F5}
ELIMINÉ: C:\Users\Eliciana\AppData\Local\{5BE79098-91B7-44F1-9A9F-1E258248DB39}
ELIMINÉ: C:\Users\Eliciana\AppData\Local\{CC736DD2-9D3F-4B9D-B7B0-21547531B9DA}
========== Ficheiros ==========
ELIMINÉ Temporários windows (1241) (18.660.578 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {21850EC4-8BCA-4EE2-B37D-CBB75C93317E}
ELIMINÉ: {4EEA6CE8-4F9E-4C39-8AFD-A85BC13522B5}
ELIMINÉ: {6AA3306D-43F4-4691-B4CC-E8F4A3E78F9D}
ELIMINÉ: {947C6DA9-77F8-492A-AC46-850CE9AFE081}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Processo memória
16 : Chaves do Registo
7 : Valores do Registo
3 : Pastas
2 : Ficheiros
4 : Tarefa planificada
1 : Restauração Sistema
End of clean in 01mn 46s
========== Caminho do ficheiro do relatório ==========
C:\Users\Eliciana\AppData\Roaming\ZHP\ZHPFix[R1].txt - 28/02/2014 17:16:28 [2586]
Fichier d'export Registre : C:\Users\Eliciana\AppData\Roaming\ZHP\ZHPExportRegistry-28-02-2014-17-16-31.txt
Run by Eliciana at 28/02/2014 17:16:23
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 32-bit (Build 7600)
Reciclagem vazia (00mn 04s)
Reparação de atalhos do navegador
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Users\Eliciana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\abo.exe
========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\baidu
ELIMINÉ CLSID MPSK: {320aeff4-e0cd-11e2-bedc-00123ffe32d2}
ELIMINÉ CLSID MPSK: {320af004-e0cd-11e2-bedc-00123ffe32d2}
ELIMINÉ CLSID MPSK: {41c2bbe7-8d09-11e3-9545-c7c475aacc16}
ELIMINÉ CLSID MPSK: {65d7cc12-05a9-11e3-832c-8d3ba557aa12}
ELIMINÉ CLSID MPSK: {65d7cc20-05a9-11e3-832c-8d3ba557aa12}
ELIMINÉ CLSID MPSK: {936a46bc-8d07-11e3-bd69-806e6f6e6963}
ELIMINÉ CLSID MPSK: {936a46fb-8d07-11e3-bd69-e100a8108e18}
ELIMINÉ CLSID MPSK: {abff8748-e649-11e2-bdb2-00123ffe32d2}
ELIMINÉ: HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Baidu Antivirus
========== Valores do Registo ==========
ELIMINÉ RunValue: HOSTS Anti-Adware_PUPs
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
ELIMINÉ: C:\Users\Eliciana\AppData\Local\{4ECEDD2A-161A-464F-9189-E4767069C4F5}
ELIMINÉ: C:\Users\Eliciana\AppData\Local\{5BE79098-91B7-44F1-9A9F-1E258248DB39}
ELIMINÉ: C:\Users\Eliciana\AppData\Local\{CC736DD2-9D3F-4B9D-B7B0-21547531B9DA}
========== Ficheiros ==========
ELIMINÉ Temporários windows (1241) (18.660.578 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: {21850EC4-8BCA-4EE2-B37D-CBB75C93317E}
ELIMINÉ: {4EEA6CE8-4F9E-4C39-8AFD-A85BC13522B5}
ELIMINÉ: {6AA3306D-43F4-4691-B4CC-E8F4A3E78F9D}
ELIMINÉ: {947C6DA9-77F8-492A-AC46-850CE9AFE081}
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
1 : Processo memória
16 : Chaves do Registo
7 : Valores do Registo
3 : Pastas
2 : Ficheiros
4 : Tarefa planificada
1 : Restauração Sistema
End of clean in 01mn 46s
========== Caminho do ficheiro do relatório ==========
C:\Users\Eliciana\AppData\Roaming\ZHP\ZHPFix[R1].txt - 28/02/2014 17:16:28 [2586]
Eliciana- Iniciante
- Mensagens : 21
Reputação : 0
Data de inscrição : 25/02/2014
Re: Vírus no PC
Como está o PC após estas limpezas?
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Vírus no PC
MUITO OBRIGADA. Não tenho como agradecer pela ajuda, não estava conseguindo usar o mozilla e nem acessar o meu e-mail, agora fui olhar e consegui, graças a vc que me ajudou, que Deus lhe dê me dobro tudo de bom que faz pelos outros.
Eliciana- Iniciante
- Mensagens : 21
Reputação : 0
Data de inscrição : 25/02/2014
Re: Vírus no PC
Fico feliz que o problema tenha sido resolvido.
Só para finalizar siga estes tutoriais abaixo, por gentileza:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
_______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Última edição por Power Max em Dom 02 Mar 2014, 10:51, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
(RESOLVIDO) Vírus no PC
Obrigada
Eliciana- Iniciante
- Mensagens : 21
Reputação : 0
Data de inscrição : 25/02/2014
Re: Vírus no PC
CASO RESOLVIDO
Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Tópicos semelhantes
» Remova vírus e malwares com o Kaspersky Virus Removal Tool
» Pc com virus
» Vírus, muitos vírus - SOCORRO!!
» Virus no meu Pc
» Virus no meu PC
» Pc com virus
» Vírus, muitos vírus - SOCORRO!!
» Virus no meu Pc
» Virus no meu PC
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos
|
|