Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 13 usuários online :: 0 registrados, 0 invisíveis e 13 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Remoção de malware
2 participantes
Página 1 de 1
Remoção de malware
por Thomaz Jr Seg 10 Mar 2014, 14:36
Boa tarde pessoal do Fórum PC Brasil!
É minha primeira postagem aqui, venho pedir a ajuda de vocês para verificar o log de uma máquina.
Desde já obrigado!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:33:24, on 10/3/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Arquivos de programas\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe
C:\Documents and Settings\administrator\Configurações locais\Dados de aplicativos\VNT\vntldr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Avira SearchFree Toolbar BHO - {41564952-412D-5637-4300-7A786E7484D7} - "C:\Arquivos de programas\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - "C:\Arquivos de programas\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em MICRO3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P41 "Auto EPSON Stylus CX4100 Series em MICRO3" /O35 "\\MICRO3\EPSON Stylus CX4100 Series" /M "Stylus CX4100"
O4 - HKLM\..\Run: [EPSON CX4100] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P12 "EPSON CX4100" /O13 "dlk-060CA9-U1" /M "Stylus CX4100"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Autodesk Sync] C:\Arquivos de programas\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VNT] C:\Arquivos de programas\VNT\vntldr.exe
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [\\PRINTSERVER\dlk-060CA9-U1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /FU "C:\WINDOWS\TEMP\E_S26.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON T25 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGEB.EXE /FU "C:\WINDOWS\TEMP\E_S17D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON TX230] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHLL.EXE /FU "C:\DOCUME~1\ADMINI~2\CONFIG~1\Temp\E_SA6.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EDS.local
O17 - HKLM\Software\..\Telephony: DomainName = EDS.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EDS.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Serviço de atualização Ask (APNMCP) - APN LLC. - C:\Arquivos de programas\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Arquivos de programas\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe
--
End of file - 12438 bytes
É minha primeira postagem aqui, venho pedir a ajuda de vocês para verificar o log de uma máquina.
Desde já obrigado!
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:33:24, on 10/3/2014
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
C:\Arquivos de programas\AskPartnerNetwork\Toolbar\apnmcp.exe
C:\Arquivos de programas\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Arquivos de programas\Bonjour\mDNSResponder.exe
C:\Arquivos de programas\Java\jre7\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE
C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe
C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe
C:\Documents and Settings\administrator\Configurações locais\Dados de aplicativos\VNT\vntldr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\administrator\Desktop\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R3 - URLSearchHook: (no name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Arquivos de programas\Arquivos comuns\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Avira SearchFree Toolbar BHO - {41564952-412D-5637-4300-7A786E7484D7} - "C:\Arquivos de programas\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Arquivos de programas\Java\jre7\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Arquivos de programas\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Avira SearchFree Toolbar - {41564952-412D-5637-4300-7A786E7484D7} - "C:\Arquivos de programas\AskPartnerNetwork\Toolbar\AVIRA-V7C\Passport.dll" (file missing)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P26 "EPSON Stylus CX4100 Series" /O6 "USB001" /M "Stylus CX4100"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] C:\ARQUIV~1\ARQUIV~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em MICRO3] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P41 "Auto EPSON Stylus CX4100 Series em MICRO3" /O35 "\\MICRO3\EPSON Stylus CX4100 Series" /M "Stylus CX4100"
O4 - HKLM\..\Run: [EPSON CX4100] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /P12 "EPSON CX4100" /O13 "dlk-060CA9-U1" /M "Stylus CX4100"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Autodesk Sync] C:\Arquivos de programas\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKLM\..\Run: [avgnt] "C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [VNT] C:\Arquivos de programas\VNT\vntldr.exe
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] "C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKCU\..\Run: [\\PRINTSERVER\dlk-060CA9-U1] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.EXE /FU "C:\WINDOWS\TEMP\E_S26.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON T25 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGEB.EXE /FU "C:\WINDOWS\TEMP\E_S17D.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [EPSON TX230] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHLL.EXE /FU "C:\DOCUME~1\ADMINI~2\CONFIG~1\Temp\E_SA6.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O8 - Extra context menu item: Append to existing PDF - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\ARQUIV~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Arquivos de programas\Messenger\msmsgs.exe
O14 - IERESET.INF: SEARCH_PAGE_URL=&http://home.microsoft.com/intl/br/access/allinone.asp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EDS.local
O17 - HKLM\Software\..\Telephony: DomainName = EDS.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = EDS.local
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveSystemServices.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Daemon de cache de categorias de componente - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Avira Agendamento (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Real-Time Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira Web Protection (AntiVirWebService) - Avira Operations GmbH & Co. KG - C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Serviço de atualização Ask (APNMCP) - APN LLC. - C:\Arquivos de programas\AskPartnerNetwork\Toolbar\apnmcp.exe
O23 - Service: Autodesk Content Service - Autodesk, Inc. - C:\Arquivos de programas\Autodesk\Content Service\Connect.Service.ContentService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Flexera Software, Inc. - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe
--
End of file - 12438 bytes
Thomaz Jr- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 10/03/2014
Idade : 42
Localização : São Paulo
Re: Remoção de malware
por Power Max Seg 10 Mar 2014, 15:21
Olá Thomaz. Seja bem vindo ao Fórum PC Brasil.
Siga, por gentileza, as dicas do tutorial abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt
Ficamos na espera.
Última edição por Power Max em Seg 24 Mar 2014, 00:05, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remoção de malware
por Thomaz Jr Seg 10 Mar 2014, 15:44
Power Max, boa tarde!
Obrigado pelas boas vindas.
Segue o relatório do Adwcleaner, abraços!
# AdwCleaner v3.021 - Relatório criado 10/03/2014 às 15:36:13
# Atualizado 10/03/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : administrator - MICRO2
# Executando de : C:\Documents and Settings\administrator\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Chave Deletedo : HKCU\Software\AVG Secure Search
Chave Deletedo : HKCU\Software\AVG Security Toolbar
***** [ Navegadores ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v33.0.1750.146
[ Arquivo : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
[ Arquivo : C:\Documents and Settings\WG\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
[ Arquivo : C:\Documents and Settings\administrator\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2192 octets] - [10/03/2014 15:35:18]
AdwCleaner[S0].txt - [2090 octets] - [10/03/2014 15:36:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2150 octets] ##########
Obrigado pelas boas vindas.
Segue o relatório do Adwcleaner, abraços!
# AdwCleaner v3.021 - Relatório criado 10/03/2014 às 15:36:13
# Atualizado 10/03/2014 por Xplode
# Sistema Operacional : Microsoft Windows XP Service Pack 3 (32 bits)
# Usuário : administrator - MICRO2
# Executando de : C:\Documents and Settings\administrator\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Chave Deletedo : HKCU\Software\AVG Secure Search
Chave Deletedo : HKCU\Software\AVG Security Toolbar
***** [ Navegadores ] *****
-\\ Internet Explorer v8.0.6001.18702
-\\ Google Chrome v33.0.1750.146
[ Arquivo : C:\Documents and Settings\Administrador\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
[ Arquivo : C:\Documents and Settings\WG\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
[ Arquivo : C:\Documents and Settings\administrator\Configurações locais\Dados de aplicativos\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [2192 octets] - [10/03/2014 15:35:18]
AdwCleaner[S0].txt - [2090 octets] - [10/03/2014 15:36:13]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2150 octets] ##########
Thomaz Jr- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 10/03/2014
Idade : 42
Localização : São Paulo
Re: Remoção de malware
por Power Max Seg 10 Mar 2014, 15:47
Desative temporariamente seu antivírus para evitar conflitos.Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
*Clique com o botão direito do mouse no Zoek.exe e selecione [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
* Copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek
*Clique [Run Script]
*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
*Caso a reinicialização do PC seja solicitada, clique [OK]
* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.
Última edição por Power Max em Seg 24 Mar 2014, 00:06, editado 2 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remoção de malware
por Thomaz Jr Seg 10 Mar 2014, 17:26
Power Max, segue log de Zoek
abçs
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Administrador on seg 10/03/2014 at 17:02:09,56.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Administrador\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-03-10-200018.log 1085 bytes
==== System Restore Info ======================
10/3/2014 17:02:44 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Suspicious Entries Found ======================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"50248:TCP"="50248:TCP:*:Enabled:Autodesk Content Service"
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\APNMCP deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Documents and Settings\ADMINI~1\Dados de aplicativos\Mozilla\Firefox\Profiles\ayxg8poj.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20141003_1707_.backup
ProfilePath: C:\Documents and Settings\EDS\Dados de aplicativos\Mozilla\Firefox\Profiles\dg09gr4b.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20141003_1707_.backup
ProfilePath: C:\Documents and Settings\WG\Dados de aplicativos\Mozilla\Firefox\Profiles\r10nmsqi.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20141003_1707_.backup
ProfilePath: C:\Documents and Settings\ADMINI~1\Dados de aplicativos\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}
prefs.js not found
user.js not found
---- FireFox user.js and prefs.js backups ----
==== Deleting Files \ Folders ======================
C:\Arquivos de programas\AskPartnerNetwork deleted
C:\found.000 deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\AskPartnerNetwork deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\APN deleted
"C:\Documents and Settings\ADMINI~1\Dados de aplicativos\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [01/09/2009 19:48]
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\EDS\Dados de aplicativos\Mozilla\Firefox\Profiles\dg09gr4b.default
- Undetermined - C:\Arquivos de programas\AVG\AVG9\Firefox
- Undetermined - C:\Arquivos de programas\AVG\AVG9\Toolbar\Firefox\avg@igeared
- Undetermined - C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
- Undetermined - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
ProfilePath: C:\Documents and Settings\WG\Dados de aplicativos\Mozilla\Firefox\Profiles\r10nmsqi.default
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\ayxg8poj.default
D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD - C:\Arquivos de programas\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13
A9C86900D2A61728C8326FE7147617C5 - C:\Arquivos de programas\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
BE501CBC29B2025A263D80D399F1797A - c:\Arquivos de programas\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
84715535F8C1296B855BA02BD2C0B237 - C:\Arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
A795A7F26131D0B10F6EE75C4DE3D320 - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll - Adobe Acrobat
B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Arquivos de programas\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
pcoohmdcpejoeggdnihdfhohjgdbllgm - C:\Documents and Settings\All Users\Dados de aplicativos\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\ToolbarCR.crx[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://g.msn.com/USSMB/5"
"First Home Page"="http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Home_Page"="http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen"
"Help_Page"="http://support.dell.com/support/index.aspx?c=br&l=pt&s=gen"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"First Home Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://g.msn.com/USSMB/5"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Home_Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Help_Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3233075460-1877184178-2008650617-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-4300-7A786E7484D7} deleted successfully
HKEY_USERS\S-1-5-21-3233075460-1877184178-2008650617-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-4300-7A786E7484D7} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-4300-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3233075460-1877184178-2008650617-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{41564952-412D-5637-4300-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{41564952-412D-5637-4300-7A786E7484D7} deleted successfully
==== shortcuts in All Users Start Menu ======================
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Mozilla Firefox.lnk - C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Design Premium CS3\Adobe Acrobat 8 Professional.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 - English\Attach Digital Signatures.lnk - C:\Arquivos de programas\Autodesk\AutoCAD 2013\AcSignApply.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 - English\AutoCAD 2013 - English.lnk - C:\Arquivos de programas\Autodesk\AutoCAD 2013\acad.exe /product ACAD /language "en-US"
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 - English\Batch Standards Checker.lnk - C:\Arquivos de programas\Autodesk\AutoCAD 2013\DwgCheckStandards.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 - English\License Transfer Utility.lnk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\ADLM\R5\LTU.exe 001E1 2013.0.0.F -d -l en-US
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 - English\Reference Manager.lnk - C:\Arquivos de programas\Autodesk\AutoCAD 2013\AdRefMan.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 - English\Reset Settings to Default.lnk - C:\Arquivos de programas\Autodesk\AutoCAD 2013\AdMigrator.exe /reset /product ACAD /language "en-US"
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 - English\Migrate Custom Settings\Export AutoCAD 2013 Settings.lnk - C:\Arquivos de programas\Autodesk\AutoCAD 2013\AdMigrator.exe /e /product ACAD /language "en-US"
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 - English\Migrate Custom Settings\Import AutoCAD 2013 Settings.lnk - C:\Arquivos de programas\Autodesk\AutoCAD 2013\AdMigrator.exe /i /product ACAD /language "en-US"
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 - English\Migrate Custom Settings\Migrate From a Previous Release.lnk - C:\Arquivos de programas\Autodesk\AutoCAD 2013\AdMigrator.exe /product ACAD /language "en-US"
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese)\Anexar assinaturas digitais.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese)\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese).lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese)\Gerenciador de referências.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese)\Restaurar configurações padrão.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese)\Utilitário de Transferência de Licença.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese)\Verificador de normas em lote.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese)\Migrar configurações personalizadas\Exportar configurações do AutoCAD 2013.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese)\Migrar configurações personalizadas\Importar configurações do AutoCAD 2013.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese)\Migrar configurações personalizadas\Migrar configurações personalizadas.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\Content Service\Content Service - Configuration Console.lnk - C:\Arquivos de programas\Autodesk\Content Service\Connect.Service.ContentService.Admin.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Avira\Avira Desktop\Avira Free Antivirus.lnk - C:\Arquivos de programas\Avira\AntiVir Desktop\avwin.chm
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Avira\Avira Desktop\Avira na Internet.lnk - C:\Arquivos de programas\Avira\AntiVir Desktop\weblink.url
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Avira\Avira Desktop\Iniciar Avira Free Antivirus.lnk - C:\Arquivos de programas\Avira\AntiVir Desktop\avcenter.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Gerenciamento do computador.LNK - C:\WINDOWS\system32\compmgmt.msc /s
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Synchronizer.lnk - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\About Java.lnk - C:\Arquivos de programas\Java\jre7\bin\javacpl.exe -tab about
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\Check For Updates.lnk - C:\Arquivos de programas\Java\jre7\bin\javacpl.exe -tab update
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\Configure Java.lnk - C:\Arquivos de programas\Java\jre7\bin\javacpl.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\Get Help.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\Visit Java.com.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.chm
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Arquivos de programas\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Access 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Excel 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Groove 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\GrooveIcon.ico
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office InfoPath 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office OneNote 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Outlook 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office PowerPoint 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Publisher 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Word 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Ferramentas do Microsoft Office\Certificado Digital para Projetos do VBA.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Ferramentas do Microsoft Office\Diagnóstico do Microsoft Office.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Ferramentas do Microsoft Office\Microsoft Media Gallery.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Ferramentas do Microsoft Office\Microsoft Office 2007 Configurações de Idioma.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Ferramentas do Microsoft Office\Microsoft Office Picture Manager.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
==== shortcuts in Quick Launch ======================
C:\Documents and Settings\Default User\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.LNK - C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\EDS\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Aide PDF to DXF Converter.lnk - C:\Arquivos de programas\Aide PDF to DXF Converter\pdc.exe
C:\Documents and Settings\EDS\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\EDS\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\EDS\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1
C:\Documents and Settings\WG\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\WG\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\WG\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE /recycle
C:\Documents and Settings\WG\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\administrator\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\EDS\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\EDS\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\WG\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=433 folders=98 18968874 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== EOF on seg 10/03/2014 at 17:19:58,82 ======================
abçs
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Administrador on seg 10/03/2014 at 17:02:09,56.
Microsoft Windows XP Professional 5.1.2600 Service Pack 3 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Documents and Settings\Administrador\Desktop\zoek.exe [Scan all users] [Script inserted]
==== Older Logs ======================
C:\zoek-results2014-03-10-200018.log 1085 bytes
==== System Restore Info ======================
10/3/2014 17:02:44 Zoek.exe System Restore Point Created Succesfully.
==== Reset Hosts File ======================
# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host
127.0.0.1 localhost
==== Suspicious Entries Found ======================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"50248:TCP"="50248:TCP:*:Enabled:Autodesk Content Service"
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\APNMCP deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\APNMCP deleted successfully
==== FireFox Fix ======================
ProfilePath: C:\Documents and Settings\ADMINI~1\Dados de aplicativos\Mozilla\Firefox\Profiles\ayxg8poj.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20141003_1707_.backup
ProfilePath: C:\Documents and Settings\EDS\Dados de aplicativos\Mozilla\Firefox\Profiles\dg09gr4b.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20141003_1707_.backup
ProfilePath: C:\Documents and Settings\WG\Dados de aplicativos\Mozilla\Firefox\Profiles\r10nmsqi.default
user.js not found
---- FireFox user.js and prefs.js backups ----
prefs_20141003_1707_.backup
ProfilePath: C:\Documents and Settings\ADMINI~1\Dados de aplicativos\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}
prefs.js not found
user.js not found
---- FireFox user.js and prefs.js backups ----
==== Deleting Files \ Folders ======================
C:\Arquivos de programas\AskPartnerNetwork deleted
C:\found.000 deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\AskPartnerNetwork deleted
C:\DOCUME~1\ALLUSE~1\DADOSD~1\APN deleted
"C:\Documents and Settings\ADMINI~1\Dados de aplicativos\Mozilla\Firefox\Profiles\{DefaultProfilesFolder}\extensions\toolbar_AVIRA-V7C@apn.ask.com.xpi" deleted
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension" [01/09/2009 19:48]
==== Firefox Extensions ======================
ProfilePath: C:\Documents and Settings\EDS\Dados de aplicativos\Mozilla\Firefox\Profiles\dg09gr4b.default
- Undetermined - C:\Arquivos de programas\AVG\AVG9\Firefox
- Undetermined - C:\Arquivos de programas\AVG\AVG9\Toolbar\Firefox\avg@igeared
- Undetermined - C:\Arquivos de programas\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
- Undetermined - C:\Arquivos de programas\Java\jre6\lib\deploy\jqs\ff
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
ProfilePath: C:\Documents and Settings\WG\Dados de aplicativos\Mozilla\Firefox\Profiles\r10nmsqi.default
- Microsoft .NET Framework Assistant - %ProfilePath%\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
==== Firefox Plugins ======================
Profilepath: C:\Documents and Settings\Administrador\Dados de aplicativos\Mozilla\Firefox\Profiles\ayxg8poj.default
D775FA6F1E88B3B99E69E8A0D6C3A819 - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll - Shockwave Flash
A9191AE22A8F1287B5E2DF33E3A57253 - C:\Arquivos de programas\Java\jre7\bin\plugin2\npjp2.dll - Java(TM) Platform SE 7 U51
9B10927CFD0F7AD39E40C0E34005B1AD - C:\Arquivos de programas\Java\jre7\bin\dtplugin\npdeployJava1.dll - Java Deployment Toolkit 7.0.510.13
A9C86900D2A61728C8326FE7147617C5 - C:\Arquivos de programas\Google\Update\1.3.22.5\npGoogleUpdate3.dll - Google Update
5B92CB0A3EEE50F6B9AE036B4F9B0F0C - C:\Arquivos de programas\Google\Google Earth\plugin\npgeplugin.dll - Google Earth Plugin
BE501CBC29B2025A263D80D399F1797A - c:\Arquivos de programas\Microsoft Silverlight\5.1.20913.0\npctrl.dll - Silverlight Plug-In
84715535F8C1296B855BA02BD2C0B237 - C:\Arquivos de programas\Unity\WebPlayer\loader\npUnity3D32.dll - Unity Player
AB87EEFFD18F2BAAFC274E7075EA6C67 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll - Windows Presentation Foundation / Windows Presentation Foundation
CF4ABE599858E10EEB911E16FBCFD87D - C:\Arquivos de programas\Windows Media Player\npdrmv2.dll - Microsoft® DRM
76E34EA1089E92709C5725407B565DA1 - C:\Arquivos de programas\Windows Media Player\npdsplay.dll - Windows Media Player Plug-in Dynamic Link Library
02A4A41FAC9BF96155B3E8068D1DF4B6 - C:\Arquivos de programas\Windows Media Player\npwmsdrm.dll - Microsoft® DRM
A795A7F26131D0B10F6EE75C4DE3D320 - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\browser\nppdf32.dll - Adobe Acrobat
B27CCB1168B1960AEC6E9D3E0E0F0D2A - c:\Arquivos de programas\Microsoft Silverlight\5.1.20913.0\npctrlui.dll - Microsoft® Silverlight
==== Chrome Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
pcoohmdcpejoeggdnihdfhohjgdbllgm - C:\Documents and Settings\All Users\Dados de aplicativos\AskPartnerNetwork\Toolbar\AVIRA-V7C\CRX\ToolbarCR.crx[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://g.msn.com/USSMB/5"
"First Home Page"="http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Home_Page"="http://www1.la.dell.com/content/default.aspx?c=br&l=pt&s=gen"
"Help_Page"="http://support.dell.com/support/index.aspx?c=br&l=pt&s=gen"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"First Home Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://g.msn.com/USSMB/5"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Home_Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Help_Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
==== Reset Google Chrome ======================
Nothing found to reset
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-3233075460-1877184178-2008650617-500\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41564952-412D-5637-4300-7A786E7484D7} deleted successfully
HKEY_USERS\S-1-5-21-3233075460-1877184178-2008650617-500\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{41564952-412D-5637-4300-7A786E7484D7} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{41564952-412D-5637-4300-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{41564952-412D-5637-4300-7A786E7484D7} deleted successfully
==== Deleting CLSID Registry Values ======================
HKEY_USERS\S-1-5-21-3233075460-1877184178-2008650617-500\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{41564952-412D-5637-4300-7A786E7484D7} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{41564952-412D-5637-4300-7A786E7484D7} deleted successfully
==== shortcuts in All Users Start Menu ======================
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Mozilla Firefox.lnk - C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Adobe Design Premium CS3\Adobe Acrobat 8 Professional.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 - English\Attach Digital Signatures.lnk - C:\Arquivos de programas\Autodesk\AutoCAD 2013\AcSignApply.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 - English\AutoCAD 2013 - English.lnk - C:\Arquivos de programas\Autodesk\AutoCAD 2013\acad.exe /product ACAD /language "en-US"
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 - English\Batch Standards Checker.lnk - C:\Arquivos de programas\Autodesk\AutoCAD 2013\DwgCheckStandards.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 - English\License Transfer Utility.lnk - C:\Arquivos de programas\Arquivos comuns\Autodesk Shared\ADLM\R5\LTU.exe 001E1 2013.0.0.F -d -l en-US
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 - English\Reference Manager.lnk - C:\Arquivos de programas\Autodesk\AutoCAD 2013\AdRefMan.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 - English\Reset Settings to Default.lnk - C:\Arquivos de programas\Autodesk\AutoCAD 2013\AdMigrator.exe /reset /product ACAD /language "en-US"
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 - English\Migrate Custom Settings\Export AutoCAD 2013 Settings.lnk - C:\Arquivos de programas\Autodesk\AutoCAD 2013\AdMigrator.exe /e /product ACAD /language "en-US"
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 - English\Migrate Custom Settings\Import AutoCAD 2013 Settings.lnk - C:\Arquivos de programas\Autodesk\AutoCAD 2013\AdMigrator.exe /i /product ACAD /language "en-US"
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 - English\Migrate Custom Settings\Migrate From a Previous Release.lnk - C:\Arquivos de programas\Autodesk\AutoCAD 2013\AdMigrator.exe /product ACAD /language "en-US"
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese)\Anexar assinaturas digitais.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese)\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese).lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese)\Gerenciador de referências.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese)\Restaurar configurações padrão.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese)\Utilitário de Transferência de Licença.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese)\Verificador de normas em lote.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese)\Migrar configurações personalizadas\Exportar configurações do AutoCAD 2013.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese)\Migrar configurações personalizadas\Importar configurações do AutoCAD 2013.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\AutoCAD 2013 – Português – Brasil (Brazilian Portuguese)\Migrar configurações personalizadas\Migrar configurações personalizadas.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Autodesk\Content Service\Content Service - Configuration Console.lnk - C:\Arquivos de programas\Autodesk\Content Service\Connect.Service.ContentService.Admin.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Avira\Avira Desktop\Avira Free Antivirus.lnk - C:\Arquivos de programas\Avira\AntiVir Desktop\avwin.chm
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Avira\Avira Desktop\Avira na Internet.lnk - C:\Arquivos de programas\Avira\AntiVir Desktop\weblink.url
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Avira\Avira Desktop\Iniciar Avira Free Antivirus.lnk - C:\Arquivos de programas\Avira\AntiVir Desktop\avcenter.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Ferramentas administrativas\Gerenciamento do computador.LNK - C:\WINDOWS\system32\compmgmt.msc /s
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Google Chrome\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000003}\_SC_Acrobat.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Inicializar\Adobe Acrobat Synchronizer.lnk - C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\About Java.lnk - C:\Arquivos de programas\Java\jre7\bin\javacpl.exe -tab about
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\Check For Updates.lnk - C:\Arquivos de programas\Java\jre7\bin\javacpl.exe -tab update
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\Configure Java.lnk - C:\Arquivos de programas\Java\jre7\bin\javacpl.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\Get Help.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Java\Visit Java.com.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Arquivos de programas\Malwarebytes' Anti-Malware\unins000.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware Help.lnk - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.chm
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Arquivos de programas\Malwarebytes' Anti-Malware\mbam.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Malwarebytes' Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Arquivos de programas\Malwarebytes' Anti-Malware\Chameleon\chameleon.chm
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Access 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\accicons.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Excel 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Groove 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\GrooveIcon.ico
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office InfoPath 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\inficon.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office OneNote 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\joticon.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Outlook 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\outicon.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office PowerPoint 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Publisher 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pubs.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Microsoft Office Word 2007.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Ferramentas do Microsoft Office\Certificado Digital para Projetos do VBA.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\misc.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Ferramentas do Microsoft Office\Diagnóstico do Microsoft Office.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Ferramentas do Microsoft Office\Microsoft Media Gallery.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\cagicon.exe
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Ferramentas do Microsoft Office\Microsoft Office 2007 Configurações de Idioma.lnk -
C:\Documents and Settings\All Users\Menu Iniciar\Programas\Microsoft Office\Ferramentas do Microsoft Office\Microsoft Office Picture Manager.lnk - C:\WINDOWS\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
==== shortcuts in Quick Launch ======================
C:\Documents and Settings\Default User\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.LNK - C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\EDS\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Aide PDF to DXF Converter.lnk - C:\Arquivos de programas\Aide PDF to DXF Converter\pdc.exe
C:\Documents and Settings\EDS\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\EDS\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk - C:\Arquivos de programas\Mozilla Firefox\firefox.exe
C:\Documents and Settings\EDS\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1
C:\Documents and Settings\WG\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\WG\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Iniciar o navegador Internet Explorer.lnk - C:\Arquivos de programas\Internet Explorer\iexplore.exe
C:\Documents and Settings\WG\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Microsoft Office Outlook.lnk - C:\Arquivos de programas\Microsoft Office\Office12\OUTLOOK.EXE /recycle
C:\Documents and Settings\WG\Dados de aplicativos\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk - C:\Arquivos de programas\Windows Media Player\wmplayer.exe /prefetch:1
==== Reset IE Proxy ======================
Value(s) before fix:
"ProxyEnable"=dword:00000000
Value(s) after fix:
"ProxyEnable"=dword:00000000
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pcoohmdcpejoeggdnihdfhohjgdbllgm deleted successfully
==== Empty IE Cache ======================
C:\Documents and Settings\Administrador\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\administrator\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\Default User\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\EDS\Configurações locais\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\EDS\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\NetworkService\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\Documents and Settings\WG\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
C:\WINDOWS\system32\config\systemprofile\Configurações locais\Temporary Internet Files\Content.IE5 emptied successfully
==== Empty FireFox Cache ======================
No FireFox Cache found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
Java Cache cleared successfully
==== C:\zoek_backup content ======================
C:\zoek_backup (files=433 folders=98 18968874 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\DOCUME~1\ADMINI~1\CONFIG~1\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\RECYCLER successfully emptied
==== EOF on seg 10/03/2014 at 17:19:58,82 ======================
Thomaz Jr- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 10/03/2014
Idade : 42
Localização : São Paulo
Re: Remoção de malware
por Power Max Seg 10 Mar 2014, 17:37
Estas portas abaixo que estão abertas no seu firewall são do seu conhecimento? Sabe do que se trata?
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"50248:TCP"="50248:TCP:*:Enabled:Autodesk Content Service"
_______________________________________________________________________
Siga, por gentileza, as dicas do tutorial abaixo:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"50248:TCP"="50248:TCP:*:Enabled:Autodesk Content Service"
_______________________________________________________________________
Siga, por gentileza, as dicas do tutorial abaixo:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
* Na sua próxima resposta poste o log do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt
Ficamos na espera.
Última edição por Power Max em Seg 24 Mar 2014, 00:07, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remoção de malware
por Thomaz Jr Seg 10 Mar 2014, 18:31
Power Max escreveu:Estas portas abaixo que estão abertas no seu firewall são do seu conhecimento? Sabe do que se trata?
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP"="139:TCP:*:Enabled:@xpsp2res.dll,-22004"
"445:TCP"="445:TCP:*:Enabled:@xpsp2res.dll,-22005"
"137:UDP"="137:UDP:*:Enabled:@xpsp2res.dll,-22001"
"138:UDP"="138:UDP:*:Enabled:@xpsp2res.dll,-22002"
"1900:UDP"="1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008"
"3389:TCP"="3389:TCP:*:Enabled:@xpsp2res.dll,-22009"
"50248:TCP"="50248:TCP:*:Enabled:Autodesk Content Service"
_______________________________________________________________________
Power Max,
Talvez, em virtude dessa máquina ter o AutoCad instalado, essa porta relacionada com serviço da Autodesk tenha função, mas não posso dizer com certeza.
Abaixo log do JRT, abraços
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by administrator on seg 10/03/2014 at 18:12:59,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on seg 10/03/2014 at 18:15:01,20
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Última edição por Thomaz Jr em Seg 10 Mar 2014, 18:34, editado 1 vez(es) (Motivo da edição : ajustar significado da frase)
Thomaz Jr- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 10/03/2014
Idade : 42
Localização : São Paulo
Re: Remoção de malware
por Power Max Seg 10 Mar 2014, 22:25
Faça o download do < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ... de Nicolas Coolman )|- Desabilite temporariamente seu antivírus para evitar conflitos e execute "ZHPDiag2.exe", para instalar a ferramenta.
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
Última edição por Power Max em Seg 24 Mar 2014, 00:08, editado 1 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remoção de malware
por Thomaz Jr Ter 11 Mar 2014, 09:10
Power Max, bom dia
Segue log do Zhp, abraço
~ Relatório do ZHPDiag v2014.3.10.11 - Nicolas Coolman (10/3/2014)
~ Iniciado por administrator (11/3/2014 09:05:20)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 27.0.1
GCIE: Google Chrome v33.0.1750.146 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.2.286
Malwarebytes Anti-Malware versão 1.75.0.1300
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3036 MB (81% free)
System Restore: Activé (Enable)
System drive C: has 150 GB (64%) free of 233 GB
---\\ Modo de conexão ao sistema
~ Computer Name: MICRO2
~ User Name: administrator
~ All Users Names: SUPPORT_388945a0, Suporte, HelpAssistant, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\administrator\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\administrator\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\administrator\Desktop\
~ %Favorites% : C:\Documents and Settings\administrator\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\administrator\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\administrator\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 150 Go of 233 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.6953444D1C1D9F009080AB2FAA3E0AEB] - (.Microsoft Corporation - Internet Extensions for Win32.) (.6/2/2014 - 03:38:22.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 10:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 20:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 20:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/13
~ Mes Documents (My Documents) : 1/6
~ Mon Bureau (My Desktop) : 0/11
~ Menu demarrer (Programs) : 1/21
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.FE79366FECD444A16CCA9979134DBEA8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [440376] [PID.1616]
[MD5.FDE9C7030FB1E9E2715E113EE6A10F90] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe [440376] [PID.1856]
[MD5.F431DC5D94F4B2FDBC927655D8A9B10E] - (.Autodesk, Inc. - Content Service.) -- C:\Arquivos de programas\Autodesk\Content Service\Connect.Service.ContentService.exe [19232] [PID.1872]
[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe [229376] [PID.1904]
[MD5.B9436A665A8621073A12338B16D7BFD4] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.288]
[MD5.626A24ED1228580B9518C01930936DF9] - (.Google Inc. - Google Installer.) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [133104] [PID.640]
[MD5.6F1E9AB820B3DD8BD38C0190A206205D] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe [431672] [PID.548]
[MD5.29D956C8CB67222D678FAF20D485B25B] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.exe [1011768] [PID.1092]
[MD5.EA5872F1BC10D8A830BBB41F2EAF34E0] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16806912] [PID.1380]
[MD5.26D99E80328260213E1F1EEA8D65A6D9] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [150040] [PID.952]
[MD5.6FF785DE489CB826DD3FBD59FAA1EB1E] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [178712] [PID.2068]
[MD5.96655466471D2400FC44051A25EBB0E7] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [150040] [PID.2136]
[MD5.B86A62B04A14AA20E78776262501F66D] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [256536] [PID.2144]
[MD5.A21E70B4F972CA396A80013D0D436350] - (.Adobe Systems Inc. - AcroTray.) -- C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152] [PID.2188]
[MD5.00BF6EBCCBC9E74C7A0CBEEDA045467B] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.exe [98304] [PID.2268]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.2276]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [254336] [PID.2456]
[MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.2624]
[MD5.95F3F024B8EE19D1B8FD32E9536C5268] - (.APN LLC. - Virtual New Tab Loader.) -- C:\Documents and Settings\administrator\Configurações locais\Dados de aplicativos\VNT\vntldr.exe [195536] [PID.228] =>Toolbar.Ask
[MD5.43D083268A0919F3527A2837390BAF63] - (.Macrovision Corporation - Macrovision Software Manager.) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe [218032] [PID.3000]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.3092]
[MD5.ACEFEEA621DCA62EFB7A7EEA59F5E91B] - (.Flexera Software, Inc. - Activation Licensing Service.) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816] [PID.3160]
[MD5.258A35DDA86873A152879CFCBA40BB60] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8352256] [PID.1708]
~ Processes Running: Scanned in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 0
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Adobe PDF - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.exe =>.Epson Seiko Corporation
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] . (.Adobe Systems Incorporated - Adobe Version Cue CS3.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em MICRO3] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.exe =>.Epson Seiko Corporation
O4 - HKLM\..\Run: [EPSON CX4100] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.exe =>.Epson Seiko Corporation
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - Autodesk Sync.) -- C:\Arquivos de programas\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [VNT] . (.APN LLC. - Virtual New Tab Loader.) -- C:\Arquivos de programas\VNT\vntldr.exe =>Toolbar.Ask
O4 - HKLM\..\RunOnce: [AvgUninstallURL] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] . (.Macrovision Corporation - Macrovision Software Manager.) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe
O4 - HKCU\..\Run: [\\PRINTSERVER\dlk-060CA9-U1] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [EPSON T25 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGEB.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [EPSON TX230] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHLL.exe =>.Epson Seiko Corporation
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-988619590-1480160922-2374809389-500\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-988619590-1480160922-2374809389-500\..\Run: [ISUSPM] . (.Macrovision Corporation - Macrovision Software Manager.) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe
O4 - HKUS\S-1-5-21-988619590-1480160922-2374809389-500\..\Run: [\\PRINTSERVER\dlk-060CA9-U1] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-988619590-1480160922-2374809389-500\..\Run: [EPSON T25 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGEB.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-988619590-1480160922-2374809389-500\..\Run: [EPSON TX230] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHLL.exe =>.Epson Seiko Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{405D13D0-459A-429F-A951-915E6CA7DD9E}: DhcpNameServer = 10.10.254.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{405D13D0-459A-429F-A951-915E6CA7DD9E}: DhcpDomain = EDS.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{405D13D0-459A-429F-A951-915E6CA7DD9E}: DhcpNameServer = 10.10.254.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{405D13D0-459A-429F-A951-915E6CA7DD9E}: DhcpDomain = EDS.local
O17 - HKLM\System\CS3\Services\Tcpip\..\{405D13D0-459A-429F-A951-915E6CA7DD9E}: DhcpNameServer = 10.10.254.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{405D13D0-459A-429F-A951-915E6CA7DD9E}: DhcpDomain = EDS.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EDS.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.254.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notificações do Programa de Vantagens do Wi.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Pasta e monitor da bandeja UPNP.) -- C:\WINDOWS\system32\upnpui.dll
~ SSODL: 6 Legitimates Filtered in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\Dell.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\wallpaper\Alegria.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\VNT]
[HKLM\Software\AideCAD]
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\MSExplorer]
~ Key Software: 582 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/12/2009 - 11:59:09 - [5,211] ----D C:\Arquivos de programas\Aide PDF to DXF Converter
O43 - CFD: 30/11/2009 - 19:04:42 - [9,063] ----D C:\Arquivos de programas\eWar 3.1
O43 - CFD: 29/3/2010 - 17:55:05 - [46,156] ----D C:\Arquivos de programas\Programas SPED
O43 - CFD: 23/6/2008 - 13:44:44 - [0,001] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 5/3/2014 - 16:28:55 - [0,326] ----D C:\Arquivos de programas\VNT
O43 - CFD: 23/6/2008 - 13:44:30 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 10/3/2014 - 14:10:36 - [0,275] ----D C:\Documents and Settings\administrator\Configurações locais\Dados de aplicativos\VNT
O43 - CFD: 24/4/2012 - 16:53:45 - [0,015] R---D C:\Documents and Settings\administrator\Menu Iniciar\Programas\Acessórios
O43 - CFD: 23/6/2008 - 01:37:18 - [0] R---D C:\Documents and Settings\administrator\Menu Iniciar\Programas\Inicializar
~ Program Folder: 132 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.C51A881398F29071239741AE16D07C1C] - 10/3/2014 - 12:39:06 RSHA- . (...) -- C:\cmldr [261856]
O44 - LFC:[MD5.0807035D42B7B9E787B09B1B6420093A] - 10/3/2014 - 12:39:09 ---A- . (...) -- C:\Boot.bak [211]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 10/3/2014 - 12:47:56 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.CE77F9C8B897BADF70F7CE2D0486C560] - 10/3/2014 - 14:31:43 ---A- . (...) -- C:\DelFix.txt [5730]
O44 - LFC:[MD5.C69C16BE2CD55E980D1CEE840D3EF553] - 10/3/2014 - 17:00:18 ---A- . (...) -- C:\zoek-results2014-03-10-200018.log [1085]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 10/3/2014 - 17:01:55 ---A- . (...) -- C:\WINDOWS\zoek-delete.exe [24064]
O44 - LFC:[MD5.35F7BB4DEDFC10F84FE0D85D76739F0B] - 10/3/2014 - 17:19:58 ---A- . (...) -- C:\zoek-results.log [22947]
O44 - LFC:[MD5.8761F1932584E2718D1363FD38874C61] - 11/3/2014 - 08:45:56 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.4429C3F3389CFA2402B7BB733075D584] - 11/3/2014 - 08:45:56 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.A8E4BA11AFF8821EE2B03160C70DADE1] - 5/3/2014 - 14:09:41 ---A- . (...) -- C:\WINDOWS\wmsetup.log [6968]
O44 - LFC:[MD5.35641A6BBFF3664BD7F27EEAB087D0C7] - 5/3/2014 - 14:09:42 ---A- . (...) -- C:\WINDOWS\OEWABLog.txt [690]
O44 - LFC:[MD5.1497D285B8EBB47D3AD138FC63D73318] - 6/3/2014 - 13:53:16 ---A- . (...) -- C:\WINDOWS\win.ini [633]
O44 - LFC:[MD5.A42F9812989361008CD502320C86C103] - 6/3/2014 - 16:17:44 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1891]
O44 - LFC:[MD5.FFFD28AF5A39C7897A0A756662D73FB6] - 6/3/2014 - 16:17:45 ---A- . (...) -- C:\WINDOWS\msmqinst.log [436392]
O44 - LFC:[MD5.DDBBAB84464CFD08B2B2D2654A76F31D] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [1369921]
O44 - LFC:[MD5.11A5B1995FD7E30A3C70F6B2B59E78CD] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [95062]
O44 - LFC:[MD5.32B5DB7634C53999F893C4CBD825347C] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\comsetup.log [452895]
O44 - LFC:[MD5.7899DE2B3CC66C9F1F1DC049B45B66B4] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\iis6.log [1508953]
O44 - LFC:[MD5.0FD6F177FDE3A4483A26E4ED96841216] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\imsins.log [1891]
O44 - LFC:[MD5.788F7B75EA30ADA12F6199D29C8004DC] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\msgsocm.log [69197]
O44 - LFC:[MD5.4D916601D66902CCF2184DF874961F62] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\netfxocm.log [241439]
O44 - LFC:[MD5.AD9DBC5C6DD7702EDC7C1423A502FA9C] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [274907]
O44 - LFC:[MD5.C864A0A1340217A30059179C81A0E713] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\ocgen.log [669939]
O44 - LFC:[MD5.A296DCB20BDCA7DF6DD7CB73A5D751ED] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\ocmsn.log [85585]
O44 - LFC:[MD5.D3AA2175203D4583EBFFDE088A021D19] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\tabletoc.log [68731]
O44 - LFC:[MD5.C72030B375A0A4D081C617BAE8EF31C0] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\tsoc.log [632349]
O44 - LFC:[MD5.0D9FAE2786E5743FBD54A98D111DC937] - 7/3/2014 - 14:22:17 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [664]
O44 - LFC:[MD5.E655B40B48220A6554F16C18581287AD] - 7/3/2014 - 16:57:17 ---A- . (...) -- C:\WINDOWS\Drawing1.dwg [31229]
~ Files: 60 Legitimates Filtered in 00mn 00s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\GunSoft\LandMass\system\Launcher.exe" [Enabled] .(.WAYPOINT.) -- C:\GunSoft\LandMass\system\Launcher.exe
~ Keys Export: 16 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.62D318E9A0C8FC9B780008E724283707] - 18/8/2001 - 06:52:00 ---A- . (.Advanced System Products, Inc. - AdvanSys SCSI Controller Driver.) -- C:\WINDOWS\system32\Drivers\asc.sys [26496]
O58 - SDL:[MD5.5D8DE112AA0254B907861E9E9C31D597] - 18/8/2001 - 06:51:58 ---A- . (.Advanced System Products, Inc. - AdvanSys Ultra-Wide PCI SCSI Driver.) -- C:\WINDOWS\system32\Drivers\asc3550.sys [14848]
O58 - SDL:[MD5.DA6675E1400D58412C93180F8651A9FB] - 14/4/2008 - 09:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/4/2008 - 09:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.3F4BB95E5A44F3BE34824E8E7CAF0737] - 18/8/2001 - 06:52:12 ---A- . (.American Megatrends Inc. - MegaRAID RAID Controller Driver for Windows Whistler 32.) -- C:\WINDOWS\system32\Drivers\mraid35x.sys [17280]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 14/4/2008 - 09:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 1/1/1601 - 03:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sptd.sys [721904]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 13/12/2013 - 15:11:21 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\Drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.1FF3217614018630D0A6758630FC698C] - 18/8/2001 - 07:07:34 ---A- . (.Symbios Logic Inc. - Symbios Logic Inc. SCSI Miniport Driver.) -- C:\WINDOWS\system32\Drivers\symc810.sys [16256]
O58 - SDL:[MD5.1B698A51CD528D8DA4FFAED66DFC51B9] - 18/8/2001 - 06:52:22 ---A- . (.Promise Technology, Inc. - Promise Ultra66 Miniport Driver.) -- C:\WINDOWS\system32\Drivers\ultra.sys [36736]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 14/4/2008 - 09:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.912150FE88E79AFEE0BB72216FAB2617] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.19D4F0DAD3F393C13DE7F849ADE72EFE] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.86BB7AF2533B342B8E274590AD2190FA] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 8 Legitimates Filtered in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 13/12/2013 - C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.exe (AntiVirWebService) .(.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) - LEGACY_ANTIVIRWEBSERVICE
O64 - Services: CurCS - 28/2/2006 - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Computer, Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE
~ Legacy: 206 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Mozilla Corporation - Firefox.) -- C:\Arquivos de programas\Mozilla Firefox\firefox.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Arquivos de programas\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Arquivos de programas\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.A8EBBA171B1339C2E52EF6CC1A72196C] [SPRF][6/5/2013] (...) -- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys [2516]
[MD5.0E46611DBBD6E6B94E1AF709F6A6CEFC] [SPRF][10/3/2014] (...) -- C:\Documents and Settings\administrator\Desktop\AdwCleaner.exe [1949184]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][10/3/2014] (...) -- C:\Documents and Settings\administrator\Desktop\zoek.exe [1285120]
~ Files: 12 Legitimates Filtered in 00mn 00s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "25946514D214736534007A857BC0A030" . (.Avira SearchFree Toolbar.) -- C:\WINDOWS\Installer\{41564952-412D-5637-4300-A758B70C0A03}\ToolbarIcon.exe =>Toolbar.Avira
~ Update Products: 110 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.DFCE143875390CB9320B702FD0F973A3] [WIS][5/3/2014] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\238f2b.msi [809472] =>Toolbar.Avira
~ WIS: 111 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 20/3/2007 153792 | (Adobe Version Cue CS3) . (.Adobe Systems Incorporated.) - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe =>.Adobe Systems Incorporated
SS - | Demand 5/3/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 21/8/2009 133104 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 21/8/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 12/2/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 11/7/2007 69632 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe
SR - | Auto 13/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
SR - | Auto 13/12/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 13/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 31/1/2012 19232 | (Autodesk Content Service) . (.Autodesk, Inc..) - C:\Arquivos de programas\Autodesk\Content Service\Connect.Service.ContentService.exe
SR - | Auto 28/2/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
SR - | Demand 5/3/2014 1044816 | (FLEXnet Licensing Service) . (.Flexera Software, Inc..) - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Auto 5/3/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
~ Services: Scanned in 00mn 00s
---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 1/1/1601 - 03:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sptd.sys [721904]
~ Emulateurs: Scanned in 00mn 00s
---\\ Scâner Aditional (088)
Database Version : 13031 - (10/3/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}] =>Toolbar.AVGSearch
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:VNT =>Toolbar.Ask^
C:\Documents and Settings\administrator\Configurações locais\Dados de aplicativos\VNT\vntldr.exe =>Toolbar.Ask^
C:\Windows\Installer\238f2b.msi =>Toolbar.Avira^
~ Additionnel Scan: 378379 Items scanned in 00mn 13s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
~ MSI: 1 link(s) detected in 00mn 13s
~ 985 Legitimates filtered by white list
End of the scan (493 lines in 00mn 22s)(0)
Segue log do Zhp, abraço
~ Relatório do ZHPDiag v2014.3.10.11 - Nicolas Coolman (10/3/2014)
~ Iniciado por administrator (11/3/2014 09:05:20)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Fóruns de suporte gratuito para desinfecção : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Not Found
---\\ Navegadores Internet
MSIE: Internet Explorer v8.0.6001.18702
MFIE: Mozilla Firefox 27.0.1
GCIE: Google Chrome v33.0.1750.146 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Microsoft Windows XP, 32-bit Service Pack 3 (Build 2600)
Windows Automatic Updates : OK
Windows Genuine Advantage : OK
---\\ Softwares de proteçao do sistema
Avira Free Antivirus v14.0.2.286
Malwarebytes Anti-Malware versão 1.75.0.1300
---\\ Softwares d'optimização do sistema
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 12 Plugin
Java 7 Update 51
---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3036 MB (81% free)
System Restore: Activé (Enable)
System drive C: has 150 GB (64%) free of 233 GB
---\\ Modo de conexão ao sistema
~ Computer Name: MICRO2
~ User Name: administrator
~ All Users Names: SUPPORT_388945a0, Suporte, HelpAssistant, ASPNET, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Documents and Settings\administrator\Dados de aplicativos\ZHP\
~ %AppData% : C:\Documents and Settings\administrator\Dados de aplicativos\
~ %Desktop% : C:\Documents and Settings\administrator\Desktop\
~ %Favorites% : C:\Documents and Settings\administrator\Favoritos\
~ %LocalAppData% : C:\Documents and Settings\administrator\Configurações locais\Dados de aplicativos\
~ %StartMenu% : C:\Documents and Settings\administrator\Menu Iniciar\
~ %Windir% : C:\WINDOWS\
~ %System% : C:\WINDOWS\system32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 150 Go of 233 Go)
D: CD-ROM drive (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
~ Security Center: 45 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.064EC7FF5F58B928C3E119402977FA6D] - (.Microsoft Corporation - Windows Explorer.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\Explorer.exe [1035776]
[MD5.6953444D1C1D9F009080AB2FAA3E0AEB] - (.Microsoft Corporation - Internet Extensions for Win32.) (.6/2/2014 - 03:38:22.) -- C:\WINDOWS\system32\wininet.dll [920064]
[MD5.71D440F79B711627B12B567FB2EADB42] - (.Microsoft Corporation - Aplicativo de logon do Windows NT.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Winlogon.exe [509952]
[MD5.1E44BC1E83D8FD2305F8D452DB109CF9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.17/8/2011 - 10:49:54.) -- C:\WINDOWS\system32\Drivers\AFD.sys [138496]
[MD5.9F3A2F5AA6875C72BF062C712CFA2674] - (.Microsoft Corporation - IDE/ATAPI Port Driver.) (.13/4/2008 - 20:40:32.) -- C:\WINDOWS\system32\Drivers\atapi.sys [96512]
[MD5.C885B02847F5D2FD45A24E219ED93B32] - (.Microsoft Corporation - CD-ROM File System Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdfs.sys [63744]
[MD5.1F4260CC5B42272D71F79E570A27A4FE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Cdrom.sys [62976]
[MD5.A8D31E836CCF2F51009CE7DFFECF6D51] - (.Microsoft Corporation - FIPS Crypto Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Fips.sys [44672]
[MD5.573C7D0A32852B48F3058CFD8026F511] - (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\HDAudBus.sys [144384]
[MD5.083A052659F5310DD8B6A6CB05EDCF8E] - (.Microsoft Corporation - IMAPI Kernel Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Imapi.sys [42112]
[MD5.CC748EA12C6EFFDE940EE98098BF96BB] - (.Microsoft Corporation - IP Network Address Translator.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IpNat.sys [152832]
[MD5.23C74D75E36E7158768DD63D92789A91] - (.Microsoft Corporation - IPSec Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\IPSec.sys [75264]
[MD5.7D304A5EB4344EBEEAB53A2FE3FFB9F0] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.15/7/2011 - 10:29:31.) -- C:\WINDOWS\system32\Drivers\MRxSmb.sys [456320]
[MD5.74B2B2F5BEA5E9A3DC021D685551BD3D] - (.Microsoft Corporation - MBT Transport driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\netBT.sys [162816]
[MD5.78A08DD6A8D65E697C18E1DB01C5CDCA] - (.Microsoft Corporation - NT File System Driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\ntfs.sys [574976]
[MD5.9BADEE6B698BF1AF36E25A1A64A89EAB] - (.Microsoft Corporation - Driver de porta paralela.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Parport.sys [80384]
[MD5.11B4A627BC9614B885C4969BFA5FF8A6] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\Rasl2tp.sys [51328]
[MD5.15CABD0F7C00C47C70124907916AF3F1] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.13/4/2008 - 20:32:52.) -- C:\WINDOWS\system32\Drivers\rdpdr.sys [196224]
[MD5.68D749B04BFBBD4D4D15CC5185AFA4DD] - (.Microsoft Corporation - Redbook Audio Filter Driver.) (.13/4/2008 - 15:53:18.) -- C:\WINDOWS\system32\Drivers\redbook.sys [58240]
[MD5.EB6B1E2C984D84470FF4FE7EF98CD44A] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.14/4/2008 - 09:00:00.) -- C:\WINDOWS\system32\Drivers\volsnap.sys [53248]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/2
~ Mes musiques (My Musics) : 1/2
~ Mes Favoris (My Favorites) : 1/13
~ Mes Documents (My Documents) : 1/6
~ Mon Bureau (My Desktop) : 0/11
~ Menu demarrer (Programs) : 1/21
~ Hidden Files: Scanned in 00mn 00s
---\\ Processos lançados
[MD5.FE79366FECD444A16CCA9979134DBEA8] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe [440376] [PID.1616]
[MD5.FDE9C7030FB1E9E2715E113EE6A10F90] - (.Avira Operations GmbH & Co. KG - Antivirus Host Framework Service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe [440376] [PID.1856]
[MD5.F431DC5D94F4B2FDBC927655D8A9B10E] - (.Autodesk, Inc. - Content Service.) -- C:\Arquivos de programas\Autodesk\Content Service\Connect.Service.ContentService.exe [19232] [PID.1872]
[MD5.73686FE0B2E0469F89FD2075BE724704] - (.Apple Computer, Inc. - Bonjour Service.) -- C:\Arquivos de programas\Bonjour\mDNSResponder.exe [229376] [PID.1904]
[MD5.B9436A665A8621073A12338B16D7BFD4] - (.Oracle Corporation - Java Quick Starter Service.) -- C:\Arquivos de programas\Java\jre7\bin\jqs.exe [182696] [PID.288]
[MD5.626A24ED1228580B9518C01930936DF9] - (.Google Inc. - Google Installer.) -- C:\Arquivos de programas\Google\Update\GoogleUpdate.exe [133104] [PID.640]
[MD5.6F1E9AB820B3DD8BD38C0190A206205D] - (.Avira Operations GmbH & Co. KG - AntiVir shadow copy service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avshadow.exe [431672] [PID.548]
[MD5.29D956C8CB67222D678FAF20D485B25B] - (.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) -- C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.exe [1011768] [PID.1092]
[MD5.EA5872F1BC10D8A830BBB41F2EAF34E0] - (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe [16806912] [PID.1380]
[MD5.26D99E80328260213E1F1EEA8D65A6D9] - (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe [150040] [PID.952]
[MD5.6FF785DE489CB826DD3FBD59FAA1EB1E] - (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe [178712] [PID.2068]
[MD5.96655466471D2400FC44051A25EBB0E7] - (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe [150040] [PID.2136]
[MD5.B86A62B04A14AA20E78776262501F66D] - (.Intel Corporation - igfxsrvc Module.) -- C:\WINDOWS\system32\igfxsrvc.exe [256536] [PID.2144]
[MD5.A21E70B4F972CA396A80013D0D436350] - (.Adobe Systems Inc. - AcroTray.) -- C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [620152] [PID.2188]
[MD5.00BF6EBCCBC9E74C7A0CBEEDA045467B] - (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.exe [98304] [PID.2268]
[MD5.0E34B7BB1FCF22BCC1E394D16F9E992B] - (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe [30040] [PID.2276]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe [254336] [PID.2456]
[MD5.DD231039B13EC2ABDE315D76E658EF0E] - (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe [684600] [PID.2624]
[MD5.95F3F024B8EE19D1B8FD32E9536C5268] - (.APN LLC. - Virtual New Tab Loader.) -- C:\Documents and Settings\administrator\Configurações locais\Dados de aplicativos\VNT\vntldr.exe [195536] [PID.228] =>Toolbar.Ask
[MD5.43D083268A0919F3527A2837390BAF63] - (.Macrovision Corporation - Macrovision Software Manager.) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe [218032] [PID.3000]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\WINDOWS\system32\wuauclt.exe [53784] [PID.3092]
[MD5.ACEFEEA621DCA62EFB7A7EEA59F5E91B] - (.Flexera Software, Inc. - Activation Licensing Service.) -- C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [1044816] [PID.3160]
[MD5.258A35DDA86873A152879CFCBA40BB60] - (.Nicolas Coolman - ZHPDiag.) -- C:\Arquivos de programas\ZHPDiag\ZHPDiag.exe [8352256] [PID.1708]
~ Processes Running: Scanned in 00mn 00s
---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R1 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ IE Browser: 15 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\WINDOWS\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\WINDOWS\explorer.exe
F2 - REG:system.ini: VMApplet=rundll32 shell32,Control_RunDLL "sysdm.cpl"
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 0
---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Adobe PDF - [HKLM]{47833539-D0C5-4125-9FA8-0819E2EAAC93} . (.Adobe Systems Incorporated - Adobe PDF Toolbar for Internet Explorer.) -- C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{01E04581-4EEE-11D0-BFE9-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{0E5CBF21-D15F-11D0-8301-00AA005B4383} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{47833539-D0C5-4125-9FA8-0819E2EAAC93} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDCPL] . (.Realtek Semiconductor Corp. - Realtek HD Audio Control Panel.) -- C:\WINDOWS\RTHDCPL.exe =>.Realtek Semiconductor Corp
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [EPSON Stylus CX4100 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.exe =>.Epson Seiko Corporation
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] . (.Adobe Systems Inc. - AcroTray.) -- C:\Arquivos de programas\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
O4 - HKLM\..\Run: [Adobe_ID0EYTHM] . (.Adobe Systems Incorporated - Adobe Version Cue CS3.) -- C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3Tray.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [Auto EPSON Stylus CX4100 Series em MICRO3] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.exe =>.Epson Seiko Corporation
O4 - HKLM\..\Run: [EPSON CX4100] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.exe =>.Epson Seiko Corporation
O4 - HKLM\..\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Arquivos de programas\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Arquivos de programas\Arquivos comuns\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Run: [Autodesk Sync] . (.Autodesk, Inc. - Autodesk Sync.) -- C:\Arquivos de programas\Autodesk\Autodesk Sync\AdSync.exe
O4 - HKLM\..\Run: [avgnt] . (.Avira Operations GmbH & Co. KG - Antivirus System Tray Tool (Desktop).) -- C:\Arquivos de programas\Avira\AntiVir Desktop\avgnt.exe
O4 - HKLM\..\Run: [VNT] . (.APN LLC. - Virtual New Tab Loader.) -- C:\Arquivos de programas\VNT\vntldr.exe =>Toolbar.Ask
O4 - HKLM\..\RunOnce: [AvgUninstallURL] . (.Microsoft Corporation - Processador de comandos do Windows.) -- C:\WINDOWS\system32\cmd.exe
O4 - HKCU\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ISUSPM] . (.Macrovision Corporation - Macrovision Software Manager.) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe
O4 - HKCU\..\Run: [\\PRINTSERVER\dlk-060CA9-U1] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [EPSON T25 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGEB.exe =>.Epson Seiko Corporation
O4 - HKCU\..\Run: [EPSON TX230] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHLL.exe =>.Epson Seiko Corporation
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\CTFMON.exe
O4 - HKUS\S-1-5-21-988619590-1480160922-2374809389-500\..\Run: [CTFMON.EXE] . (.Microsoft Corporation - CTF Loader.) -- C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-21-988619590-1480160922-2374809389-500\..\Run: [ISUSPM] . (.Macrovision Corporation - Macrovision Software Manager.) -- C:\Arquivos de programas\Arquivos comuns\InstallShield\UpdateService\ISUSPM.exe
O4 - HKUS\S-1-5-21-988619590-1480160922-2374809389-500\..\Run: [\\PRINTSERVER\dlk-060CA9-U1] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAEL.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-988619590-1480160922-2374809389-500\..\Run: [EPSON T25 Series] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIGEB.exe =>.Epson Seiko Corporation
O4 - HKUS\S-1-5-21-988619590-1480160922-2374809389-500\..\Run: [EPSON TX230] . (.SEIKO EPSON CORPORATION - EPSON Status Monitor 3.) -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIHLL.exe =>.Epson Seiko Corporation
~ Application: Scanned in 00mn 00s
---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft Office OneNote Internet Explorer Add-in.) -- C:\ARQUIV~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} . (...) -- C:\Arquivos de programas\Microsoft Office\Office12\REFBARH.ICO
O9 - Extra button: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} -- Chave orfã
O9 - Extra button: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} . (.Microsoft Corporation - Windows Messenger.) -- C:\Arquivos de programas\Messenger\msmsgs.exe
~ IE Extra Buttons: Scanned in 00mn 00s
---\\ Piratagem da Opção " Redefinir Configurações da Web " (014)
O14 - IERESET.INF: SEARCH_PAGE_URL=SEARCH_PAGE_URL="&http://home.microsoft.com/intl/br/access/allinone.asp"
O14 - IERESET.INF: SAFESITE_VALUE=SAFESITE_VALUE="search.msn.com.br"
~ IE Paramètres WEB: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{405D13D0-459A-429F-A951-915E6CA7DD9E}: DhcpNameServer = 10.10.254.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{405D13D0-459A-429F-A951-915E6CA7DD9E}: DhcpDomain = EDS.local
O17 - HKLM\System\CS1\Services\Tcpip\..\{405D13D0-459A-429F-A951-915E6CA7DD9E}: DhcpNameServer = 10.10.254.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{405D13D0-459A-429F-A951-915E6CA7DD9E}: DhcpDomain = EDS.local
O17 - HKLM\System\CS3\Services\Tcpip\..\{405D13D0-459A-429F-A951-915E6CA7DD9E}: DhcpNameServer = 10.10.254.1
O17 - HKLM\System\CS3\Services\Tcpip\..\{405D13D0-459A-429F-A951-915E6CA7DD9E}: DhcpDomain = EDS.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = EDS.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.10.254.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: wia - {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} . (.Microsoft Corporation - WIA Scripting Layer.) -- C:\WINDOWS\system32\wiascr.dll
O18 - Filter: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Arquivos de programas\Arquivos comuns\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: crypt32chain . (.Microsoft Corporation - Crypto API32.) -- C:\WINDOWS\system32\crypt32.dll
O20 - Winlogon Notify: cryptnet . (.Microsoft Corporation - Crypto Network Related API.) -- C:\WINDOWS\system32\cryptnet.dll
O20 - Winlogon Notify: cscdll . (.Microsoft Corporation - Agente de rede off-line.) -- C:\WINDOWS\system32\cscdll.dll
O20 - Winlogon Notify: dimsntfy . (.Microsoft Corporation - DIMS Notification Handler.) -- C:\WINDOWS\system32\dimsntfy.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\WINDOWS\system32\igfxdev.dll
O20 - Winlogon Notify: ScCertProp . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: Schedule . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: sclgntfy . (.Microsoft Corporation - DLL de notificação do serviço de logon secu.) -- C:\WINDOWS\system32\sclgntfy.dll
O20 - Winlogon Notify: SensLogn . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\WlNotify.dll
O20 - Winlogon Notify: termsrv . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
O20 - Winlogon Notify: WgaLogon . (.Microsoft Corporation - Notificações do Programa de Vantagens do Wi.) -- C:\WINDOWS\system32\WgaLogon.dll
O20 - Winlogon Notify: wlballoon . (.Microsoft Corporation - DLL comum para receber notificações do Winl.) -- C:\WINDOWS\system32\wlnotify.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Chave do Registo autorun ShellServiceObjectDelayLoad (SSO/SSODL) (O21)
O21 - SSODL: UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} . (.Microsoft Corporation - Pasta e monitor da bandeja UPNP.) -- C:\WINDOWS\system32\upnpui.dll
~ SSODL: 6 Legitimates Filtered in 00mn 00s
---\\ Chave do Registo autorun SharedTaskScheduler (STS) (O22)
O22 - SharedTaskScheduler: Pré-carregador Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Pré-carregador Browseui - {8C7461EF-2B13-11d2-BE35-3078302C2030} . (.Microsoft Corporation - Biblioteca da interface de usuário do naveg.) -- C:\WINDOWS\system32\browseui.dll
~ STS/SSO: Scanned in 00mn 00s
---\\ Enumeração Ativa do Ambiente de trabalho & Editor MHTML (024)
O24 - Desktop Component 0: Minha página inicial atual - file:About:Home
O24 - Desktop General: BackupWallPaper - .(...) - C:\WINDOWS\Dell.bmp
O24 - Desktop General: WallPaper - .(...) - C:\WINDOWS\web\wallpaper\Alegria.bmp
~ Desktop Component: 4 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\VNT]
[HKLM\Software\AideCAD]
[HKLM\Software\AskPartnerNetwork]
[HKLM\Software\MSExplorer]
~ Key Software: 582 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 16/12/2009 - 11:59:09 - [5,211] ----D C:\Arquivos de programas\Aide PDF to DXF Converter
O43 - CFD: 30/11/2009 - 19:04:42 - [9,063] ----D C:\Arquivos de programas\eWar 3.1
O43 - CFD: 29/3/2010 - 17:55:05 - [46,156] ----D C:\Arquivos de programas\Programas SPED
O43 - CFD: 23/6/2008 - 13:44:44 - [0,001] ----D C:\Arquivos de programas\Serviços on-line
O43 - CFD: 5/3/2014 - 16:28:55 - [0,326] ----D C:\Arquivos de programas\VNT
O43 - CFD: 23/6/2008 - 13:44:30 - [0,008] ----D C:\Arquivos de programas\Arquivos comuns\Serviços
O43 - CFD: 10/3/2014 - 14:10:36 - [0,275] ----D C:\Documents and Settings\administrator\Configurações locais\Dados de aplicativos\VNT
O43 - CFD: 24/4/2012 - 16:53:45 - [0,015] R---D C:\Documents and Settings\administrator\Menu Iniciar\Programas\Acessórios
O43 - CFD: 23/6/2008 - 01:37:18 - [0] R---D C:\Documents and Settings\administrator\Menu Iniciar\Programas\Inicializar
~ Program Folder: 132 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.C51A881398F29071239741AE16D07C1C] - 10/3/2014 - 12:39:06 RSHA- . (...) -- C:\cmldr [261856]
O44 - LFC:[MD5.0807035D42B7B9E787B09B1B6420093A] - 10/3/2014 - 12:39:09 ---A- . (...) -- C:\Boot.bak [211]
O44 - LFC:[MD5.C9DD76D0EF94637C77FF8CA5E0FB0684] - 10/3/2014 - 12:47:56 ---A- . (...) -- C:\WINDOWS\system.ini [227]
O44 - LFC:[MD5.CE77F9C8B897BADF70F7CE2D0486C560] - 10/3/2014 - 14:31:43 ---A- . (...) -- C:\DelFix.txt [5730]
O44 - LFC:[MD5.C69C16BE2CD55E980D1CEE840D3EF553] - 10/3/2014 - 17:00:18 ---A- . (...) -- C:\zoek-results2014-03-10-200018.log [1085]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 10/3/2014 - 17:01:55 ---A- . (...) -- C:\WINDOWS\zoek-delete.exe [24064]
O44 - LFC:[MD5.35F7BB4DEDFC10F84FE0D85D76739F0B] - 10/3/2014 - 17:19:58 ---A- . (...) -- C:\zoek-results.log [22947]
O44 - LFC:[MD5.8761F1932584E2718D1363FD38874C61] - 11/3/2014 - 08:45:56 ---A- . (...) -- C:\WINDOWS\wiadebug.log [159]
O44 - LFC:[MD5.4429C3F3389CFA2402B7BB733075D584] - 11/3/2014 - 08:45:56 ---A- . (...) -- C:\WINDOWS\wiaservc.log [49]
O44 - LFC:[MD5.A8E4BA11AFF8821EE2B03160C70DADE1] - 5/3/2014 - 14:09:41 ---A- . (...) -- C:\WINDOWS\wmsetup.log [6968]
O44 - LFC:[MD5.35641A6BBFF3664BD7F27EEAB087D0C7] - 5/3/2014 - 14:09:42 ---A- . (...) -- C:\WINDOWS\OEWABLog.txt [690]
O44 - LFC:[MD5.1497D285B8EBB47D3AD138FC63D73318] - 6/3/2014 - 13:53:16 ---A- . (...) -- C:\WINDOWS\win.ini [633]
O44 - LFC:[MD5.A42F9812989361008CD502320C86C103] - 6/3/2014 - 16:17:44 ---A- . (...) -- C:\WINDOWS\imsins.BAK [1891]
O44 - LFC:[MD5.FFFD28AF5A39C7897A0A756662D73FB6] - 6/3/2014 - 16:17:45 ---A- . (...) -- C:\WINDOWS\msmqinst.log [436392]
O44 - LFC:[MD5.DDBBAB84464CFD08B2B2D2654A76F31D] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\FaxSetup.log [1369921]
O44 - LFC:[MD5.11A5B1995FD7E30A3C70F6B2B59E78CD] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\MedCtrOC.log [95062]
O44 - LFC:[MD5.32B5DB7634C53999F893C4CBD825347C] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\comsetup.log [452895]
O44 - LFC:[MD5.7899DE2B3CC66C9F1F1DC049B45B66B4] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\iis6.log [1508953]
O44 - LFC:[MD5.0FD6F177FDE3A4483A26E4ED96841216] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\imsins.log [1891]
O44 - LFC:[MD5.788F7B75EA30ADA12F6199D29C8004DC] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\msgsocm.log [69197]
O44 - LFC:[MD5.4D916601D66902CCF2184DF874961F62] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\netfxocm.log [241439]
O44 - LFC:[MD5.AD9DBC5C6DD7702EDC7C1423A502FA9C] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\ntdtcsetup.log [274907]
O44 - LFC:[MD5.C864A0A1340217A30059179C81A0E713] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\ocgen.log [669939]
O44 - LFC:[MD5.A296DCB20BDCA7DF6DD7CB73A5D751ED] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\ocmsn.log [85585]
O44 - LFC:[MD5.D3AA2175203D4583EBFFDE088A021D19] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\tabletoc.log [68731]
O44 - LFC:[MD5.C72030B375A0A4D081C617BAE8EF31C0] - 6/3/2014 - 16:18:23 ---A- . (...) -- C:\WINDOWS\tsoc.log [632349]
O44 - LFC:[MD5.0D9FAE2786E5743FBD54A98D111DC937] - 7/3/2014 - 14:22:17 ---A- . (...) -- C:\WINDOWS\system32\d3d9caps.dat [664]
O44 - LFC:[MD5.E655B40B48220A6554F16C18581287AD] - 7/3/2014 - 16:57:17 ---A- . (...) -- C:\WINDOWS\Drawing1.dwg [31229]
~ Files: 60 Legitimates Filtered in 00mn 00s
---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - URL Exec Hook - {AEB6717E-7E19-11d0-97EE-00C04FD91972} - shell32.dll
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Arquivos de programas\Microsoft Office\Office12\GrooveShellExtensions.dll
~ ShellExecuteHooks: Scanned in 00mn 00s
---\\ Exportar a chave da aplicação autorizada (047)
O47 - AAKE:Key Export SP - "C:\GunSoft\LandMass\system\Launcher.exe" [Enabled] .(.WAYPOINT.) -- C:\GunSoft\LandMass\system\Launcher.exe
~ Keys Export: 16 Legitimates Filtered in 00mn 00s
---\\ Image File Execution Options (IFEO) (O50)
O50 - IFEO:Image File Execution Options - Your Image File Name Here without a path - ntsd -d
~ IFEO: Scanned in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:[MD5.62D318E9A0C8FC9B780008E724283707] - 18/8/2001 - 06:52:00 ---A- . (.Advanced System Products, Inc. - AdvanSys SCSI Controller Driver.) -- C:\WINDOWS\system32\Drivers\asc.sys [26496]
O58 - SDL:[MD5.5D8DE112AA0254B907861E9E9C31D597] - 18/8/2001 - 06:51:58 ---A- . (.Advanced System Products, Inc. - AdvanSys Ultra-Wide PCI SCSI Driver.) -- C:\WINDOWS\system32\Drivers\asc3550.sys [14848]
O58 - SDL:[MD5.DA6675E1400D58412C93180F8651A9FB] - 14/4/2008 - 09:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C 1.2 WDM Main Driver.) -- C:\WINDOWS\system32\Drivers\cinemst2.sys [262528]
O58 - SDL:[MD5.573C7D0A32852B48F3058CFD8026F511] - 14/4/2008 - 09:00:00 ---A- . (.Windows (R) Server 2003 DDK provider - High Definition Audio Bus Driver v1.0a.) -- C:\WINDOWS\system32\Drivers\hdaudbus.sys [144384]
O58 - SDL:[MD5.3F4BB95E5A44F3BE34824E8E7CAF0737] - 18/8/2001 - 06:52:12 ---A- . (.American Megatrends Inc. - MegaRAID RAID Controller Driver for Windows Whistler 32.) -- C:\WINDOWS\system32\Drivers\mraid35x.sys [17280]
O58 - SDL:[MD5.80D317BD1C3DBC5D4FE7B1678C60CADD] - 14/4/2008 - 09:00:00 ---A- . (.Parallel Technologies, Inc. - Parallel Technologies DirectParallel IO Library.) -- C:\WINDOWS\system32\Drivers\ptilink.sys [17792]
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 1/1/1601 - 03:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sptd.sys [721904]
O58 - SDL:[MD5.A36EE93698802CD899F98BFD553D8185] - 13/12/2013 - 15:11:21 ---A- . (.Avira GmbH - AVIRA SnapShot Driver.) -- C:\WINDOWS\system32\Drivers\ssmdrv.sys [28520]
O58 - SDL:[MD5.1FF3217614018630D0A6758630FC698C] - 18/8/2001 - 07:07:34 ---A- . (.Symbios Logic Inc. - Symbios Logic Inc. SCSI Miniport Driver.) -- C:\WINDOWS\system32\Drivers\symc810.sys [16256]
O58 - SDL:[MD5.1B698A51CD528D8DA4FFAED66DFC51B9] - 18/8/2001 - 06:52:22 ---A- . (.Promise Technology, Inc. - Promise Ultra66 Miniport Driver.) -- C:\WINDOWS\system32\Drivers\ultra.sys [36736]
O58 - SDL:[MD5.55E01061C74A8CEFFF58DC36114A8D3F] - 14/4/2008 - 09:00:00 ---A- . (.RAVISENT Technologies Inc. - CineMaster C WDM DVD Minidriver.) -- C:\WINDOWS\system32\Drivers\vdmindvd.sys [58112]
O58 - SDL:[MD5.C1E76718BAB6BCA0D18E5670F074F821] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ansi.sys [9032]
O58 - SDL:[MD5.0FE9F16075C9ACB941C957B7C649176E] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\country.sys [27097]
O58 - SDL:[MD5.912150FE88E79AFEE0BB72216FAB2617] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\himem.sys [4896]
O58 - SDL:[MD5.582BCDD47CF4B68B5CB528F18E3CB808] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\key01.sys [42809]
O58 - SDL:[MD5.FBBCFEC1379C5C02D88A361993EDF1B8] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\keyboard.sys [42537]
O58 - SDL:[MD5.19D4F0DAD3F393C13DE7F849ADE72EFE] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos.sys [27900]
O58 - SDL:[MD5.CF9ED169FF86D935E47999E82359E898] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos404.sys [29146]
O58 - SDL:[MD5.03B945AC0481CD8BB161C3569D8ED1C3] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos411.sys [29370]
O58 - SDL:[MD5.BBC957DC18C17CC027EB80B7C77F2AEA] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos412.sys [29274]
O58 - SDL:[MD5.3CFFAEFFF23B0D208214A6D3061A5B1B] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntdos804.sys [29146]
O58 - SDL:[MD5.86BB7AF2533B342B8E274590AD2190FA] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio.sys [33984]
O58 - SDL:[MD5.6F73F50162DEF60C84B725C18CD9140F] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio404.sys [34560]
O58 - SDL:[MD5.0FDD5E69C1FF3B58043D44F2CC743D45] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio411.sys [35648]
O58 - SDL:[MD5.8842837C4D8311BF8E72BEE8CCC42217] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio412.sys [35424]
O58 - SDL:[MD5.6B56CEB3C6F9D5CD7293DBD9FE23B311] - 14/4/2008 - 09:00:00 ---A- . (...) -- C:\WINDOWS\system32\ntio804.sys [34560]
~ Drivers: 8 Legitimates Filtered in 00mn 00s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 13/12/2013 - C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.exe (AntiVirWebService) .(.Avira Operations GmbH & Co. KG - AntiVir WebGuard Service.) - LEGACY_ANTIVIRWEBSERVICE
O64 - Services: CurCS - 28/2/2006 - C:\Arquivos de programas\Bonjour\mDNSResponder.exe (Bonjour Service) .(.Apple Computer, Inc. - Bonjour Service.) - LEGACY_BONJOUR_SERVICE
~ Legacy: 206 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html>
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
O68 - StartMenuInternet:
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.A8EBBA171B1339C2E52EF6CC1A72196C] [SPRF][6/5/2013] (...) -- C:\Documents and Settings\All Users\Dados de aplicativos\KGyGaAvL.sys [2516]
[MD5.0E46611DBBD6E6B94E1AF709F6A6CEFC] [SPRF][10/3/2014] (...) -- C:\Documents and Settings\administrator\Desktop\AdwCleaner.exe [1949184]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][10/3/2014] (...) -- C:\Documents and Settings\administrator\Desktop\zoek.exe [1285120]
~ Files: 12 Legitimates Filtered in 00mn 00s
---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "25946514D214736534007A857BC0A030" . (.Avira SearchFree Toolbar.) -- C:\WINDOWS\Installer\{41564952-412D-5637-4300-A758B70C0A03}\ToolbarIcon.exe =>Toolbar.Avira
~ Update Products: 110 Legitimates Filtered in 00mn 00s
---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.DFCE143875390CB9320B702FD0F973A3] [WIS][5/3/2014] (.APN, LLC - Avira SearchFree Toolbar.) -- C:\Windows\Installer\238f2b.msi [809472] =>Toolbar.Avira
~ WIS: 111 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 20/3/2007 153792 | (Adobe Version Cue CS3) . (.Adobe Systems Incorporated.) - C:\Arquivos de programas\Arquivos comuns\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe =>.Adobe Systems Incorporated
SS - | Demand 5/3/2014 257928 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/4/2008 225280 | (dmadmin) . (.Microsoft Corp., Veritas Software.) - C:\WINDOWS\system32\dmadmin.exe
SS - | Auto 21/8/2009 133104 | (gupdate) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 21/8/2009 133104 | (gupdatem) . (.Google Inc..) - C:\Arquivos de programas\Google\Update\GoogleUpdate.exe
SS - | Demand 12/2/2014 118896 | (MozillaMaintenance) . (.Mozilla Foundation.) - C:\Arquivos de programas\Mozilla Maintenance Service\maintenanceservice.exe
SS - | Demand 11/7/2007 69632 | (stllssvr) . (.MicroVision Development, Inc..) - C:\Arquivos de programas\Arquivos comuns\SureThing Shared\stllssvr.exe
SR - | Auto 13/12/2013 440376 | (AntiVirSchedulerService) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\AntiVir Desktop\sched.exe
SR - | Auto 13/12/2013 440376 | (AntiVirService) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\AntiVir Desktop\avguard.exe
SR - | Auto 13/12/2013 1011768 | (AntiVirWebService) . (.Avira Operations GmbH & Co. KG.) - C:\Arquivos de programas\Avira\AntiVir Desktop\AVWEBGRD.exe
SR - | Auto 31/1/2012 19232 | (Autodesk Content Service) . (.Autodesk, Inc..) - C:\Arquivos de programas\Autodesk\Content Service\Connect.Service.ContentService.exe
SR - | Auto 28/2/2006 229376 | (Bonjour Service) . (.Apple Computer, Inc..) - C:\Arquivos de programas\Bonjour\mDNSResponder.exe
SR - | Demand 5/3/2014 1044816 | (FLEXnet Licensing Service) . (.Flexera Software, Inc..) - C:\Arquivos de programas\Arquivos comuns\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SR - | Auto 5/3/2014 182696 | (JavaQuickStarterService) . (.Oracle Corporation.) - C:\Arquivos de programas\Java\jre7\bin\jqs.exe
~ Services: Scanned in 00mn 00s
---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 1/1/1601 - 03:00:00 ---A- . (...) -- C:\WINDOWS\system32\Drivers\sptd.sys [721904]
~ Emulateurs: Scanned in 00mn 00s
---\\ Scâner Aditional (088)
Database Version : 13031 - (10/3/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 1
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2
[HKLM\Software\AskPartnerNetwork] =>Toolbar.Ask
[HKLM\Software\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}] =>Toolbar.AVGSearch
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:VNT =>Toolbar.Ask^
C:\Documents and Settings\administrator\Configurações locais\Dados de aplicativos\VNT\vntldr.exe =>Toolbar.Ask^
C:\Windows\Installer\238f2b.msi =>Toolbar.Avira^
~ Additionnel Scan: 378379 Items scanned in 00mn 13s
---\\ Sumário das deteções encontradas na sua estação
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Toolbar.Ask
~ MSI: 1 link(s) detected in 00mn 13s
~ 985 Legitimates filtered by white list
End of the scan (493 lines in 00mn 22s)(0)
Thomaz Jr- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 10/03/2014
Idade : 42
Localização : São Paulo
Re: Remoção de malware
por Power Max Ter 11 Mar 2014, 09:32
Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
______________________________________________________________________________________________________________
Copie todo o texto destacado em vermelho que te passei (começando em script zhpfix e indo até emptyclsid)_____________________________________________________________________________________________________________
Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas. Copie este relatório e poste em sua próxima resposta.
Última edição por Power Max em Seg 24 Mar 2014, 00:09, editado 2 vez(es)
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remoção de malware
por Thomaz Jr Ter 11 Mar 2014, 09:39
Power Max escreveu:
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.
Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
______________________________________________________________________________________________________________
Power Max, seguirei as recomendações. O Ccleaner ainda funciona bem?
Abaixo o log do ZhpFix, obrigado!
Rapport de ZHPFix 2014.3.10.2 par Nicolas Coolman, Update du 10/03/2014
Fichier d'export Registre :
Run by administrator at 11/3/2014 09:36:03
High Elevated Privileges : OK
Windows XP Professional Service Pack 3 (Build 2600)
Reciclagem vazia (00mn 19s)
Reparação de atalhos do navegador
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Arquivos de programas\Bonjour\mDNSResponder.exe
ELIMINÉ: Memory Process: C:\Documents and Settings\administrator\Configurações locais\Dados de aplicativos\VNT\vntldr.exe
========== Estado dos serviços ==========
BONJOUR_SERVICE Parado
========== Chaves do Registo ==========
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{01E04581-4EEE-11D0-BFE9-00AA005B4383}]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{0E5CBF21-D15F-11D0-8301-00AA005B4383}]
ELIMINÉ: CLSID Extra Buttons: {e2e2dd38-d088-4134-82b7-f2ba38496583}
ELIMINÉ: HKCU\Software\VNT
ELIMINÉ: HKLM\Software\AskPartnerNetwork
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\25946514D214736534007A857BC0A030]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\25946514D214736534007A857BC0A030]
ELIMINÉ: Service: Bonjour Service
ELIMINÉ: HKLM\Software\Classes\CLSID\{BD5843ED-13C4-4EFF-ACE9-56CEE22BC087}
========== Valores do Registo ==========
ELIMINÉ: Toolbar: {01E04581-4EEE-11D0-BFE9-00AA005B4383}
ELIMINÉ: Toolbar: {0E5CBF21-D15F-11D0-8301-00AA005B4383}
ELIMINÉ: Toolbar: {47833539-D0C5-4125-9FA8-0819E2EAAC93}
ELIMINÉ: Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068}
ELIMINÉ: Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}
ELIMINÉ RunValue: VNT
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ:* c:\documents and settings\administrator\configurações locais\dados de aplicativos\vnt\vntldr.exe
ELIMINÉ: c:\arquivos de programas\vnt\vntldr.exe
ELIMINÉ: C:\Windows\Installer\238f2b.msi
ELIMINA REINICIAR: c:\arquivos de programas\bonjour\mdnsresponder.exe
ELIMINÉ Temporários windows (165) (5.310.045 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
2 : Processo memória
9 : Chaves do Registo
12 : Valores do Registo
1 : Pastas
6 : Ficheiros
1 : Estado dos serviços
1 : Restauração Sistema
End of clean in 00mn 29s
========== Caminho do ficheiro do relatório ==========
C:\Documents and Settings\administrator\Dados de aplicativos\ZHP\ZHPFix[R1].txt - 11/3/2014 09:36:22 [2638]
Thomaz Jr- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 10/03/2014
Idade : 42
Localização : São Paulo
Re: Remoção de malware
por Power Max Ter 11 Mar 2014, 09:48
Sim, ele é um bom programa.O Ccleaner ainda funciona bem?
___________________________________________
Reinicie o PC e depois nos diga como está o PC após estes procedimentos.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remoção de malware
por Thomaz Jr Ter 11 Mar 2014, 10:52
Reinicie o PC e depois nos diga como está o PC após estes procedimentos.
Power Max,
Removi algumas entradas bem obsoletas do registro, havia programas em desuso desde 2010 quase que ainda iniciavam com o windows.
Reiniciei algumas vezes e em todas o PC se manteve estável. Um pouco lento, mas eu atribuiria isso ao antivírus e ao hardware dessa máquina que ta um pouco rodada....
No meu entendimento tudo resolvido!
Mais uma vez, muito obrigado! Abraço.
Thomaz Jr- Iniciante
- Mensagens : 7
Reputação : 0
Data de inscrição : 10/03/2014
Idade : 42
Localização : São Paulo
Re: Remoção de malware
por Power Max Ter 11 Mar 2014, 11:09
Fico feliz que o problema tenha sido resolvido. Só para finalizar siga este tutorial abaixo, por gentileza:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
_______________________________________________________________________________________________________________________
Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]._______________________________________________________________________________________________________________________
Foi um prazer ajudar. Conte sempre conosco!
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Re: Remoção de malware
por Power Max Seg 24 Mar 2014, 00:11
CASO RESOLVIDO
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] solicitando o desbloqueio.
Power Max- Colaborador
- Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009
Tópicos semelhantes» Remoçao de malware - Buzz wok
» Remoção de malware
» Remoção do Malware "Linkbucks"
» Remoção de malware wxtete.exe
» Remoção de malware KMS-R@1n
» Remoção de malware
» Remoção do Malware "Linkbucks"
» Remoção de malware wxtete.exe
» Remoção de malware KMS-R@1n
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|