Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14806 usuários registradosO último membro registrado é King empero
Os nossos membros postaram um total de 36043 mensagens em 3684 assuntos
Quem está conectado?
Há 9 usuários online :: 0 registrados, 0 invisíveis e 9 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
Power Max | ||||
joram | ||||
Wings [In Memoriam] | ||||
caedurodrigues | ||||
Amigo Brasileiro | ||||
luizvilarinho | ||||
Danii | ||||
Admin | ||||
Danilo Marsaro | ||||
Andreata |
PC infectado com vários tipos de virus
2 participantes
Página 1 de 1
PC infectado com vários tipos de virus
OLá comprei esse pc e esta cheio de virus desde ja agradeço pelo apoio
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:14:30, on 01/01/2004
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\uTIPu\tipc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Arthur\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SaveSense - {71e129ff-6c2a-4984-818c-7e2c998b8d99} - C:\Users\Arthur\AppData\Local\SaveSense\SaveSenseIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [Baidu Antivirus] "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
O4 - HKLM\..\Run: [Baidu PC Faster 4.0.0.0] "C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe" -auto -start
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_F60E728FC0755B5DBDB7EA812CDE9796] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: TipCam.lnk = C:\Program Files (x86)\uTIPu\tipc.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted IP range: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Baidu PC App Store Service 4.6.1.6274 (PCAppStoreSvc_{PCAppStore_4.6.1.6274}) - Baidu Inc. - C:\Program Files (x86)\Baidu Security\PC App Store\4.6.1.6274\PCAppStoreSvc.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) - Baidu Inc. - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: SaveSenseLive Service (savesenselivem) (savesenselivem) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Spark Security Update (SparkSafeUpdater) - Baidu.com, Inc. - C:\Program Files (x86)\Baidu\SparkSafeUpdate\SparkUpdate.exe
O23 - Service: Spark Security Service (SparkSecuritySvc) - Baidu Inc. - C:\Program Files (x86)\baidu\SparkSafe\sparkservice.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TipCtrl - Utipu inc. - C:\Program Files (x86)\uTIPu\TipCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10948 bytes
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 00:14:30, on 01/01/2004
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.16518)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\uTIPu\tipc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\Arthur\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SaveSense - {71e129ff-6c2a-4984-818c-7e2c998b8d99} - C:\Users\Arthur\AppData\Local\SaveSense\SaveSenseIE.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Auxiliar de Conexão de Conta da Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKLM\..\Run: [mobilegeni daemon] C:\Program Files (x86)\Mobogenie\DaemonProcess.exe
O4 - HKLM\..\Run: [Baidu Antivirus] "C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe" -auto
O4 - HKLM\..\Run: [Baidu PC Faster 4.0.0.0] "C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe" -auto -start
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [DriverMax] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -agent
O4 - HKCU\..\Run: [DriverMax_RESTART] "C:\Program Files (x86)\Innovative Solutions\DriverMax\drivermax.exe" -RESTART
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_F60E728FC0755B5DBDB7EA812CDE9796] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'SERVIÇO DE REDE')
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'SISTEMA')
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 (User 'Default user')
O4 - Startup: TipCam.lnk = C:\Program Files (x86)\uTIPu\tipc.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted IP range: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O15 - ESC Trusted IP range: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: Watchdog do AVG (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) - Baidu, Inc. - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Baidu PC App Store Service 4.6.1.6274 (PCAppStoreSvc_{PCAppStore_4.6.1.6274}) - Baidu Inc. - C:\Program Files (x86)\Baidu Security\PC App Store\4.6.1.6274\PCAppStoreSvc.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) - Baidu Inc. - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SaveSenseLive Service (savesenselive) (savesenselive) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: SaveSenseLive Service (savesenselivem) (savesenselivem) - SaveSense - C:\Program Files (x86)\SaveSenseLive\Update\SaveSenseLive.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Spark Security Update (SparkSafeUpdater) - Baidu.com, Inc. - C:\Program Files (x86)\Baidu\SparkSafeUpdate\SparkUpdate.exe
O23 - Service: Spark Security Service (SparkSecuritySvc) - Baidu Inc. - C:\Program Files (x86)\baidu\SparkSafe\sparkservice.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TipCtrl - Utipu inc. - C:\Program Files (x86)\uTIPu\TipCtrl.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10948 bytes
Fuçador- Membro
- Mensagens : 131
Reputação : 1
Data de inscrição : 30/09/2013
Re: PC infectado com vários tipos de virus
Bom Dia! Fuçador
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )
|- Ao acessar,clique em "Download Now".
|- Ps: Se utilizar o navegador IE9,desabilite o filtro "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]".
|- Salve-o no desktop!
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique direito em adwcleaner.exe,e escolha sua execução como administrador.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Ps: Dê início ao scan,clicando em "Examinar".
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
|- Copie o log ou clique "Relatório".
|- Poste: < C:\AdwCleaner\AdwCleaner[S0].txt >
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "COMPLETA" e aguarde a conclusão!
|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
|- Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| >
A+
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... par Xplode )
|- Ao acessar,clique em "Download Now".
|- Ps: Se utilizar o navegador IE9,desabilite o filtro "[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]".
|- Salve-o no desktop!
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique direito em adwcleaner.exe,e escolha sua execução como administrador.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Ps: Dê início ao scan,clicando em "Examinar".
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Ao concluir,clique "Limpar" >> Ok >> Ok >> Ok.
|- Copie o log ou clique "Relatório".
|- Poste: < C:\AdwCleaner\AdwCleaner[S0].txt >
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
|- Salve-o no disco local! ( C ou D )
|- Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Clique "COMPLETA" e aguarde a conclusão!
|- Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
|- Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
|- Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| >
A+
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: PC infectado com vários tipos de virus
cara ta osso entrar nos sites da erro de ssl
aqui esta o relatorio do ADWCLEANER
# AdwCleaner v3.308 - Relatório criado 01/01/2004 às 01:04:12
# Atualizado 20/08/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Arthur - ARTHUR-PC
# Executando de : C:\Users\Arthur\Downloads\adwcleaner_3.308.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : Level Quality Watcher
[#] Serviço Deletada : savesenselive
[#] Serviço Deletada : savesenselivem
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\SaveSenseLive
Pasta Deletada : C:\Program Files (x86)\baidu
Pasta Deletada : C:\Program Files (x86)\orbitdownloader
Pasta Deletada : C:\Program Files (x86)\SaveSenseLive
Pasta Deletada : C:\Program Files (x86)\SavingsBull
Pasta Deletada : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Pasta Deletada : C:\Program Files\Level Quality Watcher
Pasta Deletada : C:\Program Files\SavingsBull
Pasta Deletada : C:\Users\Arthur\AppData\Local\genienext
Pasta Deletada : C:\Users\Arthur\AppData\Local\lollipop
Pasta Deletada : C:\Users\Arthur\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Arthur\AppData\Local\SaveSense
Pasta Deletada : C:\Users\Arthur\AppData\Local\SaveSenseLive
Pasta Deletada : C:\Users\Arthur\AppData\Local\Temp\baidu
Pasta Deletada : C:\Users\Arthur\AppData\LocalLow\Mysearchdial
Pasta Deletada : C:\Users\Arthur\AppData\Roaming\1H1Q
Pasta Deletada : C:\Users\Arthur\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Arthur\AppData\Roaming\Mysearchdial
Pasta Deletada : C:\Users\Arthur\AppData\Roaming\newnext.me
Pasta Deletada : C:\Users\Arthur\AppData\Roaming\SaveSense
Pasta Deletada : C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
Pasta Deletada : C:\Users\Arthur\Documents\Mobogenie
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb
Arquivo Deletada : C:\Windows\System32\drivers\netfilter64.sys
Arquivo Deletada : C:\Users\Arthur\daemonprocess.txt
Arquivo Deletada : C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Tarefas ] *****
Tarefa Deletedo : SaveSense
Tarefa Deletedo : SaveSenseLiveUpdateTaskMachineCore
Tarefa Deletedo : SaveSenseLiveUpdateTaskMachineUA
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickCtrl.9
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.Update3WebControl.3
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{93D3100A-BBB6-456C-96FC-82CAC5F383AC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CDDAB3A4-E64D-4AE0-9E1D-F3132F5F913F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E66A759D-367F-433E-85C6-ED7F040BCC32}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\SaveSense
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\SavingsBull
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\AppDataLow\Software\Savings Bull
Chave Deletedo : HKCU\Software\AppDataLow\Software\SavingsBull
Chave Deletedo : HKLM\SOFTWARE\Conduit
Chave Deletedo : HKLM\SOFTWARE\DealPlyLive
Chave Deletedo : HKLM\SOFTWARE\InstallCore
Chave Deletedo : HKLM\SOFTWARE\SaveSenseLive
Chave Deletedo : HKLM\SOFTWARE\SavingsBullFilter
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Chave Deletedo : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Chave Deletedo : HKLM\SOFTWARE\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Chave Deletedo : HKLM\SOFTWARE\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD04033484A18CA4CAB3EE59D39D756E
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16518
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v35.0.1916.153
[ Arquivo : C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Homepage] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : ngaeinfoeljecnggcbonnohnjpepenmb
*************************
AdwCleaner[R0].txt - [16642 octets] - [01/01/2004 01:02:48]
AdwCleaner[S0].txt - [14285 octets] - [01/01/2004 01:04:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14346 octets] ##########
aqui esta o relatorio do ADWCLEANER
# AdwCleaner v3.308 - Relatório criado 01/01/2004 às 01:04:12
# Atualizado 20/08/2014 por Xplode
# Sistema Operacional : Windows 7 Ultimate Service Pack 1 (64 bits)
# Usuário : Arthur - ARTHUR-PC
# Executando de : C:\Users\Arthur\Downloads\adwcleaner_3.308.exe
# Opção : Limpar
***** [ Serviços ] *****
[#] Serviço Deletada : Level Quality Watcher
[#] Serviço Deletada : savesenselive
[#] Serviço Deletada : savesenselivem
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\ProgramData\SaveSenseLive
Pasta Deletada : C:\Program Files (x86)\baidu
Pasta Deletada : C:\Program Files (x86)\orbitdownloader
Pasta Deletada : C:\Program Files (x86)\SaveSenseLive
Pasta Deletada : C:\Program Files (x86)\SavingsBull
Pasta Deletada : C:\Windows\Installer\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Pasta Deletada : C:\Program Files\Level Quality Watcher
Pasta Deletada : C:\Program Files\SavingsBull
Pasta Deletada : C:\Users\Arthur\AppData\Local\genienext
Pasta Deletada : C:\Users\Arthur\AppData\Local\lollipop
Pasta Deletada : C:\Users\Arthur\AppData\Local\Mobogenie
Pasta Deletada : C:\Users\Arthur\AppData\Local\SaveSense
Pasta Deletada : C:\Users\Arthur\AppData\Local\SaveSenseLive
Pasta Deletada : C:\Users\Arthur\AppData\Local\Temp\baidu
Pasta Deletada : C:\Users\Arthur\AppData\LocalLow\Mysearchdial
Pasta Deletada : C:\Users\Arthur\AppData\Roaming\1H1Q
Pasta Deletada : C:\Users\Arthur\AppData\Roaming\baidu
Pasta Deletada : C:\Users\Arthur\AppData\Roaming\Mysearchdial
Pasta Deletada : C:\Users\Arthur\AppData\Roaming\newnext.me
Pasta Deletada : C:\Users\Arthur\AppData\Roaming\SaveSense
Pasta Deletada : C:\Users\Arthur\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
Pasta Deletada : C:\Users\Arthur\Documents\Mobogenie
Pasta Deletada : C:\Users\Public\Documents\baidu
Pasta Deletada : C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngaeinfoeljecnggcbonnohnjpepenmb
Arquivo Deletada : C:\Windows\System32\drivers\netfilter64.sys
Arquivo Deletada : C:\Users\Arthur\daemonprocess.txt
Arquivo Deletada : C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Arquivo Deletada : C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
***** [ Tarefas ] *****
Tarefa Deletedo : SaveSense
Tarefa Deletedo : SaveSenseLiveUpdateTaskMachineCore
Tarefa Deletedo : SaveSenseLiveUpdateTaskMachineUA
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\superfish.com
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\SaveSenseLive.exe
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
Chave Deletedo : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickCtrl.9
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.OneClickProcessLauncherMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLive.Update3WebControl.3
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoCreateAsync.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CoreMachineClass.1
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.CredentialDialogMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.OnDemandCOMClassSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.ProcessLauncher.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3COMClassService.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachine.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebMachineFallback.1.0
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc
Chave Deletedo : HKLM\SOFTWARE\Classes\SaveSenseLiveUpdate.Update3WebSvc.1.0
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{74F475FA-6C75-43BD-AAB9-ECDA6184F600}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Valor Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [mobilegeni daemon]
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=3
Chave Deletedo : HKLM\SOFTWARE\MozillaPlugins\@tools.updaterss.com/SaveSenseLive Update;version=9
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1070C156-160B-47A0-B7D9-1860396BAB57}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{27CE191D-733B-4450-AFCD-096D105288C3}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{39A29266-D3E4-462D-AB05-F93B1053F6CF}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{44FC7A33-2E5C-48DC-B6F5-B81E8005D122}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{73192D81-6D24-4C40-BF7B-2507C6FA0B1A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{88C606E7-BA26-41CB-8CC3-D1E313E34E75}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{93D3100A-BBB6-456C-96FC-82CAC5F383AC}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{997E3BFB-F821-411C-8B96-D61D415EC8FA}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{998745A3-2AE4-488D-8092-B98FB20A00C2}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{9E0546FF-D44F-4FE4-A324-995FCACB8D33}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{A2D3FB7A-6873-45E8-AF96-57092D721828}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{C1424421-D274-491E-9D47-11C8D8CB5F9A}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{CDDAB3A4-E64D-4AE0-9E1D-F3132F5F913F}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{E66A759D-367F-433E-85C6-ED7F040BCC32}
Chave Deletedo : HKLM\SOFTWARE\Classes\CLSID\{F4B8D46C-4EEE-401B-8607-DC03025F34B1}
Chave Deletedo : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10AD2C61-0898-4348-8600-14A342F22AC3}
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{71E129FF-6C2A-4984-818C-7E2C998B8D99}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{27CE191D-733B-4450-AFCD-096D105288C3}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A18D16ED-27B2-4B83-B70C-15E73F099546}
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{BEE7E029-5037-4DAD-A2DB-82E397AB1A44}
Chave Deletedo : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{77AA745B-F4F8-45DA-9B14-61D2D95054C8}
Chave Deletedo : HKCU\Software\InstallCore
Chave Deletedo : HKCU\Software\lollipop
Chave Deletedo : HKCU\Software\SaveSense
Chave Deletedo : HKCU\Software\SaveSenseLive
Chave Deletedo : HKCU\Software\SavingsBull
Chave Deletedo : HKCU\Software\Softonic
Chave Deletedo : HKCU\Software\AppDataLow\Software\Savings Bull
Chave Deletedo : HKCU\Software\AppDataLow\Software\SavingsBull
Chave Deletedo : HKLM\SOFTWARE\Conduit
Chave Deletedo : HKLM\SOFTWARE\DealPlyLive
Chave Deletedo : HKLM\SOFTWARE\InstallCore
Chave Deletedo : HKLM\SOFTWARE\SaveSenseLive
Chave Deletedo : HKLM\SOFTWARE\SavingsBullFilter
Chave Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\SaveSense
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{6DDE8071-E4BA-461B-8A96-990DFAA0EBD1}
Chave Deletedo : [x64] HKLM\SOFTWARE\LevelQualityWatcher
Chave Deletedo : HKLM\SOFTWARE\Classes\Installer\Features\1708EDD6AB4EB164A86999D0AF0ABE1D
Chave Deletedo : HKLM\SOFTWARE\Classes\Installer\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1C19AC53289098045B06B0DD1D37CBAB
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23D9E9D21B4E77E41B9F50DD22F24E20
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\23EEA1F105A7F45449974D9B95E7AC89
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\26982796A8AFD1246B95E00265A95BF9
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\42D92D0D75AFEF74297E03876C8D9D33
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\50FFE845C555A6E4BADB7CB7A145BFEB
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\715A3348920B6534690067594BB69F60
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7B7B13B037A7C2A42AC3E3EAF14D7107
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7D05B2942E9CC80499F397F6114DFB35
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8591B8948E1C4A04F90505B3CDEE8555
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8D841C5FEC311624CB88D49DB3884FA7
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD04033484A18CA4CAB3EE59D39D756E
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AD746BF3B3B3FD8409B86604BA85982A
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F355F0DB7A2E3A14B8E7A568FBA25937
Chave Deletedo : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\1708EDD6AB4EB164A86999D0AF0ABE1D
Chave Deletedo : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SaveSenseLive.exe
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.16518
Configurações Restauradas : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
Configurações Restauradas : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
Configurações Restauradas : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v35.0.1916.153
[ Arquivo : C:\Users\Arthur\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deletedo [Startup_urls] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Homepage] : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Deletedo [Extension] : ngaeinfoeljecnggcbonnohnjpepenmb
*************************
AdwCleaner[R0].txt - [16642 octets] - [01/01/2004 01:02:48]
AdwCleaner[S0].txt - [14285 octets] - [01/01/2004 01:04:12]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [14346 octets] ##########
Fuçador- Membro
- Mensagens : 131
Reputação : 1
Data de inscrição : 30/09/2013
Re: PC infectado com vários tipos de virus
Bom Dia! Fuçador
|- Enquanto a desinfecção não for concluída,navegue com o Firefox e com o complemento NoScript.
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Baixe e instale este complemento ao Firefox.
A+
|- Enquanto a desinfecção não for concluída,navegue com o Firefox e com o complemento NoScript.
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Baixe e instale este complemento ao Firefox.
A+
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: PC infectado com vários tipos de virus
relatorio do Zhpdialog
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Fuçador- Membro
- Mensagens : 131
Reputação : 1
Data de inscrição : 30/09/2013
Re: PC infectado com vários tipos de virus
Boa Tarde! Fuçador
|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.
script zhpfix
emptytemp
Ifeofix
SS - | Demand 10/07/1658 0 | (SparkSafeUpdater) . (...) - C:\Program Files (x86)\Baidu\SparkSafeUpdate\SparkUpdate.exe
SS - | Auto 10/07/1658 0 | (SparkSecuritySvc) . (...) - C:\Program Files (x86)\baidu\SparkSafe\sparkservice.exe
SR - | Auto 13/06/2014 2038248 | (BAVSvc) . (.Baidu, Inc..) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
SR - | Auto 13/06/2014 481432 | (BHipsSvc) . (.Baidu, Inc..) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
SR - | Auto 10/07/2014 550432 | (PCAppStoreSvc_{PCAppStore_4.6.1.6274}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC App Store\4.6.1.6274\PCAppStoreSvc.exe
SR - | Auto 31/12/2003 770032 | (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
[MD5.25F14A383D92D576B19FC0BAF2B0A97C] - (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe [1704296] [PID.3220]
[MD5.D7F3C10428130DB60FF0318C975F12AB] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe [1334976] [PID.3580]
[MD5.0E05F6DABE6D5EDD25DDB0356A33AC98] - (.Baidu, Inc. - Baidu Antivirus Service.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe [2038248] [PID.1724]
[MD5.968CD4BF6A25C30CF66B9781587FD5D9] - (.Baidu, Inc. - Baidu Antivirus Hips Service.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [481432] [PID.1884]
[MD5.3624F47B37C3F934E2F8E159BA00C8AF] - (.Baidu Inc. - Baidu PC App Store Service.) -- C:\Program Files (x86)\Baidu Security\PC App Store\4.6.1.6274\PCAppStoreSvc.exe [550432] [PID.1944]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [770032] [PID.2224]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe [770032] [PID.2864]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe [770032] [PID.3164]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exe [770032] [PID.3316]
[MD5.4948D2268D2F2C6E4CAFC27F0F1FA241] [APT] [Baidu Antivirus Update] (.Baidu, Inc..) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUpdater.exe [2883736]
[MD5.933078FAEB8719E3E98A46F70D27095B] [APT] [Baidu PC Faster Service] (.Baidu Inc..) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [770032]
[MD5.F01CEF89A1059F08877E9FA16970AF88] [APT] [Baidu PC Faster Update] (.Baidu Inc..) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Updater.exe [1329648]
[MD5.00000000000000000000000000000000] [APT] [SparkSafeUpdater] (...) -- C:\Program Files (x86)\baidu\SparkSafe\SparkUpdate.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9FC74599-7082-499D-9824-DD4E3336A860}] (...) --
C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0]
[MD5.5C8E2157333E1E6A2A5E24DA0BBB4091] [WIS][05/03/2014] (.SavingsBull - SavingsBull.) -- C:\Windows\Installer\a0cb60.msi [3174400] =>PUP.SavingsBull
O4 - HKLM\..\Wow6432Node\Run: [Baidu PC Faster 4.0.0.0] . (.Baidu Inc. - PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) . (.Baidu, Inc. - Baidu Antivirus Service.) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) . (.Baidu, Inc. - Baidu Antivirus Hips Service.) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
O23 - Service: Baidu PC App Store Service 4.6.1.6274 (PCAppStoreSvc_{PCAppStore_4.6.1.6274}) . (.Baidu Inc. - Baidu PC App Store Service.) - C:\Program Files (x86)\Baidu Security\PC App Store\4.6.1.6274\PCAppStoreSvc.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
O23 - Service: Spark Security Service (SparkSecuritySvc) . (...) - C:\Program Files (x86)\baidu\SparkSafe\sparkservice.exe (.not file.)
O42 - Logiciel: SavingsBull - (.SavingsBull.) [HKLM][64Bits] -- Level Quality Watcher =>PUP.SavingsBull
O43 - CFD: 09/02/2015 - 10:35:05 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 01/01/2004 - 00:01:22 - [] ----D C:\ProgramData\Baidu
O43 - CFD: 01/01/2007 - 01:01:11 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 09/02/2015 - 08:47:10 - [] ----D C:\ProgramData\Log
O43 - CFD: 09/02/2015 - 10:35:05 - [] ----D C:\Users\Arthur\AppData\Roaming\Baidu Security
O45 - LFCP:[MD5.959A40D4DE86C0C793D4C507D859596D] - 28/02/2014 - 11:31:29 ---A- - C:\Windows\Prefetch\LEVELQUALITYWATCHER64.EXE-7E6F46C8.pf =>PUP.LevelQualityWatcher
O45 - LFCP:[MD5.27062D449C8826362A6DED4FEF026C9A] - 28/02/2014 - 12:21:54 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-0F707B7F.pf =>Adware.Lollipop
O45 - LFCP:[MD5.CF08C123FEAB9485F0A0411A7D1BE084] - 28/02/2014 - 11:30:45 ---A- - C:\Windows\Prefetch\LOLLIPOP_ANTIVIRUS_1302-27BC6-63CB2924.pf =>Adware.Lollipop
O45 - LFCP:[MD5.36AB7589C02A511258EB5F90475F5C9E] - 28/02/2014 - 11:34:12 ---A- - C:\Windows\Prefetch\MELONDREA.FIRSTRUN.EXE-56B53026.pf =>PUP.Melondrea
O45 - LFCP:[MD5.3F445BC9398BAA9E2315A557E14CD72A] - 28/02/2014 - 11:30:49 ---A- - C:\Windows\Prefetch\MELONDREA_0702-81CFB2EF.EXE-A5F0B33E.pf =>PUP.Melondrea
O45 - LFCP:[MD5.8659415558748AC565AF5C87AAE5E15F] - 28/02/2014 - 11:33:28 ---A- - C:\Windows\Prefetch\MELONDREA_SETUP.EXE-960481A1.pf =>PUP.Melondrea
O45 - LFCP:[MD5.C6607F810A040EB6B832C3195AAA8684] - 28/02/2014 - 12:15:51 ---A- - C:\Windows\Prefetch\MYSEARCHDIAL.EXE-A6AC01D5.pf =>Adware.MyWebSearch
O45 - LFCP:[MD5.13D1A744D851182AC3596D761BED7CA1] - 28/02/2014 - 12:15:31 ---A- - C:\Windows\Prefetch\MYSEARCHDIALSRV.EXE-7589F3A6.pf =>Adware.MyWebSearch
O45 - LFCP:[MD5.484353C37A27A926703B8CE18DCD80FE] - 28/02/2014 - 12:15:43 ---A- - C:\Windows\Prefetch\MYSEARCHDIALUPDATE.EXE-10D649EE.pf =>Adware.MyWebSearch
O45 - LFCP:[MD5.EF2D4D58B1A7745E08F9C9595C7B17AA] - 28/02/2014 - 12:12:33 ---A- - C:\Windows\Prefetch\SAVESENSELIVE.EXE-A927BDEE.pf =>PUP.SaveSense
O45 - LFCP:[MD5.4B81B6170AC2EB4769107DBE1E2464D3] - 28/02/2014 - 11:34:16 ---A- - C:\Windows\Prefetch\SAVINGSBULLFILTERSERVICE64.EX-A33C9C5D.pf =>PUP.SavingsBull
O45 - LFCP:[MD5.9B21BF99C6EE373BE1B58EB1BC015988] - 28/02/2014 - 11:31:09 ---A- - C:\Windows\Prefetch\SAVINGSBULL_2102-9A9FD283.EXE-4E07AEA6.pf =>PUP.SavingsBull
O45 - LFCP:[MD5.604D1C22B6F3E70EC2637EFDCAE0D9CC] - 28/02/2014 - 11:33:56 ---A- - C:\Windows\Prefetch\UPDATEMELONDREA.EXE-1A81DC1E.pf =>PUP.Melondrea
O45 - LFCP:[MD5.C21AB528FA54911F0DF1BB3E0506F7F6] - 28/02/2014 - 12:14:20 ---A- - C:\Windows\Prefetch\WAJAM_VALIDATE.EXE-7F3F6147.pf =>PUP.Wajam
O61 - LFC: 05/01/2014 - 00:39:20 ---A- . (.SaveSense.) -- C:\Users\Arthur\AppData\Local\Temp\{CA2EF0D8-B4A8-4AAD-9B4C-33D8AD4629F8}\o-update\SaveSenseLive.exe [560104] =>PUP.SaveSense
O61 - LFC: 12/08/2013 - 00:39:22 ---A- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK\0\Communication.dll [298344]
O61 - LFC: 12/08/2013 - 00:39:22 ---A- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK\0\InstallUtility.dll [670568]
O61 - LFC: 12/08/2013 - 00:39:22 ---A- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK\0\log.dll [101568]
O61 - LFC: 12/08/2013 - 00:39:22 ---A- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall\0\Communication.dll [298344]
O61 - LFC: 12/08/2013 - 00:39:22 ---A- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall\0\InstallUtility.dll [670568]
O61 - LFC: 12/08/2013 - 00:39:22 ---A- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall\0\log.dll [101568]
O61 - LFC: 14/01/2014 - 00:39:19 ----- . (.SaveSense.) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\5296700_stp\sas.exe [1410824] =>PUP.SaveSense
O61 - LFC: 15/08/2013 - 00:39:19 ----- . (...) -- C:\Users\Arthur\AppData\Local\Temp\is1242154493\8025895_stp\wajam_validate.exe [11264] =>PUP.Wajam
O61 - LFC: 17/12/2013 - 00:39:19 ----- . (...) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\2268482_stp\Mobogenie_Setup_UN.exe [19212408] =>PUP.Mobogenie
O61 - LFC: 22/08/2012 - 00:39:19 ---A- . (.OpenCandy, Inc..) -- C:\Users\Arthur\AppData\Local\Temp\is-VMPNB.tmp\OCSetupHlp.dll [807280] =>Adware.OpenCandy
O61 - LFC: 28/02/2014 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\n8615\melondrea_0702-81cfb2ef.exe [233024] =>PUP.Melondrea
O61 - LFC: 28/02/2014 - 00:39:19 ---A- . (.MySearchDial.) -- C:\Users\Arthur\AppData\Local\Temp\is8121084\mysearchdial.dll [279960] =>Adware.MyWebSearch
O64 - Services: CurCS - 13/06/2014 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys (BdApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_BDAPIUTIL
O64 - Services: CurCS - 27/05/2014 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys (BdCameraProtect) .(.Baidu, Inc. - Baidu Antivirus Camera Protector Driver.) - LEGACY_BDCAMERAPROTECT
O64 - Services: CurCS - 31/12/2003 - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys (PCFApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_PCFAPIUTIL
O67 - Shell Spawning: <.html>[HKLM\..\open\Command] (...) -- C:\Program Files (x86)\baidu\SparkSafe\Spark.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\baidu\SparkSafe\Spark.exe (.not file.)
O69 - SBI: SearchScopes [HKCU] {86c83f9e-48a4-4cd2-a763-64fea5df35f7} [DefaultScope] - (Mysearchdial) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MyWebSearch
O61 - LFC: 03/12/2014 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\i4jdel1.exe [27411]
O61 - LFC: 07/01/2014 - 00:39:20 ----- . (...) -- C:\Users\Arthur\AppData\Local\Temp\{CA2EF0D8-B4A8-4AAD-9B4C-33D8AD4629F8}\files\uninst.exe [964616]
O61 - LFC: 10/02/2015 - 00:39:20 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\spark_install.exe [41173832]
O61 - LFC: 11/02/2015 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\SuperNodeCompressed.exe [138816]
O61 - LFC: 13/01/2014 - 00:39:19 ---A- . (.Microsoft Corporation.) -- C:\Users\Arthur\AppData\Local\Temp\is-VMPNB.tmp\_isetup\_shfoldr.dll [23312]
O61 - LFC: 13/07/2009 - 00:39:19 ---A- . (.Microsoft Corporation.) -- C:\Users\Arthur\AppData\Local\Temp\SDIAG_065ddecf-5c42-4e0c-be36-71c80c6438ab\DiagPackage.dll [489472]
O61 - LFC: 13/07/2009 - 00:39:20 ---A- . (.Microsoft Corporation.) -- C:\Users\Arthur\AppData\Local\Temp\SDIAG_b6b797cb-c5c4-432f-a1c2-452552d49890\DiagPackage.dll [489472]
O61 - LFC: 14/09/2012 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\is-VMPNB.tmp\saction.dll [360448]
O61 - LFC: 15/01/2014 - 00:39:19 ----- . (.Baidu, Inc..) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\5296633_stp\BavPro_Setup_Mini_115_2.exe [1211240]
O61 - LFC: 16/06/2014 - 00:39:19 ---A- . (.Reloaded Technologies.) -- C:\Users\Arthur\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\SuperNodeDownloadManager.exe [4004904]
O61 - LFC: 16/12/2013 - 00:39:19 ----- . (.Baidu, Inc..) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\2268507_stp\BavPro_Setup_Mini_115_2.exe [1169768]
O61 - LFC: 16/12/2013 - 00:39:19 ----- . (.Baidu, Inc..) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\6207365_stp\BavPro_Setup_Mini_115_2.exe [1169768]
O61 - LFC: 17/10/2013 - 00:39:19 ----- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Local\Temp\is1242154493\8025952_stp\PC_Faster_Setup_Mini_B26_S.exe [1484832]
O61 - LFC: 19/12/2013 - 00:39:19 ---A- . (.Oracle Corporation.) -- C:\Users\Arthur\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe [921512]
O61 - LFC: 20/08/2014 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\Quarantine.exe [377099]
O61 - LFC: 25/08/2013 - 00:39:19 ----- . (.Baidu, Inc..) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\2268539_stp\PCFaster-Baixaki.exe [9751808]
O61 - LFC: 26/02/2014 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\libcef.dll [20758016]
O61 - LFC: 26/02/2014 - 00:39:19 ---A- . (.The ICU Project.) -- C:\Users\Arthur\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\icudt.dll [9956864]
O61 - LFC: 28/02/2014 - 00:39:18 ---A- . (.Baidu, Inc..) -- C:\Users\Arthur\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634.exe [18605480]
O61 - LFC: 28/02/2014 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\is8121084\Sqlite3.dll [599419]
O61 - LFC: 28/10/2012 - 00:39:19 ----- . (.sqlite.org.) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\2268394_stp\sqlite3.dll [425928]
O61 - LFC: 28/10/2012 - 00:39:19 ----- . (.sqlite.org.) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\414314_stp\sqlite3.dll [425928]
O61 - LFC: 28/10/2012 - 00:39:19 ----- . (.sqlite.org.) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\4164594_stp\sqlite3.dll [425928]
O61 - LFC: 28/10/2012 - 00:39:19 ----- . (.sqlite.org.) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\6207347_stp\sqlite3.dll [425928]
O61 - LFC: 29/12/2013 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R1.0-1-gf46bd58-b2793jnks.dll [17408]
O61 - LFC: 29/12/2013 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\nspD1E0.tmp\BgWorker.dll [2560]
O61 - LFC: 29/12/2013 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\nspD1E0.tmp\KillProcDLL.dll [4096]
O61 - LFC: 29/12/2013 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\nspD1E0.tmp\SkinBtn.dll [4608]
O61 - LFC: 29/12/2013 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\nspD1E0.tmp\System.dll [11264]
O61 - LFC: 29/12/2013 - 00:39:19 ---A- . (.Igor Pavlov.) -- C:\Users\Arthur\AppData\Local\Temp\nspD1E0.tmp\nsis7z.dll [175104]
O61 - LFC: 29/12/2013 - 00:39:20 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll [541696]
O61 - LFC: 30/01/2013 - 00:39:18 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\17409305.Uninstall\uninstaller.exe [1114624]
O61 - LFC: 30/01/2013 - 00:39:18 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\17449647.Uninstall\uninstaller.exe [1114624]
O61 - LFC: 30/01/2013 - 00:39:19 ----- . (...) -- C:\Users\Arthur\AppData\Local\Temp\is1242154493\8026083_stp\uninstaller.exe [1114624]
O61 - LFC: 31/12/2006 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\rcp_dcomnew_util_300.exe [0]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\baidu]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASMANCS =>PUP.Melondrea
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Level Quality Watcher] =>PUP.SavingsBull^
C:\Windows\Installer\a0cb60.msi =>PUP.SavingsBull^
C:\Users\Arthur\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
C:\Users\Arthur\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
ServiceStop:BAVSvc
ServiceStop:BHipsSvc
ServiceStop:PCAppStoreSvc_{PCAppStore_4.6.1.6274}
ServiceStop:SparkSecuritySvc
Firewallraz
shortcutfix
emptyclsid
emptyprefetch
|- Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!
A+
|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.
script zhpfix
emptytemp
Ifeofix
SS - | Demand 10/07/1658 0 | (SparkSafeUpdater) . (...) - C:\Program Files (x86)\Baidu\SparkSafeUpdate\SparkUpdate.exe
SS - | Auto 10/07/1658 0 | (SparkSecuritySvc) . (...) - C:\Program Files (x86)\baidu\SparkSafe\sparkservice.exe
SR - | Auto 13/06/2014 2038248 | (BAVSvc) . (.Baidu, Inc..) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
SR - | Auto 13/06/2014 481432 | (BHipsSvc) . (.Baidu, Inc..) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
SR - | Auto 10/07/2014 550432 | (PCAppStoreSvc_{PCAppStore_4.6.1.6274}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC App Store\4.6.1.6274\PCAppStoreSvc.exe
SR - | Auto 31/12/2003 770032 | (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
[MD5.25F14A383D92D576B19FC0BAF2B0A97C] - (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe [1704296] [PID.3220]
[MD5.D7F3C10428130DB60FF0318C975F12AB] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe [1334976] [PID.3580]
[MD5.0E05F6DABE6D5EDD25DDB0356A33AC98] - (.Baidu, Inc. - Baidu Antivirus Service.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe [2038248] [PID.1724]
[MD5.968CD4BF6A25C30CF66B9781587FD5D9] - (.Baidu, Inc. - Baidu Antivirus Hips Service.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [481432] [PID.1884]
[MD5.3624F47B37C3F934E2F8E159BA00C8AF] - (.Baidu Inc. - Baidu PC App Store Service.) -- C:\Program Files (x86)\Baidu Security\PC App Store\4.6.1.6274\PCAppStoreSvc.exe [550432] [PID.1944]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [770032] [PID.2224]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe [770032] [PID.2864]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe [770032] [PID.3164]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exe [770032] [PID.3316]
[MD5.4948D2268D2F2C6E4CAFC27F0F1FA241] [APT] [Baidu Antivirus Update] (.Baidu, Inc..) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavUpdater.exe [2883736]
[MD5.933078FAEB8719E3E98A46F70D27095B] [APT] [Baidu PC Faster Service] (.Baidu Inc..) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [770032]
[MD5.F01CEF89A1059F08877E9FA16970AF88] [APT] [Baidu PC Faster Update] (.Baidu Inc..) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Updater.exe [1329648]
[MD5.00000000000000000000000000000000] [APT] [SparkSafeUpdater] (...) -- C:\Program Files (x86)\baidu\SparkSafe\SparkUpdate.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{9FC74599-7082-499D-9824-DD4E3336A860}] (...) --
C:\Program Files (x86)\Baidu Security\PC Faster\3.7.0.0\UninstCaller.exe (.not file.) [0]
[MD5.5C8E2157333E1E6A2A5E24DA0BBB4091] [WIS][05/03/2014] (.SavingsBull - SavingsBull.) -- C:\Windows\Installer\a0cb60.msi [3174400] =>PUP.SavingsBull
O4 - HKLM\..\Wow6432Node\Run: [Baidu PC Faster 4.0.0.0] . (.Baidu Inc. - PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe
O23 - Service: Baidu Antivirus Service (BAVSvc) . (.Baidu, Inc. - Baidu Antivirus Service.) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BAVSvc.exe
O23 - Service: Baidu Hips Service (BHipsSvc) . (.Baidu, Inc. - Baidu Antivirus Hips Service.) - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe
O23 - Service: Baidu PC App Store Service 4.6.1.6274 (PCAppStoreSvc_{PCAppStore_4.6.1.6274}) . (.Baidu Inc. - Baidu PC App Store Service.) - C:\Program Files (x86)\Baidu Security\PC App Store\4.6.1.6274\PCAppStoreSvc.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
O23 - Service: Spark Security Service (SparkSecuritySvc) . (...) - C:\Program Files (x86)\baidu\SparkSafe\sparkservice.exe (.not file.)
O42 - Logiciel: SavingsBull - (.SavingsBull.) [HKLM][64Bits] -- Level Quality Watcher =>PUP.SavingsBull
O43 - CFD: 09/02/2015 - 10:35:05 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 01/01/2004 - 00:01:22 - [] ----D C:\ProgramData\Baidu
O43 - CFD: 01/01/2007 - 01:01:11 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 09/02/2015 - 08:47:10 - [] ----D C:\ProgramData\Log
O43 - CFD: 09/02/2015 - 10:35:05 - [] ----D C:\Users\Arthur\AppData\Roaming\Baidu Security
O45 - LFCP:[MD5.959A40D4DE86C0C793D4C507D859596D] - 28/02/2014 - 11:31:29 ---A- - C:\Windows\Prefetch\LEVELQUALITYWATCHER64.EXE-7E6F46C8.pf =>PUP.LevelQualityWatcher
O45 - LFCP:[MD5.27062D449C8826362A6DED4FEF026C9A] - 28/02/2014 - 12:21:54 ---A- - C:\Windows\Prefetch\LOLLIPOP.EXE-0F707B7F.pf =>Adware.Lollipop
O45 - LFCP:[MD5.CF08C123FEAB9485F0A0411A7D1BE084] - 28/02/2014 - 11:30:45 ---A- - C:\Windows\Prefetch\LOLLIPOP_ANTIVIRUS_1302-27BC6-63CB2924.pf =>Adware.Lollipop
O45 - LFCP:[MD5.36AB7589C02A511258EB5F90475F5C9E] - 28/02/2014 - 11:34:12 ---A- - C:\Windows\Prefetch\MELONDREA.FIRSTRUN.EXE-56B53026.pf =>PUP.Melondrea
O45 - LFCP:[MD5.3F445BC9398BAA9E2315A557E14CD72A] - 28/02/2014 - 11:30:49 ---A- - C:\Windows\Prefetch\MELONDREA_0702-81CFB2EF.EXE-A5F0B33E.pf =>PUP.Melondrea
O45 - LFCP:[MD5.8659415558748AC565AF5C87AAE5E15F] - 28/02/2014 - 11:33:28 ---A- - C:\Windows\Prefetch\MELONDREA_SETUP.EXE-960481A1.pf =>PUP.Melondrea
O45 - LFCP:[MD5.C6607F810A040EB6B832C3195AAA8684] - 28/02/2014 - 12:15:51 ---A- - C:\Windows\Prefetch\MYSEARCHDIAL.EXE-A6AC01D5.pf =>Adware.MyWebSearch
O45 - LFCP:[MD5.13D1A744D851182AC3596D761BED7CA1] - 28/02/2014 - 12:15:31 ---A- - C:\Windows\Prefetch\MYSEARCHDIALSRV.EXE-7589F3A6.pf =>Adware.MyWebSearch
O45 - LFCP:[MD5.484353C37A27A926703B8CE18DCD80FE] - 28/02/2014 - 12:15:43 ---A- - C:\Windows\Prefetch\MYSEARCHDIALUPDATE.EXE-10D649EE.pf =>Adware.MyWebSearch
O45 - LFCP:[MD5.EF2D4D58B1A7745E08F9C9595C7B17AA] - 28/02/2014 - 12:12:33 ---A- - C:\Windows\Prefetch\SAVESENSELIVE.EXE-A927BDEE.pf =>PUP.SaveSense
O45 - LFCP:[MD5.4B81B6170AC2EB4769107DBE1E2464D3] - 28/02/2014 - 11:34:16 ---A- - C:\Windows\Prefetch\SAVINGSBULLFILTERSERVICE64.EX-A33C9C5D.pf =>PUP.SavingsBull
O45 - LFCP:[MD5.9B21BF99C6EE373BE1B58EB1BC015988] - 28/02/2014 - 11:31:09 ---A- - C:\Windows\Prefetch\SAVINGSBULL_2102-9A9FD283.EXE-4E07AEA6.pf =>PUP.SavingsBull
O45 - LFCP:[MD5.604D1C22B6F3E70EC2637EFDCAE0D9CC] - 28/02/2014 - 11:33:56 ---A- - C:\Windows\Prefetch\UPDATEMELONDREA.EXE-1A81DC1E.pf =>PUP.Melondrea
O45 - LFCP:[MD5.C21AB528FA54911F0DF1BB3E0506F7F6] - 28/02/2014 - 12:14:20 ---A- - C:\Windows\Prefetch\WAJAM_VALIDATE.EXE-7F3F6147.pf =>PUP.Wajam
O61 - LFC: 05/01/2014 - 00:39:20 ---A- . (.SaveSense.) -- C:\Users\Arthur\AppData\Local\Temp\{CA2EF0D8-B4A8-4AAD-9B4C-33D8AD4629F8}\o-update\SaveSenseLive.exe [560104] =>PUP.SaveSense
O61 - LFC: 12/08/2013 - 00:39:22 ---A- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK\0\Communication.dll [298344]
O61 - LFC: 12/08/2013 - 00:39:22 ---A- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK\0\InstallUtility.dll [670568]
O61 - LFC: 12/08/2013 - 00:39:22 ---A- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall HK\0\log.dll [101568]
O61 - LFC: 12/08/2013 - 00:39:22 ---A- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall\0\Communication.dll [298344]
O61 - LFC: 12/08/2013 - 00:39:22 ---A- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall\0\InstallUtility.dll [670568]
O61 - LFC: 12/08/2013 - 00:39:22 ---A- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Roaming\Baidu Security\PC Faster\3.7.0.0\Uninstall\Baidu PC Faster Uninstall\0\log.dll [101568]
O61 - LFC: 14/01/2014 - 00:39:19 ----- . (.SaveSense.) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\5296700_stp\sas.exe [1410824] =>PUP.SaveSense
O61 - LFC: 15/08/2013 - 00:39:19 ----- . (...) -- C:\Users\Arthur\AppData\Local\Temp\is1242154493\8025895_stp\wajam_validate.exe [11264] =>PUP.Wajam
O61 - LFC: 17/12/2013 - 00:39:19 ----- . (...) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\2268482_stp\Mobogenie_Setup_UN.exe [19212408] =>PUP.Mobogenie
O61 - LFC: 22/08/2012 - 00:39:19 ---A- . (.OpenCandy, Inc..) -- C:\Users\Arthur\AppData\Local\Temp\is-VMPNB.tmp\OCSetupHlp.dll [807280] =>Adware.OpenCandy
O61 - LFC: 28/02/2014 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\n8615\melondrea_0702-81cfb2ef.exe [233024] =>PUP.Melondrea
O61 - LFC: 28/02/2014 - 00:39:19 ---A- . (.MySearchDial.) -- C:\Users\Arthur\AppData\Local\Temp\is8121084\mysearchdial.dll [279960] =>Adware.MyWebSearch
O64 - Services: CurCS - 13/06/2014 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys (BdApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_BDAPIUTIL
O64 - Services: CurCS - 27/05/2014 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys (BdCameraProtect) .(.Baidu, Inc. - Baidu Antivirus Camera Protector Driver.) - LEGACY_BDCAMERAPROTECT
O64 - Services: CurCS - 31/12/2003 - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys (PCFApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_PCFAPIUTIL
O67 - Shell Spawning: <.html>
O68 - StartMenuInternet:
O69 - SBI: SearchScopes [HKCU] {86c83f9e-48a4-4cd2-a763-64fea5df35f7} [DefaultScope] - (Mysearchdial) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.MyWebSearch
O61 - LFC: 03/12/2014 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\i4jdel1.exe [27411]
O61 - LFC: 07/01/2014 - 00:39:20 ----- . (...) -- C:\Users\Arthur\AppData\Local\Temp\{CA2EF0D8-B4A8-4AAD-9B4C-33D8AD4629F8}\files\uninst.exe [964616]
O61 - LFC: 10/02/2015 - 00:39:20 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\spark_install.exe [41173832]
O61 - LFC: 11/02/2015 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\SuperNodeCompressed.exe [138816]
O61 - LFC: 13/01/2014 - 00:39:19 ---A- . (.Microsoft Corporation.) -- C:\Users\Arthur\AppData\Local\Temp\is-VMPNB.tmp\_isetup\_shfoldr.dll [23312]
O61 - LFC: 13/07/2009 - 00:39:19 ---A- . (.Microsoft Corporation.) -- C:\Users\Arthur\AppData\Local\Temp\SDIAG_065ddecf-5c42-4e0c-be36-71c80c6438ab\DiagPackage.dll [489472]
O61 - LFC: 13/07/2009 - 00:39:20 ---A- . (.Microsoft Corporation.) -- C:\Users\Arthur\AppData\Local\Temp\SDIAG_b6b797cb-c5c4-432f-a1c2-452552d49890\DiagPackage.dll [489472]
O61 - LFC: 14/09/2012 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\is-VMPNB.tmp\saction.dll [360448]
O61 - LFC: 15/01/2014 - 00:39:19 ----- . (.Baidu, Inc..) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\5296633_stp\BavPro_Setup_Mini_115_2.exe [1211240]
O61 - LFC: 16/06/2014 - 00:39:19 ---A- . (.Reloaded Technologies.) -- C:\Users\Arthur\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\SuperNodeDownloadManager.exe [4004904]
O61 - LFC: 16/12/2013 - 00:39:19 ----- . (.Baidu, Inc..) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\2268507_stp\BavPro_Setup_Mini_115_2.exe [1169768]
O61 - LFC: 16/12/2013 - 00:39:19 ----- . (.Baidu, Inc..) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\6207365_stp\BavPro_Setup_Mini_115_2.exe [1169768]
O61 - LFC: 17/10/2013 - 00:39:19 ----- . (.Baidu Inc..) -- C:\Users\Arthur\AppData\Local\Temp\is1242154493\8025952_stp\PC_Faster_Setup_Mini_B26_S.exe [1484832]
O61 - LFC: 19/12/2013 - 00:39:19 ---A- . (.Oracle Corporation.) -- C:\Users\Arthur\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe [921512]
O61 - LFC: 20/08/2014 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\Quarantine.exe [377099]
O61 - LFC: 25/08/2013 - 00:39:19 ----- . (.Baidu, Inc..) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\2268539_stp\PCFaster-Baixaki.exe [9751808]
O61 - LFC: 26/02/2014 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\libcef.dll [20758016]
O61 - LFC: 26/02/2014 - 00:39:19 ---A- . (.The ICU Project.) -- C:\Users\Arthur\AppData\Local\Temp\Reloaded Technologies\Super Node Delivery\icudt.dll [9956864]
O61 - LFC: 28/02/2014 - 00:39:18 ---A- . (.Baidu, Inc..) -- C:\Users\Arthur\AppData\Local\Temp\Baidu_Secure_SystemUp_4.0.1.56634.exe [18605480]
O61 - LFC: 28/02/2014 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\is8121084\Sqlite3.dll [599419]
O61 - LFC: 28/10/2012 - 00:39:19 ----- . (.sqlite.org.) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\2268394_stp\sqlite3.dll [425928]
O61 - LFC: 28/10/2012 - 00:39:19 ----- . (.sqlite.org.) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\414314_stp\sqlite3.dll [425928]
O61 - LFC: 28/10/2012 - 00:39:19 ----- . (.sqlite.org.) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\4164594_stp\sqlite3.dll [425928]
O61 - LFC: 28/10/2012 - 00:39:19 ----- . (.sqlite.org.) -- C:\Users\Arthur\AppData\Local\Temp\is701137889\6207347_stp\sqlite3.dll [425928]
O61 - LFC: 29/12/2013 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\jansi-32-git-Bukkit-1.5.2-R1.0-1-gf46bd58-b2793jnks.dll [17408]
O61 - LFC: 29/12/2013 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\nspD1E0.tmp\BgWorker.dll [2560]
O61 - LFC: 29/12/2013 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\nspD1E0.tmp\KillProcDLL.dll [4096]
O61 - LFC: 29/12/2013 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\nspD1E0.tmp\SkinBtn.dll [4608]
O61 - LFC: 29/12/2013 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\nspD1E0.tmp\System.dll [11264]
O61 - LFC: 29/12/2013 - 00:39:19 ---A- . (.Igor Pavlov.) -- C:\Users\Arthur\AppData\Local\Temp\nspD1E0.tmp\nsis7z.dll [175104]
O61 - LFC: 29/12/2013 - 00:39:20 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll [541696]
O61 - LFC: 30/01/2013 - 00:39:18 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\17409305.Uninstall\uninstaller.exe [1114624]
O61 - LFC: 30/01/2013 - 00:39:18 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\17449647.Uninstall\uninstaller.exe [1114624]
O61 - LFC: 30/01/2013 - 00:39:19 ----- . (...) -- C:\Users\Arthur\AppData\Local\Temp\is1242154493\8026083_stp\uninstaller.exe [1114624]
O61 - LFC: 31/12/2006 - 00:39:19 ---A- . (...) -- C:\Users\Arthur\AppData\Local\Temp\rcp_dcomnew_util_300.exe [0]
[HKCU\Software\Baidu Security]
[HKCU\Software\Baidu]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\baidu]
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASAPI32 =>PUP.Melondrea
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASMANCS =>PUP.Melondrea
[HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Level Quality Watcher] =>PUP.SavingsBull^
C:\Windows\Installer\a0cb60.msi =>PUP.SavingsBull^
C:\Users\Arthur\AppData\Local\Temp\GoogleToolbarInstaller1.log =>PUP.Babylon
C:\Users\Arthur\AppData\Local\Temp\GoogleToolbarInstaller2.log =>PUP.Babylon
ServiceStop:BAVSvc
ServiceStop:BHipsSvc
ServiceStop:PCAppStoreSvc_{PCAppStore_4.6.1.6274}
ServiceStop:SparkSecuritySvc
Firewallraz
shortcutfix
emptyclsid
emptyprefetch
|- Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!
A+
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: PC infectado com vários tipos de virus
Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Arthur at 01/01/2004 05:04:35
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (05mn 03s)
Prefetcher vazio
Reparação de atalhos do navegador
========== Estado dos serviços ==========
BDAPIUTIL Parado
BDCAMERAPROTECT Parado
PCFAPIUTIL Parado
BAVSvc Parado
BHipsSvc Parado
PCAppStoreSvc_{PCAppStore_4.6.1.6274} Parado
SparkSecuritySvc Parado
========== Chaves do Registo ==========
Ramo Base de Registos IFEO não infetado !
ELIMINÉ: Service: SparkSafeUpdater
ELIMINÉ: Service: SparkSecuritySvc
ELIMINÉ: Service: BAVSvc
ELIMINÉ: Service: BHipsSvc
ELIMINÉ: Service: PCAppStoreSvc_{PCAppStore_4.6.1.6274}
ELIMINÉ:³ Service: PCFasterSvc_{PCFaster_4.0.0.0}
ELIMINÉ: SearchScopes :{86c83f9e-48a4-4cd2-a763-64fea5df35f7}
ELIMINÉ:³ HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\baidu
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASMANCS
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Level Quality Watcher
========== Valores do Registo ==========
ERRO RunValue: Baidu PC Faster 4.0.0.0
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Private) : {7B623895-74BC-4944-857C-45C72076241B}
ELIMINÉ: FirewallRaz (Private) : {4635DB03-D746-4332-9780-E5C332F3259B}
ELIMINÉ: FirewallRaz (Private) : {94C66089-897C-4F48-B5DB-582C3230BDC2}
ELIMINÉ: FirewallRaz (Private) : {B55B68D7-ED77-48C2-B3FD-70E08ACA2111}
ELIMINÉ: FirewallRaz (Private) : TCP Query User{01B1C98D-777F-4C5A-A097-DC348A958B3E}C:\program files (x86)\baidu\sparksafe\bdtray.exe
ELIMINÉ: FirewallRaz (Private) : UDP Query User{C0074BB3-8A5D-4AA5-841E-1444CD374043}C:\program files (x86)\baidu\sparksafe\bdtray.exe
========== Elementos dos dados do Registo ==========
SUBSTITUI Value NoActiveDesktopChanges : Good (0) - Bad (1)
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (1029) (486.240.590 octets)
ELIMINA REINICIAR: c:\program files (x86)\baidu security\baidu antivirus\bavsvc.exe
ELIMINÉ: c:\program files (x86)\baidu security\pc app store\4.6.1.6274\pcappstoresvc.exe
ELIMINÉ: c:\windows\prefetch\levelqualitywatcher64.exe-7e6f46c8.pf
ELIMINÉ: c:\windows\prefetch\lollipop.exe-0f707b7f.pf
ELIMINÉ: c:\windows\prefetch\lollipop_antivirus_1302-27bc6-63cb2924.pf
ELIMINÉ: c:\windows\prefetch\melondrea.firstrun.exe-56b53026.pf
ELIMINÉ: c:\windows\prefetch\melondrea_0702-81cfb2ef.exe-a5f0b33e.pf
ELIMINÉ: c:\windows\prefetch\melondrea_setup.exe-960481a1.pf
ELIMINÉ: c:\windows\prefetch\mysearchdial.exe-a6ac01d5.pf
ELIMINÉ: c:\windows\prefetch\mysearchdialsrv.exe-7589f3a6.pf
ELIMINÉ: c:\windows\prefetch\mysearchdialupdate.exe-10d649ee.pf
ELIMINÉ: c:\windows\prefetch\savesenselive.exe-a927bdee.pf
ELIMINÉ: c:\windows\prefetch\savingsbullfilterservice64.ex-a33c9c5d.pf
ELIMINÉ: c:\windows\prefetch\savingsbull_2102-9a9fd283.exe-4e07aea6.pf
ELIMINÉ: c:\windows\prefetch\updatemelondrea.exe-1a81dc1e.pf
ELIMINÉ: c:\windows\prefetch\wajam_validate.exe-7f3f6147.pf
ELIMINÉ: C:\Windows\Installer\a0cb60.msi
========== Tarefa planificada ==========
ELIMINÉ: Baidu Antivirus Update
ELIMINÉ: Baidu PC Faster Service
ELIMINÉ: Baidu PC Faster Update
ELIMINÉ: SparkSafeUpdater
ELIMINÉ: SparkSafeUpdater
ELIMINÉ: {9FC74599-7082-499D-9824-DD4E3336A860}
========== Recapitulativo ==========
20 : Chaves do Registo
9 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
18 : Ficheiros
7 : Estado dos serviços
6 : Tarefa planificada
End of clean in 15mn 36s
========== Caminho do ficheiro do relatório ==========
C:\Users\Arthur\AppData\Roaming\ZHP\ZHPFix[R1].txt - 01/01/2004 05:09:39 [4348]
Fichier d'export Registre :
Run by Arthur at 01/01/2004 05:04:35
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (05mn 03s)
Prefetcher vazio
Reparação de atalhos do navegador
========== Estado dos serviços ==========
BDAPIUTIL Parado
BDCAMERAPROTECT Parado
PCFAPIUTIL Parado
BAVSvc Parado
BHipsSvc Parado
PCAppStoreSvc_{PCAppStore_4.6.1.6274} Parado
SparkSecuritySvc Parado
========== Chaves do Registo ==========
Ramo Base de Registos IFEO não infetado !
ELIMINÉ: Service: SparkSafeUpdater
ELIMINÉ: Service: SparkSecuritySvc
ELIMINÉ: Service: BAVSvc
ELIMINÉ: Service: BHipsSvc
ELIMINÉ: Service: PCAppStoreSvc_{PCAppStore_4.6.1.6274}
ELIMINÉ:³ Service: PCFasterSvc_{PCFaster_4.0.0.0}
ELIMINÉ: SearchScopes :{86c83f9e-48a4-4cd2-a763-64fea5df35f7}
ELIMINÉ:³ HKCU\Software\Baidu Security
ELIMINÉ: HKCU\Software\Baidu
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\baidu
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\melondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\updatemelondrea_RASMANCS
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\utilmelondrea_RASMANCS
ELIMINÉ:* HKLM\Software\Microsoft\Windows\CurrentVersion\Uninstall\Level Quality Watcher
========== Valores do Registo ==========
ERRO RunValue: Baidu PC Faster 4.0.0.0
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Private) : {7B623895-74BC-4944-857C-45C72076241B}
ELIMINÉ: FirewallRaz (Private) : {4635DB03-D746-4332-9780-E5C332F3259B}
ELIMINÉ: FirewallRaz (Private) : {94C66089-897C-4F48-B5DB-582C3230BDC2}
ELIMINÉ: FirewallRaz (Private) : {B55B68D7-ED77-48C2-B3FD-70E08ACA2111}
ELIMINÉ: FirewallRaz (Private) : TCP Query User{01B1C98D-777F-4C5A-A097-DC348A958B3E}C:\program files (x86)\baidu\sparksafe\bdtray.exe
ELIMINÉ: FirewallRaz (Private) : UDP Query User{C0074BB3-8A5D-4AA5-841E-1444CD374043}C:\program files (x86)\baidu\sparksafe\bdtray.exe
========== Elementos dos dados do Registo ==========
SUBSTITUI Value NoActiveDesktopChanges : Good (0) - Bad (1)
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (1029) (486.240.590 octets)
ELIMINA REINICIAR: c:\program files (x86)\baidu security\baidu antivirus\bavsvc.exe
ELIMINÉ: c:\program files (x86)\baidu security\pc app store\4.6.1.6274\pcappstoresvc.exe
ELIMINÉ: c:\windows\prefetch\levelqualitywatcher64.exe-7e6f46c8.pf
ELIMINÉ: c:\windows\prefetch\lollipop.exe-0f707b7f.pf
ELIMINÉ: c:\windows\prefetch\lollipop_antivirus_1302-27bc6-63cb2924.pf
ELIMINÉ: c:\windows\prefetch\melondrea.firstrun.exe-56b53026.pf
ELIMINÉ: c:\windows\prefetch\melondrea_0702-81cfb2ef.exe-a5f0b33e.pf
ELIMINÉ: c:\windows\prefetch\melondrea_setup.exe-960481a1.pf
ELIMINÉ: c:\windows\prefetch\mysearchdial.exe-a6ac01d5.pf
ELIMINÉ: c:\windows\prefetch\mysearchdialsrv.exe-7589f3a6.pf
ELIMINÉ: c:\windows\prefetch\mysearchdialupdate.exe-10d649ee.pf
ELIMINÉ: c:\windows\prefetch\savesenselive.exe-a927bdee.pf
ELIMINÉ: c:\windows\prefetch\savingsbullfilterservice64.ex-a33c9c5d.pf
ELIMINÉ: c:\windows\prefetch\savingsbull_2102-9a9fd283.exe-4e07aea6.pf
ELIMINÉ: c:\windows\prefetch\updatemelondrea.exe-1a81dc1e.pf
ELIMINÉ: c:\windows\prefetch\wajam_validate.exe-7f3f6147.pf
ELIMINÉ: C:\Windows\Installer\a0cb60.msi
========== Tarefa planificada ==========
ELIMINÉ: Baidu Antivirus Update
ELIMINÉ: Baidu PC Faster Service
ELIMINÉ: Baidu PC Faster Update
ELIMINÉ: SparkSafeUpdater
ELIMINÉ: SparkSafeUpdater
ELIMINÉ: {9FC74599-7082-499D-9824-DD4E3336A860}
========== Recapitulativo ==========
20 : Chaves do Registo
9 : Valores do Registo
1 : Elementos dos dados do Registo
1 : Pastas
18 : Ficheiros
7 : Estado dos serviços
6 : Tarefa planificada
End of clean in 15mn 36s
========== Caminho do ficheiro do relatório ==========
C:\Users\Arthur\AppData\Roaming\ZHP\ZHPFix[R1].txt - 01/01/2004 05:09:39 [4348]
Fuçador- Membro
- Mensagens : 131
Reputação : 1
Data de inscrição : 30/09/2013
Re: PC infectado com vários tipos de virus
Boa Tarde! Fuçador
|- Poste,novamente,outro relatório de ZHPDiag,na opção COMPLETA.
A+
|- Poste,novamente,outro relatório de ZHPDiag,na opção COMPLETA.
A+
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: PC infectado com vários tipos de virus
boa tarde aqi esta o link contendo o relatorio do ZHPDIAG
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Fuçador- Membro
- Mensagens : 131
Reputação : 1
Data de inscrição : 30/09/2013
Re: PC infectado com vários tipos de virus
Boa Tarde! Fuçador
|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.
script zhpfix
emptytemp
[MD5.25F14A383D92D576B19FC0BAF2B0A97C] - (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe [1704296] [PID.3220]
[MD5.D7F3C10428130DB60FF0318C975F12AB] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe [1334976] [PID.3580]
[MD5.968CD4BF6A25C30CF66B9781587FD5D9] - (.Baidu, Inc. - Baidu Antivirus Hips Service.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [481432] [PID.1884]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [770032] [PID.2224]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe [770032] [PID.2864]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe [770032] [PID.3164]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exe [770032] [PID.3316]
O4 - HKLM\..\Wow6432Node\Run: [Baidu PC Faster 4.0.0.0] . (.Baidu Inc. - PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
O43 - CFD: 01/01/2004 - 03:55:55 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 01/01/2004 - 04:04:23 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 01/01/2004 - 04:05:03 - [] ----D C:\Users\Arthur\AppData\Roaming\Baidu Security
O64 - Services: CurCS - 13/06/2014 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys (BdApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_BDAPIUTIL
O64 - Services: CurCS - 27/05/2014 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys (BdCameraProtect) .(.Baidu, Inc. - Baidu Antivirus Camera Protector Driver.) - LEGACY_BDCAMERAPROTECT
O67 - Shell Spawning: <.html>[HKLM\..\open\Command] (...) -- C:\Program Files (x86)\baidu\SparkSafe\Spark.exe
O68 - StartMenuInternet: [HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\baidu\SparkSafe\Spark.exe (.not file.)
SR - | Auto 31/12/2003 770032 | (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
[HKCU\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
C:\Users\Arthur\AppData\Roaming\Baidu Security
C:\Program Files (x86)\Baidu Security
C:\ProgramData\Baidu Security
ServiceStop:PCFasterSvc_{PCFaster_4.0.0.0}
ServiceStop:BdApiUtil
ServiceStop:BdCameraProtect
Firewallraz
Emptyprefetch
Emptyclsid
|- Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!
A+
|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.
script zhpfix
emptytemp
[MD5.25F14A383D92D576B19FC0BAF2B0A97C] - (.Baidu, Inc. - Baidu Antivirus Tray Application.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BavTray.exe [1704296] [PID.3220]
[MD5.D7F3C10428130DB60FF0318C975F12AB] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe [1334976] [PID.3580]
[MD5.968CD4BF6A25C30CF66B9781587FD5D9] - (.Baidu, Inc. - Baidu Antivirus Hips Service.) -- C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BHipsSvc.exe [481432] [PID.1884]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [770032] [PID.2224]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe [770032] [PID.2864]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe [770032] [PID.3164]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exe [770032] [PID.3316]
O4 - HKLM\..\Wow6432Node\Run: [Baidu PC Faster 4.0.0.0] . (.Baidu Inc. - PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
O43 - CFD: 01/01/2004 - 03:55:55 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 01/01/2004 - 04:04:23 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 01/01/2004 - 04:05:03 - [] ----D C:\Users\Arthur\AppData\Roaming\Baidu Security
O64 - Services: CurCS - 13/06/2014 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdApiUtil64.sys (BdApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_BDAPIUTIL
O64 - Services: CurCS - 27/05/2014 - C:\Program Files (x86)\Baidu Security\Baidu Antivirus\BdCameraProtect64.sys (BdCameraProtect) .(.Baidu, Inc. - Baidu Antivirus Camera Protector Driver.) - LEGACY_BDCAMERAPROTECT
O67 - Shell Spawning: <.html>
O68 - StartMenuInternet:
SR - | Auto 31/12/2003 770032 | (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
[HKCU\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
C:\Users\Arthur\AppData\Roaming\Baidu Security
C:\Program Files (x86)\Baidu Security
C:\ProgramData\Baidu Security
ServiceStop:PCFasterSvc_{PCFaster_4.0.0.0}
ServiceStop:BdApiUtil
ServiceStop:BdCameraProtect
Firewallraz
Emptyprefetch
Emptyclsid
|- Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!
A+
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: PC infectado com vários tipos de virus
Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Arthur at 29/08/2014 18:19:04
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (01mn 05s)
Prefetcher vazio
========== Estado dos serviços ==========
BDAPIUTIL Parado
BDCAMERAPROTECT Parado
PCFasterSvc_{PCFaster_4.0.0.0} Parado
BdApiUtil Parado
BdCameraProtect Parado
========== Chaves do Registo ==========
ELIMINÉ:³ Service: PCFasterSvc_{PCFaster_4.0.0.0}
ELIMINÉ:³ HKCU\Software\Baidu Security
ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security
========== Valores do Registo ==========
ERRO RunValue: Baidu PC Faster 4.0.0.0
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (7) (1.198.810 octets)
ELIMINA REINICIAR: c:\program files (x86)\baidu security\pc faster\4.0.0.0\pcfaster.exe
========== Recapitulativo ==========
3 : Chaves do Registo
3 : Valores do Registo
1 : Pastas
2 : Ficheiros
5 : Estado dos serviços
End of clean in 15mn 45s
========== Caminho do ficheiro do relatório ==========
C:\Users\Arthur\AppData\Roaming\ZHP\ZHPFix[R1].txt - 01/01/2004 04:09:39 [4429]
C:\Users\Arthur\AppData\Roaming\ZHP\ZHPFix[R2].txt - 29/08/2014 18:20:09 [1374]
Fichier d'export Registre :
Run by Arthur at 29/08/2014 18:19:04
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (01mn 05s)
Prefetcher vazio
========== Estado dos serviços ==========
BDAPIUTIL Parado
BDCAMERAPROTECT Parado
PCFasterSvc_{PCFaster_4.0.0.0} Parado
BdApiUtil Parado
BdCameraProtect Parado
========== Chaves do Registo ==========
ELIMINÉ:³ Service: PCFasterSvc_{PCFaster_4.0.0.0}
ELIMINÉ:³ HKCU\Software\Baidu Security
ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security
========== Valores do Registo ==========
ERRO RunValue: Baidu PC Faster 4.0.0.0
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
========== Ficheiros ==========
ELIMINÉ Temporários windows (7) (1.198.810 octets)
ELIMINA REINICIAR: c:\program files (x86)\baidu security\pc faster\4.0.0.0\pcfaster.exe
========== Recapitulativo ==========
3 : Chaves do Registo
3 : Valores do Registo
1 : Pastas
2 : Ficheiros
5 : Estado dos serviços
End of clean in 15mn 45s
========== Caminho do ficheiro do relatório ==========
C:\Users\Arthur\AppData\Roaming\ZHP\ZHPFix[R1].txt - 01/01/2004 04:09:39 [4429]
C:\Users\Arthur\AppData\Roaming\ZHP\ZHPFix[R2].txt - 29/08/2014 18:20:09 [1374]
Fuçador- Membro
- Mensagens : 131
Reputação : 1
Data de inscrição : 30/09/2013
Re: PC infectado com vários tipos de virus
Boa Noite! Fuçador
|- Poste,pela última vez,novo log de ZHPDiag. Realizaremos seu script final...
A+
|- Poste,pela última vez,novo log de ZHPDiag. Realizaremos seu script final...
A+
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: PC infectado com vários tipos de virus
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Fuçador- Membro
- Mensagens : 131
Reputação : 1
Data de inscrição : 30/09/2013
Re: PC infectado com vários tipos de virus
Boa Noite! FuçadorFuçador escreveu:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
|- Execute este script na ferramenta ZHPFix.
|- Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
|- Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
|- À seguir,minimize o Bloco de Notas.
Script ZHPFix
emptytemp
Firewallraz
[MD5.D7F3C10428130DB60FF0318C975F12AB] - (.Baidu Inc. - PC Faster Tray.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFTray.exe [1334976] [PID.1176]
[MD5.610C67E69AD7F0265AEA4BF9074DEFCD] - (.Baidu Inc. - Baidu PC App Store Service.) -- C:\Program Files (x86)\Baidu Security\PC App Store\4.7.1.6925\PCAppStoreSvc.exe [550944] [PID.1600]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [770032] [PID.1776]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\SysOptEngineSvc.exe [770032] [PID.1880]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\CleanerEngineSvc.exe [770032] [PID.2776]
[MD5.933078FAEB8719E3E98A46F70D27095B] - (.Baidu Inc. - Baidu PC Faster Service.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\LeakRepairSvc.exe [770032] [PID.2940]
[MD5.933078FAEB8719E3E98A46F70D27095B] [APT] [Baidu PC Faster Service] (.Baidu Inc..) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe [770032]
[MD5.F01CEF89A1059F08877E9FA16970AF88] [APT] [Baidu PC Faster Update] (.Baidu Inc..) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\Updater.exe [1329648]
O4 - HKLM\..\Wow6432Node\Run: [Baidu PC Faster 4.0.0.0] . (.Baidu Inc. - PC Faster.) -- C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFaster.exe
O23 - Service: Baidu PC App Store Service 4.7.1.6925 (PCAppStoreSvc_{PCAppStore_4.7.1.6925}) . (.Baidu Inc. - Baidu PC App Store Service.) - C:\Program Files (x86)\Baidu Security\PC App Store\4.7.1.6925\PCAppStoreSvc.exe
O23 - Service: Baidu PC Faster Service 4.0.0.0 (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc. - Baidu PC Faster Service.) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
O43 - CFD: 01/01/2004 - 00:03:18 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 01/01/2004 - 04:04:23 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 29/08/2014 - 18:13:16 - [] ----D C:\Users\Arthur\AppData\Roaming\Baidu Security
O64 - Services: CurCS - 31/12/2003 - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFApiUtil64.sys (PCFApiUtil) .(.Baidu, Inc. - Baidu Antivirus BdApi Driver.) - LEGACY_PCFAPIUTIL
O67 - Shell Spawning: <.html>
O68 - StartMenuInternet:
SR - | Auto 25/08/2014 550944 | (PCAppStoreSvc_{PCAppStore_4.7.1.6925}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC App Store\4.7.1.6925\PCAppStoreSvc.exe
SR - | Auto 31/12/2003 770032 | (PCFasterSvc_{PCFaster_4.0.0.0}) . (.Baidu Inc..) - C:\Program Files (x86)\Baidu Security\PC Faster\4.0.0.0\PCFasterSvc.exe
[HKCU\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
C:\Users\Arthur\AppData\Roaming\Baidu Security
C:\Program Files (x86)\Baidu Security
C:\ProgramData\Baidu Security
ServiceStop:PCAppStoreSvc_{PCAppStore_4.7.1.6925}
ServiceStop:PCFasterSvc_{PCFaster_4.0.0.0}
ServiceStop:PCFApiUtil
Emptyprefetch
Emptyclsid
Emptyflash
Ifeofix
|- Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
|- Clique IMPORTAÇÃO >> OK.
|- Clique "GO".
|- Poste o relatório!
A+
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: PC infectado com vários tipos de virus
Rapport de ZHPFix 2014.8.3.6 par Nicolas Coolman, Update du 03/08/2014
Fichier d'export Registre :
Run by Arthur at 30/08/2014 14:52:23
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (02mn 36s)
Prefetcher vazio
========== Estado dos serviços ==========
PCFAPIUTIL Parado
PCAppStoreSvc_{PCAppStore_4.7.1.6925} Parado
PCFasterSvc_{PCFaster_4.0.0.0} Parado
PCFApiUtil Parado
========== Chaves do Registo ==========
ELIMINÉ: Service: PCAppStoreSvc_{PCAppStore_4.7.1.6925}
ELIMINÉ:³ Service: PCFasterSvc_{PCFaster_4.0.0.0}
ELIMINÉ:³ HKCU\Software\Baidu Security
ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security
Ramo Base de Registos IFEO não infetado !
========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ERRO RunValue: Baidu PC Faster 4.0.0.0
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Flash Cookies (0)
========== Ficheiros ==========
ELIMINÉ Temporários windows ( (274.391 octets)
ELIMINA REINICIAR: c:\program files (x86)\baidu security\pc faster\4.0.0.0\pcfaster.exe
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: Baidu PC Faster Service
ELIMINÉ: Baidu PC Faster Update
========== Recapitulativo ==========
5 : Chaves do Registo
3 : Valores do Registo
2 : Pastas
3 : Ficheiros
4 : Estado dos serviços
2 : Tarefa planificada
End of clean in 14mn 34s
========== Caminho do ficheiro do relatório ==========
C:\Users\Arthur\AppData\Roaming\ZHP\ZHPFix[R1].txt - 01/01/2004 04:09:39 [4429]
C:\Users\Arthur\AppData\Roaming\ZHP\ZHPFix[R2].txt - 29/08/2014 18:20:09 [1455]
C:\Users\Arthur\AppData\Roaming\ZHP\ZHPFix[R3].txt - 30/08/2014 14:55:00 [1753]
Fichier d'export Registre :
Run by Arthur at 30/08/2014 14:52:23
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (02mn 36s)
Prefetcher vazio
========== Estado dos serviços ==========
PCFAPIUTIL Parado
PCAppStoreSvc_{PCAppStore_4.7.1.6925} Parado
PCFasterSvc_{PCFaster_4.0.0.0} Parado
PCFApiUtil Parado
========== Chaves do Registo ==========
ELIMINÉ: Service: PCAppStoreSvc_{PCAppStore_4.7.1.6925}
ELIMINÉ:³ Service: PCFasterSvc_{PCFaster_4.0.0.0}
ELIMINÉ:³ HKCU\Software\Baidu Security
ELIMINÉ:³ HKLM\Software\Wow6432Node\Baidu Security
Ramo Base de Registos IFEO não infetado !
========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ERRO RunValue: Baidu PC Faster 4.0.0.0
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Flash Cookies (0)
========== Ficheiros ==========
ELIMINÉ Temporários windows ( (274.391 octets)
ELIMINA REINICIAR: c:\program files (x86)\baidu security\pc faster\4.0.0.0\pcfaster.exe
ELIMINÉ Flash Cookies (0) (0 octets)
========== Tarefa planificada ==========
ELIMINÉ: Baidu PC Faster Service
ELIMINÉ: Baidu PC Faster Update
========== Recapitulativo ==========
5 : Chaves do Registo
3 : Valores do Registo
2 : Pastas
3 : Ficheiros
4 : Estado dos serviços
2 : Tarefa planificada
End of clean in 14mn 34s
========== Caminho do ficheiro do relatório ==========
C:\Users\Arthur\AppData\Roaming\ZHP\ZHPFix[R1].txt - 01/01/2004 04:09:39 [4429]
C:\Users\Arthur\AppData\Roaming\ZHP\ZHPFix[R2].txt - 29/08/2014 18:20:09 [1455]
C:\Users\Arthur\AppData\Roaming\ZHP\ZHPFix[R3].txt - 30/08/2014 14:55:00 [1753]
Fuçador- Membro
- Mensagens : 131
Reputação : 1
Data de inscrição : 30/09/2013
Re: PC infectado com vários tipos de virus
Boa Tarde! Fuçador
|- Desinstalou o Avast?
|- Se foi o Avast,execute este utilitário!
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Execute-o,em Modo de Segurança >> Clique em Remove.
|- Reinicie o computador ao concluir!
-/-
|- Baixe: |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| ( ... de Xplode )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Estando na página,clique em Download Now.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Com as caixinhas marcadas,clique Executar!
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Leia este Tutorial e baixe o MBAM.
|- Configure-o a enviar suas detecções para a quarentena.
|- Poste o relatório ao concluir!
A+
|- Desinstalou o Avast?
|- Se foi o Avast,execute este utilitário!
|- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Execute-o,em Modo de Segurança >> Clique em Remove.
|- Reinicie o computador ao concluir!
-/-
|- Baixe: |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| ( ... de Xplode )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Estando na página,clique em Download Now.
|- Salve-a em um local conveniente! ( desktop! )
|- Feche aplicativos que estejam abertos.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
|- Com as caixinhas marcadas,clique Executar!
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
|- Leia este Tutorial e baixe o MBAM.
|- Configure-o a enviar suas detecções para a quarentena.
|- Poste o relatório ao concluir!
A+
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: PC infectado com vários tipos de virus
aqui esta instalado o avg posso proceder do mesmo jeito?
Fuçador- Membro
- Mensagens : 131
Reputação : 1
Data de inscrição : 30/09/2013
Re: PC infectado com vários tipos de virus
Bom Dia! FuçadorFuçador escreveu:aqui esta instalado o avg posso proceder do mesmo jeito?
|- Não é a mesma coisa,pois pode ter tido permissões erradas e não detectar PUPs.
|- Portanto,realize o scan com o MBAM.
Abs!
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: PC infectado com vários tipos de virus
ok valeu pela força ae o pc esta muito melhor! grato pela ajuda!
pode fechar o topico!
pode fechar o topico!
Fuçador- Membro
- Mensagens : 131
Reputação : 1
Data de inscrição : 30/09/2013
Re: PC infectado com vários tipos de virus
CASO RESOLVIDO
Caso o autor do Tópico necessite de sua reabertura,o mesmo deverá entrar em contato com um dos membros da Equipe da Moderação,e solicitar o desbloqueio.
Caso o autor do Tópico necessite de sua reabertura,o mesmo deverá entrar em contato com um dos membros da Equipe da Moderação,e solicitar o desbloqueio.
joram- Administrador
- Mensagens : 4160
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Tópicos semelhantes
» meu pc foi infectado por por um virus chamado win32:rootkit-gen[rtk]
» PC infectado
» Lógica de programação - Aula 02 - Tipos de algoritmo
» Remova vírus e malwares com o Kaspersky Virus Removal Tool
» pc infectado
» PC infectado
» Lógica de programação - Aula 02 - Tipos de algoritmo
» Remova vírus e malwares com o Kaspersky Virus Removal Tool
» pc infectado
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos
|
|