Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking digg  Social bookmarking delicious  Social bookmarking reddit  Social bookmarking stumbleupon  Social bookmarking slashdot  Social bookmarking yahoo  Social bookmarking google  Social bookmarking blogmarks  Social bookmarking live      

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14509 usuários registrados
O último usuário registrado atende pelo nome de ppedro

Os nossos membros postaram um total de 35489 mensagens em 3597 assuntos
Últimos assuntos
» Windows 10 com tela azul
por monica_simone Dom 11 Ago 2019, 21:16

Quem está conectado
2 usuários online :: Nenhum usuário registrado, Nenhum Invisível e 2 Visitantes :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Agosto 2019
SegTerQuaQuiSexSabDom
   1234
567891011
12131415161718
19202122232425
262728293031 

Calendário Calendário


Infectado, ajuda!!

Ir em baixo

Infectado, ajuda!! Empty Infectado, ajuda!!

Mensagem por ValquiriaRM em Qua 28 Maio 2014, 19:43

Já adiantando AdwCleaner!!!
# AdwCleaner v3.211 - Relatório criado 28/05/2014 às 19:30:28
# Atualizado 26/05/2014 por Xplode
# Sistema Operacional : Windows 7 Home Basic Service Pack 1 (64 bits)
# Usuário : Valquiria - VALQUIRIA-PC
# Executando de : C:\Users\Valquiria\Downloads\adwcleaner_3.211.exe
# Opção : Limpar

***** [ Serviços ] *****


***** [ Arquivos / Pastas ] *****


***** [ Atalhos ] *****


***** [ Registro ] *****

Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\updatewebget_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\webget_RASMANCS
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnTbMon]
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DC264A72-FA75-4948-B881-EA8EFF8E5DD2}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{03EF41A4-BA24-4E49-A2C0-E1D047299287}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{130CCD34-0382-48E5-B307-0E7E72166828}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{26D25DD5-F17A-4D93-9A94-997E2124EEB4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{30279F40-D76B-443C-A34D-F43B35B35CE1}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{796D0AA0-DC0E-44C9-A398-C874F04D55A4}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{CE2102F0-DF63-452E-9CA7-0F75FF4DDD4B}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{DADFCC6F-66D2-4E1D-A01B-7064CAD2F583}
Chave Deletedo : [x64] HKLM\SOFTWARE\Classes\CLSID\{EBE666C3-F26C-4CF6-8ABA-3D5F5D2625E1}
Chave Deletedo : HKCU\Software\AskPartnerNetwork
Chave Deletedo : HKCU\Software\AppDataLow\Software
Chave Deletedo : HKLM\Software\AskPartnerNetwork

***** [ Navegadores ] *****

-\\ Internet Explorer v11.0.9600.17041


-\\ Mozilla Firefox v

[ Arquivo : C:\Users\Valquiria\AppData\Roaming\Mozilla\Firefox\Profiles\7uyyorg7.default\prefs.js ]


-\\ Google Chrome v35.0.1916.114

[ Arquivo : C:\Users\Valquiria\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Startup_urls] : [Você precisa estar registrado e conectado para ver este link.]
Deletedo [Extension] : pljcgbedjplidkdjahbaalanadmjfgop

*************************

AdwCleaner[R0].txt - [15009 octets] - [15/05/2014 15:27:33]
AdwCleaner[R1].txt - [1445 octets] - [15/05/2014 15:43:40]
AdwCleaner[R2].txt - [3433 octets] - [28/05/2014 19:29:41]
AdwCleaner[S0].txt - [13630 octets] - [15/05/2014 15:30:01]
AdwCleaner[S1].txt - [1489 octets] - [15/05/2014 15:47:38]
AdwCleaner[S2].txt - [3217 octets] - [28/05/2014 19:30:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [3277 octets] ##########
ValquiriaRM
ValquiriaRM
Iniciante
Iniciante

Mensagens : 13
Reputação : 0
Data de inscrição : 15/05/2014

Voltar ao Topo Ir em baixo

Infectado, ajuda!! Empty Re: Infectado, ajuda!!

Mensagem por Power Max em Qua 28 Maio 2014, 19:52

Infectado, ajuda!! 648673379  Oi Valquiria.

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

Infectado, ajuda!! 772309 Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Infectado, ajuda!! Empty Re: Infectado, ajuda!!

Mensagem por ValquiriaRM em Qua 28 Maio 2014, 20:08

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Valquiria on 28/05/2014 at 19:45:53,92.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Valquiria\Desktop\zoek.exe [Scan all users] [Quick Scan] [Auto Clean]

==== Older Logs ======================

C:\zoek-results2014-05-15-193523.log 1307 bytes
C:\zoek-results2014-05-15-201428.log 20457 bytes
C:\zoek-results2014-05-28-221609.log 21156 bytes

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\VALQUI~1\AppData\Local\Temp ====
2014-05-28 22:17:00 DEB30840549C57204730F866A9592535 222584 ----a-w- C:\Users\Valquiria\AppData\Local\Temp\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\FixTransforms.exe
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2014-05-17 18:44:46 6EA69D2312F3571F6F8BEADD224165E8 264616 ----a-w- C:\Windows\SysWOW64\javaws.exe
2014-05-17 18:44:36 9533FE0A942E00114047140B42DF8E3D 175016 ----a-w- C:\Windows\SysWOW64\java.exe
2014-05-17 18:44:36 3B10B54F50CD362537B9F2186267EDF8 96168 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-05-17 18:44:36 37C15684482B4D596316735DCEEE939A 175528 ----a-w- C:\Windows\SysWOW64\javaw.exe
2014-05-15 18:28:06 0DC5AF80D059DEC792B665ED598C6567 536576 ----a-w- C:\Windows\SysWOW64\sqlite3.dll
2014-05-15 00:18:19 FBCF3F01177953EBF1E735643621CCF5 69632 ----a-w- C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 00:18:18 EB5347F6149D3FF25F4D609A21A3BD67 17382912 ----a-w- C:\Windows\SysWOW64\mshtml.dll
2014-05-15 00:18:17 10D531ADC7B8FB36C7361D44AF6E8AB6 2724864 ----a-w- C:\Windows\SysWOW64\mshtml.tlb
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2014-05-15 00:18:19 A920E1336F9FEA95477763E2CC15891B 84992 ----a-w- C:\Windows\Sysnative\mshtmled.dll
2014-05-15 00:18:19 797E2E5C309AFF76990D5B7AF457EACA 23544320 ----a-w- C:\Windows\Sysnative\mshtml.dll
2014-05-15 00:18:18 A45BFDCFD5864F658289A165E6E0227F 2724864 ----a-w- C:\Windows\Sysnative\mshtml.tlb
====== C:\Windows\Sysnative\drivers =====
2014-05-14 19:09:23 1C2D8E18AA8FD50CD04C15CC27F7F5AB 155072 ----a-w- C:\Windows\Sysnative\drivers\ksecpkg.sys
2014-05-14 19:09:22 353009DEDF918B2A51414F330CF72DEC 95680 ----a-w- C:\Windows\Sysnative\drivers\ksecdd.sys
====== C:\Windows\Tasks ======
2014-05-15 19:28:33 487343A35B51596AA054D0AC37455D56 2952 ----a-w- C:\Windows\Sysnative\Tasks\{121413F0-9AB5-4DA1-BB38-70ED0F60536B}
2014-05-15 19:28:04 487343A35B51596AA054D0AC37455D56 2952 ----a-w- C:\Windows\Sysnative\Tasks\{7B5EBB53-523C-4C02-A8E8-FF8C73BFD930}
2014-05-11 02:59:58 E44A5D1DD50D1F40F34035FE86AF45EB 2984 ----a-w- C:\Windows\Sysnative\Tasks\AutoKMS
2014-05-11 02:59:52 A5EEE366FEC11E3484552A2C503958AD 294 ----a-w- C:\Windows\Tasks\AutoKMS.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\PROGRA~2 =====
2014-05-15 00:17:06 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER
======= C: =====
2014-05-15 20:05:22 89FE6819F1D1165BC6BB7DD7C27F40F7 86 ----a-w- C:\folders.txt
====== C:\Users\Valquiria\AppData\Roaming ======
2014-05-28 22:12:14 -------- d-----w- C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp
2014-05-28 22:12:14 -------- d-----w- C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp
2014-05-28 22:12:14 -------- d-----w- C:\Users\Valquiria\AppData\Local\Temp
2014-05-28 22:12:14 -------- d-----w- C:\Users\USURIO~1\AppData\Local\Temp
2014-05-28 22:12:14 -------- d-----w- C:\Users\Default\AppData\Local\Temp
2014-05-28 22:12:14 -------- d-----w- C:\Users\Default User\AppData\Local\Temp
====== C:\Users\Valquiria ======
2014-05-28 22:48:02 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\Valquiria\Downloads\JRT (1).exe
2014-05-28 22:47:45 EE65207407DB65C7A2D17162A48107FA 6780259 ----a-w- C:\Users\Valquiria\Downloads\ZHPDiag2.exe
2014-05-28 22:29:22 9EC73884D7D7BFEC9EED7EAF3122A0BE 1327971 ----a-w- C:\Users\Valquiria\Downloads\adwcleaner_3.211.exe
2014-05-17 18:44:36 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-05-17 18:40:49 A76E951ED4F8335337FD157A574DA36F 921512 ----a-w- C:\Users\Valquiria\Downloads\chromeinstall-7u55.exe
2014-05-17 09:09:55 -------- d-----r- C:\Windows\SysNative\config\systemprofile\Searches
2014-05-15 20:20:19 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\Valquiria\Downloads\JRT.exe
2014-05-15 17:53:14 C4B8367FBC1B7A85D0D575BFBACDFB38 286 --sha-r- C:\Users\TODOSO~1\ntuser.pol
2014-05-15 17:53:14 C4B8367FBC1B7A85D0D575BFBACDFB38 286 --sha-r- C:\ProgramData\ntuser.pol
2014-05-15 17:38:50 367F52ACA86F09298C4A981C47147286 308240 ----a-w- C:\Users\Valquiria\Downloads\Setup (5).exe

====== C: exe-files ==
2014-05-28 22:48:02 CA630DBADEB5B6101531F986ADFE46C9 1016261 ----a-w- C:\Users\Valquiria\Downloads\JRT (1).exe
2014-05-28 22:47:45 EE65207407DB65C7A2D17162A48107FA 6780259 ----a-w- C:\Users\Valquiria\Downloads\ZHPDiag2.exe
2014-05-28 22:29:22 9EC73884D7D7BFEC9EED7EAF3122A0BE 1327971 ----a-w- C:\Users\Valquiria\Downloads\adwcleaner_3.211.exe
2014-05-28 22:17:00 DEB30840549C57204730F866A9592535 222584 ----a-w- C:\Users\Valquiria\AppData\Local\Temp\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}\FixTransforms.exe
2014-05-23 00:08:28 29198D93029027C9BB4DA8E9C70AF13E 26832976 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\35.0.1916.114\35.0.1916.114_34.0.1847.137_chrome_updater.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-883659111-3594005813-54001275-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"YouCam Mirage"="C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"CLMLServer"="C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"RemoteControl10"="C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
"HP Software Update"="C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"Adobe Creative Cloud"="C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --showwindow=false --onOSstartup=true"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"BTMTrayAgent"="rundll32.exe C:\Program Files\Motorola\Bluetooth\btmshell.dll,TrayApp"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Folders ======================

2013-10-06 23:11:27 1136 ----a-w- C:\Users\Valquiria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
2013-07-17 01:26:12 1968 ----a-w- C:\Users\Valquiria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 1000 J110 series.lnk
2014-04-16 23:27:22 1931 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [16/04/2014 20:32]
C:\Windows\tasks\AutoKMS.job --a------ C:\Windows\AutoKMS\AutoKMS.exe [07/09/2013 14:31]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-883659111-3594005813-54001275-1000Core.job --a------ [Undetermined Task]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-883659111-3594005813-54001275-1000UA.job --a------ C:\Users\Valquiria\AppData\Local\Facebook\Update\FacebookUpdate.exe [23/02/2013 10:36]
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26/04/2014 11:28]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a------ C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [26/04/2014 11:28]

==== Other Scheduled Tasks ======================

"C:\Windows\SysNative\tasks\Adobe Flash Player Updater" [C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe]
"C:\Windows\SysNative\tasks\AdobeAAMUpdater-1.0-Valquiria-PC-Valquiria" [C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe]
"C:\Windows\SysNative\tasks\AutoKMS" [C:\Windows\AutoKMS\AutoKMS.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-883659111-3594005813-54001275-1000Core" [C:\Users\Valquiria\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\FacebookUpdateTaskUserS-1-5-21-883659111-3594005813-54001275-1000UA" [C:\Users\Valquiria\AppData\Local\Facebook\Update\FacebookUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\User_Feed_Synchronization-{73C92BCA-35D5-4117-9321-33839A43B7FC}" [C:\Windows\system32\msfeedssync.exe]
"C:\Windows\SysNative\tasks\{121413F0-9AB5-4DA1-BB38-70ED0F60536B}" [C:\Users\Valquiria\Desktop\zoek.exe]
"C:\Windows\SysNative\tasks\{1F037E4F-4286-4930-8767-B72E28131449}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE]
"C:\Windows\SysNative\tasks\{41057692-878F-442B-AD6B-27ED3DD2F67D}" [C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe]
"C:\Windows\SysNative\tasks\{7B5EBB53-523C-4C02-A8E8-FF8C73BFD930}" [C:\Users\Valquiria\Desktop\zoek.exe]
"C:\Windows\SysNative\tasks\{81E8244A-59A8-4454-A377-A8FFE4169088}" [C:\Program Files (x86)\Microsoft Office\Options14\MSOO.EXE]
"C:\Windows\SysNative\tasks\{A0AB28F4-8FC2-425F-B8A0-E3D116045EBD}" [C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe]
"C:\Windows\SysNative\tasks\{AA0C670E-4DAC-4859-9FE3-8C36FDA81750}" [C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe]
"C:\Windows\SysNative\tasks\{C496BC84-CC22-4E50-8958-B3B213997F36}" [C:\Program Files (x86)\CyberLink\YouCam\YouCam.exe]
"C:\Windows\SysNative\tasks\{CA745345-C67F-45F1-B8B1-83F0ACB552AC}" [C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\Valquiria\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" [16/04/2014 08:39]

==== Firefox Extensions ======================

ProfilePath: C:\Users\VALQUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\7uyyorg7.default
- Undetermined - C:\Program Files\AVAST Software\Avast\WebRep\FF
- leethax.net extension - %ProfilePath%\extensions\leethax@leethax.net.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Valquiria\AppData\Roaming\Mozilla\Firefox\Profiles\7uyyorg7.default
ABE2E50533899C45DFA03E1D8767648F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll - Shockwave Flash
BE77CDD303A624DA42094FB1AEFBEAFE - C:\Users\Valquiria\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll - Guardião Itaú 30 horas
63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner +
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Valquiria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
1528225A7126F04A5797471E4F20256D - C:\Users\Valquiria\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll - Guardião Itaú 30 horas


==== Chrome Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
caimihdmbpgddfpkbochehpehdglpcim - C:\Users\Valquiria\AppData\Local\GAS Tecnologia\GBBD\uni\sf.crx[11/11/2013 07:58]

Google Docs - Valquiria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Valquiria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Valquiria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
GBBD Guardião - Itaú 30 horas - Valquiria\AppData\Local\Google\Chrome\User Data\Default\Extensions\caimihdmbpgddfpkbochehpehdglpcim
Google Search - Valquiria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
GBBD Guardião - Itaú 30 horas - Valquiria\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg
Google Wallet - Valquiria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Valquiria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0191A6B0-1154-4C22-9182-23A95BBE92D9} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Valquiria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Valquiria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Valquiria\AppData\Local\Mozilla\Firefox\Profiles\7uyyorg7.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Valquiria\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=104 folders=107 15729382 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Valquiria\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\VALQUI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 28/05/2014 at 20:06:23,87 ======================
ValquiriaRM
ValquiriaRM
Iniciante
Iniciante

Mensagens : 13
Reputação : 0
Data de inscrição : 15/05/2014

Voltar ao Topo Ir em baixo

Infectado, ajuda!! Empty Re: Infectado, ajuda!!

Mensagem por Power Max em Qua 28 Maio 2014, 20:15

Você não seguiu exatamente como está no tutorial que lhe passei. Siga o tutorial exatamente como está lá, por gentileza, e poste o novo relatório que o Zoek irá criar.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Infectado, ajuda!! Empty Re: Infectado, ajuda!!

Mensagem por ValquiriaRM em Qua 28 Maio 2014, 20:38

Zoek.exe v5.0.0.0 Updated 22-05-2014
Tool run by Valquiria on 28/05/2014 at 20:18:50,86.
Microsoft Windows 7 Home Basic 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Valquiria\Desktop\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-05-15-193523.log 1307 bytes
C:\zoek-results2014-05-15-201428.log 20457 bytes
C:\zoek-results2014-05-28-221609.log 21156 bytes
C:\zoek-results2014-05-28-230623.log 18264 bytes

==== System Restore Info ======================

28/05/2014 20:20:23 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\VALQUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\7uyyorg7.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

Added to C:\Users\VALQUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\7uyyorg7.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Firefox Extensions Registry ======================

[HKEY_CURRENT_USER\Software\Mozilla\Firefox\Extensions]
"{87F8774F-B485-47E2-A755-A40A8A5E8873}"="C:\Users\Valquiria\AppData\Local\GAS Tecnologia\GBBD\uni\xpi" [16/04/2014 08:39]

==== Firefox Extensions ======================

ProfilePath: C:\Users\VALQUI~1\AppData\Roaming\Mozilla\Firefox\Profiles\7uyyorg7.default
- Undetermined - C:\Program Files\AVAST Software\Avast\WebRep\FF
- leethax.net extension - %ProfilePath%\extensions\leethax@leethax.net.xpi

==== Firefox Plugins ======================

Profilepath: C:\Users\Valquiria\AppData\Roaming\Mozilla\Firefox\Profiles\7uyyorg7.default
ABE2E50533899C45DFA03E1D8767648F - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_182.dll - Shockwave Flash
BE77CDD303A624DA42094FB1AEFBEAFE - C:\Users\Valquiria\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll - Guardião Itaú 30 horas
63EE2015B877A2E472CC59E05291AA39 - C:\Program Files\McAfee Security Scan\3.8.141\npMcAfeeMSS.dll - McAfee Security Scanner +
FF0D6F82A0EC13952E83B9439100E45D - C:\Users\Valquiria\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll - Facebook Video Calling Plugin
1528225A7126F04A5797471E4F20256D - C:\Users\Valquiria\AppData\Local\GAS Tecnologia\GBBD\npsf_uni_64.dll - Guardião Itaú 30 horas


==== Chrome Look ======================

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
caimihdmbpgddfpkbochehpehdglpcim - C:\Users\Valquiria\AppData\Local\GAS Tecnologia\GBBD\uni\sf.crx[11/11/2013 07:58]

Google Docs - Valquiria\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - Valquiria\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - Valquiria\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
GBBD Guardião - Itaú 30 horas - Valquiria\AppData\Local\Google\Chrome\User Data\Default\Extensions\caimihdmbpgddfpkbochehpehdglpcim
Google Search - Valquiria\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
GBBD Guardião - Itaú 30 horas - Valquiria\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg
Google Wallet - Valquiria\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - Valquiria\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
Google Docs - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Wallet - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.google.com"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"
{0191A6B0-1154-4C22-9182-23A95BBE92D9} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\Valquiria\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Valquiria\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Valquiria\Desktop\Adobe Photoshop CC.lnk - C:\Program Files (x86)\Adobe\Adobe Photoshop CC\Photoshop.exe
C:\Users\Valquiria\Desktop\avast Free Antivirus.lnk -
C:\Users\Valquiria\Desktop\Continue Avast Free Antivirus.lnk -
C:\Users\Valquiria\Desktop\Continue Avira Antivirus.lnk - C:\Users\Valquiria\Downloads\Avira Antivirus.exe
C:\Users\Valquiria\Desktop\Emissor de Nota Fiscal Eletrônica (NF-e) 2.0.lnk -
C:\Users\Valquiria\Desktop\Paint.lnk - C:\Windows\system32\mspaint.exe

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Creative Cloud.lnk - C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe --appletID=HomePanel_BL --appletVersion=1.0
C:\Users\Public\Desktop\Adobe Reader X.lnk - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
C:\Users\Public\Desktop\Bitstream Font Navigator (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\FontNav64\FontNav.exe
C:\Users\Public\Desktop\Claro 3G.lnk - C:\Program Files (x86)\Claro 3G\UIMain.exe
C:\Users\Public\Desktop\Corel CAPTURE X7 (64-Bit).lnk - c:\Windows\Installer\{2C91CB9D-323D-43E5-A433-229B71CFB773}\NewShortcut8_65BCA6E0337A452DA55C0654EAAD7A0B.exe
C:\Users\Public\Desktop\Corel CONNECT X7 (64-Bit).lnk - C:\Program Files (x86)\Corel\CorelDRAW Graphics Suite X7\Connect64\Connect.exe
C:\Users\Public\Desktop\Corel PHOTO-PAINT X7 (64-Bit).lnk - c:\Windows\Installer\{C922F325-DD52-4E22-B204-431A06E63E51}\NewShortcut2_EBB51BFEE10948A888CB7ADF96E8EC80.exe
C:\Users\Public\Desktop\CorelDRAW X7 (64-Bit).lnk - c:\Windows\Installer\{2C0DDC74-5234-43DD-BB5A-0645B8FE5289}\NewShortcut1_68427AB8B2C044C58AA777A4C3F75634.exe
C:\Users\Public\Desktop\CyberLink Media Suite.lnk - C:\Program Files (x86)\CyberLink\Media Suite\PS.exe
C:\Users\Public\Desktop\Gerenciador Eficaz.lnk - C:\RegraEmpresarial\Regra.exe
C:\Users\Public\Desktop\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk - C:\Program Files\McAfee Security Scan\3.8.141\McUICnt.exe SecurityScanner.dll

==== shortcuts in Users Start Menu ======================

C:\Users\Valquiria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files\Internet Explorer\iexplore.exe
C:\Users\Valquiria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitorar alertas de tinta - HP Deskjet 1000 J110 series.lnk - C:\Windows\system32\RunDll32.exe "C:\Program Files\HP\HP Deskjet 1000 J110 series\bin\HPStatusBL.dll",RunDLLEntry SERIALNUMBER=BR363FK3KK05D2;CONNECTION=USB;MONITOR=1;

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Valquiria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Valquiria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Valquiria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Valquiria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Valquiria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\Windows\system32\control.exe
C:\Users\Valquiria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Limpa profundamente arquivos de Spam.lnk - C:\Program Files (x86)\iSafe\iStart.exe -divertop -param0=9 -param1=0 -param2=1
C:\Users\Valquiria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\YAC.lnk - C:\Program Files (x86)\iSafe\iStart.exe
C:\Users\Valquiria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Valquiria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe
C:\Users\Valquiria\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\USURIO~1\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000000

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Valquiria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Valquiria\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\Users\Valquiria\AppData\Local\Mozilla\Firefox\Profiles\7uyyorg7.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\Users\Valquiria\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=104 folders=107 15729382 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Valquiria\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\VALQUI~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 28/05/2014 at 20:36:17,52 ======================
ValquiriaRM
ValquiriaRM
Iniciante
Iniciante

Mensagens : 13
Reputação : 0
Data de inscrição : 15/05/2014

Voltar ao Topo Ir em baixo

Infectado, ajuda!! Empty Re: Infectado, ajuda!!

Mensagem por Power Max em Qua 28 Maio 2014, 20:39

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Infectado, ajuda!! Empty Re: Infectado, ajuda!!

Mensagem por ValquiriaRM em Qua 28 Maio 2014, 20:52

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Basic x64
Ran by Valquiria on 28/05/2014 at 20:42:35,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 28/05/2014 at 20:50:29,51
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
ValquiriaRM
ValquiriaRM
Iniciante
Iniciante

Mensagens : 13
Reputação : 0
Data de inscrição : 15/05/2014

Voltar ao Topo Ir em baixo

Infectado, ajuda!! Empty Re: Infectado, ajuda!!

Mensagem por Power Max em Qua 28 Maio 2014, 21:09

Como está o PC?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Infectado, ajuda!! Empty Re: Infectado, ajuda!!

Mensagem por ValquiriaRM em Qua 28 Maio 2014, 21:11

Cheio de propagandas nas janelas dos navegadores!! Lento para iniciar!!
~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/05/2014)
~ Iniciado por Valquiria (28/05/2014 21:06:58)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
GCIE: Google Chrome v35.0.1916.114

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
McAfee Security Scan Plus v3.8.141.11
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1995 MB (23% free)
System Restore: Activé (Enable)
System drive C: has 102 GB (68%) free of 148 GB

---\\ Modo de conexão ao sistema
~ Computer Name: VALQUIRIA-PC
~ User Name: Valquiria
~ All Users Names: Valquiria, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Valquiria\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Valquiria\AppData\Roaming\
~ %Desktop% : C:\Users\Valquiria\Desktop\
~ %Favorites% : C:\Users\Valquiria\Favorites\
~ %LocalAppData% : C:\Users\Valquiria\AppData\Local\
~ %StartMenu% : C:\Users\Valquiria\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 102 Go of 148 Go)
D: Hard drive, Flash drive, Thumb drive (Free 36 Go of 134 Go)
G: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.25/02/2011 - 03:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 01s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/708
~ Mes musiques (My Musics) : 17/85
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/423
~ Mon Bureau (My Desktop) : 1/10
~ Menu demarrer (Programs) : 1/24
~ Hidden Files: Scanned in 00mn 04s



---\\ Processos lançados
[MD5.C948AC73822CA662CF44185B909EA18B] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe [720064] [PID.2872]
[MD5.FEB6F2493EB75F0BFCF23D7AD618C3AE] - (.Microsoft Corporation - Microsoft SharePoint Workspace.) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.exe [30814400] [PID.2932]
[MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.772]
[MD5.35048D8E8A0BF7A797CD5757ACD7EED0] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816] [PID.1984]
[MD5.22EC0852DBF032A93D8DA697065FA189] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336] [PID.1116]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2388]
[MD5.38875F805FBD3D7B32D5B3EFEA7D1CD2] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480] [PID.2500]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2508]
[MD5.1F85A80EBC4C4C1D562094F5AB231077] - (.Adobe Systems Incorporated - Adobe IPC Broker.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe [769904] [PID.2696]
[MD5.7FA16A68EF2B1B6C3281D1D33F513CB2] - (.No owner - Core Sync.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe [5288608] [PID.3848]
[MD5.AA61E4E73E812D6411F375989E4501CE] - (.Adobe Systems Incorporated - Adobe CEF Helper.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe [419704] [PID.4484]
[MD5.CA630DBADEB5B6101531F986ADFE46C9] - (.Thisisu - Junkware Removal Tool.) -- C:\Users\Valquiria\Downloads\JRT (1).exe [1016261] [PID.3436]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.2928]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.2224]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1412]
[MD5.47EFDB5472E76B4FC91259FC4B3B659A] - (...) -- C:\MySQL\bin\mysqld.exe [8186368] [PID.1688]
[MD5.50C7CE53EF461870410355F1F2E7D515] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168] [PID.4252]
[MD5.374EBDA379A8F38E0CFC2211611E7167] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.3764]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Valquiria\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [caimihdmbpgddfpkbochehpehdglpcim] GBBD Guardião - Itaú 30 horas v.3.6.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 16 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Valquiria\AppData\Roaming\Mozilla\Firefox\Profiles\7uyyorg7.default\prefs.js
M3 - MFPP: Plugins - [Valquiria] -- C:\Users\Valquiria\AppData\Roaming\Mozilla\Firefox\Profiles\7uyyorg7.default\searchplugins\Baixaki.xml
M3 - MFPP: Plugins - [Valquiria] -- C:\Users\Valquiria\AppData\Roaming\Mozilla\Firefox\Profiles\7uyyorg7.default\searchplugins\pesquisa-alot.xml
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Valquiria\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 9 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Valquiria]: Emissor de Nota Fiscal Eletrônica (NF-e) 2.0.lnk . (.Oracle Corporation - Java(TM) Web Start Launcher.) -- C:\Windows\SysWOW64\javaws.exe [Você precisa estar registrado e conectado para ver este link.]
~ Global Startup: 1 Legitimates Filtered in 00mn 02s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe (.not file.)
O4 - HKLM\..\Run: [RtHDVCpl] . (.Realtek Semiconductor - Gerenciador de áudio HD Realtek.) -- C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Motorola Solutions, Inc. - Bluetooth Shell Extension.) -- C:\Program Files\Motorola\Bluetooth\btmshell.dll
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [YouCam Mirage] . (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-883659111-3594005813-54001275-1000\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\Resources\ptb.dll,-247 [64Bits] - {bd707fe6-39f6-4bda-9265-86a76719bdc5} . (...) -- C:\Program Files\Motorola\Bluetooth\bluetooth.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{141363D2-DD30-45E0-9973-23964D5FC573}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{405287CB-C739-4673-B74A-51C1310E3B3A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B1F0FEB-B69D-49BB-864B-E029D6EF5137}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{141363D2-DD30-45E0-9973-23964D5FC573}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\..\{405287CB-C739-4673-B74A-51C1310E3B3A}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{141363D2-DD30-45E0-9973-23964D5FC573}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{405287CB-C739-4673-B74A-51C1310E3B3A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7B1F0FEB-B69D-49BB-864B-E029D6EF5137}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{141363D2-DD30-45E0-9973-23964D5FC573}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{405287CB-C739-4673-B74A-51C1310E3B3A}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{141363D2-DD30-45E0-9973-23964D5FC573}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{405287CB-C739-4673-B74A-51C1310E3B3A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7B1F0FEB-B69D-49BB-864B-E029D6EF5137}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{141363D2-DD30-45E0-9973-23964D5FC573}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{405287CB-C739-4673-B74A-51C1310E3B3A}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: MySQL (MySQL) . (...) - C:\MySQL\bin\mysqld.exe
~ Services: 9 Legitimates Filtered in 00mn 04s



---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk /K:D *) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.3CB03C134F7307866B3C52735CDFAE76] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [734208] =>Trojan.Keygen
[MD5.2ED2319F3DE13495AAA49B70A1467055] [APT] [{121413F0-9AB5-4DA1-BB38-70ED0F60536B}] (...) -- C:\Users\Valquiria\Desktop\zoek.exe [1285120]
[MD5.00000000000000000000000000000000] [APT] [{46298CD4-443C-45DD-A4D7-B8E277104CB7}] (...) -- C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [APT] [{7B5EBB53-523C-4C02-A8E8-FF8C73BFD930}] (...) -- C:\Users\Valquiria\Desktop\zoek.exe [1285120]
[MD5.00000000000000000000000000000000] [APT] [{E9747ED0-086F-4097-AB7D-EC8974428279}] (...) -- C:\Users\Valquiria\AppData\Local\Temp\Temp1_setupconsumerc2rolw (1).zip\setupconsumerc2rolw.exe (.not file.) [0]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [294] =>Trojan.Keygen
O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [294] =>Trojan.Keygen
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-883659111-3594005813-54001275-1000Core [922]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-883659111-3594005813-54001275-1000UA [944]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1074]
~ Scheduled Task: 23 Legitimates Filtered in 00mn 06s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
O41 - Driver: (hwinterface) . (. - .) - C:\Windows\System32\Drivers\hwinterface.sys (.not file.)
O41 - Driver: (iSafeKrnlKit) . (. - .) - C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys (.not file.) =>Trojan.Staser
O41 - Driver: (wStLib64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\wStLib64.sys =>PUP.LinkiDoo
~ Drivers: 81 Legitimates Filtered in 00mn 39s



---\\ Software instalados (042)
O42 - Logiciel: Ask Toolbar - (.APN, LLC.) [HKLM][64Bits] -- {4F524A2D-5637-4300-76A7-A758B70C0A06} =>Adware.Bandoo
O42 - Logiciel: BlockAndSurf - (.BlockAndSurf-software.) [HKLM][64Bits] -- D43D7802-968C-E271-3715-FCB872D6A07A =>PUP.BlockAndSurf
O42 - Logiciel: Claro 3G - (...) [HKLM][64Bits] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
O42 - Logiciel: GBBD Guardião - Itaú 30 horas - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Pacote de Driver do Windows - Perto S.A. Perifericos para Automacao (PERTO3 - (.Perto S.A. Perifericos para Automacao.) [HKLM][64Bits] -- F902151BF0E1078D63BA822885D5233B84224A25
~ Logic: 9 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\A.E.T. Europe B.V.]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\GbAs]
[HKCU\Software\smartWrapper]
[HKLM\Software\Wow6432Node\A.E.T. Europe B.V.]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Claro 3G]
[HKLM\Software\Wow6432Node\Highlightly]
~ Key Software: 187 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 03/02/2014 - 18:49:43 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 21/02/2014 - 20:04:28 - [] ----D C:\Program Files (x86)\Claro 3G
O43 - CFD: 23/07/2013 - 17:12:33 - [] ----D C:\Program Files (x86)\Game Box
O43 - CFD: 06/10/2013 - 12:45:22 - [] ----D C:\Program Files (x86)\Serasa Experian
O43 - CFD: 28/10/2013 - 10:03:32 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 16/11/2013 - 11:15:48 - [] ----D C:\ProgramData\DYA_SQSNFMOMVNWLLWCIU
O43 - CFD: 06/10/2013 - 13:06:20 - [] ----D C:\Users\Valquiria\AppData\Roaming\AssistenteCertificadoDigital
O43 - CFD: 31/10/2013 - 08:12:06 - [] ----D C:\Users\Valquiria\AppData\Roaming\Baidu Security
O43 - CFD: 16/11/2013 - 11:15:48 - [] ----D C:\Users\Valquiria\AppData\Roaming\DYA_SQSNFMOMVNWLLWCIU
O43 - CFD: 03/10/2013 - 19:17:57 - [] ----D C:\Users\Valquiria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas Secretaria da Fazenda
O43 - CFD: 02/03/2013 - 12:19:44 - [] ----D C:\Users\Valquiria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TagSoft
~ Program Folder: 142 Legitimates Filtered in 00mn 01s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.C42795A2AA18BD7F4DF430492BACA463] - 15/05/2014 - 16:35:23 ---A- . (...) -- C:\zoek-results2014-05-15-193523.log [1307]
O44 - LFC:[MD5.89FE6819F1D1165BC6BB7DD7C27F40F7] - 15/05/2014 - 17:05:22 ---A- . (...) -- C:\folders.txt [86]
O44 - LFC:[MD5.A8D3F0358F2061C398FD5EF8EC540080] - 15/05/2014 - 17:14:28 ---A- . (...) -- C:\zoek-results2014-05-15-201428.log [20457]
O44 - LFC:[MD5.DC8D50E3F8FF824043BDDC444D45F646] - 28/05/2014 - 19:16:09 ---A- . (...) -- C:\zoek-results2014-05-28-221609.log [21156]
O44 - LFC:[MD5.0E8BC33EE61BBDFE7296B350E7DAA500] - 28/05/2014 - 20:06:23 ---A- . (...) -- C:\zoek-results2014-05-28-230623.log [18264]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 28/05/2014 - 20:18:36 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.BE627766E45C43C90A316F1394B8AC15] - 28/05/2014 - 20:36:17 ---A- . (...) -- C:\zoek-results.log [15892]
O44 - LFC:[MD5.485055033BCDDFDE56325C0D2FEEA4F2] - 28/05/2014 - 20:36:54 ---A- . (...) -- C:\Windows\KMSEmulator.exe [151552]
~ Files: 41 Legitimates Filtered in 00mn 06s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:23/04/2014 - 07:19:45 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [43520] =>Trojan.Staser
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:09/04/2014 - 17:23:17 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLib64.sys [61120] =>PUP.LinkiDoo
O58 - SDL:13/01/2010 - 09:04:25 ---A- . (.Logix4u - hwinterface.sys.) -- C:\Windows\SysWOW64\drivers\hwinterface.sys [3026]
~ Drivers: 64 Legitimates Filtered in 00mn 06s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bfilter.sys (Bfilter) .(.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - LEGACY_BFILTER
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bfmon.sys (Bfmon) .(.Baidu, Inc. - Baidu FS Monitor Driver.) - LEGACY_BFMON
O64 - Services: CurCS - 21/01/2014 - C:\Windows\system32\drivers\Bprotect.sys (Bprotect) .(.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - LEGACY_BPROTECT
O64 - Services: CurCS - 23/11/2013 - C:\Windows\System32\Drivers\inpoutx64.sys (inpoutx64) .(.Highresolution Enterprises [[Você precisa estar registrado e conectado para ver este link.] - Kernel level port access driver.) - LEGACY_INPOUTX64
O64 - Services: CurCS - 09/04/2014 - C:\Windows\System32\drivers\wStLib64.sys (wStLib64) .(.StdLib - StdLib.) - LEGACY_WSTLIB64 =>PUP.LinkiDoo
~ Legacy: 93 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files (x86)\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][19/08/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.FF6363039D94C482CDC789B57060D844] [SPRF][06/12/2013] (...) -- C:\Users\Valquiria\AppData\Roaming\unins000.dat [19765]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][15/05/2014] (...) -- C:\Users\Valquiria\Desktop\zoek.exe [1285120]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Listagem dos códigos dos software (PUC) (090)
O90 - PUC: "BD04C21DD7DC68D42958E5F22E63394E" . (.SupraSavings.) -- c:\Windows\Installer\{D12C40DB-CD7D-4D86-9285-5E2FE23693E4}\icon64.ico =>PUP.SupraSavings
O90 - PUC: "D2A425F473650034677A7A857BC0A060" . (.Ask Toolbar.) -- C:\Windows\Installer\{4F524A2D-5637-4300-76A7-A758B70C0A06}\ToolbarIcon.exe =>Toolbar.Ask
~ Update Products: 2 Legitimates Filtered in 00mn 00s



---\\ Pesquisa dos pacotes WindowsInstaller (WIS) (O93) (NTFS)
[MD5.9A5263D3C011F34BFA10C5458CF27197] [WIS][16/04/2014] (.SupraSavings - SupraSavings.) -- C:\Windows\Installer\b0388f.msi [4997120] =>PUP.SupraSavings
[MD5.243F07CA5C356CDE711E3893E3849801] [WIS][26/03/2014] (.APN, LLC - Ask Toolbar.) -- C:\Windows\Installer\fbd0cb.msi [464384] =>Adware.Bandoo
~ WIS: 2 Legitimates Filtered in 00mn 05s



---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS =>PUP.Melondrea
~ BTK: 176 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 16/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 13/01/2010 647680 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 26/04/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/04/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 15/01/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SR - | Auto 03/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Demand 17/03/2011 4174928 | (Bluetooth Device Manager) . (.Motorola Solutions, Inc..) - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
SR - | Auto 17/03/2011 1193040 | (Bluetooth Media Service) . (.Motorola Solutions, Inc..) - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
SR - | Auto 22/02/2011 783440 | (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
SR - | Demand 13/01/2010 1028096 | (FLEXnet Licensing Service 64) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SR - | Auto 23/08/2011 2425960 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 02/02/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 20/07/2012 8186368 | (MySQL) . (...) - C:\MySQL\bin\mysqld.exe
SR - | Auto 13/09/2013 337776 | (PSI_SVC_2_x64) . (.arvato digital services llc.) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 02/02/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 01/03/2011 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 01/03/2011 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 08s



---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 4
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 6

[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4F524A2D-5637-4300-76A7-A758B70C0A06}] =>Adware.Bandoo^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\D43D7802-968C-E271-3715-FCB872D6A07A] =>PUP.BlockAndSurf^
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375] =>PUP.Tarma
[HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5] =>PUP.Tarma
C:\Windows\AutoKMS\AutoKMS.exe =>Trojan.Keygen^
C:\Windows\Tasks\AutoKMS.job =>Trojan.Keygen^
C:\Windows\System32\Tasks\AutoKMS =>Trojan.Keygen^
C:\Windows\Installer\b0388f.msi =>PUP.SupraSavings^
C:\Windows\Installer\fbd0cb.msi =>Adware.Bandoo^
C:\Windows\KMSEmulator.exe =>Hijacker.Windows
~ Additionnel Scan: 249676 Items scanned in 00mn 42s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>Trojan.Staser
[Você precisa estar registrado e conectado para ver este link.] =>PUP.LinkiDoo
[Você precisa estar registrado e conectado para ver este link.] =>Adware.Bandoo
[Você precisa estar registrado e conectado para ver este link.] =>PUP.SupraSavings
[Você precisa estar registrado e conectado para ver este link.] =>Toolbar.Ask
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Melondrea
[Você precisa estar registrado e conectado para ver este link.] =>PUP.Tarma
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.Windows
~ MSI: 8 link(s) detected in 00mn 00s



~ 720 Legitimates filtered by white list
End of the scan (501 lines in 02mn 35s)(0)
ValquiriaRM
ValquiriaRM
Iniciante
Iniciante

Mensagens : 13
Reputação : 0
Data de inscrição : 15/05/2014

Voltar ao Topo Ir em baixo

Infectado, ajuda!! Empty Re: Infectado, ajuda!!

Mensagem por Power Max em Qua 28 Maio 2014, 21:34

Infectado, ajuda!! 772309  Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC agora e de tempos em tempos.
_____________________________________________________________________________________________________________

Infectado, ajuda!! 772309  Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

Infectado, ajuda!! 772309  Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Infectado, ajuda!! Empty Re: Infectado, ajuda!!

Mensagem por ValquiriaRM em Qua 28 Maio 2014, 22:11

Rapport de ZHPFix 2014.4.13.3 par Nicolas Coolman, Update du 13/04/2014
Fichier d'export Registre :
Run by Valquiria at 28/05/2014 22:10:15
High Elevated Privileges : OK
Windows 7 Home Basic Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 06s)
Reparação de atalhos do navegador

========== Softwares ==========
ELIMINÉ: Ask Toolbar

========== Estado dos serviços ==========
BFILTER Parado
BFMON Parado
BPROTECT Parado
WSTLIB64 Parado

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: hwinterface
ELIMINÉ Driver Key: iSafeKrnlKit
ELIMINÉ Driver Key: wStLib64
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Highlightly
ELIMINÉ: [HKLM\Software\Classes\Installer\Products\\BD04C21DD7DC68D42958E5F22E63394E]
ELIMINÉ: [HKLM\Software\Classes\Installer\Features\BD04C21DD7DC68D42958E5F22E63394E]
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\29799DE249E7DBC459FC6C8F07EB8375
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0238BBE24EA3A70408B81E4BB89C15E5

========== Valores do Registo ==========
ELIMINÉ RunValue: SynTPEnh
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ: c:\users\valquiria\appdata\roaming\mozilla\firefox\profiles\7uyyorg7.default\searchplugins\pesquisa-alot.xml
ELIMINA REINICIAR: c:\windows\system32\drivers\bfilter.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bfmon.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\bprotect.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\isafekrnlboot.sys
ELIMINA REINICIAR: c:\windows\system32\drivers\wstlib64.sys
ELIMINÉ: C:\Windows\Installer\b0388f.msi
ELIMINÉ Temporários windows (125) (2.131.735 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Tarefa planificada ==========
ELIMINÉ: {46298CD4-443C-45DD-A4D7-B8E277104CB7}
ELIMINÉ: {E9747ED0-086F-4097-AB7D-EC8974428279}

========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso


========== Recapitulativo ==========
17 : Chaves do Registo
7 : Valores do Registo
1 : Pastas
9 : Ficheiros
1 : Softwares
4 : Estado dos serviços
2 : Tarefa planificada
1 : Restauração Sistema


End of clean in 00mn 58s

========== Caminho do ficheiro do relatório ==========
C:\Users\Valquiria\AppData\Roaming\ZHP\ZHPFix[R1].txt - 28/05/2014 22:10:22 [3038]
ValquiriaRM
ValquiriaRM
Iniciante
Iniciante

Mensagens : 13
Reputação : 0
Data de inscrição : 15/05/2014

Voltar ao Topo Ir em baixo

Infectado, ajuda!! Empty Re: Infectado, ajuda!!

Mensagem por Power Max em Qua 28 Maio 2014, 22:21

Infectado, ajuda!! 772309 Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Infectado, ajuda!! Empty Re: Infectado, ajuda!!

Mensagem por ValquiriaRM em Qua 28 Maio 2014, 22:25

~ Relatório do ZHPDiag v2014.5.24.73 - Nicolas Coolman (24/05/2014)
~ Iniciado por Valquiria (28/05/2014 22:24:02)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão :
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17107
GCIE: Google Chrome v35.0.1916.114

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Home Basic, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
McAfee Security Scan Plus v3.8.141.11
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema
CCleaner v4.14

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 13 Plugin
Adobe Reader X
Java 7 Update 55

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 42 Stepping 7, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 1995 MB (40% free)
System Restore: Activé (Enable)
System drive C: has 102 GB (68%) free of 148 GB

---\\ Modo de conexão ao sistema
~ Computer Name: VALQUIRIA-PC
~ User Name: Valquiria
~ All Users Names: Valquiria, Convidado, Administrador,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Valquiria\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Valquiria\AppData\Roaming\
~ %Desktop% : C:\Users\Valquiria\Desktop\
~ %Favorites% : C:\Users\Valquiria\Favorites\
~ %LocalAppData% : C:\Users\Valquiria\AppData\Local\
~ %StartMenu% : C:\Users\Valquiria\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 102 Go of 148 Go)
D: Hard drive, Flash drive, Thumb drive (Free 36 Go of 134 Go)
G: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system] EnableLUA: Modified
~ Security Center: 49 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.332FEAB1435662FC6C672E25BEB37BE3] - (.Microsoft Corporation - Windows Explorer.) (.25/02/2011 - 03:19:30.) -- C:\Windows\Explorer.exe [2871808]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Aplicativo de Inicialização do Windows.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.F220BA78AB542C70211D73AE4729B2CD] - (.Microsoft Corporation - Internet Extensions para Win32.) (.06/03/2014 - 03:22:40.) -- C:\Windows\System32\wininet.dll [2260480]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Aplicativo de Logon do Windows.) (.04/03/2014 - 06:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Biblioteca de Licenciamento de Software.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.79059559E89D06E8B80CE2944BE20228] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.27/09/2013 - 22:09:10.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - Driver de porta i8042.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 23:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.1A29A59A4C5BA6F8C85062A613B7E2B2] - (.Microsoft Corporation - Driver do Sistema de Arquivos NT.) (.23/01/2014 - 23:37:55.) -- C:\Windows\system32\Drivers\ntfs.sys [1684928]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Driver de porta paralela.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.DF8126BD41180351A093A3AD2FC8903B] - (.Microsoft Corporation - Driver de cópia de sombra de volume.) (.25/02/2011 - 03:25:38.) -- C:\Windows\system32\Drivers\volsnap.sys [296320]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/708
~ Mes musiques (My Musics) : 17/85
~ Mes Favoris (My Favorites) : 1/8
~ Mes Documents (My Documents) : 1/424
~ Mon Bureau (My Desktop) : 1/10
~ Menu demarrer (Programs) : 1/23
~ Hidden Files: Scanned in 00mn 00s



---\\ Processos lançados
[MD5.C948AC73822CA662CF44185B909EA18B] - (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe [720064] [PID.2872]
[MD5.FEB6F2493EB75F0BFCF23D7AD618C3AE] - (.Microsoft Corporation - Microsoft SharePoint Workspace.) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.exe [30814400] [PID.2932]
[MD5.B00F98FF6FE8682FF941BEB2559BF191] - (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [136488] [PID.772]
[MD5.35048D8E8A0BF7A797CD5757ACD7EED0] - (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [107816] [PID.1984]
[MD5.22EC0852DBF032A93D8DA697065FA189] - (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336] [PID.1116]
[MD5.CE5C9977DA751DDC30952AC4DCBCA788] - (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe [49208] [PID.2388]
[MD5.38875F805FBD3D7B32D5B3EFEA7D1CD2] - (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480] [PID.2500]
[MD5.5B6E8E09BE6401A7E022F52FDFCB2FF8] - (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336] [PID.2508]
[MD5.1F85A80EBC4C4C1D562094F5AB231077] - (.Adobe Systems Incorporated - Adobe IPC Broker.) -- C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\IPC\AdobeIPCBroker.exe [769904] [PID.2696]
[MD5.7FA16A68EF2B1B6C3281D1D33F513CB2] - (.No owner - Core Sync.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSync\CoreSync.exe [5288608] [PID.3848]
[MD5.AA61E4E73E812D6411F375989E4501CE] - (.Adobe Systems Incorporated - Adobe CEF Helper.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\HEX\Adobe CEF Helper.exe [419704] [PID.4484]
[MD5.1620FE36666F4BBC2314B7F360FB1965] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.2928]
[MD5.4FDF8F99557B275A3B5BF797761C7504] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [7879168] [PID.5000]
[MD5.ADDA5E1951B90D3D23C56D3CF0622ADC] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [65640] [PID.1412]
[MD5.47EFDB5472E76B4FC91259FC4B3B659A] - (...) -- C:\MySQL\bin\mysqld.exe [8186368] [PID.1688]
[MD5.50C7CE53EF461870410355F1F2E7D515] - (.Intel Corporation - Local Manageability Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [326168] [PID.4252]
[MD5.374EBDA379A8F38E0CFC2211611E7167] - (.Intel Corporation - User Notification Service.) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2656280] [PID.3764]
~ Processes Running: Scanned in 00mn 01s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Valquiria\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [caimihdmbpgddfpkbochehpehdglpcim] GBBD Guardião - Itaú 30 horas v.3.6.0 (Désactivé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 15 Legitimates Filtered in 00mn 01s



---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Valquiria\AppData\Roaming\Mozilla\Firefox\Profiles\7uyyorg7.default\prefs.js
M3 - MFPP: Plugins - [Valquiria] -- C:\Users\Valquiria\AppData\Roaming\Mozilla\Firefox\Profiles\7uyyorg7.default\searchplugins\Baixaki.xml
P2 - FPN: [HKCU] [gastecnologia.com.br/sf/uni] - (.GAS Tecnologia - Internet Banking Helper.) -- C:\Users\Valquiria\AppData\Local\GAS Tecnologia\GBBD\npsf_uni.dll
~ Firefox Browser: 8 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Outras conexões do utilizador (04)
O4 - GS\Desktop [Valquiria]: Emissor de Nota Fiscal Eletrônica (NF-e) 2.0.lnk . (.Oracle Corporation - Java(TM) Web Start Launcher.) -- C:\Windows\SysWOW64\javaws.exe [Você precisa estar registrado e conectado para ver este link.]
~ Global Startup: 1 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [BTMTrayAgent] . (.Motorola Solutions, Inc. - Bluetooth Shell Extension.) -- C:\Program Files\Motorola\Bluetooth\btmshell.dll
O4 - HKCU\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [RemoteControl10] . (.CyberLink Corp. - PowerDVD RC Service.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
O4 - HKLM\..\Wow6432Node\Run: [HP Software Update] . (.Hewlett-Packard - hpwuSchd Application.) -- C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe =>.Hewlett-Packard Co
O4 - HKLM\..\Wow6432Node\Run: [BCSSync] . (.Microsoft Corporation - Microsoft Office 2010 component.) -- C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe =>.Microsoft Corporation
O4 - HKLM\..\Wow6432Node\Run: [Adobe Creative Cloud] . (.Adobe Systems Incorporated - Adobe Creative Cloud.) -- C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe
O4 - HKLM\..\Wow6432Node\Run: [CLMLServer] . (.CyberLink - CyberLink MediaLibray Service.) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
O4 - HKLM\..\Wow6432Node\Run: [SunJavaUpdateSched] . (.Oracle Corporation - Java(TM) Update Scheduler.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe =>.Oracle Corporation
O4 - HKLM\..\Wow6432Node\Run: [YouCam Mirage] . (.CyberLink - YouCam Mirage.) -- C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Gadgets da Área de Trabalho do Windows.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-21-883659111-3594005813-54001275-1000\..\Run: [OfficeSyncProcess] . (.Microsoft Corporation - Microsoft Office Document Cache.) -- C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: &Enviar para o OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} -- C:\Program Files (x86)\MICROS~2\Office14\ONBttnIE.dll (.not file.)
O9 - Extra button: &Anotações Vinculadas do OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -- C:\Program Files (x86)\MICROS~2\Office14\ONBTTN~1.dll (.not file.)
O9 - Extra button: @C:\Program Files\Motorola\Bluetooth\Resources\ptb.dll,-247 [64Bits] - {bd707fe6-39f6-4bda-9265-86a76719bdc5} . (...) -- C:\Program Files\Motorola\Bluetooth\bluetooth.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{141363D2-DD30-45E0-9973-23964D5FC573}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{405287CB-C739-4673-B74A-51C1310E3B3A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{7B1F0FEB-B69D-49BB-864B-E029D6EF5137}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\..\{141363D2-DD30-45E0-9973-23964D5FC573}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\..\{405287CB-C739-4673-B74A-51C1310E3B3A}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{141363D2-DD30-45E0-9973-23964D5FC573}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{405287CB-C739-4673-B74A-51C1310E3B3A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{7B1F0FEB-B69D-49BB-864B-E029D6EF5137}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS1\Services\Tcpip\..\{141363D2-DD30-45E0-9973-23964D5FC573}: DhcpDomain = domain.name
O17 - HKLM\System\CS1\Services\Tcpip\..\{405287CB-C739-4673-B74A-51C1310E3B3A}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{141363D2-DD30-45E0-9973-23964D5FC573}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{405287CB-C739-4673-B74A-51C1310E3B3A}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{7B1F0FEB-B69D-49BB-864B-E029D6EF5137}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CS2\Services\Tcpip\..\{141363D2-DD30-45E0-9973-23964D5FC573}: DhcpDomain = domain.name
O17 - HKLM\System\CS2\Services\Tcpip\..\{405287CB-C739-4673-B74A-51C1310E3B3A}: DhcpDomain = domain.name
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: wlpg [64Bits] - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} . (...) --
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: MySQL (MySQL) . (...) - C:\MySQL\bin\mysqld.exe
~ Services: 9 Legitimates Filtered in 00mn 03s



---\\ Listagem dos dados do BootExecute (Bex) (034)
O34 - HKLM BootExecute: (autocheck autochk /K:D *) - File not found
~ BEX: 1 Legitimates Filtered in 00mn 00s



---\\ Tarefas planificadas automaticamente (039)
[MD5.3CB03C134F7307866B3C52735CDFAE76] [APT] [AutoKMS] (...) -- C:\Windows\AutoKMS\AutoKMS.exe [734208] =>Trojan.Keygen
[MD5.2ED2319F3DE13495AAA49B70A1467055] [APT] [{121413F0-9AB5-4DA1-BB38-70ED0F60536B}] (...) -- C:\Users\Valquiria\Desktop\zoek.exe [1285120]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [APT] [{7B5EBB53-523C-4C02-A8E8-FF8C73BFD930}] (...) -- C:\Users\Valquiria\Desktop\zoek.exe [1285120]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [902]
O39 - APT: AutoKMS - (...) -- C:\Windows\Tasks\AutoKMS.job [294] =>Trojan.Keygen
O39 - APT: AutoKMS - (...) -- C:\Windows\System32\Tasks\AutoKMS [294] =>Trojan.Keygen
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-883659111-3594005813-54001275-1000Core [922]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\FacebookUpdateTaskUserS-1-5-21-883659111-3594005813-54001275-1000UA [944]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1070]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1074]
~ Scheduled Task: 22 Legitimates Filtered in 00mn 01s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) - C:\Windows\system32\drivers\Bfilter.sys
O41 - Driver: (Bfmon) . (.Baidu, Inc. - Baidu FS Monitor Driver.) - C:\Windows\system32\drivers\Bfmon.sys
O41 - Driver: (Bprotect) . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) - C:\Windows\system32\drivers\Bprotect.sys
O41 - Driver: (hwinterface) . (. - .) - C:\Windows\System32\Drivers\hwinterface.sys (.not file.)
O41 - Driver: (iSafeKrnlKit) . (. - .) - C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys (.not file.) =>Trojan.Staser
O41 - Driver: (wStLib64) . (.StdLib - StdLib.) - C:\Windows\System32\drivers\wStLib64.sys =>PUP.LinkiDoo
~ Drivers: 69 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: Claro 3G - (...) [HKLM][64Bits] -- {93D34EE3-99B3-4DB1-8B0A-0A657466F90D}
O42 - Logiciel: Pacote de Driver do Windows - Perto S.A. Perifericos para Automacao (PERTO3 - (.Perto S.A. Perifericos para Automacao.) [HKLM][64Bits] -- F902151BF0E1078D63BA822885D5233B84224A25
~ Logic: 8 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\A.E.T. Europe B.V.]
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\GbAs]
[HKLM\Software\Wow6432Node\A.E.T. Europe B.V.]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Claro 3G]
~ Key Software: 183 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 21/02/2014 - 20:04:28 - [] ----D C:\Program Files (x86)\Claro 3G
O43 - CFD: 23/07/2013 - 17:12:33 - [] ----D C:\Program Files (x86)\Game Box
O43 - CFD: 06/10/2013 - 12:45:22 - [] ----D C:\Program Files (x86)\Serasa Experian
O43 - CFD: 16/11/2013 - 11:15:48 - [] ----D C:\ProgramData\DYA_SQSNFMOMVNWLLWCIU
O43 - CFD: 06/10/2013 - 13:06:20 - [] ----D C:\Users\Valquiria\AppData\Roaming\AssistenteCertificadoDigital
O43 - CFD: 16/11/2013 - 11:15:48 - [] ----D C:\Users\Valquiria\AppData\Roaming\DYA_SQSNFMOMVNWLLWCIU
O43 - CFD: 03/10/2013 - 19:17:57 - [] ----D C:\Users\Valquiria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Programas Secretaria da Fazenda
O43 - CFD: 02/03/2013 - 12:19:44 - [] ----D C:\Users\Valquiria\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TagSoft
~ Program Folder: 139 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.C42795A2AA18BD7F4DF430492BACA463] - 15/05/2014 - 16:35:23 ---A- . (...) -- C:\zoek-results2014-05-15-193523.log [1307]
O44 - LFC:[MD5.89FE6819F1D1165BC6BB7DD7C27F40F7] - 15/05/2014 - 17:05:22 ---A- . (...) -- C:\folders.txt [86]
O44 - LFC:[MD5.A8D3F0358F2061C398FD5EF8EC540080] - 15/05/2014 - 17:14:28 ---A- . (...) -- C:\zoek-results2014-05-15-201428.log [20457]
O44 - LFC:[MD5.DC8D50E3F8FF824043BDDC444D45F646] - 28/05/2014 - 19:16:09 ---A- . (...) -- C:\zoek-results2014-05-28-221609.log [21156]
O44 - LFC:[MD5.0E8BC33EE61BBDFE7296B350E7DAA500] - 28/05/2014 - 20:06:23 ---A- . (...) -- C:\zoek-results2014-05-28-230623.log [18264]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 28/05/2014 - 20:18:36 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.BE627766E45C43C90A316F1394B8AC15] - 28/05/2014 - 20:36:17 ---A- . (...) -- C:\zoek-results.log [15892]
O44 - LFC:[MD5.485055033BCDDFDE56325C0D2FEEA4F2] - 28/05/2014 - 20:36:54 ---A- . (...) -- C:\Windows\KMSEmulator.exe [151552]
~ Files: 39 Legitimates Filtered in 00mn 01s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableLUA"=0
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 18 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:21/01/2014 - 11:14:40 ---A- . (.Baidu, Inc. - Baidu Antivirus Minifilter Driver.) -- C:\Windows\System32\Drivers\Bfilter.sys [52032]
O58 - SDL:21/01/2014 - 11:14:50 ---A- . (.Baidu, Inc. - Baidu FS Monitor Driver.) -- C:\Windows\System32\Drivers\Bfmon.sys [34624]
O58 - SDL:21/01/2014 - 07:01:36 ---A- . (.Baidu, Inc. - Baidu Antivirus Selfprotect Driver.) -- C:\Windows\System32\Drivers\Bprotect.sys [128992]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:23/04/2014 - 07:19:45 ---A- . (.Elex do Brasil Participações Ltda - iSafe Kernel Boot Driver.) -- C:\Windows\System32\Drivers\iSafeKrnlBoot.sys [43520] =>Trojan.Staser
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:09/04/2014 - 17:23:17 ---A- . (.StdLib - StdLib.) -- C:\Windows\System32\Drivers\wStLib64.sys [61120] =>PUP.LinkiDoo
O58 - SDL:13/01/2010 - 09:04:25 ---A- . (.Logix4u - hwinterface.sys.) -- C:\Windows\SysWOW64\drivers\hwinterface.sys [3026]
~ Drivers: 64 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- c:\program files (x86)\google\chrome\application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- c:\program files\internet explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0191A6B0-1154-4C22-9182-23A95BBE92D9} - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {6A1806CD-94D4-4689-BA73-E35EA1EA9990} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.1FE339E72FE03A27DD9D5A9A357CFE7D] [SPRF][19/08/2009] (...) -- C:\ProgramData\FullRemove.exe [131368]
[MD5.FF6363039D94C482CDC789B57060D844] [SPRF][06/12/2013] (...) -- C:\Users\Valquiria\AppData\Roaming\unins000.dat [19765]
[MD5.2ED2319F3DE13495AAA49B70A1467055] [SPRF][15/05/2014] (...) -- C:\Users\Valquiria\Desktop\zoek.exe [1285120]
~ Files: 3 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 16/04/2014 257712 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 13/01/2010 647680 | (FLEXnet Licensing Service) . (.Macrovision Europe Ltd..) - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
SS - | Auto 26/04/2014 116648 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 26/04/2014 116648 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 15/01/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.141\McCHSvc.exe
SR - | Auto 03/09/2013 65640 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Demand 17/03/2011 4174928 | (Bluetooth Device Manager) . (.Motorola Solutions, Inc..) - C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
SR - | Auto 17/03/2011 1193040 | (Bluetooth Media Service) . (.Motorola Solutions, Inc..) - C:\Program Files\Motorola\Bluetooth\audiosrv.exe
SR - | Auto 22/02/2011 783440 | (Bluetooth OBEX Service) . (.Motorola Solutions, Inc..) - C:\Program Files\Motorola\Bluetooth\obexsrv.exe
SR - | Demand 13/01/2010 1028096 | (FLEXnet Licensing Service 64) . (.Macrovision Europe Ltd..) - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
SR - | Auto 23/08/2011 2425960 | (IconMan_R) . (.Realsil Microelectronics Inc..) - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
SR - | Auto 02/02/2011 326168 | (LMS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
SR - | Auto 20/07/2012 8186368 | (MySQL) . (...) - C:\MySQL\bin\mysqld.exe
SR - | Auto 13/09/2013 337776 | (PSI_SVC_2_x64) . (.arvato digital services llc.) - c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
SR - | Auto 02/02/2011 2656280 | (UNS) . (.Intel Corporation.) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
SR - | Auto 01/03/2011 27648 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 01/03/2011 27648 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 07s



---\\ Scâner Aditional (088)
Database Version : 13029 - (24/05/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 4

C:\Windows\AutoKMS\AutoKMS.exe =>Trojan.Keygen^
C:\Windows\Tasks\AutoKMS.job =>Trojan.Keygen^
C:\Windows\System32\Tasks\AutoKMS =>Trojan.Keygen^
C:\Windows\KMSEmulator.exe =>Hijacker.Windows
~ Additionnel Scan: 248662 Items scanned in 00mn 18s



---\\ Sumário das deteções encontradas na sua estação
[Você precisa estar registrado e conectado para ver este link.] =>Trojan.Staser
[Você precisa estar registrado e conectado para ver este link.] =>PUP.LinkiDoo
[Você precisa estar registrado e conectado para ver este link.] =>Hijacker.Windows
~ MSI: 3 link(s) detected in 00mn 00s



~ 698 Legitimates filtered by white list
End of the scan (442 lines in 00mn 51s)(0)
ValquiriaRM
ValquiriaRM
Iniciante
Iniciante

Mensagens : 13
Reputação : 0
Data de inscrição : 15/05/2014

Voltar ao Topo Ir em baixo

Infectado, ajuda!! Empty Re: Infectado, ajuda!!

Mensagem por Power Max em Sab 31 Maio 2014, 09:36

Infectado, ajuda!! 772309  Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

Infectado, ajuda!! 772309  Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
Power Max
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Infectado, ajuda!! Empty Re: Infectado, ajuda!!

Mensagem por Danii em Ter 17 Jun 2014, 11:58

TÓPICO ARQUIVADO

Como a autora não respondeu por mais de 15 dias, o tópico foi arquivado. Caso a autora do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da Equipe da Moderação solicitando o desbloqueio.
Danii
Danii
Membro Pleno
Membro Pleno

Mensagens : 562
Reputação : 78
Data de inscrição : 04/04/2014
Localização : Brasil

Voltar ao Topo Ir em baixo

Infectado, ajuda!! Empty Re: Infectado, ajuda!!

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum