Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14428 usuários registrados
O último usuário registrado atende pelo nome de RS_Computadores

Os nossos membros postaram um total de 35112 mensagens em 3557 assuntos
Últimos assuntos
» Notebook Travando!
por RS_Computadores Hoje à(s) 10:37

Quem está conectado
2 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 2 Visitantes :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Setembro 2017
SegTerQuaQuiSexSabDom
    123
45678910
11121314151617
18192021222324
252627282930 

Calendário Calendário

Palavras chave


PC com cavalo de tróia, muitas propagandas e possiveis adwares

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por luizvilarinho em Qua 07 Maio 2014, 19:44

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:37:33, on 07/05/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v10.0 (10.00.9200.16537)
Boot mode: Normal

Running processes:
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
C:\Users\Dorianna\AppData\Local\fst_br_125\upfst_br_125.exe
C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
C:\Users\Dorianna\AppData\Local\Genesis\Genesis.exe
C:\Program Files (x86)\Hotkey\Hotkey.exe
C:\Users\Dorianna\AppData\Roaming\VIVO INTERNET\ouc.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\windows\WebCam\S6000\S6000Mnt.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qSrchMn.exe
C:\Program Files (x86)\fst_br_125\fst_br_125.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
E:\HijackThis.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {cc2e2b99-14d3-4516-883c-9ea147f594ef} - C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qSrcAs.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Toolbar BHO - {27488090-768a-4d20-a938-f223f71c344c} - C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbar.dll
O2 - BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll
O2 - BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Search Assistant BHO - {bd3ea7c2-3af8-4463-9a9c-6eb8e136cb02} - C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qSrcAs.dll
O2 - BHO: G-Buster Browser Defense - {C41A1C0E-EA6C-11D4-B1B8-444553540000} - C:\Program Files (x86)\GbPlugin\gbieh.dll
O3 - Toolbar: Zwinky - {3033124f-06bf-4829-873a-310a125b4d4c} - C:\Program Files (x86)\Zwinky_5q\bar\1.bin\5qbar.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\coIEPlg.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [S6000Mnt] C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
O4 - HKLM\..\Run: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Zwinky EPM Support] "C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qmedint.exe" T8EPMSUP.DLL,S
O4 - HKLM\..\Run: [Zwinky Search Scope Monitor] "C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qsrchmn.exe" /m=2 /w /h
O4 - HKLM\..\Run: [Zwinky_5q Browser Plugin Loader] C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbrmon.exe
O4 - HKLM\..\Run: [Zwinky_5q Browser Plugin Loader 64] C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbrmon64.exe
O4 - HKLM\..\Run: [DApp] C:\Program Files\PCDApp\start.vbs
O4 - HKLM\..\Run: [fst_br_125] "C:\Program Files (x86)\fst_br_125\fst_br_125.exe"
O4 - HKLM\..\RunOnce: [upfst_br_125.exe] C:\Users\Dorianna\AppData\Local\fst_br_125\upfst_br_125.exe -runonce
O4 - HKCU\..\Run: [Power2GoExpress8] "C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe"
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] "C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe"
O4 - HKCU\..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe -tray
O4 - HKCU\..\Run: [genesis] "c:\users\dorianna\appdata\local\genesis\genesis.exe" /r
O4 - HKCU\..\Run: [Optimizer Pro] C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
O4 - Startup: Recorte de tela e Iniciador do OneNote 2007.lnk = C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Hotkey.lnk = C:\Program Files (x86)\Hotkey\Hotkey.exe
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Você precisa estar registrado e conectado para ver este link.]
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: www14.bancobrasil.com.br
O15 - Trusted Zone: www2.bancobrasil.com.br
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O17 - HKLM\System\CCS\Services\Tcpip\..\{6848F6F8-EC53-4B82-90C5-0BAEDB535D32}: NameServer = 200.169.117.221 200.169.117.222
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
O20 - Winlogon Notify:  GbPluginBb - C:\Program Files (x86)\GbPlugin\gbieh.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: Claro. OUC (Claro. RunOuc) - Unknown owner - C:\Program Files (x86)\Claro\UpdateDog\ouc.exe
O23 - Service: Search Protect by Conduit Service (CltMngSvc) - Conduit - C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Freemake Improver - Freemake - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
O23 - Service: FreemakeVideoCapture - Ellora Assets Corp. - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Norton Internet Security (NIS) - Symantec Corporation - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
O23 - Service: PowerBiosServer - Unknown owner - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
O23 - Service: Protect Monitor (ProtectMonitor) - Unknown owner - C:\Program Files\PCDApp\StartHelp.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: Service Component of VO (vosr) - Unknown owner - C:\Users\Dorianna\AppData\Roaming\VOPackage\VOsrv.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: ZwinkyService (Zwinky_5qService) - COMPANYVERS_NAME - C:\PROGRA~2\ZWINKY~2\bar\1.bin\5qbarsvc.exe

--
End of file - 11533 bytes
avatar
luizvilarinho
Membro
Membro

Mensagens : 776
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por Power Max em Qua 07 Maio 2014, 19:47

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por luizvilarinho em Qua 07 Maio 2014, 20:06

# AdwCleaner v3.207 - Relatório criado 07/05/2014 às 19:57:07
# Atualizado 05/05/2014 por Xplode
# Sistema Operacional : Windows 8 Single Language (64 bits)
# Usuário : Dorianna - DORIANA
# Executando de : C:\Users\Dorianna\Desktop\AdwCleaner.exe
# Opção : Limpar

***** [ Serviços ] *****

Serviço Deletada : CltMngSvc
Serviço Deletada : vosr
Serviço Deletada : Zwinky_5qService

***** [ Arquivos / Pastas ] *****

Pasta Deletada : C:\ProgramData\Ask
[!] Pasta Deletada : C:\ProgramData\Claro
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Claro
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Pasta Deletada : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RegClean Pro
Pasta Deletada : C:\Program Files (x86)\AnyProtectEx
Pasta Deletada : C:\Program Files (x86)\Claro
Pasta Deletada : C:\Program Files (x86)\Freeven pro 1.2
Pasta Deletada : C:\Program Files (x86)\iMesh Applications
Pasta Deletada : C:\Program Files (x86)\MediaPlayerplus
Pasta Deletada : C:\Program Files (x86)\Optimizer Pro
Pasta Deletada : C:\Program Files (x86)\RegClean Pro
Pasta Deletada : C:\Program Files (x86)\ScanTack
Pasta Deletada : C:\Program Files (x86)\SearchProtect
Pasta Deletada : C:\Program Files (x86)\Zwinky_5q
Pasta Deletada : C:\Program Files (x86)\fst_br_125
Pasta Deletada : C:\Users\Dorianna\AppData\Local\Genesis
Pasta Deletada : C:\Users\Dorianna\AppData\Local\SearchProtect
Pasta Deletada : C:\Users\Dorianna\AppData\Local\Zwinky_5q
Pasta Deletada : C:\Users\Dorianna\AppData\Local\fst_br_125
Pasta Deletada : C:\Users\Dorianna\AppData\Local\Temp\AskSearch
Pasta Deletada : C:\Users\Dorianna\AppData\LocalLow\Zwinky_5q
Pasta Deletada : C:\Users\Dorianna\AppData\LocalLow\Zwinky_5qEI
Pasta Deletada : C:\Users\Dorianna\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Dorianna\AppData\Roaming\OpenCandy
Pasta Deletada : C:\Users\Dorianna\AppData\Roaming\Optimizer Pro
Pasta Deletada : C:\Users\Dorianna\AppData\Roaming\Systweak
Pasta Deletada : C:\Users\Dorianna\AppData\Roaming\VOPackage
Pasta Deletada : C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AnyProtect PC Backup
Pasta Deletada : C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VOPackage
Pasta Deletada : C:\Users\Dorianna\Documents\Optimizer Pro
Pasta Deletada : C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Pasta Deletada : C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\dmgpbjjcdccinnndjdgmegndbmhbgglb
Pasta Deletada : C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Pasta Deletada : C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\majjphhgppkndjjkmhhnbgafooenebhd
Arquivo Deletada : C:\windows\System32\roboot64.exe
Arquivo Deletada : C:\Users\Dorianna\AppData\Roaming\aps.scan.quick.results
Arquivo Deletada : C:\Users\Dorianna\AppData\Roaming\aps.scan.results
Arquivo Deletada : C:\Users\Dorianna\AppData\Roaming\aps.uninstall.scan.results
Arquivo Deletada : C:\Users\Dorianna\Desktop\Continue VuuPC Installation.lnk
Arquivo Deletada : C:\Users\Dorianna\Desktop\Optimizer Pro.lnk
Arquivo Deletada : C:\windows\Tasks\APSnotifierPP1.job
Arquivo Deletada : C:\windows\System32\Tasks\APSnotifierPP1
Arquivo Deletada : C:\windows\Tasks\APSnotifierPP2.job
Arquivo Deletada : C:\windows\System32\Tasks\APSnotifierPP2
Arquivo Deletada : C:\windows\Tasks\APSnotifierPP3.job
Arquivo Deletada : C:\windows\System32\Tasks\APSnotifierPP3
Arquivo Deletada : C:\windows\System32\Tasks\RegClean Pro
Arquivo Deletada : C:\windows\Tasks\RegClean Pro_DEFAULT.job
Arquivo Deletada : C:\windows\System32\Tasks\RegClean Pro_DEFAULT
Arquivo Deletada : C:\windows\Tasks\RegClean Pro_UPDATES.job
Arquivo Deletada : C:\windows\System32\Tasks\RegClean Pro_UPDATES
Arquivo Deletada : C:\windows\Tasks\58ca19a3-7453-414d-9a34-2a6d788be601-2.job
Arquivo Deletada : C:\windows\System32\Tasks\58ca19a3-7453-414d-9a34-2a6d788be601-2
Arquivo Deletada : C:\windows\Tasks\58ca19a3-7453-414d-9a34-2a6d788be601-4.job
Arquivo Deletada : C:\windows\System32\Tasks\58ca19a3-7453-414d-9a34-2a6d788be601-4
Arquivo Deletada : C:\windows\Tasks\58ca19a3-7453-414d-9a34-2a6d788be601-5.job
Arquivo Deletada : C:\windows\System32\Tasks\58ca19a3-7453-414d-9a34-2a6d788be601-5
Arquivo Deletada : C:\windows\Tasks\58ca19a3-7453-414d-9a34-2a6d788be601-7.job
Arquivo Deletada : C:\windows\System32\Tasks\58ca19a3-7453-414d-9a34-2a6d788be601-7
Arquivo Deletada : C:\windows\Tasks\d2834d00-aad2-4352-b74a-0f61289b7e44-7.job
Arquivo Deletada : C:\windows\System32\Tasks\d2834d00-aad2-4352-b74a-0f61289b7e44-7

***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Chave Deletedo : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [genesis]
Valor Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Optimizer Pro]
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Chave Deletedo : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.FeedManager
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.FeedManager.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.HTMLMenu
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.HTMLMenu.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.HTMLPanel
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.HTMLPanel.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.MultipleButton
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.MultipleButton.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.PseudoTransparentPlugin
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.PseudoTransparentPlugin.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.Radio
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.Radio.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.RadioSettings
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.RadioSettings.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.ScriptButton
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.ScriptButton.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.SettingsPlugin
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.SettingsPlugin.1
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.ThirdPartyInstaller
Chave Deletedo : HKLM\SOFTWARE\Classes\Zwinky_5q.ThirdPartyInstaller.1
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@Zwinky_5q.com/Plugin
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [fst_br_125]
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054246.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054246.Sandbox.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054253.BHO
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054253.BHO.1
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054253.Sandbox
Chave Deletedo : HKLM\SOFTWARE\Classes\CrossriderApp0054253.Sandbox.1
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Zwinky_5q Browser Plugin Loader]
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Zwinky_5q Browser Plugin Loader 64]
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{00FB52B5-0779-46DD-AFC6-C6EB55F21A26}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{076A9B45-DE24-4CDF-89BE-716C279B3B55}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{148DCAEC-C91D-441D-A0E7-519A0673E7F5}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{27488090-768A-4D20-A938-F223F71C344C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{3033124F-06BF-4829-873A-310A125B4D4C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{35DAB87A-026F-4503-B5F1-6774E16EAFFA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{61789F17-B8ED-4867-BA4A-DC19DAC8EF5B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{70658616-D7AE-4F31-BD19-4F1775792E9B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{7E0AE9C4-366B-43F2-91FF-329D170BC335}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{8C775DBE-2382-4EAB-A48A-6859C3B9EF29}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A00289B5-2C16-4EC7-9780-2B56977ADC65}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BD3EA7C2-3AF8-4463-9A9C-6EB8E136CB02}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D675A74C-29F6-4AA7-A098-66373D746CB9}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{DA4EBFA0-6BA0-4E18-817F-304B4192C393}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F2E03ADB-A325-4084-BA22-2F2260F6A90F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F346CF98-FA03-4E7A-81B6-EB19B718F9C1}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F90EAF3D-6A09-4FAF-A84C-E6E91F97561B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{FBC663ED-1560-421B-BD71-F5B94DCEA09C}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422253}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{98623C86-E768-4C5A-B23B-EE8CE3727CD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425553}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Chave Deletedo : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426653}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{06CEAB46-0EFC-479A-B66B-AB6B11E1138A}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{15496D19-91EA-4930-9150-B24A27FE3DE1}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{3B82BA62-32FD-4623-BB38-464D186E7453}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{4A8AE59A-2F19-4777-B0B4-177188AB839B}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{644413C0-4090-4A84-BC29-DC69E91A7D73}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{782D4CC0-74AE-41B6-B445-3D4C23AE6B9A}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{A283A85F-ED85-43CE-9199-952A2D106802}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{B2828F8B-EDAF-4A77-974E-78AE784A9AA3}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{B6CC4C24-962F-4314-9358-C998FD4B4288}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{BD48A3C7-5201-4093-AB66-04BD35BAC3D8}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424446}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440544424453}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{27488090-768A-4D20-A938-F223F71C344C}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BD3EA7C2-3AF8-4463-9A9C-6EB8E136CB02}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{148DCAEC-C91D-441D-A0E7-519A0673E7F5}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{27488090-768A-4D20-A938-F223F71C344C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3033124F-06BF-4829-873A-310A125B4D4C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD3EA7C2-3AF8-4463-9A9C-6EB8E136CB02}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{27488090-768A-4D20-A938-F223F71C344C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3033124F-06BF-4829-873A-310A125B4D4C}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BD3EA7C2-3AF8-4463-9A9C-6EB8E136CB02}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{076A9B45-DE24-4CDF-89BE-716C279B3B55}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{148DCAEC-C91D-441D-A0E7-519A0673E7F5}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{35DAB87A-026F-4503-B5F1-6774E16EAFFA}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C775DBE-2382-4EAB-A48A-6859C3B9EF29}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A00289B5-2C16-4EC7-9780-2B56977ADC65}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F464A68D-1CF2-4991-93AB-A84351D7F676}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{61789F17-B8ED-4867-BA4A-DC19DAC8EF5B}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7695996F-9846-4A09-A037-632E45737712}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98623C86-E768-4C5A-B23B-EE8CE3727CD3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B803084B-B069-485E-B5D0-F9A6D318AF02}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3033124F-06BF-4829-873A-310A125B4D4C}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3033124F-06BF-4829-873A-310A125B4D4C}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Valor Deletedo : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{CC2E2B99-14D3-4516-883C-9EA147F594EF}]
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{27488090-768A-4D20-A938-F223F71C344C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{3033124F-06BF-4829-873A-310A125B4D4C}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{BD3EA7C2-3AF8-4463-9A9C-6EB8E136CB02}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422246}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220522422253}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{98623C86-E768-4C5A-B23B-EE8CE3727CD3}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425546}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550555425553}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426646}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660566426653}
Chave Deletedo : HKCU\Software\AnyProtect
Chave Deletedo : HKCU\Software\FreeSoftToday
Chave Deletedo : HKCU\Software\genesis
Chave Deletedo : HKCU\Software\installedbrowserextensions
Chave Deletedo : HKCU\Software\Optimizer Pro
Chave Deletedo : HKCU\Software\ScanTack
Chave Deletedo : HKCU\Software\systweak
Chave Deletedo : HKCU\Software\Tutorials
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKCU\Software\Zwinky_5q
Chave Deletedo : HKCU\Software\AppDataLow\Software\Crossrider
Chave Deletedo : HKCU\Software\AppDataLow\Software\Freeven pro 1.2
Chave Deletedo : HKCU\Software\AppDataLow\Software\MediaPlayerplus
Chave Deletedo : HKCU\Software\AppDataLow\Software\Zwinky_5q
Chave Deletedo : HKLM\Software\FREE_SOFT_TODAY
Chave Deletedo : HKLM\Software\Freeven pro 1.2
Chave Deletedo : HKLM\Software\installedbrowserextensions
Chave Deletedo : HKLM\Software\MediaPlayerplus
Chave Deletedo : HKLM\Software\ScanTack
Chave Deletedo : HKLM\Software\SearchProtect
Chave Deletedo : HKLM\Software\systweak
Chave Deletedo : HKLM\Software\Tutorials
Chave Deletedo : HKLM\Software\V9Software
Chave Deletedo : HKLM\Software\Zwinky_5q
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\genesis
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AnyProtect
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\claro
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freeven pro 1.2
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\MediaPlayerplus
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Optimizer Pro_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RegClean Pro_is1
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\fst_br_125_is1
Chave Deletedo : [x64] HKLM\SOFTWARE\installedbrowserextensions
Chave Deletedo : [x64] HKLM\SOFTWARE\V9Software
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScanTack
Dados Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
Dados Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll

***** [ Navegadores ] *****

-\\ Internet Explorer v10.0.9200.16537

Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Google Chrome v34.0.1847.131

[ Arquivo : C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Startup_urls] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Homepage] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Extension] : bpegkgagfojjbcpkihigfmkojdmmimdf
Deletedo [Extension] : dmgpbjjcdccinnndjdgmegndbmhbgglb
Deletedo [Extension] : ehgldbbpchgpcfagfpfjgoomddhccfgh
Deletedo [Extension] : majjphhgppkndjjkmhhnbgafooenebhd

*************************

AdwCleaner[R0].txt - [20417 octets] - [07/05/2014 19:54:47]
AdwCleaner[S0].txt - [18912 octets] - [07/05/2014 19:57:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [18973 octets] ##########
avatar
luizvilarinho
Membro
Membro

Mensagens : 776
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por Power Max em Qua 07 Maio 2014, 20:08

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por luizvilarinho em Qua 07 Maio 2014, 21:34

Ao reinicializar aparece essa mensagem da imagem em anexo, já estava assim.

Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Dorianna on 07/05/2014 at 20:20:56,69.
Microsoft Windows 8 Single Language 6.2.9200  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dorianna\Desktop\zoek.pif [Scan all users] [Script inserted]

==== System Restore Info ======================

07/05/2014 20:24:26 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1       localhost
::1             localhost

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1933325971-1488101800-2260149476-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_USERS\S-1-5-21-1933325971-1488101800-2260149476-1002\Software\Microsoft\Internet Explorer\SearchScopes\{2C6F0B46-4737-4F48-9A88-F5D7821C951B} deleted successfully
HKEY_USERS\S-1-5-21-1933325971-1488101800-2260149476-1002\Software\Microsoft\Internet Explorer\SearchScopes\{5a15c091-f3c2-4c8f-8964-e3434a2a4a95} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~3\boost_interprocess deleted
C:\Users\Dorianna\AppData\Local\nsz69F4.tmp deleted
C:\Users\Dorianna\AppData\Roaming\unins000.exe deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{BBDA0591-3099-440a-AA10-41764D9DB4DB}"="C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.0.0.100\IPSFF" [02/05/2014 09:14]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
mkfokfffehpeedafpekjeddnmnjhmcmk - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\Exts\Chrome.crx[11/03/2014 17:44]

Norton Identity Protection - Dorianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk
Google Wallet - Dorianna\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=NIS&pvid=21.0.0.100"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=pt&pid=NIS&pvid=21.0.0.100"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Dorianna\Desktop\banda encantus - Atalho.lnk - E:\banda encantus
C:\Users\Dorianna\Desktop\Format Factory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\Dorianna\Desktop\solimar II - Atalho.lnk - E:\solimar II

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Construir_7Ano.lnk - C:\windows\Installer\{79A763E5-61ED-44EB-AA08-123A311691C0}\Menu_7ano.exe1_0C4B3A25B12C4464903264AEB0DB61BE.exe
C:\Users\Public\Desktop\Freemake Video Downloader.lnk - C:\Program Files (x86)\Freemake\Freemake Video Downloader\FreemakeVideoDownloader.exe
C:\Users\Public\Desktop\Guia Vivo Internet.lnk - C:\Program Files (x86)\Vivo\Guia Vivo Internet\Guia Vivo Internet\Guia Vivo Internet.hta
C:\Users\Public\Desktop\Kantoo English.lnk -  
C:\Users\Public\Desktop\Nokia Suite.lnk - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
C:\Users\Public\Desktop\Nuvem de Livros.lnk -  
C:\Users\Public\Desktop\Segurança Online.lnk -  
C:\Users\Public\Desktop\VIVO INTERNET.lnk - C:\Program Files (x86)\VIVO INTERNET\VIVO INTERNET.exe

==== shortcuts in Users Start Menu ======================

C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\FormatFactory.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Help.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\FormatFactory.exe /help
C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FormatFactory\Uninstall.lnk - C:\Program Files (x86)\FreeTime\FormatFactory\uninst.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake\Uninstall\Uninstall Freemake Video Downloader.lnk - C:\Program Files (x86)\Freemake\Freemake Video Downloader\Uninstall\unins000.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Recorte de tela e Iniciador do OneNote 2007.lnk - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE /tsr

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Educandus e Editora Construir - 7º Ano\construir7Ano\Construir_7Ano.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Media Player Classic.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Media Player Classic\mpc-hc.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Quick Codec Config.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=intro,audio_config,various_tweaks,filter_config,dsfilter_management,sourcefilters
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\All options.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\Generate log with system information.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=generate_log
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\Manage ACM and VFW codecs.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=codec_management
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\Manage DirectShow filters.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=dsfilter_management
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Codec Tweak Tool\Manage preferred DirectShow source filters.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=sourcefilters
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\DirectVobSub.lnk - C:\Windows\SysWOW64\rundll32.exe vsfilter.dll,DirectVobSub
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow audio decoder.lnk - C:\Windows\SysWOW64\rundll32.exe ffdshow.ax,configureAudio
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow DXVA video decoder.lnk - C:\Windows\SysWOW64\rundll32.exe ffdshow.ax,configureDXVA
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow VFW interface.lnk - C:\Windows\SysWOW64\rundll32.exe ff_vfw.dll,configureVFW
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\ffdshow video decoder.lnk - C:\Windows\SysWOW64\rundll32.exe ffdshow.ax,configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali Media Splitter.lnk - C:\Windows\SysWOW64\rundll32.exe splitter.ax,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Haali video renderer.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\dsconfig.exe {760A8F35-97E7-479D-AAF5-DA9EFF95D751}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\madFLAC.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\dsconfig.exe {6B257121-CBB6-46B3-ABFA-B14DFA98C4A6}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Reset to recommended settings.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe /showsections=reset_settings
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\VP7 decoder.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\dsconfig.exe {C204438D-6E1A-4309-B09C-0C0F749863AF}
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Configuration\Xvid encoder.lnk - C:\Windows\SysWOW64\rundll32.exe xvidvfw.dll,Configure
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Help\Frequently Asked Questions.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Info\faq.htm
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Codec Tweak Tool.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\GraphStudio.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\graphstudio.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Haali Muxer.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Filters\Haali\gdsmux.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\MediaInfo.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\mediainfo.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\VobSubStrip.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\VobSubStrip.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\Win7DSFilterTweaker.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Tools\Xvid StatsReader.lnk - C:\Program Files (x86)\K-Lite Codec Pack\Tools\StatsReader.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack\Uninstall\Uninstall K-Lite Codec Pack.lnk - C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Internet Security\Norton Internet Security.lnk - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\uistub.exe /win8

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (2).lnk - C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (2).lnk - C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (2).lnk - C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (3).lnk - C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (3).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Excel 2007.lnk - C:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office PowerPoint 2007.lnk - C:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\pptico.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Office Word 2007.lnk - C:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\wordicon.exe
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Norton Internet Security.lnk - C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\uistub.exe /win8
C:\Users\Dorianna\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\yu gi oh.lnk - C:\Users\Dorianna\Documents\DORIANA\James\Yu-Gi-Oh Power of Chaos Common\yu gi oh.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer (2).lnk - C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk - C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Libraries
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer (2).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dorianna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Dorianna\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3 folders=1 2561465 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Dorianna\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\windows\Temp successfully emptied
C:\Users\Dorianna\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 07/05/2014 at 21:19:22,52 ======================
avatar
luizvilarinho
Membro
Membro

Mensagens : 776
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por Power Max em Qua 07 Maio 2014, 21:38

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por luizvilarinho em Qua 07 Maio 2014, 22:10

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 Single Language x64
Ran by Dorianna on 07/05/2014 at 21:42:15,54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\zwinky search scope monitor



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110511421146}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110511421146}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\claro"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 07/05/2014 at 22:09:08,66
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
avatar
luizvilarinho
Membro
Membro

Mensagens : 776
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por Power Max em Qua 07 Maio 2014, 22:11

Faça o download do < ZHPDiag2.exe > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por luizvilarinho em Qua 07 Maio 2014, 22:21

~ Relatório do ZHPDiag v2014.5.7.56 - Nicolas Coolman (07/05/2014)
~ Iniciado por Dorianna (07/05/2014 22:16:46)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16863 (Defaut)
GCIE: Google Chrome v34.0.1847.131

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Norton Internet Security v21.2.0.38
Windows Defender W8

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares

---\\ Informações sobre o sistema
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1738 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 195 GB (69%) free of 283 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DORIANA
~ User Name: Dorianna
~ All Users Names: Dorianna, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Dorianna\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Dorianna\AppData\Roaming\
~ %Desktop% : C:\Users\Dorianna\Desktop\
~ %Favorites% : C:\Users\Dorianna\Favorites\
~ %LocalAppData% : C:\Users\Dorianna\AppData\Local\
~ %StartMenu% : C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 195 Go of 283 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 21:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.06/12/2012 - 09:01:07.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.06/12/2012 - 08:45:32.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/1575
~ Mes musiques (My Musics) : 9/133
~ Mes Videos (My Videos) : 1/38
~ Mes Favoris (My Favorites) : 1/2
~ Mes Documents (My Documents) : 4/5046
~ Mon Bureau (My Desktop) : 1/562
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 14s



---\\ Processos lançados
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.2424]
[MD5.FFFDC3764DB05234261AAF79246B3A1E] - (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1709072] [PID.1888]
[MD5.98B31CBC09D671DADEB7C92AEF1CBE29] - (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Users\Dorianna\AppData\Roaming\VIVO INTERNET\ouc.exe [110592] [PID.2092]
[MD5.97B71A2897FF23B44144254A70379266] - (.No owner - HotKey.) -- C:\Program Files (x86)\Hotkey\Hotkey.exe [4738560] [PID.1324]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.3364]
[MD5.015B7CE6EB11010BD245170012F7A9E6] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.2616]
[MD5.A51CED67E552E6F8FEEF17A1311C1391] - (.Alcor - Monitor Function.) -- C:\windows\WebCam\S6000\S6000Mnt.exe [79224] [PID.3380]
[MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.2800]
[MD5.C4160567128FCFC1DCA1693369B62DFE] - (.Symantec Corporation - Norton Internet Security.) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376] [PID.2744]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.4944]
[MD5.E6DA875D24C3774E045499F6BFA76F30] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7873024] [PID.2328]
~ Processes Running: Scanned in 00mn 02s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 03s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Dorianna\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
O2 - BHO: CrossriderApp0054246 [64Bits] - {11111111-1111-1111-1111-110511421146} Chave orfã =>PUP.CrossRider
~ BHO: 8 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: Google Toolbar - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} . (.Google Inc. - Google Toolbar.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll =>Toolbar.Google
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll
O3 - Toolbar\WebBrowser: (no name) - [HKCU]{2318C2B1-4965-11D4-9B18-009027A5CD4F} Chave orfã
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [BOOTINAUDIT] C:\sw_util\scripts\model_cust.cmd (.not file.)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [Zwinky Home Page Guard 64 bit] C:\Program Files (x86)\ZWINKY~2\bar\1.bin\AppIntegrator64.exe (.not file.)
O4 - HKCU\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKCU\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [S6000Mnt] Chave orfã
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer_For_P2G8] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [Zwinky EPM Support] C:\Program Files (x86)\ZWINKY~2\bar\1.bin\5qmedint.exe (.not file.)
O4 - HKLM\..\Wow6432Node\Run: [DApp] . (...) -- C:\Program Files\PCDApp\start.vbs =>Trojan.BitCoinMiner
O4 - HKUS\S-1-5-21-1933325971-1488101800-2260149476-1002\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKUS\S-1-5-21-1933325971-1488101800-2260149476-1002\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKUS\S-1-5-21-1933325971-1488101800-2260149476-1002\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6848F6F8-EC53-4B82-90C5-0BAEDB535D32}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCC73AF7-E70B-420C-993F-662D56650B0E}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6848F6F8-EC53-4B82-90C5-0BAEDB535D32}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{FCC73AF7-E70B-420C-993F-662D56650B0E}: DhcpNameServer = 192.168.1.1 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Claro. OUC (Claro. RunOuc) . (...) - C:\Program Files (x86)\Claro\UpdateDog\ouc.exe (.not file.)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: (PowerBiosServer) . (.No owner - PowerBiosServer.) - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
O23 - Service: Protect Monitor (ProtectMonitor) . (...) - C:\Program Files\PCDApp\StartHelp.exe =>Trojan.BitCoinMiner
~ Services: 10 Legitimates Filtered in 00mn 17s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1088]
~ Scheduled Task: 8 Legitimates Filtered in 00mn 15s



---\\ Software instalados (042)
O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: PC Data App - (...) [HKLM][64Bits] -- PCData App =>Trojan.BitCoinMiner
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM][64Bits] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: construir7Ano - (.Educandus e Editora Construir - 7º Ano.) [HKLM][64Bits] -- {79A763E5-61ED-44EB-AA08-123A311691C0}
~ Logic: 29 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\PCDataApp]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Freeven pro 1.2] =>PUP.Freeven
[HKLM\Software\Wow6432Node\PCDataApp]
~ Key Software: 214 Legitimates Filtered in 00mn 02s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/04/2014 - 14:52:57 - [] ----D C:\Program Files (x86)\Educandus e Editora Construir - 7º Ano
O43 - CFD: 15/02/2014 - 09:31:27 - [] ----D C:\Program Files (x86)\Vivo
O43 - CFD: 15/02/2014 - 09:31:10 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 03/05/2014 - 00:10:14 - [] ----D C:\Users\Dorianna\AppData\Roaming\VIVO INTERNET
~ Program Folder: 132 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D613D20679E255CF2FAE07E8174D7B63] - 07/05/2014 - 19:37:35 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [558392]
O44 - LFC:[MD5.377CABAA624F3F5EB17B55CE598439DC] - 07/05/2014 - 19:37:35 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [1156182]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 07/05/2014 - 21:06:40 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.B9B8EBC6C20E459AE5CAD238EABCCF13] - 07/05/2014 - 21:19:22 ---A- . (...) -- C:\zoek-results.log [20412]
~ Files: 15 Legitimates Filtered in 00mn 13s



---\\ Chave do registo Shell MountPoints2 (MPKS) (O51)
O51 - MPSK:{09f69732-9656-11e3-be7c-6c71d9239790}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{67f92c58-95be-11e3-be7b-6c71d9239790}\AutoRun\command. (...) -- F:\AutoRun.exe (.not file.)
O51 - MPSK:{f32da6c2-8edb-11e3-be6c-6c71d9239790}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
O51 - MPSK:{f32da724-8edb-11e3-be6c-6c71d9239790}\AutoRun\command. (...) -- E:\AutoRun.exe (.not file.)
~ Keys: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:08/10/2010 - 05:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:05/08/2010 - 20:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:12/07/2012 - 14:14:06 ---A- . (.Windows (R) Win 7 DDK provider - AVStream Simulated Hardware Sample.) -- C:\Windows\System32\Drivers\S6000KNT.sys [3555456]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:06/03/2014 - 07:18:55 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 61 Legitimates Filtered in 00mn 07s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D15ABCB112345C7C9BDA8F4897E08B78] [SPRF][30/04/2014] (...) -- C:\Users\Dorianna\AppData\Roaming\unins000.dat [33691]
[MD5.A53555B250CBEDCA6544D13648F83FFE] [SPRF][07/05/2014] (...) -- C:\Users\Dorianna\Desktop\AdwCleaner.exe [1316991]
[MD5.DCF741DF9F654F5A2C1BEC789F53AEB3] [SPRF][08/03/2014] (...) -- C:\Users\Dorianna\Desktop\zoek.com [1414742]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.F0331DC93B0E29C97541425F4BDA60EE] [WIS][19/04/2014] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\5e434f.msi [28672] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 05s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
~ BTK: 57 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}] (MediaPlayerplus) =>PUP.CrossRider
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 4888 Legitimates Filtered in 00mn 24s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 10/07/1658 0 | (Claro. RunOuc) . (...) - C:\Program Files (x86)\Claro\UpdateDog\ouc.exe
SS - | Auto 19/04/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/04/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/04/2014 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Auto 28/04/2014 97002 | (ProtectMonitor) . (...) - C:\Program Files\PCDApp\StartHelp.exe =>Trojan.BitCoinMiner
SS - | Demand 18/04/2013 737616 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 06/12/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/08/2012 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 08/08/2012 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 12/03/2014 108032 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
SR - | Auto 12/03/2014 9216 | (FreemakeVideoCapture) . (.Ellora Assets Corp..) - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 14/03/2011 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 12/03/2014 276376 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
SR - | Auto 13/09/2012 45568 | (PowerBiosServer) . (...) - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 28s



---\\ Scâner Aditional (088)
Database Version : 13045 - (07/05/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 2
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 6

[HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}] =>PUP.CrossRider^
[HKLM\SYSTEM\CurrentControlSet\Services\ProtectMonitor] =>Trojan.BitCoinMiner^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\PCData App] =>Trojan.BitCoinMiner^
[HKLM\Software\Classes\CLSID\{11111111-1111-1111-1111-110511421146}] =>PUP.CrossRider
[HKLM\Software\Microsoft\Internet Explorer\Toolbar]:{2318C2B1-4965-11d4-9B18-009027A5CD4F} =>Toolbar.Google^
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]:DApp =>Trojan.BitCoinMiner^
O2 - BHO: CrossriderApp0054246 [64Bits] - {11111111-1111-1111-1111-110511421146} Chave orfã =>PUP.CrossRider^
[HKLM\Software\Wow6432Node\Freeven pro 1.2] =>PUP.Freeven^
C:\Windows\Installer\5e434f.msi =>Toolbar.Google^
[HKCR\CLSID\{11111111-1111-1111-1111-110511421146}] (MediaPlayerplus) =>PUP.CrossRider^
[HKCR\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}] (Google Toolbar) =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
~ Additionnel Scan: 199229 Items scanned in 01mn 13s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>PUP.CrossRider
[Você precisa estar registrado e conectado para ver este link.] =>Trojan.BitCoinMiner
~ MSI: 2 link(s) detected in 00mn 00s



~ 579 Legitimates filtered by white list
End of the scan (417 lines in 03mn 58s)(0)
avatar
luizvilarinho
Membro
Membro

Mensagens : 776
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por Power Max em Qua 07 Maio 2014, 22:38

 Envie este arquivo para análise no site Virus Total e poste o link com o resultado:
C:\Program Files (x86)\Claro\UpdateDog\ouc.exe
______________________________________________________________________

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.


Última edição por Power Max em Qui 08 Maio 2014, 00:36, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por luizvilarinho em Qua 07 Maio 2014, 22:50

Estou tentando enviar o arquivo para o vírus total mas não lembro mas como se faz.

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Dorianna at 07/05/2014 22:48:25
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)

Reciclagem vazia (00mn 09s)
Reparação de atalhos do navegador

========== Softwares ==========
AUSENTE Uninstall Process: c:\program files\pcdapp\uninstaller.exe

========== Chaves do Registo ==========
ELIMINÉ Logiciel Key: [HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\PCData App]
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}]
ELIMINÉ: Service: ProtectMonitor
ELIMINÉ: HKCU\Software\PCDataApp
ELIMINÉ: HKLM\Software\Wow6432Node\Freeven pro 1.2
ELIMINÉ: HKLM\Software\Wow6432Node\PCDataApp
ELIMINÉ CLSID MPSK: {09f69732-9656-11e3-be7c-6c71d9239790}
ELIMINÉ CLSID MPSK: {67f92c58-95be-11e3-be7b-6c71d9239790}
ELIMINÉ CLSID MPSK: {f32da6c2-8edb-11e3-be6c-6c71d9239790}
ELIMINÉ CLSID MPSK: {f32da724-8edb-11e3-be6c-6c71d9239790}
ELIMINÉ:* HKCR\CLSID\{11111111-1111-1111-1111-110511421146}
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110511421146}

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F}
ELIMINÉ RunValue: BOOTINAUDIT
ELIMINÉ RunValue: Zwinky Home Page Guard 64 bit
ELIMINÉ RunValue: S6000Mnt
ELIMINÉ RunValue: Zwinky EPM Support
ELIMINÉ RunValue: DApp
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (120) (1.981.478 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
12 : Chaves do Registo
12 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Softwares
1 : Restauração Sistema


End of clean in 00mn 33s

========== Caminho do ficheiro do relatório ==========
C:\Users\Dorianna\AppData\Roaming\ZHP\ZHPFix[R1].txt - 07/05/2014 22:48:35 [2227]
avatar
luizvilarinho
Membro
Membro

Mensagens : 776
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por Power Max em Qua 07 Maio 2014, 22:51

Este tutorial abaixo mostra como fazer o envio de arquivo ao Virus Total:
[Você precisa estar registrado e conectado para ver este link.]

Poste também um novo log do ZHP.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por luizvilarinho em Qua 07 Maio 2014, 23:01

não achei aquele arquivo.

~ Relatório do ZHPDiag v2014.5.7.56 - Nicolas Coolman (07/05/2014)
~ Iniciado por Dorianna (07/05/2014 22:56:30)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Fóruns de suporte gratuito para desinfecção : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v10.0.9200.16863 (Defaut)
GCIE: Google Chrome v34.0.1847.131

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 8 Single Language, 64-bit (Build 9200)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Norton Internet Security v21.2.0.38
Windows Defender W8

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares

---\\ Informações sobre o sistema
~ Processor: AMD64 Family 20 Model 2 Stepping 0, AuthenticAMD
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1738 MB (42% free)
System Restore: Activé (Enable)
System drive C: has 195 GB (68%) free of 283 GB

---\\ Modo de conexão ao sistema
~ Computer Name: DORIANA
~ User Name: Dorianna
~ All Users Names: Dorianna, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Dorianna\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Dorianna\AppData\Roaming\
~ %Desktop% : C:\Users\Dorianna\Desktop\
~ %Favorites% : C:\Users\Dorianna\Favorites\
~ %LocalAppData% : C:\Users\Dorianna\AppData\Local\
~ %StartMenu% : C:\Users\Dorianna\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 195 Go of 283 Go)
D: CD-ROM drive (Not Inserted)
E: Floppy drive, Flash card reader, USB Key (Free 3 Go of 4 Go)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.0E8E6463F81C80AFBED533E0F1F8895D] - (.Microsoft Corporation - Windows Explorer.) (.01/06/2013 - 08:34:21.) -- C:\Windows\Explorer.exe [2391280]
[MD5.FE9AB232B56A12224E8A3F3F9878C9A3] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.26/07/2012 - 00:08:50.) -- C:\Windows\System32\Wininit.exe [132608]
[MD5.2B7920C7885AC45FD0E27DD860F095A1] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 21:08:30.) -- C:\Windows\System32\wininet.dll [2240000]
[MD5.BCF2036A0DD579E47C008C133550283E] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.06/12/2012 - 09:01:07.) -- C:\Windows\System32\Winlogon.exe [517120]
[MD5.9448F5740A037EC0C18F0E9177232DD0] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.26/07/2012 - 00:07:20.) -- C:\Windows\System32\sppcomapi.dll [273408]
[MD5.7C0E0EDF18D6CC565D7BFBB451709FA5] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.04/09/2013 - 00:11:23.) -- C:\Windows\system32\Drivers\AFD.sys [576512]
[MD5.A721FF570C2387E383BDDEA9632863C9] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.26/07/2012 - 02:00:48.) -- C:\Windows\system32\Drivers\atapi.sys [25840]
[MD5.990B1BABE6E81FB18E65A87EBEFB1772] - (.Microsoft Corporation - CD-ROM File System Driver.) (.25/07/2012 - 23:30:10.) -- C:\Windows\system32\Drivers\Cdfs.sys [108544]
[MD5.339BFF85D788268752DA8C9644B188EE] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.25/07/2012 - 23:26:36.) -- C:\Windows\system32\Drivers\Cdrom.sys [174080]
[MD5.431141C6859990824D17F71C30A78728] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.15/01/2014 - 20:42:58.) -- C:\Windows\system32\Drivers\DfsC.sys [118784]
[MD5.7D87B5B6C7188D553E11B59DC7F0B111] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.06/12/2012 - 08:45:32.) -- C:\Windows\system32\Drivers\HDAudBus.sys [71168]
[MD5.C9E9CBF73AFFBFE3E801EFB516787BA3] - (.Microsoft Corporation - Driver de porta i8042.) (.25/07/2012 - 23:28:51.) -- C:\Windows\system32\Drivers\i8042prt.sys [112640]
[MD5.3969B9C218DD3FAA9F4ED2FFC3651C02] - (.Microsoft Corporation - IP Network Address Translator.) (.25/07/2012 - 23:23:01.) -- C:\Windows\system32\Drivers\IpNat.sys [145920]
[MD5.93179D48066918323628CB016D8C94DC] - (.Microsoft Corporation - Minirdr SMB do Windows NT.) (.05/02/2013 - 19:29:09.) -- C:\Windows\system32\Drivers\MRxSmb.sys [370688]
[MD5.7CEC25C682D319D484630B3952C31A11] - (.Microsoft Corporation - MBT Transport driver.) (.25/07/2012 - 23:24:28.) -- C:\Windows\system32\Drivers\netBT.sys [331776]
[MD5.7BE3EDFFA3216F989A6BDCB14795DD08] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.27/01/2014 - 00:39:40.) -- C:\Windows\system32\Drivers\ntfs.sys [1939288]
[MD5.4563DAF8C6A740AD7F501E219BD10766] - (.Microsoft Corporation - Driver de porta paralela.) (.25/07/2012 - 23:29:53.) -- C:\Windows\system32\Drivers\Parport.sys [105984]
[MD5.A14D625C5AEE5FFE0F47D1A1D419FAAE] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.25/07/2012 - 23:23:17.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [124928]
[MD5.B2A3AD74FF2E2FFA73AF2567108231B3] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.25/07/2012 - 23:25:18.) -- C:\Windows\system32\Drivers\rdpdr.sys [179712]
[MD5.73DC722CE5DF26D7638CE2446F2655C7] - (.Microsoft Corporation - TDI Translation Driver.) (.26/07/2012 - 02:26:47.) -- C:\Windows\system32\Drivers\tdx.sys [117248]
[MD5.78A5BBA3819FFFC62FFEC3E2220D102D] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.01/06/2013 - 08:26:33.) -- C:\Windows\system32\Drivers\volsnap.sys [327936]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/1575
~ Mes musiques (My Musics) : 9/133
~ Mes Videos (My Videos) : 1/38
~ Mes Favoris (My Favorites) : 1/2
~ Mes Documents (My Documents) : 4/5046
~ Mon Bureau (My Desktop) : 1/563
~ Menu demarrer (Programs) : 1/30
~ Hidden Files: Scanned in 00mn 09s



---\\ Processos lançados
[MD5.349AB4F70E2AC44970894E7F03E1576E] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [236384] [PID.2424]
[MD5.FFFDC3764DB05234261AAF79246B3A1E] - (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1709072] [PID.1888]
[MD5.98B31CBC09D671DADEB7C92AEF1CBE29] - (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Users\Dorianna\AppData\Roaming\VIVO INTERNET\ouc.exe [110592] [PID.2092]
[MD5.97B71A2897FF23B44144254A70379266] - (.No owner - HotKey.) -- C:\Program Files (x86)\Hotkey\Hotkey.exe [4738560] [PID.1324]
[MD5.32C26797AB646074A2BB562F9D10ADB5] - (.Microsoft Corporation - Microsoft Office OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.exe [97680] [PID.3364]
[MD5.015B7CE6EB11010BD245170012F7A9E6] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120] [PID.2616]
[MD5.A51CED67E552E6F8FEEF17A1311C1391] - (.Alcor - Monitor Function.) -- C:\windows\WebCam\S6000\S6000Mnt.exe [79224] [PID.3380]
[MD5.A2221900B57AEC20577996744FA4A56A] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296] [PID.2800]
[MD5.C4160567128FCFC1DCA1693369B62DFE] - (.Symantec Corporation - Norton Internet Security.) -- C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe [276376] [PID.2744]
[MD5.542459D16B416D054161007FC9B1246E] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [841032] [PID.4876]
[MD5.E6DA875D24C3774E045499F6BFA76F30] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7873024] [PID.4580]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Dorianna\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [nkeimhogjdpnpccoofpliimaahmaaome] Hangout Services v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 04s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/bb] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Dorianna\AppData\Local\GAS Tecnologia\GBBD\npsf_bb.dll
~ Firefox Browser: 2 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540000} . (.Banco do Brasil - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbieh.dll
~ BHO: 7 Legitimates Filtered in 00mn 00s



---\\ Barras do Internet Explorer (03))
O3 - Toolbar: (no name) - [HKLM]{2318C2B1-4965-11d4-9B18-009027A5CD4F} Chave orfã
O3 - Toolbar: Norton Toolbar - [HKLM]{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} . (.Symantec Corporation - coIEPlugIn.) -- C:\Program Files (x86)\Norton Internet Security\Engine64\21.2.0.38\coIEPlg.dll
~ Toolbar: Scanned in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [RTHDVCPL] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKCU\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKCU\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKCU\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
O4 - HKLM\..\Wow6432Node\Run: [StartCCC] . (.Advanced Micro Devices, Inc. - Catalyst® Control Center Launcher.) -- C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe =>.Advanced Micro Devices, Inc
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer_For_P2G8] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
O4 - HKLM\..\Wow6432Node\Run: [CLVirtualDrive] . (.CyberLink Corp. - CyberLink Virtual Drive.) -- C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKUS\S-1-5-21-1933325971-1488101800-2260149476-1002\..\Run: [Power2GoExpress8] . (.CyberLink Corp. - Power2Go Desktop Burning Gadget.) -- C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe
O4 - HKUS\S-1-5-21-1933325971-1488101800-2260149476-1002\..\Run: [HW_OPENEYE_OUC_VIVO INTERNET] . (.Huawei Technologies Co., Ltd. - Online Update Clinet.) -- C:\Program Files (x86)\VIVO INTERNET\UpdateDog\ouc.exe
O4 - HKUS\S-1-5-21-1933325971-1488101800-2260149476-1002\..\Run: [NokiaSuite.exe] . (.Nokia - Nokia Suite.) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
~ Application: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bancobrasil.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.bb.com.br
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{6848F6F8-EC53-4B82-90C5-0BAEDB535D32}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CCS\Services\Tcpip\..\{FCC73AF7-E70B-420C-993F-662D56650B0E}: DhcpNameServer = 192.168.1.1 192.168.0.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{6848F6F8-EC53-4B82-90C5-0BAEDB535D32}: NameServer = 200.169.117.221 200.169.117.222
O17 - HKLM\System\CS1\Services\Tcpip\..\{FCC73AF7-E70B-420C-993F-662D56650B0E}: DhcpNameServer = 192.168.1.1 192.168.0.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: Claro. OUC (Claro. RunOuc) . (...) - C:\Program Files (x86)\Claro\UpdateDog\ouc.exe (.not file.)
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: (PowerBiosServer) . (.No owner - PowerBiosServer.) - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
~ Services: 9 Legitimates Filtered in 00mn 13s



---\\ Tarefas planificadas automaticamente (039)
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1084]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1088]
~ Scheduled Task: 8 Legitimates Filtered in 00mn 13s



---\\ Software instalados (042)
O42 - Logiciel: Módulo de Segurança - Banco do Brasil - (...) [HKLM][64Bits] -- {36386dc9-8543-4b12-ae6b-220fd52f19f3}_is1
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM][64Bits] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: construir7Ano - (.Educandus e Editora Construir - 7º Ano.) [HKLM][64Bits] -- {79A763E5-61ED-44EB-AA08-123A311691C0}
~ Logic: 28 Legitimates Filtered in 00mn 02s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
~ Key Software: 209 Legitimates Filtered in 00mn 02s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 08/04/2014 - 14:52:57 - [] ----D C:\Program Files (x86)\Educandus e Editora Construir - 7º Ano
O43 - CFD: 15/02/2014 - 09:31:27 - [] ----D C:\Program Files (x86)\Vivo
O43 - CFD: 15/02/2014 - 09:31:10 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 03/05/2014 - 00:10:14 - [] ----D C:\Users\Dorianna\AppData\Roaming\VIVO INTERNET
~ Program Folder: 132 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.D613D20679E255CF2FAE07E8174D7B63] - 07/05/2014 - 19:37:35 ---A- . (...) -- C:\Windows\System32\prfc0416.dat [558392]
O44 - LFC:[MD5.377CABAA624F3F5EB17B55CE598439DC] - 07/05/2014 - 19:37:35 ---A- . (...) -- C:\Windows\System32\prfh0416.dat [1156182]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 07/05/2014 - 21:06:40 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.B9B8EBC6C20E459AE5CAD238EABCCF13] - 07/05/2014 - 21:19:22 ---A- . (...) -- C:\zoek-results.log [20412]
~ Files: 15 Legitimates Filtered in 00mn 08s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 4 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:08/10/2010 - 05:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:05/08/2010 - 20:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:12/07/2012 - 14:14:06 ---A- . (.Windows (R) Win 7 DDK provider - AVStream Simulated Hardware Sample.) -- C:\Windows\System32\Drivers\S6000KNT.sys [3555456]
O58 - SDL:22/01/2014 - 07:52:10 ---A- . (.DEVGURU Co., LTD.([Você precisa estar registrado e conectado para ver este link.] - SAMSUNG USB Composite Device Driver (MSS Ver.3).) -- C:\Windows\System32\Drivers\ssudbus.sys [108800]
O58 - SDL:26/07/2012 - 02:00:55 ---A- . (.Promise Technology, Inc. - Promise SuperTrak EX Series Driver for Windows x64.) -- C:\Windows\System32\Drivers\stexstor.sys [30960]
O58 - SDL:06/03/2014 - 07:18:55 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 61 Legitimates Filtered in 00mn 06s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D15ABCB112345C7C9BDA8F4897E08B78] [SPRF][30/04/2014] (...) -- C:\Users\Dorianna\AppData\Roaming\unins000.dat [33691]
[MD5.A53555B250CBEDCA6544D13648F83FFE] [SPRF][07/05/2014] (...) -- C:\Users\Dorianna\Desktop\AdwCleaner.exe [1316991]
[MD5.DCF741DF9F654F5A2C1BEC789F53AEB3] [SPRF][08/03/2014] (...) -- C:\Users\Dorianna\Desktop\zoek.com [1414742]
~ Files: 5 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.F0331DC93B0E29C97541425F4BDA60EE] [WIS][19/04/2014] (.Google Inc. - Google Toolbar for Internet Explorer.) -- C:\Windows\Installer\5e434f.msi [28672] =>Toolbar.Google
~ WIS: 1 Legitimates Filtered in 00mn 01s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\GoogleToolbarNotifier_RASAPI32 =>Toolbar.Google
~ BTK: 57 Legitimates Filtered in 00mn 00s



---\\ Search CLSID Registry Key (O101)
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google
~ BCK: 4886 Legitimates Filtered in 00mn 26s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Auto 10/07/1658 0 | (Claro. RunOuc) . (...) - C:\Program Files (x86)\Claro\UpdateDog\ouc.exe
SS - | Auto 19/04/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/04/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 19/04/2014 194032 | (gusvc) . (.Google.) - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
SS - | Demand 18/04/2013 737616 | (ServiceLayer) . (.Nokia.) - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SS - | Demand 06/12/2012 29696 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 08/08/2012 239616 | (AMD External Events Utility) . (.AMD.) - C:\Windows\System32\atiesrxx.exe
SR - | Auto 08/08/2012 361984 | (AMD FUEL Service) . (.Advanced Micro Devices, Inc..) - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
SR - | Auto 12/03/2014 108032 | (Freemake Improver) . (.Freemake.) - C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe
SR - | Auto 12/03/2014 9216 | (FreemakeVideoCapture) . (.Ellora Assets Corp..) - C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
SR - | Auto 21/02/2014 519720 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 14/03/2011 346976 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 12/03/2014 276376 | (NIS) . (.Symantec Corporation.) - C:\Program Files (x86)\Norton Internet Security\Engine\21.2.0.38\NIS.exe
SR - | Auto 13/09/2012 45568 | (PowerBiosServer) . (...) - C:\Program Files (x86)\Hotkey\PowerBiosServer.exe
SR - | Demand 10/07/1658 0 | (WinDefend) . (...) - C:\Program Files (x86)\Windows Defender\MsMpEng.exe
~ Services: Scanned in 00mn 29s



---\\ Scâner Aditional (088)
Database Version : 13045 - (07/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 2

C:\Windows\Installer\5e434f.msi =>Toolbar.Google^
[HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}] (Google Toolbar Helper) =>Toolbar.Google^
~ Additionnel Scan: 199161 Items scanned in 01mn 19s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 573 Legitimates filtered by white list
End of the scan (381 lines in 03mn 38s)(0)
avatar
luizvilarinho
Membro
Membro

Mensagens : 776
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por Power Max em Qua 07 Maio 2014, 23:17

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho abaixo e cole-o no espaço em branco do Zoek:

C:\Program Files (x86)\Claro\UpdateDog\ouc.exe;virustotal

*Clique [Run Script]

*Durante o scan uma mensagem parecida com esta abaixo mostrando o progresso do escaneamento será apresentada. Aguarde o término...pode demorar!

[Você precisa estar registrado e conectado para ver esta imagem.]

*Caso a reinicialização do PC seja solicitada, clique [OK]

* Poste o log do Zoek que estará em C:\zoek-results.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por luizvilarinho em Qua 07 Maio 2014, 23:22


Zoek.exe v5.0.0.0 Updated 14-April-2014
Tool run by Dorianna on 07/05/2014 at 23:19:09,59.
Microsoft Windows 8 Single Language 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Dorianna\Desktop\zoek.pif [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-08-001922.log 20412 bytes

==== VirusTotal Scan ======================

C:\Program Files (x86)\Claro\UpdateDog\ouc.exe not found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3 folders=1 2561465 bytes)

==== EOF on 07/05/2014 at 23:21:24,35 ======================
avatar
luizvilarinho
Membro
Membro

Mensagens : 776
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por Power Max em Qua 07 Maio 2014, 23:25

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o link da análise do arquivo no site Virus Total.


Última edição por Power Max em Qui 08 Maio 2014, 00:36, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por luizvilarinho em Qua 07 Maio 2014, 23:28

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Dorianna at 07/05/2014 23:27:48
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit (Build 9200)

Reciclagem vazia (00mn 01s)

========== Chaves do Registo ==========
ELIMINÉ: Service: Claro. RunOuc

========== Valores do Registo ==========
ELIMINÉ: Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F}

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (4) (161.412 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
1 : Chaves do Registo
1 : Valores do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 02s

========== Caminho do ficheiro do relatório ==========
C:\Users\Dorianna\AppData\Roaming\ZHP\ZHPFix[R1].txt - 07/05/2014 22:48:35 [2310]
C:\Users\Dorianna\AppData\Roaming\ZHP\ZHPFix[R2].txt - 07/05/2014 23:27:49 [1042]
avatar
luizvilarinho
Membro
Membro

Mensagens : 776
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por Power Max em Qua 07 Maio 2014, 23:30

Baixe o Farbar Recovery Scan Tool e salve-o no Desktop (Área de Trabalho)

Obs: Ao acessar o link acima, clique no botão Download Now 64-Bit Version

Execute o Farbar seguindo as dicas deste tutorial:

Analise importantes áreas do Windows com Farbar Recovery Scan Tool (versão 64 bits)

*Serão criados dois relatórios no Desktop: FRST.txt e Addition.txt

Poste estes dois relatórios em sua próxima resposta. (Obs: se não couber em uma só resposta, pode dividi-la em mais postagens).

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por luizvilarinho em Qua 07 Maio 2014, 23:38

O FRST64 já gerou os relatórios mas ainda está rodando.
avatar
luizvilarinho
Membro
Membro

Mensagens : 776
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por Power Max em Qua 07 Maio 2014, 23:40

Poste então eles para a gente ver

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por luizvilarinho em Qua 07 Maio 2014, 23:41

Parou, segue os relatórios em anexo.
avatar
luizvilarinho
Membro
Membro

Mensagens : 776
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por Power Max em Qui 08 Maio 2014, 00:22

Baixe o arquivo fixlist.txt que está anexado nesta postagem e salve-o no desktop (área de trabalho).

Execute o FRST64. Clique no botão Fix.

Aguarde e ao final, o log Fixlog.txt será salvo no seu desktop.

Selecione, copie e cole o conteúdo deste Fixlog.txt em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por luizvilarinho em Qui 08 Maio 2014, 00:32

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 08-05-2014 01
Ran by Dorianna at 2014-05-08 00:31:54 Run:1
Running from C:\Users\Dorianna\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
2014-04-30 22:51 - 2014-05-07 22:48 - 00000000 ____D () C:\Program Files\PCDApp
Zwinky Internet Explorer Toolbar (HKLM-x32\...\Zwinky_5qbar Uninstall Internet Explorer) (Version: - Mindspark Interactive Network)
Task: {0CE5F341-4EAC-4C8E-BF05-8CAB160D50CD} - \58ca19a3-7453-414d-9a34-2a6d788be601-4 No Task File <==== ATTENTION
Task: {21CFB840-797C-4DDB-BCCF-49367415A864} - \RegClean Pro_DEFAULT No Task File <==== ATTENTION
Task: {6606B049-570C-49A9-8342-77CA76B042D0} - \58ca19a3-7453-414d-9a34-2a6d788be601-7 No Task File <==== ATTENTION
Task: {7D70D8B7-EE58-4689-801B-678BA3338760} - \APSnotifierPP2 No Task File <==== ATTENTION
Task: {89A2D102-79BD-4DAC-A13C-539A80F7C18B} - \RegClean Pro_UPDATES No Task File <==== ATTENTION
Task: {9D3C45A0-6EA8-48DC-B183-91A7C5DF5E9C} - \58ca19a3-7453-414d-9a34-2a6d788be601-2 No Task File <==== ATTENTION
Task: {BF5EAB7B-35AF-4C5F-9266-E67953168A34} - \APSnotifierPP1 No Task File <==== ATTENTION
Task: {C2765259-72F4-4B4B-9091-41DBD60D2FC2} - \RegClean Pro No Task File <==== ATTENTION
Task: {E8676E36-0E0D-47C9-A8EE-42803DB84372} - \58ca19a3-7453-414d-9a34-2a6d788be601-5 No Task File <==== ATTENTION
Task: {E9A59A1C-07AB-4140-BE2F-544B20D0E95A} - \APSnotifierPP3 No Task File <==== ATTENTION
Task: {EFA5164E-3D4B-40B9-8E08-CE2D77FE3B85} - \d2834d00-aad2-4352-b74a-0f61289b7e44-7 No Task File <==== ATTENTION
end
*****************

C:\Program Files\PCDApp => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0CE5F341-4EAC-4C8E-BF05-8CAB160D50CD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CE5F341-4EAC-4C8E-BF05-8CAB160D50CD} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\58ca19a3-7453-414d-9a34-2a6d788be601-4 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{21CFB840-797C-4DDB-BCCF-49367415A864} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{21CFB840-797C-4DDB-BCCF-49367415A864} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_DEFAULT => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6606B049-570C-49A9-8342-77CA76B042D0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6606B049-570C-49A9-8342-77CA76B042D0} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\58ca19a3-7453-414d-9a34-2a6d788be601-7 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7D70D8B7-EE58-4689-801B-678BA3338760} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7D70D8B7-EE58-4689-801B-678BA3338760} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89A2D102-79BD-4DAC-A13C-539A80F7C18B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89A2D102-79BD-4DAC-A13C-539A80F7C18B} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro_UPDATES => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9D3C45A0-6EA8-48DC-B183-91A7C5DF5E9C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9D3C45A0-6EA8-48DC-B183-91A7C5DF5E9C} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\58ca19a3-7453-414d-9a34-2a6d788be601-2 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF5EAB7B-35AF-4C5F-9266-E67953168A34} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF5EAB7B-35AF-4C5F-9266-E67953168A34} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C2765259-72F4-4B4B-9091-41DBD60D2FC2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C2765259-72F4-4B4B-9091-41DBD60D2FC2} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\RegClean Pro => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{E8676E36-0E0D-47C9-A8EE-42803DB84372} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E8676E36-0E0D-47C9-A8EE-42803DB84372} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\58ca19a3-7453-414d-9a34-2a6d788be601-5 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9A59A1C-07AB-4140-BE2F-544B20D0E95A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9A59A1C-07AB-4140-BE2F-544B20D0E95A} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{EFA5164E-3D4B-40B9-8E08-CE2D77FE3B85} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EFA5164E-3D4B-40B9-8E08-CE2D77FE3B85} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\d2834d00-aad2-4352-b74a-0f61289b7e44-7 => Key deleted successfully.

==== End of Fixlog ====
avatar
luizvilarinho
Membro
Membro

Mensagens : 776
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por Power Max em Qui 08 Maio 2014, 00:35

Como está o PC?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por luizvilarinho em Qui 08 Maio 2014, 00:36

Desde os primeiros procedimentos ele melhorou, desabilitei agora programas iniciados como windows e irei fazer umas limpezas.
avatar
luizvilarinho
Membro
Membro

Mensagens : 776
Reputação : 2
Data de inscrição : 13/11/2013

Voltar ao Topo Ir em baixo

Re: PC com cavalo de tróia, muitas propagandas e possiveis adwares

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Página 1 de 2 1, 2  Seguinte

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum