Flux RSS


Yahoo! 
MSN 
AOL 
Netvibes 
Bloglines 


Social bookmarking

Social bookmarking Digg  Social bookmarking Delicious  Social bookmarking Reddit  Social bookmarking Stumbleupon  Social bookmarking Slashdot  Social bookmarking Yahoo  Social bookmarking Google  Social bookmarking Blinklist  Social bookmarking Blogmarks  Social bookmarking Technorati  

Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking

Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking

Estatísticas
Temos 14428 usuários registrados
O último usuário registrado atende pelo nome de RS_Computadores

Os nossos membros postaram um total de 35114 mensagens em 3558 assuntos
Últimos assuntos
» Pc reinicia ao desligar e vai pra BIOS
por joram Ontem à(s) 14:41

Quem está conectado
Não há nenhum usuário online :: Nenhum usuário registrado, Nenhum Invisível e nenhuma Visita :: 1 Motor de busca

Nenhum

O recorde de usuários online foi de 108 em Qui 15 Maio 2014, 21:18
Buscar
 
 

Resultados por:
 


Rechercher Busca avançada

Setembro 2017
SegTerQuaQuiSexSabDom
    123
45678910
11121314151617
18192021222324
252627282930 

Calendário Calendário

Palavras chave


Infecção Malware

Ver o tópico anterior Ver o tópico seguinte Ir em baixo

Infecção Malware

Mensagem por mdescio em Sex 25 Jul 2014, 10:57

Estou com problemas para desinstalar a extensão Movie Mode, ela volta constantemente. Segue log hijackthis:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:55:37, on 25/07/2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16561)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe
C:\Program Files (x86)\IBM\Places Connectors\DIMon.exe
C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\SAP\FrontEnd\SAPgui\saplogon.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Microsoft Lync\communicator.exe
C:\Program Files (x86)\Microsoft Lync\UcMapi.exe
C:\Lotus\Notes\NLNOTES.EXE
C:\Lotus\Notes\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.3.20110915-1350\win32\x86\notes2.exe
C:\Lotus\Notes\ntaskldr.EXE
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.EXE
C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.EXE
C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\HijackThis\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Você precisa estar registrado e conectado para ver este link.]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Você precisa estar registrado e conectado para ver este link.]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lync add-on BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O2 - BHO: Symantec Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\bin\IPS\IPSBHO.DLL
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: ViewerHelper Class - {78104A01-8E71-4F30-9A36-3793799615B4} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: G-Buster Browser Defense Itaú Unibanco - {C41A1C0E-EA6C-11D4-B1B8-444553540008} - C:\Program Files (x86)\GbPlugin\gbiehuni.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - Startup: Dropbox.lnk = C:\Users\Marcelo.Descio\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Microsoft SharePoint Workspace.lnk = C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
O4 - Startup: OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
O4 - Global Startup: Monitor de Locais.lnk = C:\Program Files (x86)\IBM\Places Connectors\DIMon.exe
O4 - Global Startup: PGP Tray.lnk = ?
O4 - Global Startup: vpngui.exe.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar a OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync add-on - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Lync\OCHelper.dll
O9 - Extra button: (no name) - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMARes.dll,-40971 - {685ec120-f786-4498-a8f0-794d47916161} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra button: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Notas &vinculadas de OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: @C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMARes.dll,-205 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMARes.dll,-40970 - {aede78a6-42b6-4c3c-96eb-5ae6dbec4859} - C:\Program Files (x86)\Microsoft\Rights Management Add-on\RMAFilt.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: *.agenciatributaria.es
O15 - Trusted Zone: ip2.amadeus.be
O15 - Trusted Zone: *.assets-yammer.com
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: yamalytics-receiver.cloudapp.net
O15 - Trusted Zone: *.dell.com
O15 - Trusted Zone: pg.dofiscal.com
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: extraweb-americas.ey.com
O15 - Trusted Zone: extraweb-apac.ey.com
O15 - Trusted Zone: extraweb-emea.ey.com
O15 - Trusted Zone: extraweb2-americas.ey.com
O15 - Trusted Zone: extraweb2-apac.ey.com
O15 - Trusted Zone: extraweb2-emea.ey.com
O15 - Trusted Zone: gs.ey.com
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: *.eygaait.com
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: *.eysupplife.com
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: *.intellinex.com
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: bankline.itau.com.br
O15 - Trusted Zone: clickbanking.itau.com.br
O15 - Trusted Zone: guardiao.itau.com.br
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: *.itau.com.br
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: *.lexis-nexis.com
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: *.lexis.com
O15 - Trusted Zone: *.lexisnexis.com
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: *.sage.es
O15 - Trusted Zone: *.sagelogiccontrol.com
O15 - Trusted Zone: *.sagelogiccontrol.es
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: *.taleo.com
O15 - Trusted Zone: *.taleo.net
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: [Você precisa estar registrado e conectado para ver este link.]
O15 - Trusted Zone: *.yammer.com
O15 - Trusted IP range: 142.221.55.49
O15 - Trusted IP range: 200.52.84.227
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: Domain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: NameServer = 199.52.242.242 199.49.100.12
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = ey.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = ey.net,us.na.ey.net,na.ey.net,sa.ey.net,eyua.net,de.eurw.ey.net,pacrim.ey.net,ey.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = ey.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = ey.net,us.na.ey.net,na.ey.net,sa.ey.net,eyua.net,de.eurw.ey.net,pacrim.ey.net,ey.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ey.net,us.na.ey.net,na.ey.net,sa.ey.net,eyua.net,de.eurw.ey.net,pacrim.ey.net,ey.com
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - Winlogon Notify:  GbPluginUni - C:\Program Files (x86)\GbPlugin\gbiehUni.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: DisplayLinkManager (DisplayLinkService) - DisplayLink Corp. - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
O23 - Service: EAFRCliManager - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel(R) Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: EY Tune Up Service - EY - C:\Program Files (x86)\Ernst & Young\EY Tune Up\EYTuneUpService.exe
O23 - Service: EY Stealth Runner (EYStealthRun) - Ernst & Young - C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Gbp Service (GbpSv) - GAS Tecnologia - C:\PROGRA~2\GbPlugin\GbpSv.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Lenovo PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\system32\ibmpmsvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: KService - Kontiki Inc. - C:\Program Files (x86)\Kontiki\KService.exe
O23 - Service: Lotus Notes Diagnostics - IBM - C:\Lotus\Notes\nsd.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Aventail VPN Client (NgVpnMgr) - Unknown owner - C:\WINDOWS\system32\ngvpnmgr.exe (file missing)
O23 - Service: SAPSetup Automatic Workstation Update Service (NWSAPAutoWorkstationUpdateSvc) - SAP AG - C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
O23 - Service: OnDemandService - Ernst & Young - C:\Program Files (x86)\Ernst & Young\OnDemand\RunSCCMAdvert\OnDemandService.exe
O23 - Service: Windows Profile Management Service (PETService) - Ernst & Young - C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\winpro.exe
O23 - Service: PGP RDD Service - Symantec Corporation - C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: QTSracrj - GenTechnologies Apps, LLC - C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe
O23 - Service: RealNetworks Downloader Resolver Service - Unknown owner - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel(R) Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: Removable Storage Service (RemovableStorageService) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\RemovableStorageService.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Removable Storage Mgmt Service (RSMgmtSrvc) - Symantec Corporation - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\RemovableStorageMgmtService.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: SCCM Health Status Service (SCCMHealthStatusService) - EY - C:\Program Files\EY\SCCM Health Status Tool\Service\SCCM_Health_Status_Service.exe
O23 - Service: Symantec Endpoint Protection (SepMasterService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
O23 - Service: SetPEFilePermissions - Ernst & Young - C:\Program Files (x86)\AAP\ACQ\SetPEFilePermissions.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Symantec Management Client (SmcService) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
O23 - Service: SMS Task Sequence Agent (smstsmgr) - Unknown owner - C:\WINDOWS\SysWOW64\CCM\TSManager.exe
O23 - Service: Symantec Network Access Control (SNAC) - Symantec Corporation - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Unknown owner - C:\WINDOWS\System32\TPHDEXLG64.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel(R) PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe

--
End of file - 17125 bytes
avatar
mdescio
Iniciante
Iniciante

Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por Power Max em Sex 25 Jul 2014, 10:58

Olá.

Baixe o programa Adwcleaner clicando no link abaixo e depois clique no botão Download Now @BleepingComputer:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o AdwCleaner é só seguir as dicas deste tutorial:

Remova adwares e toolbars maliciosas com o Adwcleaner

* Na sua próxima resposta poste o log (relatório) do Adwcleaner que estará em C:\AdwCleaner\AdwCleaner[S0].txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por mdescio em Sex 25 Jul 2014, 11:06

# AdwCleaner v3.216 - Report created 25/07/2014 at 11:03:19
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : Marcelo.Descio - BR25009069W0
# Running from : C:\Users\Marcelo.Descio\Downloads\adwcleaner_3.216.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Marcelo.Descio\AppData\Local\MovieMode
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561


-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [19776 octets] - [22/07/2014 15:26:43]
AdwCleaner[R1].txt - [1265 octets] - [22/07/2014 15:36:56]
AdwCleaner[R2].txt - [1039 octets] - [22/07/2014 15:42:29]
AdwCleaner[R3].txt - [1100 octets] - [22/07/2014 15:47:53]
AdwCleaner[R4].txt - [1630 octets] - [23/07/2014 10:25:33]
AdwCleaner[R5].txt - [1685 octets] - [25/07/2014 11:02:39]
AdwCleaner[S0].txt - [16899 octets] - [22/07/2014 15:29:33]
AdwCleaner[S1].txt - [1332 octets] - [22/07/2014 15:37:59]
AdwCleaner[S2].txt - [1162 octets] - [22/07/2014 15:48:55]
AdwCleaner[S3].txt - [1699 octets] - [23/07/2014 10:26:09]
AdwCleaner[S4].txt - [1612 octets] - [25/07/2014 11:03:19]

########## EOF - C:\AdwCleaner\AdwCleaner[S4].txt - [1672 octets] ##########
avatar
mdescio
Iniciante
Iniciante

Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por mdescio em Sex 25 Jul 2014, 11:08

Colei o txt errado.
Segue o correto
# AdwCleaner v3.216 - Report created 22/07/2014 at 15:29:33
# Updated 17/07/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : Marcelo.Descio - BR25009069W0
# Running from : C:\Users\Marcelo.Descio\Downloads\adwcleaner_3.216.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : IePluginServices
Service Deleted : WindowsProtectManger

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\WindowsProtectManger
Folder Deleted : C:\Program Files (x86)\IminentToolbar
Folder Deleted : C:\Program Files (x86)\SupTab
Folder Deleted : C:\Program Files (x86)\trolatunt
Folder Deleted : C:\Program Files (x86)\Common Files\Umbrella
Folder Deleted : C:\Users\Marcelo.Descio\AppData\Local\MovieMode
Folder Deleted : C:\Users\Marcelo.Descio\AppData\LocalLow\IminentToolbar
Folder Deleted : C:\Users\Marcelo.Descio\AppData\Roaming\337Games
Folder Deleted : C:\Users\Marcelo.Descio\AppData\Roaming\baidu
Folder Deleted : C:\Users\Marcelo.Descio\AppData\Roaming\IminentToolbar
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Extensions\ep.crx
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Extensions\newtabv3.crx
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_igdhbblpcellaljokkpfhcjlagemhgjl_0.localstorage
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\E&Y Learning\EY Leads\EY Leads.lnk
Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Shortcut Disinfected : C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Shortcut Disinfected : C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
Shortcut Disinfected : C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ainbkicbloikcngphmjfpjdemblcojdd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ogfjmhfnldnajmfaofeiaepghjenbgjo
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Key Deleted : HKLM\SOFTWARE\Classes\S
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IMinentToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_Setup302_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wpm_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0051-B4B6-006094B9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0054-B4B6-006094B9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00100000-2001-0057-B4B6-006094B9D64F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{968EDCE0-C10A-47BB-B3B6-FDF09F2A417D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{051E9166-B275-4683-907B-372FAE22BC7C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{917CAAE9-DD47-4025-936E-1414F07DF5B8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{460C3D19-B3D4-4964-A550-77D263B0CCCB}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\Google Chrome\shell\open\command
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\delta-homesSoftware
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\qone8Software
Key Deleted : HKLM\Software\SupDp
Key Deleted : HKLM\Software\SupTab
Key Deleted : HKLM\Software\supWindowsProtectManger
Key Deleted : HKLM\Software\supWPM
Key Deleted : HKLM\Software\Wpm
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : [x64] HKLM\SOFTWARE\Iminent
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~1.DLL
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - C:\PROGRA~2\SupTab\SEARCH~2.DLL
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\DatamngrCoordinator.exe

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16561

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]

-\\ Google Chrome v35.0.1916.153

[ File : C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted [Search Provider] : [Você precisa estar registrado e conectado para ver este link.]

*************************

AdwCleaner[R0].txt - [19776 octets] - [22/07/2014 15:26:43]
AdwCleaner[S0].txt - [16533 octets] - [22/07/2014 15:29:33]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16594 octets] ##########
avatar
mdescio
Iniciante
Iniciante

Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por Power Max em Sex 25 Jul 2014, 11:17

Desative temporariamente seu antivírus para evitar conflitos.

* Acesse este link abaixo e clique no primeiro botão da esquerda que é o botão Download Zoek.exe:
[Você precisa estar registrado e conectado para ver este link.]

Para executá-lo corretamente siga as dicas deste tutorial:

Exclua adwares e outras ameaças de seu PC e browsers com o aplicativo Zoek

* Assim que ele concluir a limpeza dos problemas acesse o log (relatório) do Zoek que estará em C:\zoek-results.txt e copie todo seu conteúdo e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por mdescio em Sex 25 Jul 2014, 11:40


Zoek.exe v5.0.0.0 Updated 24-07-2014
Tool run by Marcelo.Descio on 25/07/2014 at 11:19:07,86.
Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marcelo.Descio\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-07-22-192702.log 22421 bytes

==== System Restore Info ======================

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\Users\Marcelo.Descio\Searches deleted
"C:\Users\Marcelo.Descio\AppData\Roaming\smkits" deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}"="C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext" [09/06/2014 19:40]

==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[14/08/2013 15:24]

HKEY_CURRENT_USER\SOFTWARE\Google\Chrome\Extensions
caimihdmbpgddfpkbochehpehdglpcim - C:\Users\Marcelo.Descio\AppData\Local\GAS Tecnologia\GBBD\uni\sf.crx[02/08/2013 10:28]

==== Chrome Fix ======================

C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage deleted successfully
C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com"
"Search Page"="http://google.com"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com"
"Search Page"="http://google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://google.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="http://google.com"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://google.com"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Search Page"="http://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\AboutURLs]
"Tabs"="res://ieframe.dll/tabswelcome.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"

==== Reset Google Chrome ======================

C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\MARCEL~1.DES\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\MARCEL~1.DES\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\Marcelo.Descio\Desktop\HiJackThis.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\Marcelo.Descio\Desktop\Natura - Suporte APO - Rede.lnk - I:\Natura - Suporte APO
C:\Users\Marcelo.Descio\Desktop\NATURA.lnk - C:\Users\Marcelo.Descio\Documents\EY PROJETOS\NATURA
C:\Users\MARCEL~1.DES\Desktop\HiJackThis.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\MARCEL~1.DES\Desktop\Natura - Suporte APO - Rede.lnk - I:\Natura - Suporte APO
C:\Users\MARCEL~1.DES\Desktop\NATURA.lnk - C:\Users\Marcelo.Descio\Documents\EY PROJETOS\NATURA

==== shortcuts in Users Start Menu ======================

C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft\Browser Repair Tool\Browser Repair Tool.lnk - C:\Program Files (x86)\Anvisoft\Browser Repair Tool\BrowserRepairTool.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft\Browser Repair Tool\Uninstall.lnk - C:\Program Files (x86)\Anvisoft\Browser Repair Tool\uninst.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --show-app-list
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft\Browser Repair Tool\Browser Repair Tool.lnk - C:\Program Files (x86)\Anvisoft\Browser Repair Tool\BrowserRepairTool.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Anvisoft\Browser Repair Tool\Uninstall.lnk - C:\Program Files (x86)\Anvisoft\Browser Repair Tool\uninst.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Dropbox.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Dropbox\bin\Dropbox.exe /home
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox\Uninstall Dropbox.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Dropbox\bin\DropboxUninstaller.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --show-app-list
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis\HiJackThis.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk - C:\Users\Marcelo.Descio\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\E&Y Tools\EY Tune Up.lnk - C:\WINDOWS\Installer\{225A28E7-3993-4058-BC1B-EFAD7D7665A4}\Icon225A28E7.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Application Virtualization Client.lnk - C:\Program Files (x86)\Microsoft Application Virtualization Client\SftCMC.msc
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft\Anvi Browser Repair Tool\Anvi Browser Repair Tool.lnk - C:\Program Files (x86)\Anvisoft\Anvi Browser Repair Tool\BrowserRepair.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Anvisoft\Anvi Browser Repair Tool\Uninstall.lnk - C:\Program Files (x86)\Anvisoft\Anvi Browser Repair Tool\Uninstall.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\E&Y Learning\EY Leads\EY Leads.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Inicializador de aplicativos do Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync\Microsoft Lync 2010.lnk - C:\WINDOWS\Installer\{81BE0B17-563B-45D4-B198-5721E6C665CD}\Comm.Ico
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Lync\Microsoft Lync Recording Manager.lnk - C:\WINDOWS\Installer\{81BE0B17-563B-45D4-B198-5721E6C665CD}\ocpubmgr.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPDiag.lnk - C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP\ZHPFix.lnk - C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Default User\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\WINDOWS\system32\control.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\WINDOWS\system32\calc.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Excel 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\WINDOWS\system32\notepad.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VPN Client.lnk - C:\WINDOWS\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A85.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Lotus Notes 8.5.lnk - C:\Lotus\Notes\notes.exe "=C:\Lotus\Notes\notes.ini"
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SAP Logon for Windows.lnk - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\saplogon.exe
C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\WINDOWS\explorer.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk - C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE /recycle
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\7e4dca80246863e3\pinned.lnk - C:\WINDOWS\system32\control.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Calculator.lnk - C:\WINDOWS\system32\calc.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Excel 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Notepad.lnk - C:\WINDOWS\system32\notepad.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\VPN Client.lnk - C:\WINDOWS\Installer\{467D5E81-8349-4892-9E81-C3674ED8E451}\Icon09DB8A85.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Windows Media Player.lnk - C:\Program Files (x86)\Windows Media Player\wmplayer.exe /prefetch:1
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Lotus Notes 8.5.lnk - C:\Lotus\Notes\notes.exe "=C:\Lotus\Notes\notes.ini"
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Excel 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\xlicons.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Outlook 2010.lnk - C:\WINDOWS\Installer\{90140000-0011-0000-0000-0000000FF1CE}\outicon.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\SAP Logon for Windows.lnk - C:\Program Files (x86)\SAP\FrontEnd\SAPgui\saplogon.exe
C:\Users\MARCEL~1.DES\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\WINDOWS\explorer.exe

==== Reset IE Proxy ======================

Value(s) before fix:
"ProxyEnable"=dword:00000001

Value(s) after fix:
"ProxyEnable"=dword:00000000

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcelo.Descio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Marcelo.Descio\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\MARCEL~1.DES\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\MARCEL~1.DES\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Marcelo.Descio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Users\MARCEL~1.DES\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\MARCEL~1.DES\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=17 folders=2 1985430 bytes)

==== Empty Temp Folders ======================

C:\Users\ADMINI~1\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Marcelo.Descio\AppData\Local\Temp will be emptied at reboot
C:\Users\MARCEL~1.DES\AppData\Local\Temp will be emptied at reboot
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\MARCEL~1.DES\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\Marcelo.Descio\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\Users\MARCEL~1.DES\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted
"C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not deleted

==== EOF on 25/07/2014 at 11:39:28,72 ======================
avatar
mdescio
Iniciante
Iniciante

Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por Power Max em Sex 25 Jul 2014, 11:52

Baixe o programa Junkware Removal Tool no link abaixo:
[Você precisa estar registrado e conectado para ver este link.]

Para executar corretamente o programa acima é só seguir as dicas deste tutorial:

Tutorial do Junkware Removal Tool

* Na sua próxima resposta poste o log (relatório) do Junkware Removal Tool que estará salvo em sua área de trabalho com o nome de JRT.txt

Ficamos na espera.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por mdescio em Sex 25 Jul 2014, 12:04

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Enterprise x64
Ran by Marcelo.Descio on 25/07/2014 at 11:53:03,85
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Google [Blacklisted Policy]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 25/07/2014 at 12:03:23,91
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
avatar
mdescio
Iniciante
Iniciante

Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por Power Max em Sex 25 Jul 2014, 12:06

Faça o download do < ZHPDiag > < [Você precisa estar registrado e conectado para ver esta imagem.]> ( ... de Nicolas Coolman )

Obs: Ao acessar o link acima clique no botão Télécharger referente ao ZHPDiag para baixá-lo, tal como mostra a imagem abaixo:

[Você precisa estar registrado e conectado para ver esta imagem.]

Para instalá-lo e executá-lo corretamente siga as dicas deste artigo:

Tutorial de instalação e execução do aplicativo ZHPDiag

* Assim que ele concluir a sua verificação, copie todo o conteúdo do seu relatório ZHPDiag.txt e poste em sua próxima resposta.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por mdescio em Sex 25 Jul 2014, 12:09

~ Relatório do ZHPDiag v2014.7.21.107 - Nicolas Coolman (21/07/2014)
~ Iniciado por Marcelo.Descio (25/07/2014 12:07:56)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Endereço do Webforum : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Enterprise, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Symantec Endpoint Protection v12.1.3001.165
Symantec Endpoint Protection v12.1.3001.165
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader Extended Language Support Font Pack
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 7987 MB (66% free)
System Restore: Activé (Enable)
System drive C: has 47 GB (21%) free of 224 GB

---\\ Modo de conexão ao sistema
~ Computer Name: BR25009069W0
~ User Name: Marcelo.Descio
~ All Users Names: LecheDeVaca, Jobu.Savvy, ITsupport, eypeer-assur,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as User

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marcelo.Descio\AppData\Roaming\
~ %Desktop% : C:\Users\Marcelo.Descio\Desktop\
~ %Favorites% : C:\Users\Marcelo.Descio\Favorites\
~ %LocalAppData% : C:\Users\Marcelo.Descio\AppData\Local\
~ %StartMenu% : C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
B: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
C: Hard drive, Flash drive, Thumb drive (Free 47 Go of 224 Go)
E: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.21/11/2010 - 00:24:11.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.5550345E6C4130091C1E4C5F3EF5CF3A] - (.Microsoft Corporation - Internet Extensions for Win32.) (.06/06/2014 - 23:51:06.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.BDF76C3CE993FFB6214287272708364F] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:41:14.) -- C:\Windows\system32\Drivers\AFD.sys [496640]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/12/2012 - 10:32:39.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/11
~ Mes musiques (My Musics) : 1/4009
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/46
~ Mes Documents (My Documents) : 4/30730
~ Mon Bureau (My Desktop) : 3/1782
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 07s



---\\ Processos lançados
[MD5.94E826672988FBCE0979F7800EB770C9] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [144368] [PID.2780]
[MD5.4456621E53D007C20C8D828A6C737F26] - (.Microsoft Corporation - Microsoft Application Virtualization Deskto.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe [143080] [PID.3272]
[MD5.06602AAC468BFACD8E5344DB0AE3DDD3] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [230912] [PID.6248]
[MD5.B473FF13AE849C1CBD578071040F0114] - (.IBM, Corp - File Monitor.) -- C:\Program Files (x86)\IBM\Places Connectors\DIMon.exe [410048] [PID.6496]
[MD5.6473E577CEF7722E60E931F5D6BFDF3B] - (.Symantec Corporation - PGP Tray.) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe [4195976] [PID.6512]
[MD5.099E24D4FE2ADA03F648B470830BD382] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Marcelo.descio\AppData\Roaming\Dropbox\bin\Dropbox.exe [35464216] [PID.6612]
[MD5.6A1DB1A5456BE0FC38772923C8C51246] - (.Microsoft Corporation - Microsoft SharePoint Workspace.) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.exe [30806208] [PID.6688]
[MD5.E84DA43E726D043CA2DEE71F01DB261A] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [228448] [PID.6732]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.2876]
[MD5.80410248840EAB113CE2A43494A6A292] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8079360] [PID.6976]
[MD5.591A7E5FC4A8121B2ABF4E768B64ABA7] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [527928] [PID.928]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.816]
[MD5.66257CB4E4FB69887CDDC71663741435] - (.Cisco Systems, Inc. - Cisco Systems VPN Client.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [1528616] [PID.1388]
[MD5.E5862D1570052E9C5B54C1A95DC2AC40] - (.Ernst & Young - EYStealthRun.) -- C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe [403968] [PID.2076]
[MD5.C36E4EF3F9EC0CB424F02223B25C8392] - (.Kontiki Inc. - Delivery Manager Service.) -- C:\Program Files (x86)\Kontiki\KService.exe [4860592] [PID.2296]
[MD5.CB9703A18F7EF2B7F11D3A9081C81DCB] - (.IBM - wnsd.) -- C:\Lotus\Notes\nsd.exe [4448256] [PID.2368]
[MD5.B13698034F9162D91DF8E22D3B54BB58] - (.SAP AG - Sap Frontend Software Installation SAPSetup.) -- C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [263536] [PID.2600]
[MD5.3B387E6EABE3AA591A4B37D83E9B5CB1] - (.Symantec Corporation - PGP Universal RDD Client Service.) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [1589528] [PID.2972]
[MD5.1910C04BEFAF5D0CE85763FC700CEB68] - (.GenTechnologies Apps, LLC - Movie Mode Service.) -- C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe [2297200] [PID.3020]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2364]
[MD5.84DBE4108A5C4CABE0333367ABFCC71B] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207080] [PID.3360]
[MD5.A454A9BAA25B8C8E76735DD86BD4B017] - (.Microsoft Corporation - CCM Executive.) -- C:\WINDOWS\SysWOW64\CCM\Ccmexec.exe [764768] [PID.3612]
[MD5.0F1B052FA2A3506C287B271F6D99E101] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523496] [PID.3708]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 13 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe"
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 8 Legitimates Filtered in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notas &vinculadas de OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.a3software.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.adobe.com
O15 - Trusted Zone: [HKCU\...\Domains] *.agenciatributaria.es
O15 - Trusted Zone: [HKCU\...\Domains] *.assets-yammer.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.casso.ca
O15 - Trusted Zone: [HKCU\...\Domains\www] http.castore.ca
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.dofiscal.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.dofiscal.net
O15 - Trusted Zone: [HKCU\...\Domains\www] http.ey-argentina.com.ar
O15 - Trusted Zone: [HKCU\...\Domains] *.eygaait.com
O15 - Trusted Zone: [HKCU\...\Domains] *.eysupplife.com
O15 - Trusted Zone: [HKCU\...\Domains] http.eytaxpro
O15 - Trusted Zone: [HKCU\...\Domains] http.eytaxpron05
O15 - Trusted Zone: [HKCU\...\Domains] http.eytaxpron06
O15 - Trusted Zone: [HKCU\...\Domains] http.fxgs.com.au
O15 - Trusted Zone: [HKCU\...\Domains] *.intellinex.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.irs.gov
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.knotia.ca
O15 - Trusted Zone: [HKCU\...\Domains] *.lexis-nexis.com
O15 - Trusted Zone: [HKCU\...\Domains] *.lexis.com
O15 - Trusted Zone: [HKCU\...\Domains] *.lexisnexis.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.personal-plans.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sage.es
O15 - Trusted Zone: [HKCU\...\Domains] *.sagelogiccontrol.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sagelogiccontrol.es
O15 - Trusted Zone: [HKCU\...\Domains] *.taleo.com
O15 - Trusted Zone: [HKCU\...\Domains] *.taleo.net
O15 - Trusted Zone: [HKCU\...\Domains\www] http.taxnavigator.ca
O15 - Trusted Zone: [HKCU\...\Domains] http.thomsonreuters.com
O15 - Trusted Zone: [HKCU\...\Domains] *.yammer.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpNameServer = 172.26.46.99 172.26.46.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: DhcpDomain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpDomain = br.natura
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpNameServer = 172.26.46.99 172.26.46.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: DhcpDomain = ey.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpDomain = br.natura
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpNameServer = 172.26.46.99 172.26.46.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: DhcpDomain = ey.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpDomain = br.natura
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ey.net,us.na.ey.net,na.ey.net,sa.ey.net,eyua.net,de.eurw.ey.net,pacrim.ey.net,ey.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.26.46.99 172.26.46.100
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: EARSWlNotify . (...) -- EARSWlNotify.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: EY Stealth Runner (EYStealthRun) . (.Ernst & Young - EYStealthRun.) - C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: KService (KService) . (.Kontiki Inc. - Delivery Manager Service.) - C:\Program Files (x86)\Kontiki\KService.exe
O23 - Service: Windows Profile Management Service (PETService) . (.Ernst & Young - PET.Service.) - C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\winpro.exe
O23 - Service: QTSracrj (QTSracrj) . (.GenTechnologies Apps, LLC - Movie Mode Service.) - C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe
O23 - Service: SetPEFilePermissions (SetPEFilePermissions) . (.Ernst & Young - SetPEFilePermissions.) - C:\Program Files (x86)\AAP\ACQ\SetPEFilePermissions.exe
~ Services: 24 Legitimates Filtered in 00mn 10s



---\\ Tarefas planificadas automaticamente (039)
[MD5.45740D0428C2E23DD573B9F139915155] [APT] [ProfileManagerExpiry] (.Ernst & Young.) -- C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\PET.Messages.exe [72704]
[MD5.45740D0428C2E23DD573B9F139915155] [APT] [ProfileManagerWarning] (.Ernst & Young.) -- C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\PET.Messages.exe [72704]
[MD5.2E9E8624E82BC115DC23875BE0D0693F] [APT] [SCCM Health Status Reporter - SYSTEM] (.EY.) -- C:\MAINTENANCE\INSTALLERS\SCCM_HEALTH_STATUS_REPORTER\SCCM_Health_Status_Reporter.exe [117760]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1080]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1084]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateFiles_Marcelo.descio.job [406]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Marcelo.descio [406]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateXML_Marcelo.descio.job [402]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateXML_Marcelo.descio [402]
O39 - APT: - (..) -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Marcelo.descio.job [412]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Marcelo.descio [412]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 02s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\WINDOWS\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: ({5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64) . (. - .) - C:\Windows\System32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64.sys (.not file.)
~ Drivers: 120 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: ACL 9 - (.ACL Software.) [HKLM][64Bits] -- {ADE4FB90-E08A-4EB0-AA3E-893DB26A8E08}
O42 - Logiciel: Audit Analytics Module - (.Ernst & Young.) [HKLM][64Bits] -- {941DD570-0FBA-4CB4-9FCA-83520A0B7AF3}
O42 - Logiciel: Audit Toolbar - (.Ernst & Young.) [HKLM][64Bits] -- {730AE311-40FE-4BA1-9641-7E17491E52A2}
O42 - Logiciel: EY Disclaimer - (.EY.) [HKLM][64Bits] -- {B68F383F-894F-42C7-9FC1-14947B0F7CD5}
O42 - Logiciel: EY Fonts - (.Ernst & Young.) [HKLM][64Bits] -- {4165E07B-DF6C-4715-8AEA-798931302848}
O42 - Logiciel: EY Global Analytics - (.Ernst & Young.) [HKLM][64Bits] -- {8CE085B8-F1F7-4878-923F-E58A1F4B582E}
O42 - Logiciel: EY Global Traval Services - (.E&Y.) [HKLM][64Bits] -- {5C467E39-DAF6-4D74-A8A0-17616F510F6C}
O42 - Logiciel: EY Options - (.Ernst & Young.) [HKLM][64Bits] -- {73CECEAC-446A-4BE4-8FCA-82EE4DE07538}
O42 - Logiciel: EY Random - (.Ernst & Young.) [HKLM][64Bits] -- {F21798D7-1E0B-4045-A5EF-FABA361F3EB9}
O42 - Logiciel: EY Stealth Run - (.Ernst & Young.) [HKLM][64Bits] -- {BB2C243B-BC81-4172-8C4A-F199834AA013}
O42 - Logiciel: EY Tune Up - (.EY.) [HKLM][64Bits] -- {225A28E7-3993-4058-BC1B-EFAD7D7665A4}
O42 - Logiciel: EY Workplace - At Your Service - (.EY.) [HKLM][64Bits] -- {0527509C-2381-48BA-87A0-DBC92A8FFE81}
O42 - Logiciel: EYRC Post Connect Utility - (.Ernst & Young.) [HKLM][64Bits] -- {55FEAD6F-43A4-4335-809F-7799BD3472FD}
O42 - Logiciel: Guardião Banco Itau 3.4.2.0 - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Kontiki Media Manager - (.Kontiki.) [HKLM][64Bits] -- {6E303EF2-FEBF-4B55-9380-83CA3AB0EB47}
O42 - Logiciel: Mtsorts - (.Ernst & Young.) [HKLM][64Bits] -- {D6ECC26F-3B07-4F44-B70D-C9E491A05C6F}
O42 - Logiciel: MyAppMarket - (.Ernst & Young.) [HKLM][64Bits] -- {40F39C17-753A-41E4-9C92-3ED7C901946D}
O42 - Logiciel: Privilege Elevation Tool - (.Ernst & Young.) [HKLM][64Bits] -- {51B91DFD-DB44-4409-AE49-B126C9772F9D}
O42 - Logiciel: Resolver Ballot 6.0.11 NA - (.Resolver Inc..) [HKLM][64Bits] -- {B48795E5-6F0D-42F0-BCB8-CC30B1AA2AE3}
O42 - Logiciel: SCCM Health Status Tool - (.EY.) [HKLM][64Bits] -- {EB9D0A36-A693-40E0-8B9C-3C589DC60E66}
O42 - Logiciel: Sampling Assistant - (.Ernst & Young.) [HKLM][64Bits] -- {929196FF-81EC-45EF-89F6-E317FF12ACE7}
O42 - Logiciel: TValue 5.11 - (..) [HKLM][64Bits] -- {169531B9-10F4-44D3-A380-36CB19A7BAA0}
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM][64Bits] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: gT&E - (.Ernst & Young.) [HKLM][64Bits] -- {9CD4B827-2A6B-4614-8244-4D7139FA7510}
~ Logic: 32 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Baidu Security]
[HKCU\Software\Ernst & Young]
[HKCU\Software\GbAs]
[HKCU\Software\MK Net.Work S.A.]
[HKCU\Software\Paisley]
[HKLM\Software\Baidu Security]
[HKLM\Software\Encryption Anywhere]
[HKLM\Software\Ernst & Young]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Ernst & Young]
[HKLM\Software\Wow6432Node\Kontiki]
[HKLM\Software\Wow6432Node\Paisley]
[HKLM\Software\Wow6432Node\SysNet]
~ Key Software: 285 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/09/2013 - 19:15:00 - [] ----D C:\Program Files (x86)\AAP
O43 - CFD: 23/07/2014 - 10:57:05 - [] ----D C:\Program Files (x86)\EMET 4.0
O43 - CFD: 22/07/2014 - 08:34:24 - [] ----D C:\Program Files (x86)\Ernst & Young
O43 - CFD: 23/07/2014 - 08:51:07 - [] ----D C:\Program Files (x86)\EY
O43 - CFD: 10/09/2013 - 19:44:31 - [] ----D C:\Program Files (x86)\EY Random
O43 - CFD: 10/09/2013 - 19:03:32 - [] ----D C:\Program Files (x86)\EYDecrypter
O43 - CFD: 23/07/2014 - 13:17:16 - [] ----D C:\Program Files (x86)\EYMIFGen
O43 - CFD: 16/01/2014 - 10:28:23 - [] ----D C:\Program Files (x86)\EYRCRoute
O43 - CFD: 11/09/2013 - 15:49:03 - [] ----D C:\Program Files (x86)\Groove Networks
O43 - CFD: 14/02/2014 - 08:19:58 - [] ----D C:\Program Files (x86)\Kontiki
O43 - CFD: 10/09/2013 - 19:48:00 - [] ----D C:\Program Files (x86)\Paisley
O43 - CFD: 23/07/2014 - 10:57:05 - [] ----D C:\Program Files (x86)\PWatch
O43 - CFD: 10/09/2013 - 19:47:39 - [] ----D C:\Program Files (x86)\Resolver
O43 - CFD: 22/10/2013 - 12:31:45 - [] ----D C:\Program Files (x86)\TempFolder
O43 - CFD: 21/12/2013 - 09:48:58 - [] ----D C:\Program Files (x86)\Time Tracker
O43 - CFD: 10/09/2013 - 19:03:50 - [] ----D C:\Program Files (x86)\TValue5
O43 - CFD: 20/01/2014 - 09:38:45 - [] ----D C:\Program Files (x86)\Vivo
O43 - CFD: 20/01/2014 - 09:40:54 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 19/03/2014 - 14:31:06 - [] ----D C:\ProgramData\AAP
O43 - CFD: 09/11/2013 - 15:24:48 - [] ----D C:\ProgramData\Ernst & Young
O43 - CFD: 03/06/2014 - 17:42:11 - [] ----D C:\ProgramData\ETDArchiveLog
O43 - CFD: 11/09/2013 - 09:08:52 - [] ----D C:\ProgramData\EY Global Analytics
O43 - CFD: 11/04/2014 - 09:01:40 - [] ----D C:\ProgramData\EYRCRoute
O43 - CFD: 24/01/2014 - 09:11:56 - [] ----D C:\ProgramData\GAMx
O43 - CFD: 25/07/2014 - 12:08:15 - [] ----D C:\ProgramData\Kontiki
O43 - CFD: 16/07/2014 - 16:35:12 - [] ----D C:\ProgramData\MpZjOUOVZRA
O43 - CFD: 19/11/2013 - 09:43:00 - [] ----D C:\Users\Marcelo.Descio\AppData\Roaming\Paisley
O43 - CFD: 04/02/2014 - 08:35:05 - [] ----D C:\Users\Marcelo.Descio\AppData\Roaming\VIVO INTERNET
O43 - CFD: 20/01/2014 - 10:02:46 - [] ----D C:\Users\Marcelo.Descio\AppData\Local\Ernst & Young
O43 - CFD: 25/07/2014 - 11:06:33 - [] ----D C:\Users\Marcelo.Descio\AppData\Local\MovieMode =>PUP.MovieMode
~ Program Folder: 174 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.6D6905B8CA57FC8321941AEC0AB816B7] - 22/07/2014 - 16:27:02 ---A- . (...) -- C:\zoek-results2014-07-22-192702.log [22421]
O44 - LFC:[MD5.903D49D14D5F8AA32208B9DBF036EC9C] - 24/07/2014 - 12:19:48 ---A- . (...) -- C:\Windows\System32\GEProxyLocator.log [80526]
O44 - LFC:[MD5.CC7AA7B42CF418FC3D926913490048F8] - 25/07/2014 - 11:18:43 ---A- . (...) -- C:\Windows\zoek-delete.exe [24064]
O44 - LFC:[MD5.13AF86A7BC2C0AC5180B30447B3B5693] - 25/07/2014 - 11:38:51 ---A- . (...) -- C:\Windows\SMSCFG.INI [497]
O44 - LFC:[MD5.3685843BF013306837E924AACE757C69] - 25/07/2014 - 11:39:28 ---A- . (...) -- C:\zoek-results.log [22521]
~ Files: 39 Legitimates Filtered in 00mn 01s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=3
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=1
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=1
O55 - MWPS:[HKLM\...\Policies\System] - "disablecad"=1
O55 - MWPS:[HKLM\...\Policies\System] - "DefaultLogonDomain"=1
~ MWPS: 20 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoInternetIcon"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "ClearRecentProgForNewUserInStartMenu"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "DisallowCpl"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=2
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoPublishingWizard"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoWebServices"=1
~ MWPE Keys: 13 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:23/03/2010 - 13:29:46 ---A- . (...) -- C:\Windows\System32\Drivers\CVPNDRVA.sys [304784]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:08/10/2010 - 15:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:06/08/2010 - 06:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:26/10/2009 - 15:52:00 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspe64.sys [61952]
O58 - SDL:28/09/2009 - 17:46:00 ---A- . (.REDC - RICOH PCIe XD Driver.) -- C:\Windows\System32\Drivers\rixdpe64.sys [55808]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:12/03/2014 - 08:36:03 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 103 Legitimates Filtered in 00mn 09s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s



---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 09/05/2014 - C:\ProgramData\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Data\Definitions\BASHDefs\20140703.011\BHDrvx64.sys (BHDrvx64) .(.Symantec Corporation - BASH Driver.) - LEGACY_BHDRVX64
O64 - Services: CurCS - 29/04/2009 - C:\Windows\System32\DRIVERS\XAudio64.sys (XAudio) .(.Conexant Systems, Inc. - Modem Audio Device Driver.) - LEGACY_XAUDIO
~ Legacy: 112 Legitimates Filtered in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D39345C629A76F6128349610730B8FD9] [SPRF][09/10/2013] (...) -- C:\Users\Marcelo.Descio\AppData\Roaming\unins000.dat [11573]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 29/06/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/05/2014 102400 | (EY Tune Up Service) . (.EY.) - C:\Program Files (x86)\Ernst & Young\EY Tune Up\EYTuneUpService.exe
SS - | Disabled 16/09/2011 62856 | (Lotus Notes Single Logon) . (.IBM Corp.) - C:\Lotus\Notes\nslsvice.exe
SS - | Demand 20/11/2012 69632 | (OnDemandService) . (.Ernst & Young.) - C:\Program Files (x86)\Ernst & Young\OnDemand\RunSCCMAdvert\OnDemandService.exe
SS - | Demand 01/11/2013 122880 | (SCCMHealthStatusService) . (.EY.) - C:\Program Files\EY\SCCM Health Status Tool\Service\SCCM_Health_Status_Service.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 06/09/2012 46984 | (TPHDEXLGSVC) . (.Lenovo..) - C:\Windows\System32\TPHDEXLG64.exe
SS - | Disabled 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 23/03/2010 1528616 | (CVPND) . (.Cisco Systems, Inc..) - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
SR - | Auto 11/10/2013 9281840 | (DisplayLinkService) . (.DisplayLink Corp..) - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
SR - | Auto 19/10/2012 364704 | (EAFRCliManager) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe
SR - | Auto 23/08/2012 629040 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 05/08/2013 403968 | (EYStealthRun) . (.Ernst & Young.) - C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe
SR - | Auto 05/05/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 13/07/2009 27136 | C:\WINDOWS\SysWOW64\XAudio64.dll (HsfXAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 16/11/2010 339456 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 11/04/2012 47440 | (IBMPMSVC) . (.Lenovo..) - C:\Windows\System32\ibmpmsvc.exe
SR - | Auto 04/09/2013 4860592 | (KService) . (.Kontiki Inc..) - C:\Program Files (x86)\Kontiki\KService.exe
SR - | Auto 10/09/2013 4448256 | (Lotus Notes Diagnostics) . (.IBM.) - C:\Lotus\Notes\nsd.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/09/2011 510536 | (NgVpnMgr) . (.Aventail Corporation.) - C:\WINDOWS\system32\ngvpnmgr.exe
SR - | Auto 25/02/2010 263536 | (NWSAPAutoWorkstationUpdateSvc) . (.SAP AG.) - C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
SR - | Auto 23/11/2012 49664 | (PETService) . (.Ernst & Young.) - C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\winpro.exe
SR - | Auto 01/02/2013 1589528 | (PGP RDD Service) . (.Symantec Corporation.) - C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 07/06/2014 2297200 | (QTSracrj) . (.GenTechnologies Apps, LLC.) - C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 23/08/2012 149296 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 19/10/2012 2772640 | (RemovableStorageService) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\RemovableStorageService.exe
SR - | Auto 19/10/2012 16544 | (RSMgmtSrvc) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\RemovableStorageMgmtService.exe
SR - | Auto 25/05/2013 144368 | (SepMasterService) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
SR - | Auto 23/07/2012 12800 | (SetPEFilePermissions) . (.Ernst & Young.) - C:\Program Files (x86)\AAP\ACQ\SetPEFilePermissions.exe
SR - | Demand 25/05/2013 2316184 | (SmcService) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
SR - | Auto 25/05/2013 334736 | (SNAC) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 23/08/2012 3342640 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 07s



---\\ Scâner Aditional (088)
Database Version : 13026 - (21/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

C:\Users\Marcelo.Descio\AppData\Local\MovieMode =>PUP.MovieMode^
~ Additionnel Scan: 337059 Items scanned in 00mn 21s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Browser Helper Objects do navegador (02)
~ AMI: 3 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 867 Legitimates filtered by white list
End of the scan (552 lines in 01mn 15s)(0)
avatar
mdescio
Iniciante
Iniciante

Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por Power Max em Sex 25 Jul 2014, 13:14

 Há programas desnecessários iniciando junto com o Windows, o que torna o seu PC mais lento. Para corrigir isto, siga as dicas deste tutorial:

Escolhendo Programas que Iniciam com o PC

De preferência deixe apenas os programas de segurança (anti-vírus/anti-spywares/firewall) iniciarem junto com o Windows.

Use também o programa Ccleaner, indicado neste tutorial acima, para fazer uma limpeza e otimização do PC.
_______________________________________________________________________________________

Desative temporariamente seu antivírus para evitar conflitos.

*Clique com o botão direito do mouse no Zoek.exe e selecione [Você precisa estar registrado e conectado para ver esta imagem.]

* Selecione e copie todo este texto destacado em vermelho que te passei e cole-o no espaço em branco do Zoek.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta juntamente com o log do Zoek que estará em C:\zoek-results.txt


Última edição por Power Max em Sab 26 Jul 2014, 20:05, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por mdescio em Sex 25 Jul 2014, 14:34


Zoek.exe v5.0.0.0 Updated 24-07-2014
Tool run by Marcelo.Descio on 25/07/2014 at 14:24:47,12.
Microsoft Windows 7 Enterprise 6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Marcelo.Descio\Downloads\zoek.exe [Scan all users] [Script inserted]

==== Older Logs ======================

C:\zoek-results2014-07-22-192702.log 22421 bytes
C:\zoek-results2014-07-25-143928.log 22521 bytes

==== VirusTotal Scan ======================

C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Marcelo.descio.job not found
C:\Windows\System32\Tasks\ReclaimerUpdateXML_Marcelo.descio.job not found
C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Marcelo.descio.job not found
C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\winpro.exe [Você precisa estar registrado e conectado para ver este link.]
C:\Program Files (x86)\AAP\ACQ\SetPEFilePermissions.exe [Você precisa estar registrado e conectado para ver este link.]
C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\PET.Messages.exe [Você precisa estar registrado e conectado para ver este link.]
C:\MAINTENANCE\INSTALLERS\SCCM_HEALTH_STATUS_REPORTER\SCCM_Health_Status_Reporter.exe [Você precisa estar registrado e conectado para ver este link.]
C:\Windows\Tasks\ReclaimerUpdateFiles_Marcelo.Descio.job [Você precisa estar registrado e conectado para ver este link.]
C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Marcelo.Descio [Você precisa estar registrado e conectado para ver este link.]
C:\Windows\Tasks\ReclaimerUpdateXML_Marcelo.Descio.job [Você precisa estar registrado e conectado para ver este link.]
C:\Windows\System32\Tasks\ReclaimerUpdateXML_Marcelo.Descio [Você precisa estar registrado e conectado para ver este link.]
C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Marcelo.Descio.job [Você precisa estar registrado e conectado para ver este link.]
C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Marcelo.Descio [Você precisa estar registrado e conectado para ver este link.]

==== C:\zoek_backup content ======================

C:\zoek_backup (files=17 folders=2 1985430 bytes)

==== EOF on 25/07/2014 at 14:27:00,29 ======================








Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Marcelo.Descio at 25/07/2014 13:18:10
High Elevated Privileges : OK
Windows 7 Enterprise Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ: Service: QTSracrj
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: {5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINA REINICIAR: c:\programdata\mpzjouovzra\qtsracrj.exe
ELIMINÉ Temporários windows (125) (3.448.622 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Nenhum ponto de restauro do sistema foi criado


========== Recapitulativo ==========
9 : Chaves do Registo
1 : Pastas
3 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 06s

========== Caminho do ficheiro do relatório ==========
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R10].txt - 23/07/2014 11:30:22 [1465]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R11].txt - 23/07/2014 11:32:16 [1386]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R12].txt - 23/07/2014 11:45:03 [1618]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R13].txt - 25/07/2014 10:30:35 [1708]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R14].txt - 25/07/2014 10:31:51 [1656]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R15].txt - 25/07/2014 10:34:24 [2165]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R16].txt - 25/07/2014 10:35:05 [1921]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R17].txt - 25/07/2014 10:35:58 [2610]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R18].txt - 25/07/2014 10:37:24 [2442]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R1].txt - 23/07/2014 09:28:49 [1265]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R2].txt - 23/07/2014 09:34:36 [5183]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R3].txt - 23/07/2014 10:40:30 [807]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R4].txt - 23/07/2014 10:40:42 [1028]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R5].txt - 23/07/2014 10:40:49 [1221]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R6].txt - 23/07/2014 10:48:26 [2402]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R7].txt - 23/07/2014 10:55:50 [4206]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R8].txt - 23/07/2014 11:05:01 [1957]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R9].txt - 23/07/2014 11:21:46 [1439]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R19].txt - 25/07/2014 13:18:11 [2837]


avatar
mdescio
Iniciante
Iniciante

Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por Power Max em Sex 25 Jul 2014, 14:37

Reinicie o PC.
____________________________________

Depois de ter reiniciado, faça o seguinte:

Abra novamente o ( ZHPDiag )

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique "SEARCH" ou "PESQUISAR" e aguarde a conclusão.

[Você precisa estar registrado e conectado para ver esta imagem.]

|- Clique OK e, ao concluir, poste o relatório ZHPDiag.txt

[Você precisa estar registrado e conectado para ver esta imagem.]

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por mdescio em Sex 25 Jul 2014, 14:40

~ Relatório do ZHPDiag v2014.7.21.107 - Nicolas Coolman (21/07/2014)
~ Iniciado por Marcelo.Descio (25/07/2014 14:39:00)
~ Endereço do Website : [Você precisa estar registrado e conectado para ver este link.]
~ Endereço do Webforum : [Você precisa estar registrado e conectado para ver este link.]
~ Tradução pelo utilizador
~ Estatuto da versão : Nova Versão disponivel
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Activate by user


---\\ Navegadores Internet
MSIE: Internet Explorer v9.0.8112.16421 (Defaut)

---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Enterprise, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, VOLUME_KMSCLIENT channel
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK

---\\ Softwares de proteçao do sistema
Symantec Endpoint Protection v12.1.3001.165
Symantec Endpoint Protection v12.1.3001.165
Windows Defender W7 (Activate)

---\\ Softwares d'optimização do sistema

---\\ Softwares de partilha do PeerToPeer (P2P)

---\\ Monitoramento dos softwares
Adobe Flash Player 14 Plugin
Adobe Reader Extended Language Support Font Pack
Java 7 Update 45

---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 7987 MB (56% free)
System Restore: Activé (Enable)
System drive C: has 47 GB (21%) free of 224 GB

---\\ Modo de conexão ao sistema
~ Computer Name: BR25009069W0
~ User Name: Marcelo.Descio
~ All Users Names: LecheDeVaca, Jobu.Savvy, ITsupport, eypeer-assur,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as User

---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Marcelo.Descio\AppData\Roaming\
~ %Desktop% : C:\Users\Marcelo.Descio\Desktop\
~ %Favorites% : C:\Users\Marcelo.Descio\Favorites\
~ %LocalAppData% : C:\Users\Marcelo.Descio\AppData\Local\
~ %StartMenu% : C:\Users\Marcelo.Descio\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\

---\\ Enumeração das unidades dos discos
B: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
C: Hard drive, Flash drive, Thumb drive (Free 47 Go of 224 Go)
E: CD-ROM drive (Not Inserted)



---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
[HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced] Start_ShowMyGames: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s



---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.21/11/2010 - 00:24:11.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 22:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.5550345E6C4130091C1E4C5F3EF5CF3A] - (.Microsoft Corporation - Internet Extensions for Win32.) (.06/06/2014 - 23:51:06.) -- C:\Windows\System32\wininet.dll [1392128]
[MD5.1151B1BAA6F350B1DB6598E0FEA7C457] - (.Microsoft Corporation - Windows Logon Application.) (.21/11/2010 - 00:24:29.) -- C:\Windows\System32\Winlogon.exe [390656]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.21/11/2010 - 00:24:16.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.BDF76C3CE993FFB6214287272708364F] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.30/05/2014 - 03:41:14.) -- C:\Windows\system32\Drivers\AFD.sys [496640]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 22:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 20:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 20:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 21:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.07/12/2012 - 10:32:39.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.21/11/2010 - 00:23:51.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 11:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 21:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.21/11/2010 - 00:24:33.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.21/11/2010 - 00:25:07.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 21:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.21/11/2010 - 00:24:32.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.21/11/2010 - 00:23:47.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s



---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/11
~ Mes musiques (My Musics) : 1/4009
~ Mes Videos (My Videos) : 1/3
~ Mes Favoris (My Favorites) : 1/46
~ Mes Documents (My Documents) : 4/30730
~ Mon Bureau (My Desktop) : 3/1784
~ Menu demarrer (Programs) : 1/32
~ Hidden Files: Scanned in 00mn 08s



---\\ Processos lançados
[MD5.94E826672988FBCE0979F7800EB770C9] - (.Symantec Corporation - Symantec Service Framework.) -- C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe [144368] [PID.2780]
[MD5.4456621E53D007C20C8D828A6C737F26] - (.Microsoft Corporation - Microsoft Application Virtualization Deskto.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe [143080] [PID.3272]
[MD5.06602AAC468BFACD8E5344DB0AE3DDD3] - (.Huawei Technologies Co., Ltd. - DataCardMonitor MFC Application.) -- C:\ProgramData\DatacardService\DCSHelper.exe [230912] [PID.6248]
[MD5.B473FF13AE849C1CBD578071040F0114] - (.IBM, Corp - File Monitor.) -- C:\Program Files (x86)\IBM\Places Connectors\DIMon.exe [410048] [PID.6496]
[MD5.6473E577CEF7722E60E931F5D6BFDF3B] - (.Symantec Corporation - PGP Tray.) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\PGPtray.exe [4195976] [PID.6512]
[MD5.099E24D4FE2ADA03F648B470830BD382] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Marcelo.descio\AppData\Roaming\Dropbox\bin\Dropbox.exe [35464216] [PID.6612]
[MD5.6A1DB1A5456BE0FC38772923C8C51246] - (.Microsoft Corporation - Microsoft SharePoint Workspace.) -- C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.exe [30806208] [PID.6688]
[MD5.E84DA43E726D043CA2DEE71F01DB261A] - (.Microsoft Corporation - Microsoft OneNote Quick Launcher.) -- C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.exe [228448] [PID.6732]
[MD5.A80C173AC5C75706BB74AE4D78F2A53D] - (.Microsoft Corporation - Windows Media Player.) -- C:\Program Files (x86)\Windows Media Player\wmplayer.exe [164864] [PID.3292]
[MD5.D2383BEF4DC65F5A301B84F29D2A09D1] - (.Microsoft Corporation - Microsoft Lync 2010.) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe [12117312] [PID.2792]
[MD5.A09D272AA5C4CE836C5347EA36210FEA] - (.Microsoft Corporation - Microsoft Outlook.) -- C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.exe [15997608] [PID.1204]
[MD5.A5FCD42334CCC682DA1882A54338686C] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488] [PID.6488]
[MD5.90410140466400F345B1AEC7314441A5] - (.SAP, Walldorf - SAP Logon for Windows.) -- C:\Program Files (x86)\SAP\FrontEnd\SAPgui\saplogon.exe [1031488] [PID.8960]
[MD5.0F144ECA8CFEC8882A3809D176886255] - (.Microsoft Corporation - Microsoft PowerPoint.) -- C:\Program Files (x86)\Microsoft Office\Office14\POWERPNT.exe [2162024] [PID.8720]
[MD5.9E0DB699737D8775F8E3FDB9C0C5E96E] - (.Microsoft Corporation - Microsoft Excel.) -- C:\Program Files (x86)\Microsoft Office\Office14\EXCEL.exe [20394144] [PID.4188]
[MD5.80410248840EAB113CE2A43494A6A292] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8079360] [PID.3500]
[MD5.591A7E5FC4A8121B2ABF4E768B64ABA7] - (.GAS Tecnologia - G-Buster Browser Defense - Service.) -- C:\Program Files (x86)\GbPlugin\gbpsv.exe [527928] [PID.928]
[MD5.72551A9AE5F68905DFC3CBA0D5242566] - (.Microsoft Corporation - Updates Skype Click to Call.) -- C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720] [PID.816]
[MD5.66257CB4E4FB69887CDDC71663741435] - (.Cisco Systems, Inc. - Cisco Systems VPN Client.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe [1528616] [PID.1388]
[MD5.E5862D1570052E9C5B54C1A95DC2AC40] - (.Ernst & Young - EYStealthRun.) -- C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe [403968] [PID.2076]
[MD5.C36E4EF3F9EC0CB424F02223B25C8392] - (.Kontiki Inc. - Delivery Manager Service.) -- C:\Program Files (x86)\Kontiki\KService.exe [4860592] [PID.2296]
[MD5.CB9703A18F7EF2B7F11D3A9081C81DCB] - (.IBM - wnsd.) -- C:\Lotus\Notes\nsd.exe [4448256] [PID.2368]
[MD5.B13698034F9162D91DF8E22D3B54BB58] - (.SAP AG - Sap Frontend Software Installation SAPSetup.) -- C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe [263536] [PID.2600]
[MD5.3B387E6EABE3AA591A4B37D83E9B5CB1] - (.Symantec Corporation - PGP Universal RDD Client Service.) -- C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe [1589528] [PID.2972]
[MD5.1910C04BEFAF5D0CE85763FC700CEB68] - (.GenTechnologies Apps, LLC - Movie Mode Service.) -- C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe [2297200] [PID.3020]
[MD5.96EFEC24346A8EB1157E80523079ADDC] - (...) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056] [PID.2364]
[MD5.84DBE4108A5C4CABE0333367ABFCC71B] - (.Microsoft Corporation - Microsoft Application Virtualization Virtua.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [207080] [PID.3360]
[MD5.A454A9BAA25B8C8E76735DD86BD4B017] - (.Microsoft Corporation - CCM Executive.) -- C:\WINDOWS\SysWOW64\CCM\Ccmexec.exe [764768] [PID.3612]
[MD5.0F1B052FA2A3506C287B271F6D99E101] - (.Microsoft Corporation - Microsoft Application Virtualization Client.) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [523496] [PID.3708]
~ Processes Running: Scanned in 00mn 00s



---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Preferences
G2 - GCE: Preference [User Data\Default] [ahfgeienlihckogmohjhadlkjgocpleb] Loja v.0.2 (Activé)
G2 - GCE: Preference [User Data\Default] [neajdppkdcdipfabeoofebfddakdcjhd] Google Network Speech v.1.0 (Activé)
G2 - GCE: Preference [User Data\Default] [pafkbggdmjlpgkdkcbjmhmfcdpncadgh] Google Now v.1.2.0.1 (Activé)

---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 13 Legitimates Filtered in 00mn 01s



---\\ Internet Explorer, Arranque, Pesquisa, URLSearchHook( gancho de URL), Phishing (R0,R1,R3,R4)
R0 - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [Você precisa estar registrado e conectado para ver este link.]
~ IE Browser: 17 Legitimates Filtered in 00mn 00s



---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyHttp1.1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
R5 - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
~ Proxy management: Scanned in 00mn 00s



---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftdcc.exe"
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s



---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hosts est sain (The hosts file is clean).
~ Hosts File: Scanned in 00mn 00s
~ Nombre de lignes (Lines number): 21



---\\ Browser Helper Objects do navegador (02)
O2 - BHO: G-Buster Browser Defense Itaú Unibanco [64Bits] - {C41A1C0E-EA6C-11D4-B1B8-444553540008} . (.Banco Itaú Unibanco - Gbieh Module.) -- C:\Program Files (x86)\GbPlugin\gbiehuni.dll
~ BHO: 8 Legitimates Filtered in 00mn 00s



---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Wow6432Node\Run: [Communicator] . (.Microsoft Corporation - Microsoft Lync 2010.) -- C:\Program Files (x86)\Microsoft Lync\communicator.exe
~ Application: Scanned in 00mn 00s



---\\ Boutões da barra de ferramentas principal do Internet Explorer (09)
O9 - Extra button: Se&nd to OneNote [64Bits] - {2670000A-7350-4f3c-8081-5663EE0C6C49} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBttnIE.dll =>.Microsoft Corporation
O9 - Extra button: Notas &vinculadas de OneNote [64Bits] - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} . (.Microsoft Corporation - Microsoft OneNote Internet Explorer Add-in.) -- C:\Program Files (x86)\MICROS~1\Office14\ONBTTN~1.dll =>.Microsoft Corporation
O9 - Extra button: Skype Click to Call [64Bits] - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} . (...) -- c:\program files (x86)\skype\toolbars\internet explorer x64\icon.ico
~ IE Extra Buttons: Scanned in 00mn 00s



---\\ Site na zona confiavél do Internet Explorer (05)
O15 - Trusted Zone: [HKCU\...\Domains\www] http.a3software.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.adobe.com
O15 - Trusted Zone: [HKCU\...\Domains] *.agenciatributaria.es
O15 - Trusted Zone: [HKCU\...\Domains] *.assets-yammer.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.casso.ca
O15 - Trusted Zone: [HKCU\...\Domains\www] http.castore.ca
O15 - Trusted Zone: [HKCU\...\Domains] *.dell.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.dofiscal.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.dofiscal.net
O15 - Trusted Zone: [HKCU\...\Domains\www] http.ey-argentina.com.ar
O15 - Trusted Zone: [HKCU\...\Domains] *.eygaait.com
O15 - Trusted Zone: [HKCU\...\Domains] *.eysupplife.com
O15 - Trusted Zone: [HKCU\...\Domains] http.eytaxpro
O15 - Trusted Zone: [HKCU\...\Domains] http.eytaxpron05
O15 - Trusted Zone: [HKCU\...\Domains] http.eytaxpron06
O15 - Trusted Zone: [HKCU\...\Domains] http.fxgs.com.au
O15 - Trusted Zone: [HKCU\...\Domains] *.intellinex.com
O15 - Trusted Zone: [HKCU\...\Domains\www] http.irs.gov
O15 - Trusted Zone: [HKCU\...\Domains] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] *.itau.com.br
O15 - Trusted Zone: [HKCU\...\Domains\www] http.knotia.ca
O15 - Trusted Zone: [HKCU\...\Domains] *.lexis-nexis.com
O15 - Trusted Zone: [HKCU\...\Domains] *.lexis.com
O15 - Trusted Zone: [HKCU\...\Domains] *.lexisnexis.com
O15 - Trusted Zone: [HKCU\...\Domains\www] *.personal-plans.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sage.es
O15 - Trusted Zone: [HKCU\...\Domains] *.sagelogiccontrol.com
O15 - Trusted Zone: [HKCU\...\Domains] *.sagelogiccontrol.es
O15 - Trusted Zone: [HKCU\...\Domains] *.taleo.com
O15 - Trusted Zone: [HKCU\...\Domains] *.taleo.net
O15 - Trusted Zone: [HKCU\...\Domains\www] http.taxnavigator.ca
O15 - Trusted Zone: [HKCU\...\Domains] http.thomsonreuters.com
O15 - Trusted Zone: [HKCU\...\Domains] *.yammer.com
~ IE Zone Confiance: Scanned in 00mn 00s



---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: NameServer = 199.52.242.242 199.49.100.12
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpNameServer = 172.26.46.99 172.26.46.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: DhcpDomain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpDomain = br.natura
O17 - HKLM\System\CCS\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: Domain = ey.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: NameServer = 199.52.242.242 199.49.100.12
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpNameServer = 172.26.46.99 172.26.46.100
O17 - HKLM\System\CS1\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: DhcpDomain = ey.net
O17 - HKLM\System\CS1\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpDomain = br.natura
O17 - HKLM\System\CS1\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: Domain = ey.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpNameServer = 172.26.46.99 172.26.46.100
O17 - HKLM\System\CS2\Services\Tcpip\..\{1081C8B1-096B-4F0B-862D-5EBCC67EA35A}: DhcpDomain = ey.net
O17 - HKLM\System\CS2\Services\Tcpip\..\{A0E673CC-D1BD-4609-BD71-D375A681C556}: DhcpDomain = br.natura
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ey.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = ey.net,us.na.ey.net,na.ey.net,sa.ey.net,eyua.net,de.eurw.ey.net,pacrim.ey.net,ey.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 172.26.46.99 172.26.46.100
~ Domain: Scanned in 00mn 00s



---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807573E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s



---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: EARSWlNotify . (...) -- EARSWlNotify.dll
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s



---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: EY Stealth Runner (EYStealthRun) . (.Ernst & Young - EYStealthRun.) - C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe
O23 - Service: Gbp Service (GbpSv) . (.GAS Tecnologia - G-Buster Browser Defense - Service.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
O23 - Service: HWDeviceService64.exe (HWDeviceService64.exe) . (.No owner - DCSHOST.) - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: KService (KService) . (.Kontiki Inc. - Delivery Manager Service.) - C:\Program Files (x86)\Kontiki\KService.exe
O23 - Service: Windows Profile Management Service (PETService) . (.Ernst & Young - PET.Service.) - C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\winpro.exe
O23 - Service: SetPEFilePermissions (SetPEFilePermissions) . (.Ernst & Young - SetPEFilePermissions.) - C:\Program Files (x86)\AAP\ACQ\SetPEFilePermissions.exe
~ Services: 23 Legitimates Filtered in 00mn 10s



---\\ Tarefas planificadas automaticamente (039)
[MD5.45740D0428C2E23DD573B9F139915155] [APT] [ProfileManagerExpiry] (.Ernst & Young.) -- C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\PET.Messages.exe [72704]
[MD5.45740D0428C2E23DD573B9F139915155] [APT] [ProfileManagerWarning] (.Ernst & Young.) -- C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\PET.Messages.exe [72704]
[MD5.2E9E8624E82BC115DC23875BE0D0693F] [APT] [SCCM Health Status Reporter - SYSTEM] (.EY.) -- C:\MAINTENANCE\INSTALLERS\SCCM_HEALTH_STATUS_REPORTER\SCCM_Health_Status_Reporter.exe [117760]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1080]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1084]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateFiles_Marcelo.descio.job [406]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateFiles_Marcelo.descio [406]
O39 - APT: - (..) -- C:\Windows\Tasks\ReclaimerUpdateXML_Marcelo.descio.job [402]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\ReclaimerUpdateXML_Marcelo.descio [402]
O39 - APT: - (..) -- C:\Windows\Tasks\RNUpgradeHelperLogonPrompt_Marcelo.descio.job [412]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\RNUpgradeHelperLogonPrompt_Marcelo.descio [412]
~ Scheduled Task: 19 Legitimates Filtered in 00mn 02s



---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (Bfilter) . (. - .) - C:\WINDOWS\system32\drivers\Bfilter.sys (.not file.)
O41 - Driver: (Bfmon) . (. - .) - C:\WINDOWS\system32\drivers\Bfmon.sys (.not file.)
O41 - Driver: (Bnbase) . (. - .) - C:\Windows\System32\drivers\bnbasex64.sys (.not file.)
O41 - Driver: (Bndef) . (. - .) - C:\WINDOWS\system32\drivers\bndef64.sys (.not file.)
O41 - Driver: (Bprotect) . (. - .) - C:\WINDOWS\system32\drivers\Bprotect.sys (.not file.)
O41 - Driver: ({5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64) . (. - .) - C:\Windows\System32\drivers\{5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64.sys (.not file.)
~ Drivers: 108 Legitimates Filtered in 00mn 00s



---\\ Software instalados (042)
O42 - Logiciel: ACL 9 - (.ACL Software.) [HKLM][64Bits] -- {ADE4FB90-E08A-4EB0-AA3E-893DB26A8E08}
O42 - Logiciel: Audit Analytics Module - (.Ernst & Young.) [HKLM][64Bits] -- {941DD570-0FBA-4CB4-9FCA-83520A0B7AF3}
O42 - Logiciel: Audit Toolbar - (.Ernst & Young.) [HKLM][64Bits] -- {730AE311-40FE-4BA1-9641-7E17491E52A2}
O42 - Logiciel: EY Disclaimer - (.EY.) [HKLM][64Bits] -- {B68F383F-894F-42C7-9FC1-14947B0F7CD5}
O42 - Logiciel: EY Fonts - (.Ernst & Young.) [HKLM][64Bits] -- {4165E07B-DF6C-4715-8AEA-798931302848}
O42 - Logiciel: EY Global Analytics - (.Ernst & Young.) [HKLM][64Bits] -- {8CE085B8-F1F7-4878-923F-E58A1F4B582E}
O42 - Logiciel: EY Global Traval Services - (.E&Y.) [HKLM][64Bits] -- {5C467E39-DAF6-4D74-A8A0-17616F510F6C}
O42 - Logiciel: EY Options - (.Ernst & Young.) [HKLM][64Bits] -- {73CECEAC-446A-4BE4-8FCA-82EE4DE07538}
O42 - Logiciel: EY Random - (.Ernst & Young.) [HKLM][64Bits] -- {F21798D7-1E0B-4045-A5EF-FABA361F3EB9}
O42 - Logiciel: EY Stealth Run - (.Ernst & Young.) [HKLM][64Bits] -- {BB2C243B-BC81-4172-8C4A-F199834AA013}
O42 - Logiciel: EY Tune Up - (.EY.) [HKLM][64Bits] -- {225A28E7-3993-4058-BC1B-EFAD7D7665A4}
O42 - Logiciel: EY Workplace - At Your Service - (.EY.) [HKLM][64Bits] -- {0527509C-2381-48BA-87A0-DBC92A8FFE81}
O42 - Logiciel: EYRC Post Connect Utility - (.Ernst & Young.) [HKLM][64Bits] -- {55FEAD6F-43A4-4335-809F-7799BD3472FD}
O42 - Logiciel: Guardião Banco Itau 3.4.2.0 - (...) [HKLM][64Bits] -- {70e5f739-1d2a-40ae-bbc9-4b3e6af4c831}_is1
O42 - Logiciel: Kontiki Media Manager - (.Kontiki.) [HKLM][64Bits] -- {6E303EF2-FEBF-4B55-9380-83CA3AB0EB47}
O42 - Logiciel: Mtsorts - (.Ernst & Young.) [HKLM][64Bits] -- {D6ECC26F-3B07-4F44-B70D-C9E491A05C6F}
O42 - Logiciel: MyAppMarket - (.Ernst & Young.) [HKLM][64Bits] -- {40F39C17-753A-41E4-9C92-3ED7C901946D}
O42 - Logiciel: Privilege Elevation Tool - (.Ernst & Young.) [HKLM][64Bits] -- {51B91DFD-DB44-4409-AE49-B126C9772F9D}
O42 - Logiciel: Resolver Ballot 6.0.11 NA - (.Resolver Inc..) [HKLM][64Bits] -- {B48795E5-6F0D-42F0-BCB8-CC30B1AA2AE3}
O42 - Logiciel: SCCM Health Status Tool - (.EY.) [HKLM][64Bits] -- {EB9D0A36-A693-40E0-8B9C-3C589DC60E66}
O42 - Logiciel: Sampling Assistant - (.Ernst & Young.) [HKLM][64Bits] -- {929196FF-81EC-45EF-89F6-E317FF12ACE7}
O42 - Logiciel: TValue 5.11 - (..) [HKLM][64Bits] -- {169531B9-10F4-44D3-A380-36CB19A7BAA0}
O42 - Logiciel: Vivo - Guia Vivo Internet versão 1.0 - (.Vivo.) [HKLM][64Bits] -- {C2E8B9C9-677A-46E6-AEC7-9435B5BCA765}_is1
O42 - Logiciel: gT&E - (.Ernst & Young.) [HKLM][64Bits] -- {9CD4B827-2A6B-4614-8244-4D7139FA7510}
~ Logic: 32 Legitimates Filtered in 00mn 00s



---\\ HKCU & HKLM Software Keys
[HKCU\Software\AutoHelpDesk]
[HKCU\Software\Ernst & Young]
[HKCU\Software\GbAs]
[HKCU\Software\MK Net.Work S.A.]
[HKCU\Software\Paisley]
[HKLM\Software\Encryption Anywhere]
[HKLM\Software\Ernst & Young]
[HKLM\Software\Wow6432Node\AutoHelpDesk]
[HKLM\Software\Wow6432Node\Ernst & Young]
[HKLM\Software\Wow6432Node\Kontiki]
[HKLM\Software\Wow6432Node\Paisley]
[HKLM\Software\Wow6432Node\SysNet]
~ Key Software: 282 Legitimates Filtered in 00mn 00s



---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 10/09/2013 - 19:15:00 - [] ----D C:\Program Files (x86)\AAP
O43 - CFD: 23/07/2014 - 10:57:05 - [] ----D C:\Program Files (x86)\EMET 4.0
O43 - CFD: 22/07/2014 - 08:34:24 - [] ----D C:\Program Files (x86)\Ernst & Young
O43 - CFD: 23/07/2014 - 08:51:07 - [] ----D C:\Program Files (x86)\EY
O43 - CFD: 10/09/2013 - 19:44:31 - [] ----D C:\Program Files (x86)\EY Random
O43 - CFD: 10/09/2013 - 19:03:32 - [] ----D C:\Program Files (x86)\EYDecrypter
O43 - CFD: 23/07/2014 - 13:17:16 - [] ----D C:\Program Files (x86)\EYMIFGen
O43 - CFD: 16/01/2014 - 10:28:23 - [] ----D C:\Program Files (x86)\EYRCRoute
O43 - CFD: 11/09/2013 - 15:49:03 - [] ----D C:\Program Files (x86)\Groove Networks
O43 - CFD: 14/02/2014 - 08:19:58 - [] ----D C:\Program Files (x86)\Kontiki
O43 - CFD: 10/09/2013 - 19:48:00 - [] ----D C:\Program Files (x86)\Paisley
O43 - CFD: 23/07/2014 - 10:57:05 - [] ----D C:\Program Files (x86)\PWatch
O43 - CFD: 10/09/2013 - 19:47:39 - [] ----D C:\Program Files (x86)\Resolver
O43 - CFD: 22/10/2013 - 12:31:45 - [] ----D C:\Program Files (x86)\TempFolder
O43 - CFD: 21/12/2013 - 09:48:58 - [] ----D C:\Program Files (x86)\Time Tracker
O43 - CFD: 10/09/2013 - 19:03:50 - [] ----D C:\Program Files (x86)\TValue5
O43 - CFD: 20/01/2014 - 09:38:45 - [] ----D C:\Program Files (x86)\Vivo
O43 - CFD: 20/01/2014 - 09:40:54 - [] ----D C:\Program Files (x86)\VIVO INTERNET
O43 - CFD: 19/03/2014 - 14:31:06 - [] ----D C:\ProgramData\AAP
O43 - CFD: 09/11/2013 - 15:24:48 - [] ----D C:\ProgramData\Ernst & Young
O43 - CFD: 03/06/2014 - 17:42:11 - [] ----D C:\ProgramData\ETDArchiveLog
O43 - CFD: 11/09/2013 - 09:08:52 - [] ----D C:\ProgramData\EY Global Analytics
O43 - CFD: 11/04/2014 - 09:01:40 - [] ----D C:\ProgramData\EYRCRoute
O43 - CFD: 24/01/2014 - 09:11:56 - [] ----D C:\ProgramData\GAMx
O43 - CFD: 25/07/2014 - 14:39:16 - [] ----D C:\ProgramData\Kontiki
O43 - CFD: 16/07/2014 - 16:35:12 - [] ----D C:\ProgramData\MpZjOUOVZRA
O43 - CFD: 19/11/2013 - 09:43:00 - [] ----D C:\Users\Marcelo.Descio\AppData\Roaming\Paisley
O43 - CFD: 04/02/2014 - 08:35:05 - [] ----D C:\Users\Marcelo.Descio\AppData\Roaming\VIVO INTERNET
O43 - CFD: 20/01/2014 - 10:02:46 - [] ----D C:\Users\Marcelo.Descio\AppData\Local\Ernst & Young
O43 - CFD: 25/07/2014 - 13:20:39 - [] ----D C:\Users\Marcelo.Descio\AppData\Local\MovieMode =>PUP.MovieMode
~ Program Folder: 174 Legitimates Filtered in 00mn 00s



---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.6D6905B8CA57FC8321941AEC0AB816B7] - 22/07/2014 - 16:27:02 ---A- . (...) -- C:\zoek-results2014-07-22-192702.log [22421]
O44 - LFC:[MD5.13AF86A7BC2C0AC5180B30447B3B5693] - 25/07/2014 - 11:38:51 ---A- . (...) -- C:\Windows\SMSCFG.INI [497]
O44 - LFC:[MD5.3685843BF013306837E924AACE757C69] - 25/07/2014 - 11:39:28 ---A- . (...) -- C:\zoek-results2014-07-25-143928.log [22521]
O44 - LFC:[MD5.F297F5DB10417A1F8B7A33328DA65D6E] - 25/07/2014 - 12:38:23 ---A- . (...) -- C:\Windows\System32\GEProxyLocator.log [80690]
O44 - LFC:[MD5.456E1234A96E0F3B58DC143422D6660F] - 25/07/2014 - 14:27:00 ---A- . (...) -- C:\zoek-results.log [2654]
~ Files: 39 Legitimates Filtered in 00mn 01s



---\\ Operações e funções ao arranque do Windows Explorer (046)
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - Groove GFS Stub Execution Hook [64Bits] - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
O46 - SEH:ShellExecuteHooks - GbPlugin ShlObj [64Bits] - {E37CB5F0-51F5-4395-A808-5FA49E399008} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL
~ ShellExecuteHooks: Scanned in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "ConsentPromptBehaviorAdmin"=3
O55 - MWPS:[HKLM\...\Policies\System] - "dontdisplaylastusername"=1
O55 - MWPS:[HKLM\...\Policies\System] - "legalnoticecaption"=1
O55 - MWPS:[HKLM\...\Policies\System] - "disablecad"=1
O55 - MWPS:[HKLM\...\Policies\System] - "DefaultLogonDomain"=1
~ MWPS: 19 Legitimates Filtered in 00mn 00s



---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoInternetIcon"=0
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoWindowsUpdate"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "ClearRecentProgForNewUserInStartMenu"=1
O56 - MWPE:[HKCU\...\policies\Explorer] - "DisallowCpl"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoDrives"=2
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoPublishingWizard"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoWebServices"=1
~ MWPE Keys: 13 Legitimates Filtered in 00mn 00s



---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:23/03/2010 - 13:29:46 ---A- . (...) -- C:\Windows\System32\Drivers\CVPNDRVA.sys [304784]
O58 - SDL:13/07/2009 - 22:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:08/10/2010 - 15:59:40 ---A- . (.Huawei Tech. Co., Ltd. - HUAWEI USB Smart Card Driver.) -- C:\Windows\System32\Drivers\ewdcsc.sys [32768]
O58 - SDL:10/06/2009 - 17:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:06/08/2010 - 06:43:20 ---A- . (.DiBcom SA - DiBcom AVSTREAM BDA driver.) -- C:\Windows\System32\Drivers\mod7700.sys [1001472]
O58 - SDL:26/10/2009 - 15:52:00 ---A- . (.REDC - RICOH MS Driver.) -- C:\Windows\System32\Drivers\rimspe64.sys [61952]
O58 - SDL:28/09/2009 - 17:46:00 ---A- . (.REDC - RICOH PCIe XD Driver.) -- C:\Windows\System32\Drivers\rixdpe64.sys [55808]
O58 - SDL:13/07/2009 - 22:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:12/03/2014 - 08:36:03 ---A- . (.GbPlugin NDIS Device Driver - GbPlugin NDIS Device Driver.) -- C:\Windows\SysWOW64\drivers\gbpndisrd.sys [31088]
~ Drivers: 103 Legitimates Filtered in 00mn 00s



---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
O63 - Logiciel: HiJackThis - (.Trend Micro.) [HKLM] -- {45A66726-69BC-466B-A7A4-12FCBA4883D7}
~ ADS: Scanned in 00mn 00s



---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (.Microsoft Corporation - Internet Explorer.) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {012E1000-F331-11DB-8314-0800200C9A66} [DefaultScope] - (Google) - [Você precisa estar registrado e conectado para ver este link.]
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} - (Bing) - [Você precisa estar registrado e conectado para ver este link.]
~ Keys: Scanned in 00mn 00s



---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.D39345C629A76F6128349610730B8FD9] [SPRF][09/10/2013] (...) -- C:\Users\Marcelo.Descio\AppData\Roaming\unins000.dat [11573]
~ Files: 1 Legitimates Filtered in 00mn 00s



---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 29/06/2014 262320 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 14/05/2014 102400 | (EY Tune Up Service) . (.EY.) - C:\Program Files (x86)\Ernst & Young\EY Tune Up\EYTuneUpService.exe
SS - | Disabled 16/09/2011 62856 | (Lotus Notes Single Logon) . (.IBM Corp.) - C:\Lotus\Notes\nslsvice.exe
SS - | Demand 20/11/2012 69632 | (OnDemandService) . (.Ernst & Young.) - C:\Program Files (x86)\Ernst & Young\OnDemand\RunSCCMAdvert\OnDemandService.exe
SS - | Demand 01/11/2013 122880 | (SCCMHealthStatusService) . (.EY.) - C:\Program Files\EY\SCCM Health Status Tool\Service\SCCM_Health_Status_Service.exe
SS - | Auto 03/04/2014 315008 | (SkypeUpdate) . (.Skype Technologies.) - C:\Program Files (x86)\Skype\Updater\Updater.exe
SS - | Demand 06/09/2012 46984 | (TPHDEXLGSVC) . (.Lenovo..) - C:\Windows\System32\TPHDEXLG64.exe
SS - | Disabled 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SS - | Demand 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 23/03/2010 1528616 | (CVPND) . (.Cisco Systems, Inc..) - C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
SR - | Auto 11/10/2013 9281840 | (DisplayLinkService) . (.DisplayLink Corp..) - C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe
SR - | Auto 19/10/2012 364704 | (EAFRCliManager) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\EAFRCliManager.exe
SR - | Auto 23/08/2012 629040 | (EvtEng) . (.Intel(R) Corporation.) - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
SR - | Auto 05/08/2013 403968 | (EYStealthRun) . (.Ernst & Young.) - C:\Program Files (x86)\EYStealthRun\EYStealthRun.exe
SR - | Auto 05/05/2014 527928 | (GbpSv) . (.GAS Tecnologia.) - C:\Program Files (x86)\GbPlugin\gbpsv.exe
SR - | Auto 13/07/2009 27136 | C:\WINDOWS\SysWOW64\XAudio64.dll (HsfXAudioService) . (.Conexant Systems, Inc..) - C:\Windows\System32\svchost.exe
SR - | Auto 16/11/2010 339456 | (HWDeviceService64.exe) . (...) - C:\ProgramData\DatacardService\HWDeviceService64.exe
SR - | Auto 11/04/2012 47440 | (IBMPMSVC) . (.Lenovo..) - C:\Windows\System32\ibmpmsvc.exe
SR - | Auto 04/09/2013 4860592 | (KService) . (.Kontiki Inc..) - C:\Program Files (x86)\Kontiki\KService.exe
SR - | Auto 10/09/2013 4448256 | (Lotus Notes Diagnostics) . (.IBM.) - C:\Lotus\Notes\nsd.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZinw12.dll (Net Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 22/09/2011 510536 | (NgVpnMgr) . (.Aventail Corporation.) - C:\WINDOWS\system32\ngvpnmgr.exe
SR - | Auto 25/02/2010 263536 | (NWSAPAutoWorkstationUpdateSvc) . (.SAP AG.) - C:\Program Files (x86)\SAP\SAPsetup\setup\Updater\NwSapAutoWorkstationUpdateService.exe
SR - | Auto 23/11/2012 49664 | (PETService) . (.Ernst & Young.) - C:\Program Files (x86)\Ernst & Young\Privilege Elevation Tool\Service\winpro.exe
SR - | Auto 01/02/2013 1589528 | (PGP RDD Service) . (.Symantec Corporation.) - C:\Program Files (x86)\PGP Corporation\PGP Desktop\RDDService.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\system32\HPZipm12.dll (Pml Driver HPZ12) . (.Hewlett-Packard.) - C:\Windows\System32\svchost.exe
SR - | Auto 14/08/2013 39056 | (RealNetworks Downloader Resolver Service) . (...) - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
SR - | Auto 23/08/2012 149296 | (RegSrvc) . (.Intel(R) Corporation.) - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
SR - | Auto 19/10/2012 2772640 | (RemovableStorageService) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\RemovableStorageService.exe
SR - | Auto 19/10/2012 16544 | (RSMgmtSrvc) . (.Symantec Corporation.) - C:\Program Files\Symantec\Symantec Endpoint Encryption Clients\RemovableStorageMgmtService.exe
SR - | Auto 25/05/2013 144368 | (SepMasterService) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin\ccSvcHst.exe
SR - | Auto 23/07/2012 12800 | (SetPEFilePermissions) . (.Ernst & Young.) - C:\Program Files (x86)\AAP\ACQ\SetPEFilePermissions.exe
SR - | Demand 25/05/2013 2316184 | (SmcService) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\Smc.exe
SR - | Auto 25/05/2013 334736 | (SNAC) . (.Symantec Corporation.) - C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\12.1.3001.165.105\Bin64\snac64.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 23/08/2012 3342640 | (ZeroConfigService) . (.Intel® Corporation.) - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
~ Services: Scanned in 00mn 07s



---\\ Scâner Aditional (088)
Database Version : 13026 - (21/07/2014)
Clés trouvées (Keys found) : 0
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 1
Fichiers trouvés (Files found) : 0

C:\Users\Marcelo.Descio\AppData\Local\MovieMode =>PUP.MovieMode^
~ Additionnel Scan: 338460 Items scanned in 00mn 21s



---\\ Informações complémentaires do módulos
~ [Você precisa estar registrado e conectado para ver este link.] =>.Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Browser Helper Objects do navegador (02)
~ [Você precisa estar registrado e conectado para ver este link.] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 4 Legitimates Filtered in 00mn 00s



---\\ Sumário das deteções encontradas na sua estação
~ MSI: 0 link(s) detected in 00mn 00s



~ 850 Legitimates filtered by white list
End of the scan (557 lines in 01mn 09s)(0)
avatar
mdescio
Iniciante
Iniciante

Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por Power Max em Sex 25 Jul 2014, 15:04

 Selecione e copie todo o texto destacado em vermelho que te passei.
_____________________________________________________________________________________________________________

 Vá no menu: Iniciar > Todos os programas > ZHP > Clique com o botão direito do mouse sobre o Zhpfix e escolha a opção de Executar como administrador > Clique em Importação > Clique no botão GO > Clique em Oui > Caso queira que os arquivos da lixeira sejam excluídos clique em Oui novamente > Um relatório aparecerá no bloco de notas.

Copie este relatório e poste em sua próxima resposta.


Última edição por Power Max em Sab 26 Jul 2014, 20:06, editado 1 vez(es)

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por mdescio em Sex 25 Jul 2014, 16:00

Segue o log:


Rapport de ZHPFix 2014.7.9.4 par Nicolas Coolman, Update du 09/07/2014
Fichier d'export Registre :
Run by Marcelo.Descio at 25/07/2014 16:00:03
High Elevated Privileges : OK
Windows 7 Enterprise Edition, 64-bit Service Pack 1 (Build 7601)

Reciclagem vazia (00mn 01s)
Reparação de atalhos do navegador

========== Chaves do Registo ==========
ELIMINÉ Driver Key: Bfilter
ELIMINÉ Driver Key: Bfmon
ELIMINÉ Driver Key: Bnbase
ELIMINÉ Driver Key: Bndef
ELIMINÉ Driver Key: Bprotect
ELIMINÉ Driver Key: {5906ab0f-5417-45a6-a4f5-8bc38ae936d5}Gw64

========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia

========== Ficheiros ==========
ELIMINÉ Temporários windows (25) (5.795.357 octets)
ELIMINÉ Flash Cookies (0) (0 octets)

========== Restauração Sistema ==========
Nenhum ponto de restauro do sistema foi criado


========== Recapitulativo ==========
6 : Chaves do Registo
1 : Pastas
2 : Ficheiros
1 : Restauração Sistema


End of clean in 00mn 05s

========== Caminho do ficheiro do relatório ==========
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R10].txt - 23/07/2014 11:30:22 [1465]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R11].txt - 23/07/2014 11:32:16 [1386]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R12].txt - 23/07/2014 11:45:03 [1618]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R13].txt - 25/07/2014 10:30:35 [1708]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R14].txt - 25/07/2014 10:31:51 [1656]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R15].txt - 25/07/2014 10:34:24 [2165]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R16].txt - 25/07/2014 10:35:05 [1921]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R17].txt - 25/07/2014 10:35:58 [2610]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R18].txt - 25/07/2014 10:37:24 [2442]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R19].txt - 25/07/2014 13:18:11 [2927]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R1].txt - 23/07/2014 09:28:49 [1265]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R2].txt - 23/07/2014 09:34:36 [5183]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R3].txt - 23/07/2014 10:40:30 [807]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R4].txt - 23/07/2014 10:40:42 [1028]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R5].txt - 23/07/2014 10:40:49 [1221]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R6].txt - 23/07/2014 10:48:26 [2402]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R7].txt - 23/07/2014 10:55:50 [4206]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R8].txt - 23/07/2014 11:05:01 [1957]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R9].txt - 23/07/2014 11:21:46 [1439]
C:\Users\Marcelo.Descio\AppData\Roaming\ZHP\ZHPFix[R20].txt - 25/07/2014 16:00:04 [2759]
avatar
mdescio
Iniciante
Iniciante

Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por Power Max em Sex 25 Jul 2014, 16:02

Faça o download do Malwarebytes em um destes links abaixo:
[Você precisa estar registrado e conectado para ver este link.]
[Você precisa estar registrado e conectado para ver este link.]

Para instalá-lo e executá-lo corretamente siga, por gentileza, as dicas desta postagem:

Tutorial do Malwarebytes Anti-Malware

Na sua próxima resposta poste este log (relatório) do Malwarebytes.

Ficamos no aguardo.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por mdescio em Sex 25 Jul 2014, 16:35

Malwarebytes Anti-Malware
[Você precisa estar registrado e conectado para ver este link.]

Scan Date: 25/07/2014
Scan Time: 16:16:26
Logfile: log.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.07.25.06
Rootkit Database: v2014.07.17.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Marcelo.Descio

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 310458
Time Elapsed: 10 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 1
Adware.MovieMode, C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe, 3020, Delete-on-Reboot, [5a60dec51b604cea7102cc9f6f92e51b]

Modules: 1
PUP.Optional.MovieMode.A, C:\ProgramData\MpZjOUOVZRA\dat\GLRkxpG.dll, Delete-on-Reboot, [2a90faa9bdbece6847477e22b64e6b95],

Registry Keys: 0
(No malicious items detected)

Registry Values: 1
Malware.Trace, HKU\S-1-5-21-1078081533-113007714-725345543-146458-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER\DISALLOWCPL|1, BitLocker Drive Encryption, Quarantined, [07b3edb6f289bb7b0fd7b6ac45be07f9]

Registry Data: 0
(No malicious items detected)

Folders: 1
PUP.Optional.MovieMode.A, C:\Users\Marcelo.Descio\AppData\Local\MovieMode, Quarantined, [d8e2841f3843dd599a4d74706b97d62a],

Files: 5
Adware.MovieMode, C:\ProgramData\MpZjOUOVZRA\QTSracrj.exe, Delete-on-Reboot, [5a60dec51b604cea7102cc9f6f92e51b],
PUP.Optional.MovieMode.A, C:\ProgramData\MpZjOUOVZRA\dat\GLRkxpG.dll, Delete-on-Reboot, [2a90faa9bdbece6847477e22b64e6b95],
PUP.Optional.Superfish.A, C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage, Delete-on-Reboot, [f7c3d5ce067539fd4557bd1d58aa8b75],
PUP.Optional.Superfish.A, C:\Users\Marcelo.Descio\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_www.superfish.com_0.localstorage-journal, Quarantined, [d3e7911281fa80b68913c2184db5ea16],
PUP.Optional.MovieMode.A, C:\Users\Marcelo.Descio\AppData\Local\MovieMode\data2.dat, Quarantined, [d8e2841f3843dd599a4d74706b97d62a],

Physical Sectors: 0
(No malicious items detected)


(end)
avatar
mdescio
Iniciante
Iniciante

Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por Power Max em Sex 25 Jul 2014, 16:37

Como está o PC depois destes procedimentos?

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por mdescio em Sex 25 Jul 2014, 19:22

Melhorou demais, as paginas estão abrindo muito mais rapido! Obrigado!
avatar
mdescio
Iniciante
Iniciante

Mensagens : 11
Reputação : 0
Data de inscrição : 25/07/2014

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por Power Max em Sex 25 Jul 2014, 20:07

isso aí! Fico feliz que o problema tenha sido resolvido.

Só para finalizar siga estes tutoriais abaixo, por gentileza:

Excluindo erros e otimizando seu PC com o CCleaner

Elimine arquivos inúteis de seu PC com o PureRa
_______________________________________________________________________________________________________________________

Para remover os programas usados na limpeza deste PC e criar um novo ponto de restauração seguro e sem problemas, utilize o DelFix seguindo as dicas deste tutorial.
_______________________________________________________________________________________________________________________

Foi um prazer ajudar. Conte sempre conosco!

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por Power Max em Sab 26 Jul 2014, 20:06

CASO RESOLVIDO

Caso o autor do tópico necessite, o mesmo será reaberto, para isso deverá entrar em contato com um dos membros da Equipe da Moderação solicitando o desbloqueio.

_________________

Caixa de Dicas
= Sempre com novos tutoriais e novidades em informática, tecnologia e variedades.

Fórum PC Brasil = O melhor da internet você encontra aqui.

Super Links = Mensagens de fé e esperança para o seu coração
avatar
Power Max
Colaborador
Colaborador

Mensagens : 9086
Reputação : 1499
Data de inscrição : 14/04/2009

Voltar ao Topo Ir em baixo

Re: Infecção Malware

Mensagem por Conteúdo patrocinado


Conteúdo patrocinado


Voltar ao Topo Ir em baixo

Ver o tópico anterior Ver o tópico seguinte Voltar ao Topo


 
Permissão deste fórum:
Você não pode responder aos tópicos neste fórum