Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14412 usuários registrados
O último usuário registrado atende pelo nome de LucasDrBr

Os nossos membros postaram um total de 35075 mensagens em 3551 assuntos
Quem está conectado
1 usuário online :: Nenhum usuário registrado, Nenhum Invisível e 1 Visitante :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Julho 2017
SegTerQuaQuiSexSabDom
     12
3456789
10111213141516
17181920212223
24252627282930
31      

Calendário Calendário

Palavras chave


START.Qone8 - Navegadores infectados!

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

START.Qone8 - Navegadores infectados!

Mensagem por tiago ferreira em Seg 05 Maio 2014, 17:37

fiz o que você descreveu pra nadia,  aqui esta o log:

# AdwCleaner v3.207 - Relatório criado 05/05/2014 às 16:43:42
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (32 bits)
# Usuário : gabriele stewan - GABRIELESTEWAN
# Executando de : C:\Users\gabriele stewan\Desktop\Tiago\Dowloads\AdwCleaner.exe
# Opção : Examinar

***** [ Serviços ] *****

Serviço Encontrado : IePluginService
Serviço Encontrado : savesenselive
Serviço Encontrado : savesenselivem
Serviço Encontrado : Update WiseEnhance
Serviço Encontrado : Util WiseEnhance

***** [ Arquivos / Pastas ] *****

Arquivo Encontrado : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Arquivo Encontrado : C:\Windows\system32\roboot.exe
Arquivo Encontrado : C:\Windows\System32\Tasks\Advanced System Protector
Arquivo Encontrado : C:\Windows\System32\Tasks\DealPlyUpdate
Arquivo Encontrado : C:\Windows\System32\Tasks\Digital Sites
Arquivo Encontrado : C:\Windows\System32\Tasks\MySearchDial
Arquivo Encontrado : C:\Windows\System32\Tasks\SaveSense
Arquivo Encontrado : C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore
Arquivo Encontrado : C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA
Arquivo Encontrado : C:\Windows\Tasks\Dealply.job
Arquivo Encontrado : C:\Windows\Tasks\Digital Sites.job
Arquivo Encontrado : C:\Windows\Tasks\MySearchDial.job
Arquivo Encontrado : C:\Windows\Tasks\SaveSense.job
Arquivo Encontrado : C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Arquivo Encontrado : C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
Pasta Encontrado : C:\Program Files\003
Pasta Encontrado : C:\Program Files\DAEMON Tools Toolbar
Pasta Encontrado : C:\Program Files\DealPly
Pasta Encontrado : C:\Program Files\predm
Pasta Encontrado : C:\Program Files\SaveSenseLive
Pasta Encontrado : C:\Program Files\SupTab
Pasta Encontrado : C:\Program Files\WiseEnhance
Pasta Encontrado : C:\ProgramData\apn
Pasta Encontrado : C:\ProgramData\Babylon
Pasta Encontrado : C:\ProgramData\baidu
Pasta Encontrado : C:\ProgramData\IePluginService
Pasta Encontrado : C:\ProgramData\SaveSenseLive
Pasta Encontrado : C:\ProgramData\WPM
Pasta Encontrado : C:\Users\gabriele stewan\AppData\Local\Genesis
Pasta Encontrado : C:\Users\gabriele stewan\AppData\Local\SaveSense
Pasta Encontrado : C:\Users\gabriele stewan\AppData\Local\SaveSenseLive
Pasta Encontrado : C:\Users\gabriele stewan\AppData\LocalLow\BabylonToolbar
Pasta Encontrado : C:\Users\gabriele stewan\AppData\LocalLow\PriceGong
Pasta Encontrado : C:\Users\gabriele stewan\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Pasta Encontrado : C:\Users\gabriele stewan\AppData\Roaming\1H1Q
Pasta Encontrado : C:\Users\gabriele stewan\AppData\Roaming\Babylon
Pasta Encontrado : C:\Users\gabriele stewan\AppData\Roaming\baidu
Pasta Encontrado : C:\Users\gabriele stewan\AppData\Roaming\DealPly
Pasta Encontrado : C:\Users\gabriele stewan\AppData\Roaming\DigitalSites
Pasta Encontrado : C:\Users\gabriele stewan\AppData\Roaming\file scout
Pasta Encontrado : C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Pasta Encontrado : C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Pasta Encontrado : C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
Pasta Encontrado : C:\Users\gabriele stewan\AppData\Roaming\SaveSense
Pasta Encontrado : C:\Users\gabriele stewan\AppData\Roaming\SupTab
Pasta Encontrado : C:\Users\gabriele stewan\AppData\Roaming\Systweak

***** [ Atalhos ] *****

Atalho Encontrado : C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk ( [Você precisa estar registrado e conectado para ver este link.] )
Atalho Encontrado : C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk ( [Você precisa estar registrado e conectado para ver este link.] )
Atalho Encontrado : C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk ( [Você precisa estar registrado e conectado para ver este link.] )
Atalho Encontrado : C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk ( [Você precisa estar registrado e conectado para ver este link.] )

***** [ Registro ] *****

Chave Encontrada : HKCU\Software\AppDataLow\Software\PriceGong
Chave Encontrada : HKCU\Software\AppDataLow\Software\suprasavings
Chave Encontrada : HKCU\Software\BabSolution
Chave Encontrada : HKCU\Software\BabylonToolbar
Chave Encontrada : HKCU\Software\BrowserMngr
Chave Encontrada : HKCU\Software\d48fdeb339e813
Chave Encontrada : HKCU\Software\DataMngr
Chave Encontrada : HKCU\Software\DealPly
Chave Encontrada : HKCU\Software\dsiteproducts
Chave Encontrada : HKCU\Software\dt soft\daemon tools toolbar
Chave Encontrada : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Encontrada : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Chave Encontrada : HKCU\Software\Imesh
Chave Encontrada : HKCU\Software\InstallCore
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Chave Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Encontrada : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Encontrada : HKCU\Software\SaveSense
Chave Encontrada : HKCU\Software\SaveSenseLive
Chave Encontrada : HKCU\Software\Softonic
Chave Encontrada : HKCU\Software\systweak
Chave Encontrada : HKCU\Software\TutoTag
Chave Encontrada : HKCU\Software\WiseEnhance
Chave Encontrada : HKLM\Software\Babylon
Chave Encontrada : HKLM\Software\BabylonToolbar
Chave Encontrada : HKLM\Software\BrowserMngr
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Encontrada : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Encontrada : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Chave Encontrada : HKLM\SOFTWARE\Classes\Conduit.Engine
Chave Encontrada : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Chave Encontrada : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Encontrada : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Chave Encontrada : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Chave Encontrada : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Chave Encontrada : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Chave Encontrada : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Chave Encontrada : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Chave Encontrada : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Chave Encontrada : HKLM\SOFTWARE\Classes\Prod.cap
Chave Encontrada : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Chave Encontrada : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Encontrada : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Encontrada : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Chave Encontrada : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Chave Encontrada : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Chave Encontrada : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Chave Encontrada : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Encontrada : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Encontrada : HKLM\SOFTWARE\Classes\Toolbar.CT2719261
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Encontrada : HKLM\SOFTWARE\Classes\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}
Chave Encontrada : HKLM\Software\Conduit
Chave Encontrada : HKLM\SOFTWARE\d48fdeb339e813
Chave Encontrada : HKLM\Software\DataMngr
Chave Encontrada : HKLM\Software\DealPly
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chave Encontrada : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mozilla-firefox[1]_RASAPI32
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mozilla-firefox[1]_RASMANCS
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4D92BACC-9614-469C-9B85-91D54757E1B6}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DD052A82-5F48-495A-8C57-FF7588595137}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E37C455-F2F9-45FF-924B-690C3C35BEE4}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{999BDF59-B6DB-4A0E-BD60-78CCB5BCEC19}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3B7394C-581B-4556-9695-0F1238634955}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9E1204C-DB1C-4B35-A285-ABFAB45DA173}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD3EF5CA-3E71-454A-99EC-C93E9BD69C6E}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E37C455-F2F9-45FF-924B-690C3C35BEE4}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E37C455-F2F9-45FF-924B-690C3C35BEE4}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D92BACC-9614-469C-9B85-91D54757E1B6}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{999BDF59-B6DB-4A0E-BD60-78CCB5BCEC19}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{999BDF59-B6DB-4A0E-BD60-78CCB5BCEC19}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3B7394C-581B-4556-9695-0F1238634955}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9E1204C-DB1C-4B35-A285-ABFAB45DA173}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD052A82-5F48-495A-8C57-FF7588595137}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD052A82-5F48-495A-8C57-FF7588595137}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD3EF5CA-3E71-454A-99EC-C93E9BD69C6E}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Encontrada : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Chave Encontrada : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Encontrada : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Chave Encontrada : HKLM\Software\qone8Software
Chave Encontrada : HKLM\Software\SaveSenseLive
Chave Encontrada : HKLM\Software\suprasavings
Chave Encontrada : HKLM\Software\supTab
Chave Encontrada : HKLM\Software\supWPM
Chave Encontrada : HKLM\Software\systweak
Chave Encontrada : HKLM\Software\Tutorials
Chave Encontrada : HKLM\Software\WiseEnhance
Chave Encontrada : HKLM\Software\Wpm
Dados Encontrada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [(Default)] - C:\Program Files\Internet Explorer\iexplore.exe [Você precisa estar registrado e conectado para ver este link.]
Valor Encontrada : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Valor Encontrada : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Valor Encontrada : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valor Encontrada : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Valor Encontrada : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Valor Encontrada : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16521

Configurações Encontrado : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs] - [Você precisa estar registrado e conectado para ver este link.]
Configurações Encontrado : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant] - [Você precisa estar registrado e conectado para ver este link.]

-\\ Mozilla Firefox v

-\\ Google Chrome v34.0.1847.131

[ Arquivo : C:\Users\gabriele stewan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Encontrada [Extension] : gaiilaahiahdejapggenmdmafpmbipje
Encontrada [Extension] : pflphaooapbgpeakohlggbpidpppgdff

*************************

AdwCleaner[R0].txt - [22375 octets] - [05/05/2014 16:43:42]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [22436 octets] ##########


o que fasso agora?
avatar
tiago ferreira
Iniciante
Iniciante

Mensagens : 27
Reputação : 2
Data de inscrição : 04/05/2014

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por Power Max em Seg 05 Maio 2014, 17:40

Olá Tiago. Falta agora você clicar no botão Limpar para que o AdwCleaner remova os problemas encontrados por ele.

Depois disto poste o novo relatório que ele irá criar.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por tiago ferreira em Seg 05 Maio 2014, 17:56

# AdwCleaner v3.207 - Relatório criado 05/05/2014 às 17:54:08
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (32 bits)
# Usuário : gabriele stewan - GABRIELESTEWAN
# Executando de : C:\Users\gabriele stewan\Desktop\Tiago\Dowloads\AdwCleaner.exe
# Opção : Examinar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v

-\\ Google Chrome v34.0.1847.131

[ Arquivo : C:\Users\gabriele stewan\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [22517 octets] - [05/05/2014 16:43:42]
AdwCleaner[R1].txt - [1067 octets] - [05/05/2014 17:45:26]
AdwCleaner[R2].txt - [836 octets] - [05/05/2014 17:54:08]
AdwCleaner[S0].txt - [20042 octets] - [05/05/2014 17:38:18]
AdwCleaner[S1].txt - [1124 octets] - [05/05/2014 17:47:36]

########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1016 octets] ##########
avatar
tiago ferreira
Iniciante
Iniciante

Mensagens : 27
Reputação : 2
Data de inscrição : 04/05/2014

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por Power Max em Seg 05 Maio 2014, 18:10

Você postou o AdwCleaner[R2].txt mas o que precisamos é do AdwCleaner[S0].txt

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por tiago ferreira em Seg 05 Maio 2014, 18:22

este é o relatorio que aparece depois de reiniciar o computador!

# AdwCleaner v3.207 - Relatório criado 05/05/2014 às 18:17:30
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (32 bits)
# Usuário : gabriele stewan - GABRIELESTEWAN
# Executando de : C:\Users\gabriele stewan\Desktop\Tiago\Dowloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****


***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v

-\\ Google Chrome v34.0.1847.131

[ Arquivo : C:\Users\gabriele stewan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]

*************************

AdwCleaner[R0].txt - [22517 octets] - [05/05/2014 16:43:42]
AdwCleaner[R1].txt - [1067 octets] - [05/05/2014 17:45:26]
AdwCleaner[R2].txt - [1096 octets] - [05/05/2014 17:54:08]
AdwCleaner[R3].txt - [1226 octets] - [05/05/2014 18:16:20]
AdwCleaner[S0].txt - [20042 octets] - [05/05/2014 17:38:18]
AdwCleaner[S1].txt - [1124 octets] - [05/05/2014 17:47:36]
AdwCleaner[S2].txt - [1143 octets] - [05/05/2014 18:17:30]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1203 octets] ##########
avatar
tiago ferreira
Iniciante
Iniciante

Mensagens : 27
Reputação : 2
Data de inscrição : 04/05/2014

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por Power Max em Seg 05 Maio 2014, 18:29

Sim, mas agora você postou o relatório C:\AdwCleaner\AdwCleaner[S2].txt e o que preciso é do C:\AdwCleaner\AdwCleaner[S0].txt

Este que precisamos foi criado [05/05/2014 às 17:38:18]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por tiago ferreira em Seg 05 Maio 2014, 18:40

# AdwCleaner v3.207 - Relatório criado 05/05/2014 às 17:38:18
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (32 bits)
# Usuário : gabriele stewan - GABRIELESTEWAN
# Executando de : C:\Users\gabriele stewan\Desktop\Tiago\Dowloads\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : IePluginService
[#] Serviço Deletada : savesenselive
[#] Serviço Deletada : savesenselivem
[#] Serviço Deletada : Update WiseEnhance
[#] Serviço Deletada : Util WiseEnhance

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\Babylon
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\IePluginService
Pasta Deletada : C:\ProgramData\SaveSenseLive
Pasta Deletada : C:\ProgramData\WPM
Pasta Deletada : C:\Program Files\003
Pasta Deletada : C:\Program Files\DAEMON Tools Toolbar
Pasta Deletada : C:\Program Files\DealPly
Pasta Deletada : C:\Program Files\predm
Pasta Deletada : C:\Program Files\SaveSenseLive
Pasta Deletada : C:\Program Files\SupTab
Pasta Deletada : C:\Program Files\WiseEnhance
Pasta Deletada : C:\Users\gabriele stewan\AppData\Local\Genesis
Pasta Deletada : C:\Users\gabriele stewan\AppData\Local\SaveSense
Pasta Deletada : C:\Users\gabriele stewan\AppData\Local\SaveSenseLive
Pasta Deletada : C:\Users\gabriele stewan\AppData\LocalLow\BabylonToolbar
Pasta Deletada : C:\Users\gabriele stewan\AppData\LocalLow\PriceGong
Pasta Deletada : C:\Users\gabriele stewan\AppData\Roaming\0D0S1L2Z1P1B0T1P1B2Z
Pasta Deletada : C:\Users\gabriele stewan\AppData\Roaming\1H1Q
Pasta Deletada : C:\Users\gabriele stewan\AppData\Roaming\Babylon
Pasta Deletada : C:\Users\gabriele stewan\AppData\Roaming\baidu
Pasta Deletada : C:\Users\gabriele stewan\AppData\Roaming\DealPly
Pasta Deletada : C:\Users\gabriele stewan\AppData\Roaming\DigitalSites
Pasta Deletada : C:\Users\gabriele stewan\AppData\Roaming\file scout
Pasta Deletada : C:\Users\gabriele stewan\AppData\Roaming\SaveSense
Pasta Deletada : C:\Users\gabriele stewan\AppData\Roaming\SupTab
Pasta Deletada : C:\Users\gabriele stewan\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BitGuard
Pasta Deletada : C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Pasta Deletada : C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
Arquivo Deletada : C:\Windows\system32\roboot.exe
Arquivo Deletada : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
Arquivo Deletada : C:\Windows\System32\Tasks\Advanced System Protector
Arquivo Deletada : C:\Windows\Tasks\Dealply.job
Arquivo Deletada : C:\Windows\System32\Tasks\DealPlyUpdate
Arquivo Deletada : C:\Windows\Tasks\Digital Sites.job
Arquivo Deletada : C:\Windows\System32\Tasks\Digital Sites
Arquivo Deletada : C:\Windows\Tasks\MySearchDial.job
Arquivo Deletada : C:\Windows\System32\Tasks\MySearchDial
Arquivo Deletada : C:\Windows\Tasks\SaveSense.job
Arquivo Deletada : C:\Windows\System32\Tasks\SaveSense
Arquivo Deletada : C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineCore.job
Arquivo Deletada : C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineCore
Arquivo Deletada : C:\Windows\Tasks\SaveSenseLiveUpdateTaskMachineUA.job
Arquivo Deletada : C:\Windows\System32\Tasks\SaveSenseLiveUpdateTaskMachineUA

***** [ Atalhos ] *****

Atalho Desinfectada : C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Atalho Desinfectada : C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Atalho Desinfectada : C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Atalho Desinfectada : C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registro ] *****

Valor Deletedo : HKCU\Software\Mozilla\Firefox\Extensions [{B64982B1-D112-42B5-B1E4-D3867C4533F8}]
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Chave Deletedo : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{4D92BACC-9614-469C-9B85-91D54757E1B6}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4D92BACC-9614-469C-9B85-91D54757E1B6}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{999BDF59-B6DB-4A0E-BD60-78CCB5BCEC19}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{999BDF59-B6DB-4A0E-BD60-78CCB5BCEC19}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9E1204C-DB1C-4B35-A285-ABFAB45DA173}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9E1204C-DB1C-4B35-A285-ABFAB45DA173}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D3B7394C-581B-4556-9695-0F1238634955}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D3B7394C-581B-4556-9695-0F1238634955}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD3EF5CA-3E71-454A-99EC-C93E9BD69C6E}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E37C455-F2F9-45FF-924B-690C3C35BEE4}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD052A82-5F48-495A-8C57-FF7588595137}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD3EF5CA-3E71-454A-99EC-C93E9BD69C6E}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{DD052A82-5F48-495A-8C57-FF7588595137}
[#] Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E37C455-F2F9-45FF-924B-690C3C35BEE4}
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\Conduit.Engine
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialappCore.1
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialdskBnd.1
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr
Chave Deletedo : HKLM\SOFTWARE\Classes\mysearchdial.mysearchdialHlpr.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Prod.cap
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Chave Deletedo : HKCU\Software\d48fdeb339e813
Chave Deletedo : HKLM\SOFTWARE\d48fdeb339e813
Chave Deletedo : HKLM\SOFTWARE\Classes\Toolbar.CT2719261
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mozilla-firefox[1]_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_para_mozilla-firefox[1]_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0400EBCA-042C-4000-AA89-9713FBEDB671}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{0BD19251-4B4B-4B94-AB16-617106245BB7}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{3281114F-BCAB-45E3-80D9-A6CD64D4E636}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{44533FCB-F9FB-436A-8B6B-CF637B2D465A}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{44B29DDD-CF7A-454A-A275-A322A398D93F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{A4DE94DB-DF03-45A3-8A5D-D1B7464B242D}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{AA0F50A8-2618-4AE4-A779-9F7378555A8F}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B2DB115C-8278-4947-9A07-57B53D1C4215}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{B97FC455-DB33-431D-84DB-6F1514110BD5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{C67281E0-78F5-4E49-9FAE-4B1B2ADAF17B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{E72E9312-0367-4216-BFC7-21485FA8390B}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{F6CCB6C9-127E-44AE-8552-B94356F39FFE}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{FFD25630-2734-4AE9-88E6-21BF6525F3FE}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C4C4F1F4-3074-4CB6-9FB8-0A64273166F0}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{FBC322D5-407E-4854-8C0B-555B951FD8E3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{32099AAC-C132-4136-9E9A-4E364A424E17}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3004627E-F8E9-4E8B-909D-316753CBA923}]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Dados Restaurada : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Chave Deletedo : HKCU\Software\BabSolution
Chave Deletedo : HKCU\Software\BabylonToolbar
Chave Deletedo : HKCU\Software\BrowserMngr
Chave Deletedo : HKCU\Software\DataMngr
Chave Deletedo : HKCU\Software\DealPly
Chave Deletedo : HKCU\Software\dsiteproducts
Chave Deletedo : HKCU\Software\dt soft\daemon tools toolbar
Chave Deletedo : HKCU\Software\Imesh
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\SaveSense
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\WiseEnhance
Chave Deletedo : HKCU\Software\AppDataLow\Software\PriceGong
Chave Deletedo : HKCU\Software\AppDataLow\Software\suprasavings
Chave Deletedo : HKLM\Software\Babylon
Chave Deletedo : HKLM\Software\BabylonToolbar
Chave Deletedo : HKLM\Software\BrowserMngr
Chave Deletedo : HKLM\Software\Conduit
Chave Deletedo : HKLM\Software\DataMngr
Chave Deletedo : HKLM\Software\DealPly
Chave Deletedo : HKLM\Software\qone8Software
Chave Deletedo : HKLM\Software\SaveSenseLive
Chave Deletedo : HKLM\Software\suprasavings
Chave Deletedo : HKLM\Software\supTab
Chave Deletedo : HKLM\Software\supWPM
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\Software\WiseEnhance
Chave Deletedo : HKLM\Software\Wpm
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly
Chave Deletedo : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.16521

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]

-\\ Mozilla Firefox v

-\\ Google Chrome v34.0.1847.131

[ Arquivo : C:\Users\gabriele stewan\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Extension] : gaiilaahiahdejapggenmdmafpmbipje
Deletedo [Extension] : pflphaooapbgpeakohlggbpidpppgdff

*************************

AdwCleaner[R0].txt - [22517 octets] - [05/05/2014 16:43:42]
AdwCleaner[S0].txt - [19900 octets] - [05/05/2014 17:38:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19961 octets] ##########
avatar
tiago ferreira
Iniciante
Iniciante

Mensagens : 27
Reputação : 2
Data de inscrição : 04/05/2014

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por Power Max em Seg 05 Maio 2014, 18:47

   Agora está certo.
_____________________________________________________

* Faça o download do Malwarebytes em um destes links abaixo:
[Você precisa estar registrado e conectado para ver este link.]
[Você precisa estar registrado e conectado para ver este link.]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

Tutorial do Malwarebytes Anti-Malware

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por tiago ferreira em Ter 06 Maio 2014, 01:12

Malwarebytes Anti-Malware
[Você precisa estar registrado e conectado para ver este link.]

Data de Verificação: 06/05/2014
Hora da Verificação: 01:03:24
Logfile: log.txt
Administrador: Sim

Versão: 2.00.1.1004
Malware Database: v2014.05.05.11
Rootkit Database: v2014.03.27.01
Licença: Grátis
Proteção de Malware: Desabilitado
Proteção de Site Malicioso: Desabilitado
Chameleon: Desabilitado

OS: Windows 7 Service Pack 1
CPU: x86
Sistema de Arquivo: NTFS
Usuário: gabriele stewan

Tipo da Verificação: Verificação Personalizada
Resultado: Completado
Arquivos Verificados: 352192
Tempo Decorrido: 6 hr, 7 min, 12 seg

Memória: Enabled
Inicialização: Enabled
Filesystem: Enabled
Arquivos: Enabled
Rootkits: Desabilitado
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processos: 0
(No malicious items detected)

Módulos: 0
(No malicious items detected)

Chaves de Registro: 14
PUP.Optional.SaveSense.A, HKU\S-1-5-21-2005915356-1209212705-3217999460-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{71e129ff-6c2a-4984-818c-7e2c998b8d99}, Quarantined, [755a0548dba0de58faabf12ea45e9b65],
PUP.Optional.SupTab.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}, Quarantined, [b21d60ed205bac8a9729ec3458aa0cf4],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickCtrl.9, Quarantined, [9639e469fc7fce687b6fefc361a2d927],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.OneClickProcessLauncherMachine.1.0, Quarantined, [6f60aca1daa1cd6944a6318137cc4fb1],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLive.Update3WebControl.3, Quarantined, [14bbf855b8c38da92ebc9d15ce35ec14],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoCreateAsync.1.0, Quarantined, [3b9450fdf685f046ce1c149e8083da26],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CoreMachineClass.1, Quarantined, [923dd27baad194a269814a68b44f0ff1],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.CredentialDialogMachine.1.0, Quarantined, [fbd4133a9edd3df979714c6646bdf907],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0, Quarantined, [6b644508f9825dd96c7e139f2dd658a8],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0, Quarantined, [e5ea044998e32b0ba5459d15669d619f],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.ProcessLauncher.1.0, Quarantined, [5b741736ec8fcb6b4c9e674b0102ab55],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3COMClassService, Quarantined, [814e75d8a6d53ff7d218c6ec40c3fe02],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachine.1.0, Quarantined, [ddf2004d98e379bd5496e8ca21e214ec],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\CLASSES\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0, Quarantined, [a22d3e0f91ea53e3509a1d95847f9769],

Valores de Registro: 1
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_br_124, Quarantined, [03cc7ecf4734f046613547329d6552ae],

Dados do Registro: 0
(No malicious items detected)

Pastas: 0
(No malicious items detected)

Arquivos: 84
PUP.Optional.Adlsoft, C:\Users\gabriele stewan\Downloads\DownloadManagerSetup.exe, Quarantined, [dff0ff4ef982db5b7dbe102058acf60a],
PUP.Optional.Bandoo, C:\Users\gabriele stewan\Downloads\iLividSetup-r706-n-bc.exe, Quarantined, [a02f8dc04338ac8a57bbb057ce338a76],
PUP.Optional.Bandoo.A, C:\Users\gabriele stewan\Downloads\iMeshSetup-r1616-w-bc.exe, Quarantined, [d9f6e06d601b6acc08db18128a77c838],
PUP.Optional.DomaIQ, C:\Users\gabriele stewan\Downloads\Setup.exe, Quarantined, [6d62133aee8d91a510c9eb56f7094cb4],
PUP.Optional.FriedCookie, C:\Users\gabriele stewan\Downloads\UltimateCodec.exe, Quarantined, [b91629248bf040f683ec0c0ace36a858],
PUP.Optional.AppsInstaller, C:\Users\gabriele stewan\Downloads\Microsoft Office Starter 2010.exe, Quarantined, [d6f974d9413a8caa6463ca6531d3619f],
PUP.DealPly, C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyIE.dll.vir, Quarantined, [05cafb525328d5613b5692ca45bfc838],
PUP.Optional.Dealply, C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyTune.dll.vir, Quarantined, [5976ba931368b77ff617f767fd0749b7],
PUP.Optional.Dealply, C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyUpdate.exe.vir, Quarantined, [4b84a5a8b3c88fa7bb5264fa8282af51],
PUP.Optional.Dealply, C:\AdwCleaner\Quarantine\C\Program Files\DealPly\DealPlyUpdateRun.exe.vir, Quarantined, [e4eb74d91c5fa0960607fb635ea6ad53],
PUP.Optional.Dealply, C:\AdwCleaner\Quarantine\C\Program Files\DealPly\uninst.exe.vir, Quarantined, [0ec193baccaf81b5e22b94cae42005fb],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\SaveSenseLive.exe.vir, Quarantined, [a72834194e2d1f178c2086c4c43da55b],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_cs.dll.vir, Quarantined, [f8d7fb523b40de583b7c84e5b94811ef],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_da.dll.vir, Quarantined, [a12e2627bbc09b9b06b11e4b34cd16ea],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_de.dll.vir, Quarantined, [2ca3311c443754e2caedc4a520e14cb4],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_el.dll.vir, Quarantined, [01ce301d314a201677402148b15015eb],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_en-GB.dll.vir, Quarantined, [f3dce26bdba01b1b1d9a2c3ddc25e31d],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_en.dll.vir, Quarantined, [f7d8202dbfbcc76fe0d75e0bee131be5],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_es-419.dll.vir, Quarantined, [89469cb1cead2610c3f4096025dc19e7],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_es.dll.vir, Quarantined, [e1ee9fae84f7f4426354f1783dc458a8],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_et.dll.vir, Quarantined, [e8e7a1acabd00c2af4c31c4daf5256aa],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_fa.dll.vir, Quarantined, [a52ab09d80fbaf877d3ab0b904fd8779],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_fi.dll.vir, Quarantined, [824d3b12b4c7c472dbdc4e1ba95832ce],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_fil.dll.vir, Quarantined, [329dbd90df9cf640b10672f7659c3cc4],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_fr.dll.vir, Quarantined, [2aa51736f784c670a512f178a55c8878],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_gu.dll.vir, Quarantined, [ddf2ed60f586cc6a9b1c25447988ae52],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_hi.dll.vir, Quarantined, [6867232ac1ba9a9ca3142f3af908ff01],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_hu.dll.vir, Quarantined, [616ef35a304bc86e3d7af178649d837d],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_id.dll.vir, Quarantined, [96390845ef8c8fa7b601f7728180b14f],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_is.dll.vir, Quarantined, [6768ca832f4ce74f0fa876f3976af30d],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_it.dll.vir, Quarantined, [01ce0845b6c584b233843f2a36cbaf51],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_iw.dll.vir, Quarantined, [745b76d7fa81251110a76bfef60bad53],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ja.dll.vir, Quarantined, [f8d7202d3c3f20167f384b1e6998be42],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_kn.dll.vir, Quarantined, [b817e56849323df975427ced2ed3fc04],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ko.dll.vir, Quarantined, [349bd17c6a115dd9ae09b6b36998c838],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_lt.dll.vir, Quarantined, [329d5feedba020165b5c5e0b837ee11f],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_lv.dll.vir, Quarantined, [2ea1aca1c0bbf93db304dc8d07fa837d],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ml.dll.vir, Quarantined, [7956103da7d493a3486f6cfdfc05c838],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_mr.dll.vir, Quarantined, [ce01430a2b502511ddda40294fb20cf4],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ms.dll.vir, Quarantined, [5877aba2fc7fff37d1e65613b74a27d9],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_nl.dll.vir, Quarantined, [ffd0c6871b609b9b6057cd9cf60b758b],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_no.dll.vir, Quarantined, [d5fa3815a3d89d996057b2b729d8728e],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdate.dll.vir, Quarantined, [339c430a72090f27b1fb9fabcc3525db],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_am.dll.vir, Quarantined, [4887311c235836002790e287728f619f],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ar.dll.vir, Quarantined, [b11e50fd85f68bab85327bee39c8e917],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_bg.dll.vir, Quarantined, [5976bd90b1ca1b1bad0a462323de4fb1],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_bn.dll.vir, Quarantined, [705f5af33e3deb4b892ed0994eb3837d],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_pt-BR.dll.vir, Quarantined, [8d420a43fe7def4709aeb2b72bd6eb15],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_pt-PT.dll.vir, Quarantined, [6c63232a3645c6706e4992d720e1e41c],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ro.dll.vir, Quarantined, [507f88c5f388270f25924f1a31d0b24e],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ru.dll.vir, Quarantined, [bb14d4794d2e79bd318683e68d745ea2],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_sk.dll.vir, Quarantined, [a12ee865285346f05b5c313805fc629e],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_sl.dll.vir, Quarantined, [b01f8dc0324930064770d9903cc58f71],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_sr.dll.vir, Quarantined, [1db20548c8b32c0acfe86efbb1509f61],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_sv.dll.vir, Quarantined, [ebe48ac39cdfef477542e485df2241bf],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_sw.dll.vir, Quarantined, [9d32cb823e3dbf77bcfb0d5c10f13ec2],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ta.dll.vir, Quarantined, [ca05d67703784fe764536ffab15039c7],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_te.dll.vir, Quarantined, [844b82cb2358df570bac92d79f622bd5],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_th.dll.vir, Quarantined, [86490c411a611f1716a1680142bfa25e],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_tr.dll.vir, Quarantined, [25aad7766b10c76fe5d299d09071ab55],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_uk.dll.vir, Quarantined, [438c4ffe0675ef47a611ca9ffe037f81],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ur.dll.vir, Quarantined, [5b74a8a5b3c80a2c348349207e83837d],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_ca.dll.vir, Quarantined, [1fb0e66737440f27a6118cdd768bb54b],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_hr.dll.vir, Quarantined, [8d426de0b8c34aec4d6ab4b5629f10f0],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_pl.dll.vir, Quarantined, [7c53c885a9d278be05b25b0e7988e020],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_vi.dll.vir, Quarantined, [07c8a0ad7dfe0f272f882f3a966bf10f],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_zh-CN.dll.vir, Quarantined, [1db2b4992a51e84e07b079f021e0f30d],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\goopdateres_zh-TW.dll.vir, Quarantined, [a42b97b669129c9a4a6d2c3d4eb3df21],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\npGoogleUpdate3.dll.vir, Quarantined, [448b8ebf205b2412b0fc61e9ec15c937],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\psmachine.dll.vir, Quarantined, [18b7024be09b072f802cab9fbd445ea2],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\psuser.dll.vir, Quarantined, [c00f391468131f171c90b298847d2dd3],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLive.exe.vir, Quarantined, [d7f84ffea1daa591733957f3f30ec33d],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveBroker.exe.vir, Quarantined, [8649dc712457db5bf6b64901f60b2fd1],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveHandler.exe.vir, Quarantined, [e1ee3815403b0432e1cb62e8db267a86],
PUP.Optional.SaveSense.A, C:\AdwCleaner\Quarantine\C\Program Files\SaveSenseLive\Update\1.3.23.0\SaveSenseLiveOnDemand.exe.vir, Quarantined, [c708212cfb8048ee4f5ddd6d728f9d63],
PUP.Optional.IEPluginService.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\RSHP.exe.vir, Quarantined, [715ebd900e6d34025ebbdf8744bde020],
PUP.Optional.SupTab.A, C:\AdwCleaner\Quarantine\C\Program Files\SupTab\SupTab.dll.vir, Quarantined, [77588dc01c5f46f0a7a73ef7b24ef20e],
PUP.Optional.WiseEnhance.A, C:\AdwCleaner\Quarantine\C\Program Files\WiseEnhance\updateWiseEnhance.exe.vir, Quarantined, [a12ec38a2a5152e431e74d189f62629e],
PUP.Optional.WiseEnhance.A, C:\AdwCleaner\Quarantine\C\Program Files\WiseEnhance\bin\utilWiseEnhance.exe.vir, Quarantined, [9a358ac3a4d7a88e1305fd68d62bde22],
PUP.Optional.Sanbreel.A, C:\AdwCleaner\Quarantine\C\Program Files\WiseEnhance\bin\plugins\WiseEnhance.PurBrowseG.dll.vir, Quarantined, [428d5fee05762c0affd9c9aa847d13ed],
PUP.Optional.IePluginService.A, C:\AdwCleaner\Quarantine\C\ProgramData\IePluginService\PluginService.exe.vir, Quarantined, [0ec13e0ff388082e8a39440f649d6c94],
PUP.Optional.SupTab.A, C:\AdwCleaner\Quarantine\C\Users\gabriele stewan\AppData\Roaming\SupTab\SupTab.dll.vir, Quarantined, [913ed07d3e3d8ea80c42a68f639dd828],
PUP.Optional.Babylon.A, C:\Program Files\Acelerador de Downloads\babylon.exe, Quarantined, [0dc29ab334471b1b5569fd2159a74eb2],
PUP.Optional.Dealply, C:\Program Files\Acelerador de Downloads\dealply.exe, Quarantined, [418ee6671467e551fc11b2ac49bb51af],

Physical Sectors: 0
(No malicious items detected)


(end)
avatar
tiago ferreira
Iniciante
Iniciante

Mensagens : 27
Reputação : 2
Data de inscrição : 04/05/2014

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por Power Max em Ter 06 Maio 2014, 01:15

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por tiago ferreira em Ter 06 Maio 2014, 15:51

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by gabriele stewan on 06/05/2014 at 15:22:29,91.
Microsoft Windows 7 Home Basic  6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\gabriele stewan\Desktop\Tiago\Dowloads\zoek.exe    [Scan all users] [Script inserted]

==== System Restore Info ======================

06/05/2014 15:25:12 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\04z5vm71.default\prefs.js:

Added to C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\04z5vm71.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\found.000 deleted
C:\Users\gabriele stewan\AppData\Roaming\GetRightToGo deleted
C:\PROGRA~2\boost_interprocess deleted
C:\Users\gabriele stewan\AppData\Local\avgchrome deleted
C:\Users\gabriele stewan\AppData\LocalLow\MessengerPlusLive_Brazil_TB deleted
C:\user.js deleted
C:\Windows\System32\SETE684.tmp deleted
C:\Windows\System32\searchplugins deleted
C:\Windows\System32\Extensions deleted
C:\Users\gabriele stewan\AppData\Roaming\unins000.exe deleted
C:\Users\gabriele stewan\AppData\Roaming\unins001.exe deleted

==== Firefox Extensions ======================

ProfilePath: C:\Users\GABRIE~1\AppData\Roaming\Mozilla\Firefox\Profiles\04z5vm71.default
- Undetermined - %ProfilePath%\extensions\{87F8774F-B485-47E2-A755-A40A8A5E8874}-trash

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[29/04/2014 22:38]
pppagaglfkmlpgobnlenhknilehpmcbo - C:\Program Files\PSafe\PSafeAV\safemon\360webshield.crx[]

Google Drive - gabriele stewan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - gabriele stewan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - gabriele stewan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - gabriele stewan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - gabriele stewan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.uol.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://www.google.com"
"Default_Page_URL"="http://www.google.com"
"Start Page"="http://www.google.com"
"Search Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.uol.com.br/"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Search_URL"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Default_Page_URL"="http://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{BACEFAF6-6EC5-4350-99B1-EC770C70B8E5}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Unknown  Url="Not_Found"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{BACEFAF6-6EC5-4350-99B1-EC770C70B8E5} Google  Url="https://www.google.com/search?q={searchTerms}"

==== Reset Google Chrome ======================

C:\Users\gabriele stewan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\gabriele stewan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-2005915356-1209212705-3217999460-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully

==== Deleting CLSID Registry Values ======================


==== shortcuts on Users Desktops ======================

C:\Users\gabriele stewan\Desktop\AdwCleaner - Atalho.lnk - C:\Users\gabriele stewan\Desktop\Tiago\Dowloads\AdwCleaner.exe
C:\Users\gabriele stewan\Desktop\chrome - Atalho.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\gabriele stewan\Desktop\Documentos - Atalho.lnk - C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Windows\Libraries\Documents.library-ms
C:\Users\gabriele stewan\Desktop\Tiago\Dowloads\TotalMedia Theatre 3.lnk -  

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\avast Free Antivirus.lnk -  
C:\Users\Public\Desktop\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\Public\Desktop\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\Users\Public\Desktop\TotalMedia Theatre 3.lnk - C:\Program Files\ArcSoft\TotalMedia Theatre 3\uDTStart.exe
C:\Users\Public\Desktop\WebCam Companion 3.lnk - C:\Program Files\ArcSoft\WebCam Companion 3\uWebCam.exe

==== shortcuts in Users Start Menu ======================

C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files\Internet Explorer\iexplore.exe

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast\avast Free Antivirus.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Desinstalar Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk - C:\Program Files\Malwarebytes Anti-Malware\mbam.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files\PhotoScape\PhotoScape.exe
C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\9d91276b0be3e46b\pinned.lnk -  
C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\CCleaner.lnk - C:\Program Files\CCleaner\CCleaner.exe
C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\DAEMON Tools Lite.lnk - C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Paint.lnk - C:\Windows\system32\mspaint.exe
C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions\pppagaglfkmlpgobnlenhknilehpmcbo deleted successfully

==== Empty IE Cache ======================

C:\Users\gabriele stewan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\gabriele stewan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\gabriele stewan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=8 folders=7 1842438 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\gabriele stewan\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\GABRIE~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 06/05/2014 at 15:47:29,60 ======================
avatar
tiago ferreira
Iniciante
Iniciante

Mensagens : 27
Reputação : 2
Data de inscrição : 04/05/2014

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por Power Max em Ter 06 Maio 2014, 16:10

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por tiago ferreira em Ter 06 Maio 2014, 16:22

terei que baixar muitos programas ainda?
e o que você ve nos log's?
avatar
tiago ferreira
Iniciante
Iniciante

Mensagens : 27
Reputação : 2
Data de inscrição : 04/05/2014

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por Power Max em Ter 06 Maio 2014, 16:29

Não deve demorar muito para terminar a limpeza, se você seguir rapidamente as dicas que estou te passando. Depende de você terminar mais rápido ou mais devagar.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por tiago ferreira em Ter 06 Maio 2014, 16:34

Baixei o JRT no link que vc me passou mas não abre, aparece uma janela bem rapido acho que escrito ABOUT ou algo parecido mas não executa o programa!
avatar
tiago ferreira
Iniciante
Iniciante

Mensagens : 27
Reputação : 2
Data de inscrição : 04/05/2014

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por Power Max em Ter 06 Maio 2014, 16:36

Então esqueça o Junkware e faça o seguinte:

Faça o download do < ZHPDiag2.exe > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por tiago ferreira em Ter 06 Maio 2014, 17:06

~ Relatório do ZHPDiag v2014.5.5.55 - Nicolas Coolman  (05/05/2014)
~ Iniciado por gabriele stewan (06/05/2014 16:45:02)
~ Endereço do Website :  http://nicolascoolman.webs.com
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~  Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16661
GCIE: Google Chrome v34.0.1847.131 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.1.1004
Microsoft Security Client PT-BR Language Pack v2.1.1116.0
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v3.20

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3004 MB (58% free)
System Restore: Activé (Enable)
System drive C: has 111 GB (73%) free of 151 GB

---\\ Modo de conexão ao sistema
~ Computer Name: GABRIELESTEWAN
~ User Name: gabriele stewan
~ All Users Names: gabriele stewan, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\gabriele stewan\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\gabriele stewan\AppData\Roaming\
~ %Desktop% : C:\Users\gabriele stewan\Desktop\
~ %Favorites% : C:\Users\gabriele stewan\Favorites\
~ %LocalAppData% : C:\Users\gabriele stewan\AppData\Local\
~ %StartMenu% : C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 111 Go of 151 Go)
D: Hard drive, Flash drive, Thumb drive (Free 136 Go of 139 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.AAFEAB4FC9D70253F8C7E353E879E8A2] - (.Microsoft Corporation - Internet Extensions para Win32.) (.28/02/2014 - 23:32:16.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes:  Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/421
~ Mes musiques (My Musics) : 317/1141
~ Mes Favoris (My Favorites) : 1/38
~ Mes Documents (My Documents) : 2/80
~ Mon Bureau (My Desktop) : 3/562
~ Menu demarrer (Programs) : 1/33
~ Hidden Files:  Scanned in 00mn 01s



---\\ Processos lançados
[MD5.F00094EA2C92949729E375163D30A359] - (...) -- C:\Program Files\Control Center\CCenter.exe   [795648] [PID.3720]
[MD5.EBF0A311429601130833E8BF0CDC1167] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe   [7866912] [PID.3836]
[MD5.234E03F88DE98974BC9465BD3CAE23C6] - (.FSPro Labs - My Lockbox.) -- C:\Program Files\My Lockbox\mylbx.exe   [1984832] [PID.3968]
[MD5.2C1B1E9174D94E9F6EE3CF373ABAB7DD] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe   [137752] [PID.4000]
[MD5.87D78CF6365BDDACBE9D34B60FE0E23B] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe   [171032] [PID.4016]
[MD5.89D3DE5E2C77DCD99C56F0E46310AEA0] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe   [172568] [PID.4032]
[MD5.C8A7038AA59578773E964E47E2F799F4] - (...) -- C:\Positivo\Deskmedia\GerenciadorLocal.exe   [718952] [PID.2468]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe   [3873704] [PID.2872]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   [254336] [PID.2932]
[MD5.00D434EBF534AD5241BAB8104EF2B090] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe   [1305408] [PID.2936]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe   [53784] [PID.4992]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe   [841032] [PID.2944]
[MD5.C77194C94AA796FD237FDDC3A0E420E5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe   [7871488] [PID.748]
~ Processes Running:  Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\gabriele stewan\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\gabriele stewan\AppData\Roaming\Mozilla\Firefox\Profiles\04z5vm71.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\gabriele stewan\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\gabriele stewan\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {c69650dc-9644-4580-aa86-0ea329ee6c60} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management:  Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys:  Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File:  Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehabn.dll
~ BHO: 14 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{C69650DC-9644-4580-AA86-0EA329EE6C60} Chave orfã
~ Toolbar:  Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Control Center] . (...) -- C:\Program Files\Control Center\CCenter.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe   =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [mylbx] . (.FSPro Labs - My Lockbox.) -- C:\Program Files\My Lockbox\mylbx.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Deskmedia3] . (...) -- C:\Positivo\Deskmedia\GerenciadorLocal.exe
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe   =>.Oracle Corporation
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\gabriele stewan\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe   =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2005915356-1209212705-3217999460-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe   =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2005915356-1209212705-3217999460-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\gabriele stewan\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2005915356-1209212705-3217999460-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application:  Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
~ IE Zone Confiance:  Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Você precisa estar registrado e conectado para ver este link.]
~ Objets ActiveX:  Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A384F6D-6C8F-4859-8195-A9E15E173BB6}: DhcpNameServer = 200.142.132.32 200.220.227.56
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E494F71-3744-42FA-A4F7-DB77C904DE47}: DhcpNameServer = 187.2.80.16 187.2.80.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{5A384F6D-6C8F-4859-8195-A9E15E173BB6}: DhcpNameServer = 200.142.132.32 200.220.227.56
O17 - HKLM\System\CS1\Services\Tcpip\..\{8E494F71-3744-42FA-A4F7-DB77C904DE47}: DhcpNameServer = 187.2.80.16 187.2.80.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{5A384F6D-6C8F-4859-8195-A9E15E173BB6}: DhcpNameServer = 200.142.132.32 200.220.227.56
O17 - HKLM\System\CS2\Services\Tcpip\..\{8E494F71-3744-42FA-A4F7-DB77C904DE47}: DhcpNameServer = 187.2.80.16 187.2.80.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.2.80.16 187.2.80.15
~ Domain:  Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll  =>.Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll  =>.Microsoft Corporation
~ Protocole Additionnel:  Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify:  GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify:  GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon:  Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 5 Legitimates Filtered in 00mn 09s



---\\ Tarefas planificadas automaticamente (039)
[MD5.00000000000000000000000000000000] [APT] [{22322BEA-1322-4330-B112-2CAC24BB4439}] (...) -- F:\Windows\Install.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{462E10CD-D594-4CD4-80D4-9E4355F5CE4C}] (...) -- D:\Rafa\doom\DOOM II\DOOM II.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{4A6087CF-71AF-476F-8439-8EC452D9DC8E}] (...) -- F:\Installer.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{5E5DE0C6-A101-4C5E-A1F9-D0ED0415B20F}] (...) -- G:\SETUP.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{6CBF17ED-9C24-44E3-BF88-BADD3168EEC3}] (...) -- D:\Rafa\battlefield\BF2\Battlefield 2\BF2.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{850BFF76-74BD-43AD-BBF4-7A5415933C46}] (...) -- F:\Windows\Install.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{931E31DB-4341-43B8-9F16-C4466A928E9F}] (...) -- C:\Program Files\InstallShield Installation Information\{93D34EE3-99B3-4DB1-8B0A-0A657466F90D}\data.exe (.not file.)   [0]
[MD5.00000000000000000000000000000000] [APT] [{EDED5815-04D2-4201-8E00-7808EA6247B4}] (...) -- D:\Rafa\battlefield\BF2\Battlefield 2\BF2.exe (.not file.)   [0]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater   [902]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2005915356-1209212705-3217999460-1000Core   [946]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2005915356-1209212705-3217999460-1000UA   [968]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore   [1070]
O39 - APT:  - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA   [1074]
~ Scheduled Task: 27 Legitimates Filtered in 00mn 07s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver:  (360FileOem) . (.360.cn - 360FileOem.) - C:\Windows\system32\drivers\360FileOem.sys
O41 - Driver:  (360RegOem) . (.360安全中心 - 360RegOem.) - C:\Windows\system32\drivers\360RegOem.sys
O41 - Driver:  (360SpOEM) . (.360安全中心 - 360安全卫士 - SelfProtection.) - C:\Windows\System32\drivers\360SpOEM.sys
O41 - Driver:  (archlp) . (...) - C:\Windows\System32\drivers\archlp.sys
O41 - Driver:  (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver:  (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
O41 - Driver:  (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef.sys (.not file.)
O41 - Driver:  (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver:  (EfiMon) . (.360安全中心 - 360Efimon Driver.) - C:\Windows\System32\Drivers\Efimon.sys
O41 - Driver: (fmpvxovm) . (. - .) - C:\Windows\system32\drivers\fmpvxovm.sys (.not file.)
O41 - Driver:  (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver:  ({2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw.sys  =>PUP.LinkiDoo
~ Drivers: 111 Legitimates Filtered in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: Acelerador de Downloads - (.Acelerador de Downloads.) [HKLM] -- {33BB1D6F-2708-4B3F-92FC-639B9540F1A1}_is1
O42 - Logiciel: Codec Pack Packages - (...) [HKCU] -- Codec Pack Packages
O42 - Logiciel: Control Center - (.TPS.) [HKLM] -- {A09AB2EA-4E3B-48A8-A716-CD4FB3529548}
O42 - Logiciel: My Lockbox 2.6 - (...) [HKLM] -- My Lockbox_is1
O42 - Logiciel: Módulo de Proteção Banco Santander (Brasil) S.A. - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
~ Logic: 18 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]  =>Adware.BDSearch
[HKCU\Software\Deskmedia]
[HKCU\Software\GbAs]
[HKCU\Software\OrolixCommunicator]
[HKCU\Software\none]
[HKLM\Software\360Safe]  =>Trojan.Lozavita
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Baidu Security]  =>Adware.BDSearch
[HKLM\Software\Baidu_Drp_pos]  =>Adware.BDSearch
[HKLM\Software\Deskmedia]
[HKLM\Software\GameVicio]
[HKLM\Software\Pyro]
[HKLM\Software\baidu]  =>Adware.BDSearch
~ Key Software: 210 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 06/05/2014 - 01:03:40 - [] ----D C:\Program Files\Acelerador de Downloads
O43 - CFD: 30/04/2014 - 10:18:41 - [] ----D C:\Program Files\Baidu Security  =>Adware.BDSearch
O43 - CFD: 02/11/2012 - 20:46:19 - [] ----D C:\Program Files\Baixe seu Arquivo
O43 - CFD: 08/04/2014 - 22:21:16 - [] ----D C:\Program Files\Control Center
O43 - CFD: 27/11/2011 - 14:31:18 - [] ----D C:\Program Files\GameVicio
O43 - CFD: 08/04/2014 - 22:21:22 - [] ----D C:\Program Files\My Lockbox
O43 - CFD: 17/10/2012 - 21:49:04 - [] ----D C:\Program Files\SupportInfo
O43 - CFD: 11/04/2014 - 11:23:46 - [] ----D C:\ProgramData\2E2BC
O43 - CFD: 30/04/2014 - 10:18:56 - [] ----D C:\ProgramData\Baidu Security  =>Adware.BDSearch
O43 - CFD: 29/08/2012 - 14:28:44 - [] ----D C:\ProgramData\OI
O43 - CFD: 04/04/2014 - 13:57:51 - [] ----D C:\Users\gabriele stewan\AppData\Roaming\360safe  =>Trojan.Lozavita
O43 - CFD: 29/04/2014 - 14:00:39 - [] ----D C:\Users\gabriele stewan\AppData\Roaming\Baidu Security  =>Adware.BDSearch
O43 - CFD: 02/11/2012 - 20:48:20 - [] ----D C:\Users\gabriele stewan\AppData\Local\Ares
~ Program Folder: 193 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 05/05/2014 - 16:44:50 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll   [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 06/05/2014 - 15:22:15 ---A- . (...) -- C:\Windows\zoek-delete.exe   [24064]
O44 - LFC:[MD5.3E8BEC33B5A26FB831F5D2EC5D755514] - 06/05/2014 - 15:47:29 ---A- . (...) -- C:\zoek-results.log   [15114]
O44 - LFC:[MD5.FFD2D11A1524F8790C875A94AA4ED24B] - 06/05/2014 - 15:50:20 ---A- . (...) -- C:\Windows\ntbtlog.txt   [92146]
O44 - LFC:[MD5.3F0F2931265680205283BF25493760A0] - 24/04/2014 - 12:32:28 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw.sys   [52928]  =>PUP.LinkiDoo
O44 - LFC:[MD5.6E42F2E5B5BDE3FE4066C9B2D6091E17] - 29/04/2014 - 21:33:25 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys   [23624]
O44 - LFC:[MD5.049844AD9F01ACCDE9998B46B0C8948D] - 29/04/2014 - 21:33:30 ---A- . (.360安全中心 - 360安全卫士 - HookPort.) -- C:\Windows\System32\Drivers\hookport.sys   [75832]
O44 - LFC:[MD5.D46D074B8BF3F42AB0820C49AD760823] - 29/04/2014 - 22:15:30 ---A- . (...) -- C:\AVScanner.ini   [426]
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 29/04/2014 - 22:38:13 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys   [24184]
O44 - LFC:[MD5.4C182BDB0E01582B29E2A38ABD6ACE44] - 30/04/2014 - 10:19:32 ---A- . (...) -- C:\Windows\System32\config.ini   [29]
O44 - LFC:[MD5.FBEC5C7A42E12B69D989EB9A160446A0] - 30/04/2014 - 21:52:24 ---A- . (...) -- C:\Windows\win.ini   [505]
~ Files: 38 Legitimates Filtered in 01mn 00s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll
~ ShellExecuteHooks:  Scanned in 00mn 00s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{3bb22aad-04d3-11e1-9a1f-d509925eda0d}\AutoRun\command. (...) -- F:\autorun.exe (.not file.)
O51 - MPSK:{42b6d5d8-19e8-11e0-9181-a5915c4e1f0d}\AutoRun\command. (...) -- G:\SETUP.exe (.not file.)
O51 - MPSK:{7fc4a66d-4511-11e1-a940-00e04c5363e3}\AutoRun\command. (...) -- I:\AutoRun.exe (.not file.)
O51 - MPSK:{89f0bb59-958b-11e2-84d0-00e04c5363e3}\AutoRun\command. (...) -- H:\setup.exe (.not file.)
O51 - MPSK:{8eaf1bfd-450f-11e1-8daf-00e04c5363e3}\AutoRun\command. (...) -- H:\AutoRun.exe (.not file.)
O51 - MPSK:{d5d72066-12cd-11e0-94a6-806e6f6e6963}\AutoRun\command. (...) -- F:\NokiaPCIA_Autorun.exe (.not file.)
O51 - MPSK:{dc5c7063-d190-11e0-9bca-cfad35feaa46}\AutoRun\command. (...) -- F:\LaunchU3.exe (.not file.)
~ Keys:  Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys   [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys   [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys   [23168]
O58 - SDL:03/09/2012 - 19:34:10 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys   [64048]
O58 - SDL:13/01/2010 - 13:59:20 ---A- . (...) -- C:\Windows\System32\Drivers\ArcHlp.sys   [89728]
O58 - SDL:29/04/2014 - 22:38:13 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys   [24184]  =>.ALWIL Software
O58 - SDL:29/04/2014 - 22:38:13 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys   [49944]  =>.ALWIL Software
O58 - SDL:29/04/2014 - 22:38:13 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys   [180632]  =>.ALWIL Software
O58 - SDL:06/01/2011 - 20:07:02 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys   [218176]
O58 - SDL:29/04/2014 - 21:33:25 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys   [23624]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys   [453712]
O58 - SDL:27/02/2014 - 13:55:12 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys   [46392]
O58 - SDL:31/03/2014 - 19:11:50 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys   [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys   [26624]
O58 - SDL:29/04/2014 - 21:33:30 ---A- . (.360安全中心 - 360安全卫士 - HookPort.) -- C:\Windows\System32\Drivers\hookport.sys   [75832]
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys   [721904]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise  SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys   [21072]
O58 - SDL:24/04/2014 - 12:32:28 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw.sys   [52928]  =>PUP.LinkiDoo
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS   [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys   [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS   [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS   [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS   [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS   [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS   [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS   [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS   [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS   [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS   [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS   [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS   [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS   [34672]
~ Drivers: 105 Legitimates Filtered in 00mn 04s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1  =>.Nicolas Coolman
~ ADS:  Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 31/05/2012 - C:\Windows\system32\drivers\360FileOem.sys (360FileOem)  .(.360.cn - 360FileOem.) - LEGACY_360FILEOEM
O64 - Services: CurCS - 31/05/2012 - C:\Windows\system32\drivers\360RegOem.sys (360RegOem)  .(.360安全中心 - 360RegOem.) - LEGACY_360REGOEM
O64 - Services: CurCS - 03/09/2012 - C:\Windows\System32\drivers\360SpOEM.sys (360SpOEM)  .(.360安全中心 - 360安全卫士 - SelfProtection.) - LEGACY_360SPOEM
O64 - Services: CurCS - 13/01/2010 - C:\Windows\System32\drivers\archlp.sys (archlp) .(...) - LEGACY_ARCHLP
O64 - Services: CurCS - 29/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 29/04/2014 - C:\Windows\System32\Drivers\Efimon.sys (EfiMon)  .(.360安全中心 - 360Efimon Driver.) - LEGACY_EFIMON
O64 - Services: CurCS - 27/02/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm)  .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 29/04/2014 - C:\Windows\System32\Drivers\Hookport.sys (HookPort)  .(.360安全中心 - 360安全卫士 - HookPort.) - LEGACY_HOOKPORT
O64 - Services: CurCS - 24/04/2014 - C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw.sys ({2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw)  .(.StdLib - StdLib.) - LEGACY_{2C976A7F-DBDC-4756-870F-F6D183FE7A7E}GW  =>PUP.LinkiDoo
~ Legacy: 242 Legitimates Filtered in 00mn 01s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {BACEFAF6-6EC5-4350-99B1-EC770C70B8E5} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys:  Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.77D84968887A117861B7D29138BD6ED1] [SPRF][31/03/2014] (...) -- C:\Users\gabriele stewan\AppData\Roaming\unins000.dat   [30948]
[MD5.AE9B42E7B2E4F52F0783E82EB8118975] [SPRF][09/04/2014] (...) -- C:\Users\gabriele stewan\AppData\Roaming\unins001.dat   [15520]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.A43D98F5A2B54F22C2B8191CBF27B438] [WIS][08/03/2014] (.SaveSense - Google Update Helper.) -- C:\Windows\Installer\af2083.msi   [40960]  =>PUP.SaveSense
~ WIS: 1 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Microsoft\Tracing\updateWiseEnhance_RASAPI32  =>PUP.WiseEnhance
HKLM\SOFTWARE\Microsoft\Tracing\updateWiseEnhance_RASMANCS  =>PUP.WiseEnhance
HKLM\SOFTWARE\Microsoft\Tracing\utilWiseEnhance_RASAPI32  =>PUP.WiseEnhance
HKLM\SOFTWARE\Microsoft\Tracing\utilWiseEnhance_RASMANCS  =>PUP.WiseEnhance
HKLM\SOFTWARE\Microsoft\Tracing\WiseEnhance_RASAPI32  =>PUP.WiseEnhance
HKLM\SOFTWARE\Microsoft\Tracing\WiseEnhance_RASMANCS  =>PUP.WiseEnhance
~ BTK: 230 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class)  =>PUP.SaveSense
~ BCK: 5218 Legitimates Filtered in 00mn 13s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 01/05/2014 257712 |  (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 29/04/2014 116648 |  (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 29/04/2014 116648 |  (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 03/04/2005 69632 |  (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/03/2010 113152 |  (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 18/12/2013 65432 |  (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 29/04/2014 50344 |  (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 27/02/2014 519224 |  (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 11/03/2014 22216 |  (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 14/01/2009 226656 |  (SeaPort) . (.Microsoft Corp..) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services:  Scanned in 00mn 15s



---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys   [721904]
~ Emulateurs:  Scanned in 00mn 15s



---\\ Scâner Aditional (088)
Database Version : 13045 - (05/05/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés  (Folders found) : 4
Fichiers trouvés  (Files found) : 6

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate]   =>PUP.DealPly
[HKLM\Software\360Safe]   =>Trojan.Lozavita
C:\Program Files\Baidu Security   =>Adware.BDSearch^
C:\ProgramData\Baidu Security   =>Adware.BDSearch^
C:\Users\gabriele stewan\AppData\Roaming\360safe   =>Trojan.Lozavita^
C:\Users\gabriele stewan\AppData\Roaming\Baidu Security   =>Adware.BDSearch^
[HKCU\Software\Baidu Security]   =>Adware.BDSearch^
[HKLM\Software\Baidu Security]   =>Adware.BDSearch^
[HKLM\Software\Baidu_Drp_pos]   =>Adware.BDSearch^
[HKLM\Software\baidu]   =>Adware.BDSearch^
C:\Windows\Installer\af2083.msi   =>PUP.SaveSense^
[HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}] (SaveSenseLive Core Class)   =>PUP.SaveSense^
~ Additionnel Scan: 223057 Items scanned in 01mn 05s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.LinkiDoo
[Você precisa estar registrado e conectado para ver este link.]  =>Adware.BDSearch
[Você precisa estar registrado e conectado para ver este link.]  =>Trojan.Lozavita
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.SaveSense
[Você precisa estar registrado e conectado para ver este link.]  =>PUP.DealPly
~ MSI: 5 link(s) detected in 00mn 00s



~ 975 Legitimates filtered by white list
End of the scan (568 lines in 03mn 30s)(0)
avatar
tiago ferreira
Iniciante
Iniciante

Mensagens : 27
Reputação : 2
Data de inscrição : 04/05/2014

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por Power Max em Ter 06 Maio 2014, 17:37

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Ter 06 Maio 2014, 22:35, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por tiago ferreira em Ter 06 Maio 2014, 20:33

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by gabriele stewan at 06/05/2014 19:21:41
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (03mn 09s)
Reparação de atalhos do navegador

========== Estado dos serviços ==========
{2C976A7F-DBDC-4756-870F-F6D183FE7A7E}GW Parado

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: fmpvxovm
ELIMINÉ Driver Key: {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\360Safe
ELIMINÉ: HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\baidu
ELIMINÉ CLSID MPSK: {3bb22aad-04d3-11e1-9a1f-d509925eda0d}
ELIMINÉ CLSID MPSK: {42b6d5d8-19e8-11e0-9181-a5915c4e1f0d}
ELIMINÉ CLSID MPSK: {7fc4a66d-4511-11e1-a940-00e04c5363e3}
ELIMINÉ CLSID MPSK: {89f0bb59-958b-11e2-84d0-00e04c5363e3}
ELIMINÉ CLSID MPSK: {8eaf1bfd-450f-11e1-8daf-00e04c5363e3}
ELIMINÉ CLSID MPSK: {d5d72066-12cd-11e0-94a6-806e6f6e6963}
ELIMINÉ CLSID MPSK: {dc5c7063-d190-11e0-9bca-cfad35feaa46}
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateWiseEnhance_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\updateWiseEnhance_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\utilWiseEnhance_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\utilWiseEnhance_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\WiseEnhance_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Microsoft\Tracing\WiseEnhance_RASMANCS
ELIMINÉ: HKCR\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
ELIMINÉ: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\DealPlyUpdate

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {C69650DC-9644-4580-AA86-0EA329EE6C60}
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\windows\system32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}gw.sys
ELIMINÉ: C:\Windows\Installer\af2083.msi
ELIMINÉ Temporários windows (62) (663.387 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {22322BEA-1322-4330-B112-2CAC24BB4439}
ELIMINÉ: {462E10CD-D594-4CD4-80D4-9E4355F5CE4C}
ELIMINÉ: {4A6087CF-71AF-476F-8439-8EC452D9DC8E}
ELIMINÉ: {5E5DE0C6-A101-4C5E-A1F9-D0ED0415B20F}
ELIMINÉ: {6CBF17ED-9C24-44E3-BF88-BADD3168EEC3}
ELIMINÉ: {850BFF76-74BD-43AD-BBF4-7A5415933C46}
ELIMINÉ: {931E31DB-4341-43B8-9F16-C4466A928E9F}
ELIMINÉ: {EDED5815-04D2-4201-8E00-7808EA6247B4}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
27 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
4 : Ficheiros
1 : Estado dos serviços
8 : Tarefa planificada
1 : Restauração Sistema


End of clean in 04mn 07s

========== Caminho do ficheiro do relatório ==========
C:\Users\gabriele stewan\AppData\Roaming\ZHP\ZHPFix[R1].txt - 06/05/2014 19:24:51 [3265]
avatar
tiago ferreira
Iniciante
Iniciante

Mensagens : 27
Reputação : 2
Data de inscrição : 04/05/2014

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por Power Max em Ter 06 Maio 2014, 20:35

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por tiago ferreira em Ter 06 Maio 2014, 20:41

~ Relatório do ZHPDiag v2014.5.5.55 - Nicolas Coolman (05/05/2014)
~ Iniciado por gabriele stewan (06/05/2014 20:38:23)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.16661
GCIE: Google Chrome v34.0.1847.131 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 32-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK

---\\ Softwares de proteçao do sistema
avast! Free Antivirus v9.0.2018
Malwarebytes Anti-Malware versão 2.0.1.1004
Microsoft Security Client PT-BR Language Pack v2.1.1116.0
Windows Defender W7

---\\ Softwares d'optimização do sistema
CCleaner v3.20

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: x86 Family 6 Model 23 Stepping 10, GenuineIntel
~ Operating System: 32 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3004 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 111 GB (73%) free of 151 GB

---\\ Modo de conexão ao sistema
~ Computer Name: GABRIELESTEWAN
~ User Name: gabriele stewan
~ All Users Names: gabriele stewan, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\gabriele stewan\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\gabriele stewan\AppData\Roaming\
~ %Desktop% : C:\Users\gabriele stewan\Desktop\
~ %Favorites% : C:\Users\gabriele stewan\Favorites\
~ %LocalAppData% : C:\Users\gabriele stewan\AppData\Local\
~ %StartMenu% : C:\Users\gabriele stewan\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 111 Go of 151 Go)
D: Hard drive, Flash drive, Thumb drive (Free 136 Go of 139 Go)
E: CD-ROM drive (Not Inserted)
F: CD-ROM drive (Not Inserted)
G: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
~ Security Center: 46 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.8B88EBBB05A0E56B7DCC708498C02B3E] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 02:30:54.) -- C:\Windows\Explorer.exe [2616320]
[MD5.B5C5DCAD3899512020D135600129D665] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:14:45.) -- C:\Windows\System32\Wininit.exe [96256]
[MD5.AAFEAB4FC9D70253F8C7E353E879E8A2] - (.Microsoft Corporation - Internet Extensions para Win32.) (.28/02/2014 - 23:32:16.) -- C:\Windows\System32\wininet.dll [1820160]
[MD5.6D13E1406F50C66E2A95D97F22C47560] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.20/11/2010 - 09:17:54.) -- C:\Windows\System32\Winlogon.exe [286720]
[MD5.E3AE23569749DE12D45BA3B489A036AE] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.20/11/2010 - 09:21:24.) -- C:\Windows\System32\sppcomapi.dll [193536]
[MD5.F81BB7E487EDCEAB630A7EE66CF23913] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.13/09/2013 - 21:48:58.) -- C:\Windows\system32\Drivers\AFD.sys [338944]
[MD5.338C86357871C167A96AB976519BF59E] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:26:15.) -- C:\Windows\system32\Drivers\atapi.sys [21584]
[MD5.77EA11B065E0A8AB902D78145CA51E10] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:11:15.) -- C:\Windows\system32\Drivers\Cdfs.sys [70656]
[MD5.BE167ED0FDB9C1FA1133953C18D5A6C9] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 05:38:10.) -- C:\Windows\system32\Drivers\Cdrom.sys [108544]
[MD5.F024449C97EC1E464AAFFDA18593DB88] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 05:42:32.) -- C:\Windows\system32\Drivers\DfsC.sys [78336]
[MD5.9036377B8A6C15DC2EEC53E489D159B5] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 06:59:29.) -- C:\Windows\system32\Drivers\HDAudBus.sys [108544]
[MD5.F151F0BDC47F4A28B1B20A0818EA36D6] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:11:24.) -- C:\Windows\system32\Drivers\i8042prt.sys [80896]
[MD5.A5FA468D67ABCDAA36264E463A7BB0CD] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 20:54:29.) -- C:\Windows\system32\Drivers\IpNat.sys [101888]
[MD5.5D16C921E3671636C0EBA3BBAAC5FD25] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:17:22.) -- C:\Windows\system32\Drivers\MRxSmb.sys [123904]
[MD5.280122DDCF04B378EDD1AD54D71C1E54] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 05:39:44.) -- C:\Windows\system32\Drivers\netBT.sys [187904]
[MD5.C8DFF8D07755A66C7A4A738930F0FEAC] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:18:22.) -- C:\Windows\system32\Drivers\ntfs.sys [1212352]
[MD5.2EA877ED5DD9713C5AC74E8EA7348D14] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 20:45:35.) -- C:\Windows\system32\Drivers\Parport.sys [79360]
[MD5.D9F91EAFEC2815365CBE6D167E4E332A] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.13/07/2009 - 20:54:34.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [78848]
[MD5.3E21C083B8A01CB70BA1F09303010FCE] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 20:53:41.) -- C:\Windows\system32\Drivers\smb.sys [71168]
[MD5.B459575348C20E8121D6039DA063C704] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 05:39:17.) -- C:\Windows\system32\Drivers\tdx.sys [74752]
[MD5.F497F67932C6FA693D7DE2780631CFE7] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.20/11/2010 - 09:30:16.) -- C:\Windows\system32\Drivers\volsnap.sys [245632]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 2/421
~ Mes musiques (My Musics) : 317/1141
~ Mes Favoris (My Favorites) : 1/38
~ Mes Documents (My Documents) : 2/80
~ Mon Bureau (My Desktop) : 3/563
~ Menu demarrer (Programs) : 1/33
~ Hidden Files: Scanned in 00mn 01s



---\\ Processos lançados
[MD5.F00094EA2C92949729E375163D30A359] - (...) -- C:\Program Files\Control Center\CCenter.exe [795648] [PID.3720]
[MD5.EBF0A311429601130833E8BF0CDC1167] - (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7866912] [PID.3836]
[MD5.234E03F88DE98974BC9465BD3CAE23C6] - (.FSPro Labs - My Lockbox.) -- C:\Program Files\My Lockbox\mylbx.exe [1984832] [PID.3968]
[MD5.2C1B1E9174D94E9F6EE3CF373ABAB7DD] - (.Intel Corporation - igfxTray Module.) -- C:\Windows\System32\igfxtray.exe [137752] [PID.4000]
[MD5.87D78CF6365BDDACBE9D34B60FE0E23B] - (.Intel Corporation - hkcmd Module.) -- C:\Windows\System32\hkcmd.exe [171032] [PID.4016]
[MD5.89D3DE5E2C77DCD99C56F0E46310AEA0] - (.Intel Corporation - persistence Module.) -- C:\Windows\System32\igfxpers.exe [172568] [PID.4032]
[MD5.C8A7038AA59578773E964E47E2F799F4] - (...) -- C:\Positivo\Deskmedia\GerenciadorLocal.exe [718952] [PID.2468]
[MD5.3E364978E4C74D3BCEA29FB41743CB5A] - (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe [3873704] [PID.2872]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe [254336] [PID.2932]
[MD5.00D434EBF534AD5241BAB8104EF2B090] - (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe [1305408] [PID.2936]
[MD5.2E0B0A051FFAA86E358465BB0880D453] - (.Microsoft Corporation - Windows Update.) -- C:\Windows\system32\wuauclt.exe [53784] [PID.4992]
[MD5.A131FF6AF7E2B2492566FB57683CE6CB] - (.Nicolas Coolman - ZHPFix.) -- C:\Program Files\ZHPDiag\ZHPFix\ZHPFix.exe [3054592] [PID.0]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe [841032] [PID.5724]
[MD5.C77194C94AA796FD237FDDC3A0E420E5] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files\ZHPDiag\ZHPDiag.exe [7871488] [PID.1684]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\gabriele stewan\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 02s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\gabriele stewan\AppData\Roaming\Mozilla\Firefox\Profiles\04z5vm71.default\prefs.js
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/abn] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\gabriele stewan\AppData\Local\GAS Tecnologia\GBBD\npsf_abn.dll
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\gabriele stewan\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R3 - URLSearchHook: Microsoft Url Search Hook - {CFBFAE00-17A6-11D0-99CB-00C04FD64497} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
R3 - URLSearchHook: (no name) - {c69650dc-9644-4580-aa86-0ea329ee6c60} . (.GAS Tecnologia - Internet Banking Helper.) (No version) -- (.not file.)
~ IE Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O2 - BHO: G-Buster Browser Defense Banco Real - {C41A1C0E-EA6C-11D4-B1B8-444553540007} . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehabn.dll
~ BHO: 14 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{21FA44EF-376D-4D53-9B0F-8A89D3229068} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [Control Center] . (...) -- C:\Program Files\Control Center\CCenter.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] . (.ArcSoft Inc. - ArcSoft Connect Daemon.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Run: [mylbx] . (.FSPro Labs - My Lockbox.) -- C:\Program Files\My Lockbox\mylbx.exe
O4 - HKLM\..\Run: [MSC] . (.Microsoft Corporation - Microsoft Security Client User Interface.) -- C:\Program Files\Microsoft Security Client\msseces.exe
O4 - HKLM\..\Run: [IgfxTray] . (.Intel Corporation - igfxTray Module.) -- C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] . (.Intel Corporation - persistence Module.) -- C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [Deskmedia3] . (...) -- C:\Positivo\Deskmedia\GerenciadorLocal.exe
O4 - HKLM\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKLM\..\Run: [AvastUI.exe] . (.AVAST Software - avast! Antivirus.) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKCU\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKCU\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\gabriele stewan\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKCU\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-2005915356-1209212705-3217999460-1000\..\Run: [DAEMON Tools Lite] . (.DT Soft Ltd - DAEMON Tools Lite.) -- C:\Program Files\DAEMON Tools Lite\DTLite.exe =>.DT Soft Ltd
O4 - HKUS\S-1-5-21-2005915356-1209212705-3217999460-1000\..\Run: [Facebook Update] . (.Facebook Inc. - Facebook Installer.) -- C:\Users\gabriele stewan\AppData\Local\Facebook\Update\FacebookUpdate.exe
O4 - HKUS\S-1-5-21-2005915356-1209212705-3217999460-1000\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files\Windows Sidebar\sidebar.exe
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancoreal.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.bancosantander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santander.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.santanderempresarial.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernet.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.santandernetibe.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Objets ActiveX (Downloaded Program Files)(O16)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} ((no name)) - [Você precisa estar registrado e conectado para ver este link.]
~ Objets ActiveX: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{5A384F6D-6C8F-4859-8195-A9E15E173BB6}: DhcpNameServer = 200.142.132.32 200.220.227.56
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E494F71-3744-42FA-A4F7-DB77C904DE47}: DhcpNameServer = 187.2.80.16 187.2.80.15
O17 - HKLM\System\CS1\Services\Tcpip\..\{5A384F6D-6C8F-4859-8195-A9E15E173BB6}: DhcpNameServer = 200.142.132.32 200.220.227.56
O17 - HKLM\System\CS1\Services\Tcpip\..\{8E494F71-3744-42FA-A4F7-DB77C904DE47}: DhcpNameServer = 187.2.80.16 187.2.80.15
O17 - HKLM\System\CS2\Services\Tcpip\..\{5A384F6D-6C8F-4859-8195-A9E15E173BB6}: DhcpNameServer = 200.142.132.32 200.220.227.56
O17 - HKLM\System\CS2\Services\Tcpip\..\{8E494F71-3744-42FA-A4F7-DB77C904DE47}: DhcpNameServer = 187.2.80.16 187.2.80.15
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 187.2.80.16 187.2.80.15
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (.Microsoft Corporation - Photo Gallery Album Download Protocol Handl.) -- C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll =>.Microsoft Corporation
O18 - Filter: application/x-msdownload - {1E66F26B-79EE-11D2-8710-00C04F79ED0D} . (.Microsoft Corporation - Microsoft .NET Runtime Execution Engine.) -- C:\Windows\System32\mscoree.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: GbPluginAbn . (.Banco Real - Gbieh Module.) -- C:\Program Files\GbPlugin\gbiehAbn.dll
O20 - Winlogon Notify: GbPluginBb . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files\GbPlugin\gbieh.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files\GbPlugin\gbpsv.exe
~ Services: 5 Legitimates Filtered in 00mn 07s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2005915356-1209212705-3217999460-1000Core [946]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-2005915356-1209212705-3217999460-1000UA [968]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1074]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 04s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (360FileOem) . (.360.cn - 360FileOem.) - C:\Windows\system32\drivers\360FileOem.sys
O41 - Driver: (360RegOem) . (.360安全中心 - 360RegOem.) - C:\Windows\system32\drivers\360RegOem.sys
O41 - Driver: (360SpOEM) . (.360安全中心 - 360安全卫士 - SelfProtection.) - C:\Windows\System32\drivers\360SpOEM.sys
O41 - Driver: (archlp) . (...) - C:\Windows\System32\drivers\archlp.sys
O41 - Driver: (EfiMon) . (.360安全中心 - 360Efimon Driver.) - C:\Windows\System32\Drivers\Efimon.sys
O41 - Driver: (ndisrd) . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) - C:\Windows\System32\DRIVERS\gbpndisrdn.sys
O41 - Driver: (Bfilter) . (. - .) - C:\Windows\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\Windows\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\Windows\system32\drivers\bndef.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\Windows\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: (fmpvxovm) . (. - .) - C:\Windows\system32\drivers\fmpvxovm.sys (.not file.)
O41 - Driver: ({2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw) . (. - .) - C:\Windows\System32\drivers\{2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw.sys (.not file.)
~ Drivers: 97 Legitimates Filtered in 00mn 01s



---\\ Software instalados (042)
O42 - Logiciel: Acelerador de Downloads - (.Acelerador de Downloads.) [HKLM] -- {33BB1D6F-2708-4B3F-92FC-639B9540F1A1}_is1
O42 - Logiciel: Codec Pack Packages - (...) [HKCU] -- Codec Pack Packages
O42 - Logiciel: Control Center - (.TPS.) [HKLM] -- {A09AB2EA-4E3B-48A8-A716-CD4FB3529548}
O42 - Logiciel: My Lockbox 2.6 - (...) [HKLM] -- My Lockbox_is1
O42 - Logiciel: Módulo de Proteção Banco Santander (Brasil) S.A. - (...) [HKLM] -- {83033d93-48d0-48fc-9c5b-82e57e7e0dd6}_is1
O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
~ Logic: 18 Legitimates Filtered in 00mn 01s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\Deskmedia]
[HKCU\Software\GbAs]
[HKCU\Software\OrolixCommunicator]
[HKCU\Software\none]
[HKLM\Software\AutoHelpDesk]
[HKLM\Software\Deskmedia]
[HKLM\Software\GameVicio]
[HKLM\Software\Pyro]
~ Key Software: 205 Legitimates Filtered in 00mn 01s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 06/05/2014 - 01:03:40 - [] ----D C:\Program Files\Acelerador de Downloads
O43 - CFD: 02/11/2012 - 20:46:19 - [] ----D C:\Program Files\Baixe seu Arquivo
O43 - CFD: 08/04/2014 - 22:21:16 - [] ----D C:\Program Files\Control Center
O43 - CFD: 27/11/2011 - 14:31:18 - [] ----D C:\Program Files\GameVicio
O43 - CFD: 08/04/2014 - 22:21:22 - [] ----D C:\Program Files\My Lockbox
O43 - CFD: 17/10/2012 - 21:49:04 - [] ----D C:\Program Files\SupportInfo
O43 - CFD: 11/04/2014 - 11:23:46 - [] ----D C:\ProgramData\2E2BC
O43 - CFD: 29/08/2012 - 14:28:44 - [] ----D C:\ProgramData\OI
O43 - CFD: 02/11/2012 - 20:48:20 - [] ----D C:\Users\gabriele stewan\AppData\Local\Ares
~ Program Folder: 189 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.0DC5AF80D059DEC792B665ED598C6567] - 05/05/2014 - 16:44:50 ---A- . (.SQLite Development Team - SQLite Dynamic Link Library (No TCL).) -- C:\Windows\System32\sqlite3.dll [536576]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 06/05/2014 - 15:22:15 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.3E8BEC33B5A26FB831F5D2EC5D755514] - 06/05/2014 - 15:47:29 ---A- . (...) -- C:\zoek-results.log [15114]
O44 - LFC:[MD5.FFD2D11A1524F8790C875A94AA4ED24B] - 06/05/2014 - 15:50:20 ---A- . (...) -- C:\Windows\ntbtlog.txt [92146]
O44 - LFC:[MD5.6E42F2E5B5BDE3FE4066C9B2D6091E17] - 29/04/2014 - 21:33:25 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O44 - LFC:[MD5.049844AD9F01ACCDE9998B46B0C8948D] - 29/04/2014 - 21:33:30 ---A- . (.360安全中心 - 360安全卫士 - HookPort.) -- C:\Windows\System32\Drivers\hookport.sys [75832]
O44 - LFC:[MD5.D46D074B8BF3F42AB0820C49AD760823] - 29/04/2014 - 22:15:30 ---A- . (...) -- C:\AVScanner.ini [426]
O44 - LFC:[MD5.4D6C6E0505A8E5A0656DCB223497D37C] - 29/04/2014 - 22:38:13 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184]
O44 - LFC:[MD5.4C182BDB0E01582B29E2A38ABD6ACE44] - 30/04/2014 - 10:19:32 ---A- . (...) -- C:\Windows\System32\config.ini [29]
O44 - LFC:[MD5.FBEC5C7A42E12B69D989EB9A160446A0] - 30/04/2014 - 21:52:24 ---A- . (...) -- C:\Windows\win.ini [505]
~ Files: 37 Legitimates Filtered in 00mn 04s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399F83} - C:\Program Files\GbPlugin\gbieh.dll
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj - {E37CB5F0-51F5-4395-A808-5FA49E399007} - C:\Program Files\GbPlugin\gbiehabn.dll
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360.cn - 360FileOem.) -- C:\Windows\System32\Drivers\360FileOem.sys [146304]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360HookOem.) -- C:\Windows\System32\Drivers\360HookOem.sys [54912]
O58 - SDL:31/05/2012 - 21:21:04 R--A- . (.360安全中心 - 360RegOem.) -- C:\Windows\System32\Drivers\360RegOem.sys [23168]
O58 - SDL:03/09/2012 - 19:34:10 R--A- . (.360安全中心 - 360安全卫士 - SelfProtection.) -- C:\Windows\System32\Drivers\360SpOEM.sys [64048]
O58 - SDL:13/01/2010 - 13:59:20 ---A- . (...) -- C:\Windows\System32\Drivers\ArcHlp.sys [89728]
O58 - SDL:29/04/2014 - 22:38:13 ---A- . (...) -- C:\Windows\System32\Drivers\aswHwid.sys [24184] =>.ALWIL Software
O58 - SDL:29/04/2014 - 22:38:13 ---A- . (...) -- C:\Windows\System32\Drivers\aswRvrt.sys [49944] =>.ALWIL Software
O58 - SDL:29/04/2014 - 22:38:13 ---A- . (...) -- C:\Windows\System32\Drivers\aswVmm.sys [180632] =>.ALWIL Software
O58 - SDL:06/01/2011 - 20:07:02 ---A- . (.DT Soft Ltd - DAEMON Tools Virtual Bus Driver.) -- C:\Windows\System32\Drivers\dtsoftbus01.sys [218176]
O58 - SDL:29/04/2014 - 21:33:25 ---A- . (.360安全中心 - 360Efimon Driver.) -- C:\Windows\System32\Drivers\efimon.sys [23624]
O58 - SDL:13/07/2009 - 22:20:28 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [453712]
O58 - SDL:27/02/2014 - 13:55:12 ---A- . (.GAS Tecnologia - GbPlugin Device Driver.) -- C:\Windows\System32\Drivers\gbpkm.sys [46392]
O58 - SDL:31/03/2014 - 19:11:50 ---A- . (.GAS Tecnologia - GAS Tecnologia - LWF Helper Driver.) -- C:\Windows\System32\Drivers\gbpndisrdn.sys [29400]
O58 - SDL:13/07/2009 - 19:54:14 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [26624]
O58 - SDL:29/04/2014 - 21:33:30 ---A- . (.360安全中心 - 360安全卫士 - HookPort.) -- C:\Windows\System32\Drivers\hookport.sys [75832]
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [721904]
O58 - SDL:13/07/2009 - 22:19:04 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [21072]
O58 - SDL:13/07/2009 - 18:40:41 ---A- . (...) -- C:\Windows\System32\ANSI.SYS [9029]
O58 - SDL:13/07/2009 - 18:40:44 ---A- . (...) -- C:\Windows\System32\country.sys [27097]
O58 - SDL:13/07/2009 - 18:40:40 ---A- . (...) -- C:\Windows\System32\HIMEM.SYS [4768]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEY01.SYS [42809]
O58 - SDL:13/07/2009 - 18:40:43 ---A- . (...) -- C:\Windows\System32\KEYBOARD.SYS [42537]
O58 - SDL:13/07/2009 - 18:40:23 ---A- . (...) -- C:\Windows\System32\NTDOS.SYS [27866]
O58 - SDL:13/07/2009 - 18:40:31 ---A- . (...) -- C:\Windows\System32\NTDOS404.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:35 ---A- . (...) -- C:\Windows\System32\NTDOS411.SYS [29370]
O58 - SDL:13/07/2009 - 18:40:39 ---A- . (...) -- C:\Windows\System32\NTDOS412.SYS [29274]
O58 - SDL:13/07/2009 - 18:40:27 ---A- . (...) -- C:\Windows\System32\NTDOS804.SYS [29146]
O58 - SDL:13/07/2009 - 18:40:11 ---A- . (...) -- C:\Windows\System32\NTIO.SYS [33952]
O58 - SDL:13/07/2009 - 18:40:15 ---A- . (...) -- C:\Windows\System32\NTIO404.SYS [34672]
O58 - SDL:13/07/2009 - 18:40:17 ---A- . (...) -- C:\Windows\System32\NTIO411.SYS [35776]
O58 - SDL:13/07/2009 - 18:40:19 ---A- . (...) -- C:\Windows\System32\NTIO412.SYS [35536]
O58 - SDL:13/07/2009 - 18:40:13 ---A- . (...) -- C:\Windows\System32\NTIO804.SYS [34672]
~ Drivers: 104 Legitimates Filtered in 00mn 02s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 31/05/2012 - C:\Windows\system32\drivers\360FileOem.sys (360FileOem) .(.360.cn - 360FileOem.) - LEGACY_360FILEOEM
O64 - Services: CurCS - 31/05/2012 - C:\Windows\system32\drivers\360RegOem.sys (360RegOem) .(.360安全中心 - 360RegOem.) - LEGACY_360REGOEM
O64 - Services: CurCS - 03/09/2012 - C:\Windows\System32\drivers\360SpOEM.sys (360SpOEM) .(.360安全中心 - 360安全卫士 - SelfProtection.) - LEGACY_360SPOEM
O64 - Services: CurCS - 13/01/2010 - C:\Windows\System32\drivers\archlp.sys (archlp) .(...) - LEGACY_ARCHLP
O64 - Services: CurCS - 29/04/2014 - C:\Windows\system32\drivers\aswHwid.sys (aswHwid) .(...) - LEGACY_ASWHWID
O64 - Services: CurCS - 29/04/2014 - C:\Windows\System32\Drivers\Efimon.sys (EfiMon) .(.360安全中心 - 360Efimon Driver.) - LEGACY_EFIMON
O64 - Services: CurCS - 27/02/2014 - C:\Windows\System32\drivers\gbpkm.sys (GbpKm) .(.GAS Tecnologia - GbPlugin Device Driver.) - LEGACY_GBPKM
O64 - Services: CurCS - 29/04/2014 - C:\Windows\System32\Drivers\Hookport.sys (HookPort) .(.360安全中心 - 360安全卫士 - HookPort.) - LEGACY_HOOKPORT
~ Legacy: 242 Legitimates Filtered in 00mn 00s



---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> [HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] Web - (Web) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {BACEFAF6-6EC5-4350-99B1-EC770C70B8E5} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.77D84968887A117861B7D29138BD6ED1] [SPRF][31/03/2014] (...) -- C:\Users\gabriele stewan\AppData\Roaming\unins000.dat [30948]
[MD5.AE9B42E7B2E4F52F0783E82EB8118975] [SPRF][09/04/2014] (...) -- C:\Users\gabriele stewan\AppData\Roaming\unins001.dat [15520]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 01/05/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Auto 29/04/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 29/04/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files\Google\Update\GoogleUpdate.exe
SS - | Demand 03/04/2005 69632 | (IDriverT) . (.Macrovision Corporation.) - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
SS - | Demand 13/07/2009 20992 | C:\Program Files\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 18/03/2010 113152 | (ACDaemon) . (.ArcSoft Inc..) - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
SR - | Auto 18/12/2013 65432 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 29/04/2014 50344 | (avast! Antivirus) . (.AVAST Software.) - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
SR - | Auto 27/02/2014 519224 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files\GbPlugin\gbpsv.exe
SR - | Auto 11/03/2014 22216 | (MsMpSvc) . (.Microsoft Corporation.) - C:\Program Files\Microsoft Security Client\MsMpEng.exe
SR - | Auto 14/01/2009 226656 | (SeaPort) . (.Microsoft Corp..) - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
SR - | Auto 13/07/2009 20992 | C:\Windows\system32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 13s



---\\ Lista dos emuladores de CD/DVD (MBR Hook)
O58 - SDL:01/01/1601 - 03:00:00 ---A- . (...) -- C:\Windows\System32\Drivers\sptd.sys [721904]
~ Emulateurs: Scanned in 00mn 13s



---\\ Scâner Aditional (088)
Database Version : 13045 - (05/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 0

~ Additionnel Scan: 222874 Items scanned in 00mn 44s



~ 943 Legitimates filtered by white list
End of the scan (491 lines in 01mn 48s)(0)
avatar
tiago ferreira
Iniciante
Iniciante

Mensagens : 27
Reputação : 2
Data de inscrição : 04/05/2014

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por Power Max em Ter 06 Maio 2014, 20:57

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Ter 06 Maio 2014, 22:35, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por tiago ferreira em Ter 06 Maio 2014, 21:24

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by gabriele stewan at 06/05/2014 21:23:46
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 32-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 02s)

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: fmpvxovm
ELIMINÉ Driver Key: {2c976a7f-dbdc-4756-870f-f6d183fe7a7e}Gw

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (3) (1.320 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
7 : Chaves do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 26s

========== Caminho do ficheiro do relatório ==========
C:\Users\gabriele stewan\AppData\Roaming\ZHP\ZHPFix[R1].txt - 06/05/2014 19:24:51 [3355]
C:\Users\gabriele stewan\AppData\Roaming\ZHP\ZHPFix[R2].txt - 06/05/2014 21:23:48 [1140]
avatar
tiago ferreira
Iniciante
Iniciante

Mensagens : 27
Reputação : 2
Data de inscrição : 04/05/2014

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por Power Max em Ter 06 Maio 2014, 21:53

Como está o computador?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por tiago ferreira em Ter 06 Maio 2014, 22:06

até agora não tem mais nenhum vestigio do Qone8.
Quer dizer que acabamos?
avatar
tiago ferreira
Iniciante
Iniciante

Mensagens : 27
Reputação : 2
Data de inscrição : 04/05/2014

Voltar ao Topo Ir em baixo

Re: START.Qone8 - Navegadores infectados!

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum