Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 14 usuários online :: 0 registrados, 0 invisíveis e 14 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Desinstalar Malware
2 participantes
Página 1 de 2
Página 1 de 2 • 1, 2 
Desinstalar Malware
por Marcelo Valentim Seg 13 Out 2014, 10:57
Bom dia pessoal!!
Estou com um mega problema para desinstalar esse Muvic... ja baixei o SpyHunter, Yac e por último agora o Adw... mas nao to conseguindo.
Se alguém puder ajudar, agradecria muito.
Cordiais saudações!
# AdwCleaner v4.000 - Report created 13/10/2014 at 06:34:34
# DB v2014-10-12.3
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Valentim - VALENTIM-PC
# Running from : C:\Users\Valentim\Desktop\adwcleaner_4.000.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : Scores
Service Deleted : {6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\Users\Public\Documents\baidu
Folder Deleted : C:\Users\Valentim\AppData\Roaming\baidu
Folder Deleted : C:\Users\Valentim\AppData\Roaming\eCyber
Folder Deleted : C:\Users\Valentim\AppData\Local\Temp\iSafeRightKeyScan
Folder Deleted : C:\Program Files\Enigma Software Group
[!] Folder Deleted : C:\Program Files (x86)\Elex-tech
Folder Deleted : C:\Users\Valentim\AppData\Roaming\Elex-tech
Folder Deleted : C:\Users\Valentim\AppData\Local\Genesis_10110232
File Deleted : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\Windows\System32\\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64.sys
File Deleted : C:\Users\Valentim\AppData\Roaming\Mozilla\Firefox\Profiles\0o2o3zp5.default\searchplugins\Web Search.xml
***** [ Scheduled Tasks ] *****
Task Deleted : LaunchSignup
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [search-snacks@search-snacks.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5411D116-5A37-47D4-B154-5F7FCD9062F0}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\MyBestOffersToday
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Key Deleted : [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17280
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v
[0o2o3zp5.default] - Line Deleted : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[0o2o3zp5.default] - Line Deleted : user_pref("browser.search.defaultenginename", "omiga-plus");
[0o2o3zp5.default] - Line Deleted : user_pref("extensions.crossrider.bic", "148fd140bb76825262116285df27c115");
[0o2o3zp5.default] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[0o2o3zp5.default] - Line Deleted : user_pref("extensions.quick_start.sd.
Estou com um mega problema para desinstalar esse Muvic... ja baixei o SpyHunter, Yac e por último agora o Adw... mas nao to conseguindo.
Se alguém puder ajudar, agradecria muito.
Cordiais saudações!
# AdwCleaner v4.000 - Report created 13/10/2014 at 06:34:34
# DB v2014-10-12.3
# Updated 12/10/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Valentim - VALENTIM-PC
# Running from : C:\Users\Valentim\Desktop\adwcleaner_4.000.exe
# Option : Clean
***** [ Services ] *****
[#] Service Deleted : Scores
Service Deleted : {6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\baidu
Folder Deleted : C:\Users\Public\Documents\baidu
Folder Deleted : C:\Users\Valentim\AppData\Roaming\baidu
Folder Deleted : C:\Users\Valentim\AppData\Roaming\eCyber
Folder Deleted : C:\Users\Valentim\AppData\Local\Temp\iSafeRightKeyScan
Folder Deleted : C:\Program Files\Enigma Software Group
[!] Folder Deleted : C:\Program Files (x86)\Elex-tech
Folder Deleted : C:\Users\Valentim\AppData\Roaming\Elex-tech
Folder Deleted : C:\Users\Valentim\AppData\Local\Genesis_10110232
File Deleted : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\Windows\System32\\drivers\{6eaeb8af-e4d9-4df5-b9d7-815f2928cdf7}Gw64.sys
File Deleted : C:\Users\Valentim\AppData\Roaming\Mozilla\Firefox\Profiles\0o2o3zp5.default\searchplugins\Web Search.xml
***** [ Scheduled Tasks ] *****
Task Deleted : LaunchSignup
***** [ Shortcuts ] *****
***** [ Registry ] *****
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [search-snacks@search-snacks.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bopakagnckmlgajfccecajhnimjiiedh
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5411D116-5A37-47D4-B154-5F7FCD9062F0}
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\MyBestOffersToday
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\iSafe
Key Deleted : [x64] HKLM\SOFTWARE\EnigmaSoftwareGroup
***** [ Browsers ] *****
-\\ Internet Explorer v11.0.9600.17280
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Search_URL]
Setting Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
-\\ Mozilla Firefox v
[0o2o3zp5.default] - Line Deleted : user_pref("browser.newtab.url", "chrome://quick_start/content/index.html");
[0o2o3zp5.default] - Line Deleted : user_pref("browser.search.defaultenginename", "omiga-plus");
[0o2o3zp5.default] - Line Deleted : user_pref("extensions.crossrider.bic", "148fd140bb76825262116285df27c115");
[0o2o3zp5.default] - Line Deleted : user_pref("extensions.quick_start.enable_search1", false);
[0o2o3zp5.default] - Line Deleted : user_pref("extensions.quick_start.sd.
Marcelo Valentim- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 13/10/2014
Re: Desinstalar Malware
por joram Seg 13 Out 2014, 11:14
Bom Dia! Marcelo Valentim
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
> Ou [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] << Link!
> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
> Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ou anexe-o |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| << Link!
> Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| > << Hospedagem!
A+
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > ( ... de Nicolas Coolman )
> Ou [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] << Link!
> Salve-o no disco local! ( C ou D )
> Desabilite seu antivírus e execute "ZHPDiag2.exe",para instalar a ferramenta.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Execute o ícone do pergaminho. ( ZHPDiag )
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Clique "COMPLETA" e aguarde a conclusão!
> Clique OK e,ao concluir,poste o relatório! ( ZHPDiag.txt )
> Ps: Como o log será extenso,envie-o à [Tens de ter uma conta e sessão iniciada para poderes visualizar este link].
> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ou acesse: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ou anexe-o |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| << Link!
> Maiores informações: < |[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]| > << Hospedagem!
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Desinstalar Malware
por Marcelo Valentim Seg 13 Out 2014, 13:41
Amigo, infelizmente não consegui! Apesar de ter seguido todas as recomendações.
Marcelo Valentim- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 13/10/2014
Re: Desinstalar Malware
por joram Seg 13 Out 2014, 13:59
Boa Tarde! Marcelo ValentimMarcelo Valentim escreveu:Amigo, infelizmente não consegui! Apesar de ter seguido todas as recomendações.
> Não conseguiu o que? Seja específico!
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Desinstalar Malware
por Marcelo Valentim Seg 13 Out 2014, 14:09
Me desculpe; não consegui excluir, UNISTALL, o Muvic Smartbar.
Marcelo Valentim- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 13/10/2014
Re: Desinstalar Malware
por joram Seg 13 Out 2014, 14:28
Boa Tarde! Marcelo ValentimMarcelo Valentim escreveu:Me desculpe; não consegui excluir, UNISTALL, o Muvic Smartbar.
A execução da ferramenta é de diagnóstico e não de remoção,sendo que esta tarefa é por script em ZHPFix.
Verifique se o Muvic Smartbar,aparece na relação do Revo Uninstaller.
- Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
- Salve-o em seu pendrive e descompacte-o aí mesmo,ou seja,na unidade removível.
- Execute o utilitário ( Revouninstaller.exe ) e verifique se na tela principal aparece o programa a ser desinstalado.
- No seu caso,o Muvic Smartbar.
- Selecione-o e clique em Desinstalar.
- Escolha o módulo "Avançado".
- Clique "Avançar" >> "Avançar" >> "Marcar tudo" >> "Excluir" >> "Sim".
- Repetindo: Clique "Avançar" >> "Marcar tudo" >> "Excluir" >> "Sim".
- Repetindo novamente: Clique "Avançar" >> "Finalizado".
- Para maiores detalhes,leia os < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
- Após desinstalar o Muvic Smartbar,execute o CCleaner e escolha a opção Registro.
< [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] > - Clique em "Procurar erros" >> Aguarde!
- Clique em "Corrigir erro(s) selecionado(s)...".
- Clique em "Não",na mensagem!
- Clique em "Corrigir erro" >> "Fechar".
- Informe!
- A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Desinstalar Malware
por Marcelo Valentim Seg 13 Out 2014, 15:42
Caro Joram, vc realmente é o cara!!!
Consegui me livrar desse insolúvel problema, graças a vc!!
Muito obrigado!!
P.s.: só mais uma coisa, por favor: quero desinstalar (YAC Tray) e (Astormenda Search), porém esses dois "programas" não constam na lista de Programas... parecem que estão invisíveis... aparecendo direto na área de trabalho e como browser, respectivamente.
Consegui me livrar desse insolúvel problema, graças a vc!!
Muito obrigado!!
P.s.: só mais uma coisa, por favor: quero desinstalar (YAC Tray) e (Astormenda Search), porém esses dois "programas" não constam na lista de Programas... parecem que estão invisíveis... aparecendo direto na área de trabalho e como browser, respectivamente.
Marcelo Valentim- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 13/10/2014
Re: Desinstalar Malware
por joram Seg 13 Out 2014, 19:00
Boa Noite! Marcelo Valentim
> Podes começar,postando o log de ZHPDiag em Cjoint.com e colando aqui,o link disponibilizado.
A+
> Neste caso,somente com o passo à passo,utilizando ferramentas.Marcelo Valentim escreveu:P.s.: só mais uma coisa, por favor: quero desinstalar (YAC Tray) e (Astormenda Search), porém esses dois "programas" não constam na lista de Programas... parecem que estão invisíveis... aparecendo direto na área de trabalho e como browser, respectivamente.
> Podes começar,postando o log de ZHPDiag em Cjoint.com e colando aqui,o link disponibilizado.
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Desinstalar Malware
por Marcelo Valentim Ter 14 Out 2014, 09:38
PREZADO JORAM, SEGUE O RELATÓRIO. ATENCIOSAMENTE!
~ Relatório do ZHPDiag v2014.10.12.145 - Nicolas Coolman (12/10/2014)
~ Iniciado por Valentim (14/10/2014 05:33:45)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17280
GCIE: Google Chrome v38.0.2125.101 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
CCleaner v4.16
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 15 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3893 MB (65% free)
System Restore: Activé (Enable)
System drive C: has 84 GB (29%) free of 285 GB
---\\ Modo de conexão ao sistema
~ Computer Name: VALENTIM-PC
~ User Name: Valentim
~ All Users Names: Valentim, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Valentim\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Valentim\AppData\Roaming\
~ %Desktop% : C:\Users\Valentim\Desktop\
~ %Favorites% : C:\Users\Valentim\Favorites\
~ %LocalAppData% : C:\Users\Valentim\AppData\Local\
~ %StartMenu% : C:\Users\Valentim\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 84 Go of 285 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 05:24:45.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 17:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.39EBB9708453036A74C30C9A294023FF] - (.Microsoft Corporation - Internet Extensions for Win32.) (.18/08/2014 - 13:15:13.) -- C:\Windows\System32\wininet.dll [2310656]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Windows Logon Application.) (.04/03/2014 - 01:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 05:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.29/05/2014 - 22:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 17:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 15:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 01:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 01:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 02:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 15:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 16:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 18:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 01:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 06:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 16:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 02:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 03:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 16:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 01:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 05:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/5
~ Mes musiques (My Musics) : 1/89
~ Mes Favoris (My Favorites) : 1/19
~ Mes Documents (My Documents) : 1/2
~ Mon Bureau (My Desktop) : 1/22144
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 17s
---\\ Processos lançados
[MD5.0A09297C37084FF74660F0390E1E4F9B] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe [315520] [PID.3056] =>Trojan.Staser
[MD5.EB8E27A3C1EA82711BC4037D53EE5122] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Valentim\AppData\Roaming\Dropbox\bin\Dropbox.exe [36414624] [PID.2484]
[MD5.D88B2D487439305A2EC308A6796C3044] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.2740]
[MD5.4AA39B9A4A8534450AA4F55F5C907090] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344] [PID.4952]
[MD5.122FC4E3E430AA4CE4E73602B1B10395] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8112640] [PID.3276]
[MD5.11F6F9216D8F77EAC196B07D66E819EA] - (.Elex do Brasil Participações Ltda - iSafeSvc.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048] [PID.876] =>Trojan.Staser
[MD5.A03A95B389479B2ADE3A288FA2EA11D1] - (.Elex do Brasil Participações Ltda - iSafeSvc2.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe [118048] [PID.976] =>Trojan.Staser
[MD5.C5679E5186B2FC95BC76A8A9870D5456] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64704] [PID.1764]
[MD5.608D6A90E989C6522F170E5526A64BF4] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1784]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Valentim\AppData\Roaming\Mozilla\Firefox\Profiles\0o2o3zp5.default\prefs.js
C:\Users\Valentim\AppData\Roaming\Mozilla\Firefox\Profiles\0o2o3zp5.default\user.js
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
M2 - MFEP: prefs.js [Valentim - 0o2o3zp5.default\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}] [] EE223D7AF30F11DD8F0AD2AD55D89593 v1008.72.92 (..)
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{341307DB-371F-4BA8-BD19-20931E6E390F}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0528AFD-A38A-487B-BC14-A7E4820E91E9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{341307DB-371F-4BA8-BD19-20931E6E390F}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D0528AFD-A38A-487B-BC14-A7E4820E91E9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{341307DB-371F-4BA8-BD19-20931E6E390F}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D0528AFD-A38A-487B-BC14-A7E4820E91E9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: YAC Service (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>Trojan.Staser
O23 - Service: Update Framed Display (Update Framed Display) . (...) - C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe (.not file.)
~ Services: 4 Legitimates Filtered in 00mn 05s
---\\ Tarefas planificadas automaticamente (039)
[MD5.FD73320FF0794A1CD66F27E4359C8016] [APT] [CQV] (.browser.) -- C:\Users\Valentim\AppData\Roaming\CQV.exe [1500048]
[MD5.EB4ED577BD64478FAA737D7F07A33311] [APT] [KWVHK] (.browser.) -- C:\Users\Valentim\AppData\Roaming\KWVHK.exe [1963920]
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe (.not file.) [0] =>PUP.JDIBackup
[MD5.00000000000000000000000000000000] [APT] [{A2A93DCF-B9BF-48DF-997F-7294F77932B6}] (...) -- C:\Users\Valentim\AppData\Roaming\omiga-plus\UninstallManager.exe (.not file.) [0] =>Hijacker.OmigaPlus
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: CQV - (.browser.) -- C:\Windows\Tasks\CQV.job [1344]
O39 - APT: CQV - (.browser.) -- C:\Windows\System32\Tasks\CQV [1344]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1068]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1072]
O39 - APT: KWVHK - (.browser.) -- C:\Windows\Tasks\KWVHK.job [1348]
O39 - APT: KWVHK - (.browser.) -- C:\Windows\System32\Tasks\KWVHK [1348]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 04s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (iSafeKrnl) . (.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys
O41 - Driver: (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys
O41 - Driver: (iSafeKrnlR3) . (.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys =>Trojan.Staser
O41 - Driver: (ssnfd) . (. - .) - C:\Windows\System32\drivers\ssnfd.sys (.not file.)
~ Drivers: 78 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKCU\Software\CQV]
[HKCU\Software\Download4windows]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\KWVHK]
[HKCU\Software\Reg]
[HKCU\Software\elex-tech]
[HKCU\Software\test]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Elex-tech]
[HKLM\Software\Wow6432Node\MaxPower]
[HKLM\Software\Wow6432Node\Reg]
[HKLM\Software\Wow6432Node\SearchSnacks]
[HKLM\Software\Wow6432Node\baidu]
~ Key Software: 107 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/10/2014 - 08:28:15 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 13/10/2014 - 04:34:01 - [] ----D C:\Program Files (x86)\Elex-tech
O43 - CFD: 11/10/2014 - 08:28:39 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 13/10/2014 - 07:24:21 - [] ----D C:\Users\Valentim\AppData\Roaming\Elex-tech
O43 - CFD: 10/10/2014 - 19:42:43 - [] ----D C:\Users\Valentim\AppData\Local\com
~ Program Folder: 97 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.73A7B8E428D669D032866A594E167BB2] - 11/10/2014 - 16:41:07 ---A- . (...) -- C:\Windows\win.ini [580]
O44 - LFC:[MD5.4B69222C63E6B804B1013DEAA557DFC0] - 12/10/2014 - 17:26:09 ----- . (...) -- C:\bootsqm.dat [3560]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 12/10/2014 - 18:47:04 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.F7A5EDB11A6BDD2E73FC1DDA4C64A068] - 13/10/2014 - 03:34:18 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [49320] =>Trojan.Staser
O44 - LFC:[MD5.EFE2C32C4A7267CD70247BD907420025] - 13/10/2014 - 09:52:29 ---A- . (.No owner - Registry Optimizer.) -- C:\Windows\System32\roboot64.exe [20296]
~ Files: 15 Legitimates Filtered in 00mn 03s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 17:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 12:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:22/09/2014 - 04:13:46 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [49320] =>Trojan.Staser
O58 - SDL:13/07/2009 - 17:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:28/07/2014 - 13:52:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 48 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 08/10/2014 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys (iSafeKrnl) .(.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - LEGACY_ISAFEKRNL
O64 - Services: CurCS - 08/10/2014 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys (iSafeKrnlKit) .(.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - LEGACY_ISAFEKRNLKIT
O64 - Services: CurCS - 08/10/2014 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys (iSafeKrnlR3) .(.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - LEGACY_ISAFEKRNLR3
O64 - Services: CurCS - 22/09/2014 - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - LEGACY_ISAFENETFILTER =>Trojan.Staser
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 82 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- chrome.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.5EDD5C24A8660EA011DA53EAC43E5634] [SPRF][10/10/2014] (.enter - videos_MediaPlayers_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\ASNYH.exe [1500048]
[MD5.FD73320FF0794A1CD66F27E4359C8016] [SPRF][10/10/2014] (.browser - BrowsersApp_Pro_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\CQV.exe [1500048]
[MD5.EEF6EC36699B2D02EB657FC4AD741FCE] [SPRF][10/10/2014] (.enter - videos_MediaPlayers_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\DVPPK.exe [1963920]
[MD5.288FD9474222B4F281C235E8F66239CD] [SPRF][12/10/2014] (.Cinema PlusV11.10 - CinPl-2.5cV11.10 exe.) -- C:\Users\Valentim\AppData\Roaming\HT.exe [1539496]
[MD5.EB4ED577BD64478FAA737D7F07A33311] [SPRF][10/10/2014] (.browser - BrowsersApp_Pro_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\KWVHK.exe [1963920]
[MD5.27B64B09660A434CDF1895968504AD6E] [SPRF][12/10/2014] (.Cinema PlusV11.10 - CinPl-2.5cV11.10 exe.) -- C:\Users\Valentim\AppData\Roaming\SHFADMC.exe [2002856]
~ Files: 9 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASMANCS =>Hijacker.SmartBar
~ BTK: 40 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/09/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 12/10/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 12/10/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Auto 10/07/1658 0 | (Update Framed Display) . (...) - C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe
SS - | Disabled 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 28/08/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 01/09/2014 640840 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 08/10/2014 118048 | (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>Trojan.Staser
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s
---\\ Scâner Aditional (088)
Database Version : 13026 - (12/10/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3
[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService] =>Trojan.Staser^
[HKCU\Software\InstallCore] =>Adware.InstallCore
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe =>Trojan.Staser^
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>Trojan.Staser^
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe =>Trojan.Staser^
~ Additionnel Scan: 227808 Items scanned in 00mn 28s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 2 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Staser
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.JDIBackup
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.InstallCore
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.SmartBar
~ MSI: 5 link(s) detected in 00mn 00s
~ 571 Legitimates filtered by white list
End of the scan (418 lines in 01mn 42s)(0)
~ Relatório do ZHPDiag v2014.10.12.145 - Nicolas Coolman (12/10/2014)
~ Iniciado por Valentim (14/10/2014 05:33:45)
~ Endereço do Website : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Endereço do Webforum : [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Tradução pelo utilizador
~ Estatuto da versão : Versão atualizada.
~ Lista Branca : Ativado pelo programa
~ Elevação dos Privilégios : OK
~ Controle de Conta de Utilizador : Deactivate by program
---\\ Navegadores Internet
MSIE: Internet Explorer v11.0.9600.17280
GCIE: Google Chrome v38.0.2125.101 (Defaut)
---\\ Informações sobre os produtos Windows
~ Langage: Portugais
Windows 7 Ultimate, 64-bit Service Pack 1 (Build 7601)
Windows Server License Manager Script : OK
~ Windows Operating System - Windows(R) 7, OEM_SLP channel
System Locked Preinstallation (OEM_SLP) : OK
Software Protection Service (Protection logicielle) : OK
Windows Automatic Updates : OK
Windows Activation Technologies : OK
---\\ Softwares de proteçao do sistema
McAfee Security Scan Plus v3.8.150.1
Windows Defender W7 (Activate)
---\\ Softwares d'optimização do sistema
CCleaner v4.16
---\\ Softwares de partilha do PeerToPeer (P2P)
---\\ Monitoramento dos softwares
Adobe Flash Player 15 Plugin
Adobe Reader XI
---\\ Informações sobre o sistema
~ Processor: Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
~ Operating System: 64 Bits
Boot mode: Normal (Normal boot)
Total RAM: 3893 MB (65% free)
System Restore: Activé (Enable)
System drive C: has 84 GB (29%) free of 285 GB
---\\ Modo de conexão ao sistema
~ Computer Name: VALENTIM-PC
~ User Name: Valentim
~ All Users Names: Valentim, HomeGroupUser$, Guest, Administrator,
~ Unselected Option: 045,061,O62,065,066,080,O82,089
Logged in as Administrator
---\\ As variáveis de ambiente
~ System Unit : C:\
~ %AppZHP% : C:\Users\Valentim\AppData\Roaming\ZHP\
~ %AppData% : C:\Users\Valentim\AppData\Roaming\
~ %Desktop% : C:\Users\Valentim\Desktop\
~ %Favorites% : C:\Users\Valentim\Favorites\
~ %LocalAppData% : C:\Users\Valentim\AppData\Local\
~ %StartMenu% : C:\Users\Valentim\AppData\Roaming\Microsoft\Windows\Start Menu\
~ %Windir% : C:\Windows\
~ %System% : C:\Windows\System32\
---\\ Enumeração das unidades dos discos
C: Hard drive, Flash drive, Thumb drive (Free 84 Go of 285 Go)
D: Hard drive, Flash drive, Thumb drive (Free 2 Go of 13 Go)
E: Hard drive, Flash drive, Thumb drive (Free 0 Go of 0 Go)
F: CD-ROM drive (Not Inserted)
G: Floppy drive, Flash card reader, USB Key (Not Inserted)
---\\ Estado do Centro de Segurança do Windows
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer] NoActiveDesktopChanges: Modified
~ Security Center: 48 Legitimates Filtered in 00mn 00s
---\\ Pesquisa particular de ficheiros genéricos
[MD5.AC4C51EB24AA95B77F705AB159189E24] - (.Microsoft Corporation - Windows Explorer.) (.20/11/2010 - 05:24:45.) -- C:\Windows\Explorer.exe [2872320]
[MD5.94355C28C1970635A31B3FE52EB7CEBA] - (.Microsoft Corporation - Windows Start-Up Application.) (.13/07/2009 - 17:39:52.) -- C:\Windows\System32\Wininit.exe [129024]
[MD5.39EBB9708453036A74C30C9A294023FF] - (.Microsoft Corporation - Internet Extensions for Win32.) (.18/08/2014 - 13:15:13.) -- C:\Windows\System32\wininet.dll [2310656]
[MD5.88AB9B72B4BF3963A0DE0820B4B0B06C] - (.Microsoft Corporation - Windows Logon Application.) (.04/03/2014 - 01:43:50.) -- C:\Windows\System32\Winlogon.exe [455168]
[MD5.067FA52BFB59A56110A12312EF9AF243] - (.Microsoft Corporation - Software Licensing Library.) (.20/11/2010 - 05:27:26.) -- C:\Windows\System32\sppcomapi.dll [232448]
[MD5.FA886682CFC5D36718D3E436AACF10B9] - (.Microsoft Corporation - Ancillary Function Driver for WinSock.) (.29/05/2014 - 22:45:52.) -- C:\Windows\system32\Drivers\AFD.sys [497152]
[MD5.02062C0B390B7729EDC9E69C680A6F3C] - (.Microsoft Corporation - ATAPI IDE Miniport Driver.) (.13/07/2009 - 17:52:21.) -- C:\Windows\system32\Drivers\atapi.sys [24128]
[MD5.B8BD2BB284668C84865658C77574381A] - (.Microsoft Corporation - CD-ROM File System Driver.) (.13/07/2009 - 15:19:47.) -- C:\Windows\system32\Drivers\Cdfs.sys [92160]
[MD5.F036CE71586E93D94DAB220D7BDF4416] - (.Microsoft Corporation - SCSI CD-ROM Driver.) (.20/11/2010 - 01:19:21.) -- C:\Windows\system32\Drivers\Cdrom.sys [147456]
[MD5.9BB2EF44EAA163B29C4A4587887A0FE4] - (.Microsoft Corporation - DFS Namespace Client Driver.) (.20/11/2010 - 01:26:32.) -- C:\Windows\system32\Drivers\DfsC.sys [102400]
[MD5.97BFED39B6B79EB12CDDBFEED51F56BB] - (.Microsoft Corporation - High Definition Audio Bus Driver.) (.20/11/2010 - 02:43:43.) -- C:\Windows\system32\Drivers\HDAudBus.sys [122368]
[MD5.FA55C73D4AFFA7EE23AC4BE53B4592D3] - (.Microsoft Corporation - i8042 Port Driver.) (.13/07/2009 - 15:19:57.) -- C:\Windows\system32\Drivers\i8042prt.sys [105472]
[MD5.AF9B39A7E7B6CAA203B3862582E9F2D0] - (.Microsoft Corporation - IP Network Address Translator.) (.13/07/2009 - 16:10:03.) -- C:\Windows\system32\Drivers\IpNat.sys [116224]
[MD5.A5D9106A73DC88564C825D317CAC68AC] - (.Microsoft Corporation - Windows NT SMB Minirdr.) (.26/04/2011 - 18:40:40.) -- C:\Windows\system32\Drivers\MRxSmb.sys [158208]
[MD5.09594D1089C523423B32A4229263F068] - (.Microsoft Corporation - MBT Transport driver.) (.20/11/2010 - 01:23:20.) -- C:\Windows\system32\Drivers\netBT.sys [261632]
[MD5.B98F8C6E31CD07B2E6F71F7F648E38C0] - (.Microsoft Corporation - NT File System Driver.) (.12/04/2013 - 06:45:08.) -- C:\Windows\system32\Drivers\ntfs.sys [1656680]
[MD5.0086431C29C35BE1DBC43F52CC273887] - (.Microsoft Corporation - Parallel Port Driver.) (.13/07/2009 - 16:00:41.) -- C:\Windows\system32\Drivers\Parport.sys [97280]
[MD5.471815800AE33E6F1C32FB1B97C490CA] - (.Microsoft Corporation - RAS L2TP mini-port/call-manager driver.) (.20/11/2010 - 02:52:35.) -- C:\Windows\system32\Drivers\Rasl2tp.sys [129536]
[MD5.1B6163C503398B23FF8B939C67747683] - (.Microsoft Corporation - Microsoft RDP Device redirector.) (.20/11/2010 - 03:06:41.) -- C:\Windows\system32\Drivers\rdpdr.sys [165888]
[MD5.548260A7B8654E024DC30BF8A7C5BAA4] - (.Microsoft Corporation - SMB Transport driver.) (.13/07/2009 - 16:09:09.) -- C:\Windows\system32\Drivers\smb.sys [93184]
[MD5.DDAD5A7AB24D8B65F8D724F5C20FD806] - (.Microsoft Corporation - TDI Translation Driver.) (.20/11/2010 - 01:21:56.) -- C:\Windows\system32\Drivers\tdx.sys [119296]
[MD5.0D08D2F3B3FF84E433346669B5E0F639] - (.Microsoft Corporation - Volume Shadow Copy Driver.) (.20/11/2010 - 05:34:02.) -- C:\Windows\system32\Drivers\volsnap.sys [295808]
~ Generic Processes: Scanned in 00mn 00s
---\\ Estatuto dos ficheiros ocultos (Oculto/Total)
~ Mes images (My Pictures) : 1/5
~ Mes musiques (My Musics) : 1/89
~ Mes Favoris (My Favorites) : 1/19
~ Mes Documents (My Documents) : 1/2
~ Mon Bureau (My Desktop) : 1/22144
~ Menu demarrer (Programs) : 1/26
~ Hidden Files: Scanned in 00mn 17s
---\\ Processos lançados
[MD5.0A09297C37084FF74660F0390E1E4F9B] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe [315520] [PID.3056] =>Trojan.Staser
[MD5.EB8E27A3C1EA82711BC4037D53EE5122] - (.Dropbox, Inc. - Dropbox.) -- C:\Users\Valentim\AppData\Roaming\Dropbox\bin\Dropbox.exe [36414624] [PID.2484]
[MD5.D88B2D487439305A2EC308A6796C3044] - (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392] [PID.2740]
[MD5.4AA39B9A4A8534450AA4F55F5C907090] - (.Google Inc. - Google Chrome.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [854344] [PID.4952]
[MD5.122FC4E3E430AA4CE4E73602B1B10395] - (.Nicolas Coolman - ZHPDiag.) -- C:\Program Files (x86)\ZHPDiag\ZHPDiag.exe [8112640] [PID.3276]
[MD5.11F6F9216D8F77EAC196B07D66E819EA] - (.Elex do Brasil Participações Ltda - iSafeSvc.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048] [PID.876] =>Trojan.Staser
[MD5.A03A95B389479B2ADE3A288FA2EA11D1] - (.Elex do Brasil Participações Ltda - iSafeSvc2.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe [118048] [PID.976] =>Trojan.Staser
[MD5.C5679E5186B2FC95BC76A8A9870D5456] - (.Adobe Systems Incorporated - Adobe Acrobat Update Service.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [64704] [PID.1764]
[MD5.608D6A90E989C6522F170E5526A64BF4] - (.Apple Inc. - YSLoader.exe.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [43336] [PID.1784]
~ Processes Running: Scanned in 00mn 02s
---\\ Google Chrome, Arranque,Pesquisa,Extensões (G0,G1,G2)
C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Preferences
---\\ Pasta de extensão do Google Chrome
~ Google Lines Browser: 0 Legitimates Filtered in 00mn 02s
---\\ Mozilla Firefox, Plugins,Arranque,Pesquisa,Extensões (P2,M0,M1,M2,M3)
C:\Users\Valentim\AppData\Roaming\Mozilla\Firefox\Profiles\0o2o3zp5.default\prefs.js
C:\Users\Valentim\AppData\Roaming\Mozilla\Firefox\Profiles\0o2o3zp5.default\user.js
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
M2 - MFEP: prefs.js [Valentim - 0o2o3zp5.default\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593}] [] EE223D7AF30F11DD8F0AD2AD55D89593 v1008.72.92 (..)
~ Firefox Browser: 4 Legitimates Filtered in 00mn 00s
---\\ Internet Explorer, Gestão do Proxy (R5)
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = no key
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyEnable = 0
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,MigrateProxy = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,EnableHttp1_1 = 1
R5 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigProxy = wininet.dll
~ Proxy management: Scanned in 00mn 00s
---\\ Análise das linhas F0, F1, F2, F3 - Ficheiros ini, Carregamento Automático de programas
F2 - REG:system.ini: USERINIT=C:\Windows\system32\userinit.exe,
F2 - REG:system.ini: Shell=C:\Windows\explorer.exe
F2 - REG:system.ini: VMApplet=C:\Windows\System32\SystemPropertiesPerformance.exe
~ Keys: Scanned in 00mn 00s
---\\ Redireção do ficheiro Hosts (01)
~ Le fichier hôte est sain (The hosts file is clean) (21)
~ Hosts File: Scanned in 00mn 00s
---\\ Aplicações iniciadas por registo & pastas (04)
O4 - HKLM\..\Run: [HotKeysCmds] . (.Intel Corporation - hkcmd Module.) -- C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Wow6432Node\Run: [GrooveMonitor] . (.Microsoft Corporation - GrooveMonitor Utility.) -- C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe
O4 - HKLM\..\Wow6432Node\Run: [Adobe ARM] . (.Adobe Systems Incorporated - Adobe Reader and Acrobat Manager.) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe =>.Adobe Systems Incorporated
O4 - HKLM\..\Wow6432Node\Run: [iTunesHelper] . (.Apple Inc. - iTunesHelper.) -- C:\Program Files (x86)\iTunes\iTunesHelper.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] . (.Microsoft Corporation - Windows Desktop Gadgets.) -- C:\Program Files (x86)\Windows Sidebar\Sidebar.exe
O4 - HKUS\.DEFAULT\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-18\..\RunOnce: [SPReview] . (.Microsoft Corporation - SP Reviewer.) -- C:\Windows\System32\SPReview\SPReview.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] . (.Microsoft Corporation - MCTAdmin.) -- C:\Windows\System32\mctadmin.exe =>.Microsoft Corporation
~ Application: Scanned in 00mn 00s
---\\ Alteração Dominio/Clientes DNS (017)
O17 - HKLM\System\CCS\Services\Tcpip\..\{341307DB-371F-4BA8-BD19-20931E6E390F}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\..\{D0528AFD-A38A-487B-BC14-A7E4820E91E9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{341307DB-371F-4BA8-BD19-20931E6E390F}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS1\Services\Tcpip\..\{D0528AFD-A38A-487B-BC14-A7E4820E91E9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{341307DB-371F-4BA8-BD19-20931E6E390F}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CS2\Services\Tcpip\..\{D0528AFD-A38A-487B-BC14-A7E4820E91E9}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
~ Domain: Scanned in 00mn 00s
---\\ Protocolo adicional (018)
O18 - Handler: vbscript [64Bits] - {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} . (.Microsoft Corporation - Microsoft (R) HTML Viewer.) -- C:\Windows\System32\mshtml.dll
O18 - Filter: text/xml [64Bits] - {807563E5-5146-11D5-A672-00B0D022E945} . (.Microsoft Corporation - Microsoft Office XML MIME Filter.) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.dll =>.Microsoft Corporation
~ Protocole Additionnel: Scanned in 00mn 00s
---\\ Valor do Registo AppInit_DLLs e sub-chaves Winlogon Notify (autorun) (O20)
O20 - Winlogon Notify: igfxcui . (.Intel Corporation - igfxdev Module.) -- C:\Windows\System32\igfxdev.dll
~ Winlogon: Scanned in 00mn 00s
---\\ Lista dos serviços NT não Microsoft e não desativados (023)
O23 - Service: YAC Service (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>Trojan.Staser
O23 - Service: Update Framed Display (Update Framed Display) . (...) - C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe (.not file.)
~ Services: 4 Legitimates Filtered in 00mn 05s
---\\ Tarefas planificadas automaticamente (039)
[MD5.FD73320FF0794A1CD66F27E4359C8016] [APT] [CQV] (.browser.) -- C:\Users\Valentim\AppData\Roaming\CQV.exe [1500048]
[MD5.EB4ED577BD64478FAA737D7F07A33311] [APT] [KWVHK] (.browser.) -- C:\Users\Valentim\AppData\Roaming\KWVHK.exe [1963920]
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe (.not file.) [0] =>PUP.JDIBackup
[MD5.00000000000000000000000000000000] [APT] [{A2A93DCF-B9BF-48DF-997F-7294F77932B6}] (...) -- C:\Users\Valentim\AppData\Roaming\omiga-plus\UninstallManager.exe (.not file.) [0] =>Hijacker.OmigaPlus
O39 - APT: - (..) -- C:\Windows\System32\Tasks\Adobe Flash Player Updater [830]
O39 - APT: CQV - (.browser.) -- C:\Windows\Tasks\CQV.job [1344]
O39 - APT: CQV - (.browser.) -- C:\Windows\System32\Tasks\CQV [1344]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore [1068]
O39 - APT: - (..) -- C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA [1072]
O39 - APT: KWVHK - (.browser.) -- C:\Windows\Tasks\KWVHK.job [1348]
O39 - APT: KWVHK - (.browser.) -- C:\Windows\System32\Tasks\KWVHK [1348]
~ Scheduled Task: 17 Legitimates Filtered in 00mn 04s
---\\ Drivers lançados ao arranque do sistema (041)
O41 - Driver: (iSafeKrnl) . (.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys
O41 - Driver: (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys
O41 - Driver: (iSafeKrnlR3) . (.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys =>Trojan.Staser
O41 - Driver: (ssnfd) . (. - .) - C:\Windows\System32\drivers\ssnfd.sys (.not file.)
~ Drivers: 78 Legitimates Filtered in 00mn 00s
---\\ HKCU & HKLM Software Keys
[HKCU\Software\Baidu Security]
[HKCU\Software\CQV]
[HKCU\Software\Download4windows]
[HKCU\Software\InstallCore] =>Adware.InstallCore
[HKCU\Software\KWVHK]
[HKCU\Software\Reg]
[HKCU\Software\elex-tech]
[HKCU\Software\test]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Elex-tech]
[HKLM\Software\Wow6432Node\MaxPower]
[HKLM\Software\Wow6432Node\Reg]
[HKLM\Software\Wow6432Node\SearchSnacks]
[HKLM\Software\Wow6432Node\baidu]
~ Key Software: 107 Legitimates Filtered in 00mn 00s
---\\ Conteúdo das pastas Programs/ProgramFiles/ProgramData/AppData (O43)
O43 - CFD: 11/10/2014 - 08:28:15 - [] ----D C:\Program Files (x86)\Baidu Security
O43 - CFD: 13/10/2014 - 04:34:01 - [] ----D C:\Program Files (x86)\Elex-tech
O43 - CFD: 11/10/2014 - 08:28:39 - [] ----D C:\ProgramData\Baidu Security
O43 - CFD: 13/10/2014 - 07:24:21 - [] ----D C:\Users\Valentim\AppData\Roaming\Elex-tech
O43 - CFD: 10/10/2014 - 19:42:43 - [] ----D C:\Users\Valentim\AppData\Local\com
~ Program Folder: 97 Legitimates Filtered in 00mn 00s
---\\ Últimos ficheiros alterados ou criados no Windows e Sistema32 (044)
O44 - LFC:[MD5.73A7B8E428D669D032866A594E167BB2] - 11/10/2014 - 16:41:07 ---A- . (...) -- C:\Windows\win.ini [580]
O44 - LFC:[MD5.4B69222C63E6B804B1013DEAA557DFC0] - 12/10/2014 - 17:26:09 ----- . (...) -- C:\bootsqm.dat [3560]
O44 - LFC:[MD5.D41D8CD98F00B204E9800998ECF8427E] - 12/10/2014 - 18:47:04 ---A- . (...) -- C:\autoexec.bat [0]
O44 - LFC:[MD5.F7A5EDB11A6BDD2E73FC1DDA4C64A068] - 13/10/2014 - 03:34:18 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [49320] =>Trojan.Staser
O44 - LFC:[MD5.EFE2C32C4A7267CD70247BD907420025] - 13/10/2014 - 09:52:29 ---A- . (.No owner - Registry Optimizer.) -- C:\Windows\System32\roboot64.exe [20296]
~ Files: 15 Legitimates Filtered in 00mn 03s
---\\ Enumeração das chaves do registo PoliciesSystem (MWPS) (O55)
O55 - MWPS:[HKLM\...\Policies\System] - "EnableUIADesktopToggle"=0
O55 - MWPS:[HKLM\...\Policies\System] - "FilterAdministratorToken"=0
~ MWPS: 16 Legitimates Filtered in 00mn 00s
---\\ Enumeração das chaves do registo PoliciesExplorer (MWPE) (O56)
O56 - MWPE:[HKCU\...\policies\Explorer] - "NoLowDiskSpaceChecks"=1
O56 - MWPE:[HKLM\...\policies\Explorer] - "NoActiveDesktopChanges"=1
~ MWPE Keys: 5 Legitimates Filtered in 00mn 00s
---\\ Lista dos drivers do sistema (SDL) (O58)
O58 - SDL:13/07/2009 - 17:47:48 ---A- . (.Emulex - Storport Miniport Driver for LightPulse HBAs.) -- C:\Windows\System32\Drivers\elxstor.sys [530496]
O58 - SDL:10/06/2009 - 12:31:59 ---A- . (.Hauppauge Computer Works, Inc. - Hauppauge WinTV 885 Consumer IR Driver for eHome.) -- C:\Windows\System32\Drivers\hcw85cir.sys [31232]
O58 - SDL:22/09/2014 - 04:13:46 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [49320] =>Trojan.Staser
O58 - SDL:13/07/2009 - 17:45:55 ---A- . (.Promise Technology - Promise SuperTrak EX Series Driver for Windows.) -- C:\Windows\System32\Drivers\stexstor.sys [24656]
O58 - SDL:28/07/2014 - 13:52:00 ---A- . (.Apple, Inc. - Apple Mobile Device USB Driver.) -- C:\Windows\System32\Drivers\usbaapl64.sys [54784]
~ Drivers: 48 Legitimates Filtered in 00mn 02s
---\\ Lista das ferramentas de remoção de vírus (LAT) (063)
O63 - Logiciel: ZHPDiag 2014 - (.Nicolas Coolman.) [HKLM] -- ZHPDiag_is1 =>.Nicolas Coolman
~ ADS: Scanned in 00mn 00s
---\\ Lista dos serviços Legacy du registo (064)
O64 - Services: CurCS - 08/10/2014 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys (iSafeKrnl) .(.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - LEGACY_ISAFEKRNL
O64 - Services: CurCS - 08/10/2014 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys (iSafeKrnlKit) .(.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - LEGACY_ISAFEKRNLKIT
O64 - Services: CurCS - 08/10/2014 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys (iSafeKrnlR3) .(.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - LEGACY_ISAFEKRNLR3
O64 - Services: CurCS - 22/09/2014 - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - LEGACY_ISAFENETFILTER =>Trojan.Staser
O64 - Services: CurCS - 10/06/2009 - C:\Windows\System32\Drivers\secdrv.sys (secdrv) .(.Macrovision Corporation, Macrovision Europe - Macrovision SECURITY Driver.) - LEGACY_SECDRV
~ Legacy: 82 Legitimates Filtered in 00mn 00s
---\\ Associações Shell Spawning (O67)
O67 - Shell Spawning: <.html> <ChromeHTML>[HKCU\..\open\Command] (.Not Key.)
~ FASS Keys: 11 Legitimates Filtered in 00mn 00s
---\\ Menu de inicialização Internet (068)
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- chrome.exe (.not file.)
O68 - StartMenuInternet: <IEXPLORE.EXE> <Internet Explorer>[HKLM\..\Shell\open\Command] (...) -- C:\Program Files (x86)\Internet Explorer\iexplore.exe
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa de infeção nos navegadores da Internet (SBI) (069)
O69 - SBI: SearchScopes [HKCU] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\.DEFAULT] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-18] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-19] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O69 - SBI: SearchScopes [HKUS\S-1-5-20] {0633EE93-D776-472f-A0FF-E1416B8B2E3A} [DefaultScope] - (Bing) - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
~ Keys: Scanned in 00mn 00s
---\\ Pesquisa adicional à raiz do sistema (radicular) (SPRF) (O84)
[MD5.5EDD5C24A8660EA011DA53EAC43E5634] [SPRF][10/10/2014] (.enter - videos_MediaPlayers_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\ASNYH.exe [1500048]
[MD5.FD73320FF0794A1CD66F27E4359C8016] [SPRF][10/10/2014] (.browser - BrowsersApp_Pro_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\CQV.exe [1500048]
[MD5.EEF6EC36699B2D02EB657FC4AD741FCE] [SPRF][10/10/2014] (.enter - videos_MediaPlayers_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\DVPPK.exe [1963920]
[MD5.288FD9474222B4F281C235E8F66239CD] [SPRF][12/10/2014] (.Cinema PlusV11.10 - CinPl-2.5cV11.10 exe.) -- C:\Users\Valentim\AppData\Roaming\HT.exe [1539496]
[MD5.EB4ED577BD64478FAA737D7F07A33311] [SPRF][10/10/2014] (.browser - BrowsersApp_Pro_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\KWVHK.exe [1963920]
[MD5.27B64B09660A434CDF1895968504AD6E] [SPRF][12/10/2014] (.Cinema PlusV11.10 - CinPl-2.5cV11.10 exe.) -- C:\Users\Valentim\AppData\Roaming\SHFADMC.exe [2002856]
~ Files: 9 Legitimates Filtered in 00mn 00s
---\\ Search Tracing Registry Key (O100)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASAPI32 =>Hijacker.SmartBar
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASMANCS =>Hijacker.SmartBar
~ BTK: 40 Legitimates Filtered in 00mn 00s
---\\ Estado general dos serviços não Microsoft (EGS) (SR=Executados, SS=Parados)
SS - | Demand 09/09/2014 267440 | (AdobeFlashPlayerUpdateSvc) . (.Adobe Systems Incorporated.) - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
SS - | Demand 12/10/2014 107912 | (gupdate) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 12/10/2014 107912 | (gupdatem) . (.Google Inc..) - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
SS - | Auto 10/07/1658 0 | (Update Framed Display) . (...) - C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe
SS - | Disabled 10/07/1658 0 | (WMPNetworkSvc) . (...) - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe =>.Microsoft Corporation
SR - | Auto 12/09/2014 64704 | (AdobeARMservice) . (.Adobe Systems Incorporated.) - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
SR - | Auto 28/08/2014 43336 | (Apple Mobile Device) . (.Apple Inc..) - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
SR - | Auto 30/08/2011 462184 | (Bonjour Service) . (.Apple Inc..) - C:\Program Files\Bonjour\mDNSResponder.exe
SR - | Demand 01/09/2014 640840 | (iPod Service) . (.Apple Inc..) - C:\Program Files\iPod\bin\iPodService.exe
SR - | Auto 08/10/2014 118048 | (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>Trojan.Staser
SR - | Auto 13/07/2009 27136 | C:\Program Files (x86)\Windows Defender\mpsvc.dll (WinDefend) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
SR - | Auto 13/07/2009 27136 | C:\Windows\System32\wuaueng.dll (wuauserv) . (.Microsoft Corporation.) - C:\Windows\System32\svchost.exe
~ Services: Scanned in 00mn 09s
---\\ Scâner Aditional (088)
Database Version : 13026 - (12/10/2014)
Clés trouvées (Keys found) : 2
Valeurs trouvées (Values found) : 0
Dossiers trouvés (Folders found) : 0
Fichiers trouvés (Files found) : 3
[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService] =>Trojan.Staser^
[HKCU\Software\InstallCore] =>Adware.InstallCore
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe =>Trojan.Staser^
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe =>Trojan.Staser^
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe =>Trojan.Staser^
~ Additionnel Scan: 227808 Items scanned in 00mn 28s
---\\ Informações complémentaires do módulos
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Internet Explorer, Gestão do Proxy (R5)
~ [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>.Aplicações iniciadas por registo & pastas (04)
~ AMI: 2 Legitimates Filtered in 00mn 00s
---\\ Sumário das deteções encontradas na sua estação
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Trojan.Staser
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>PUP.JDIBackup
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.OmigaPlus
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Adware.InstallCore
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] =>Hijacker.SmartBar
~ MSI: 5 link(s) detected in 00mn 00s
~ 571 Legitimates filtered by white list
End of the scan (418 lines in 01mn 42s)(0)
Marcelo Valentim- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 13/10/2014
Marcelo Valentim- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 13/10/2014
Re: Desinstalar Malware
por Marcelo Valentim Ter 14 Out 2014, 10:04
Prezado Joram, me desculpe pela falta de experiência...
Segue o arquivo COMPLETO. ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atenciosamente,
Marcelo Valentim
Segue o arquivo COMPLETO. ( [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] )
Atenciosamente,
Marcelo Valentim
Marcelo Valentim- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 13/10/2014
Re: Desinstalar Malware
por joram Ter 14 Out 2014, 10:36
Bom Dia! Marcelo Valentim
> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.
Script ZHPFix
FirewallRaz
EmptyPrefetch
ShortcutFix
EmptyCLSID
EmptyTemp
EmptyFlash
SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
[MD5.5EDD5C24A8660EA011DA53EAC43E5634] [SPRF][10/10/2014] (.enter - videos_MediaPlayers_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\ASNYH.exe [1500048]
[MD5.FD73320FF0794A1CD66F27E4359C8016] [SPRF][10/10/2014] (.browser - BrowsersApp_Pro_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\CQV.exe [1500048]
[MD5.EEF6EC36699B2D02EB657FC4AD741FCE] [SPRF][10/10/2014] (.enter - videos_MediaPlayers_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\DVPPK.exe [1963920]
[MD5.288FD9474222B4F281C235E8F66239CD] [SPRF][12/10/2014] (.Cinema PlusV11.10 - CinPl-2.5cV11.10 exe.) -- C:\Users\Valentim\AppData\Roaming\HT.exe [1539496]
[MD5.EB4ED577BD64478FAA737D7F07A33311] [SPRF][10/10/2014] (.browser - BrowsersApp_Pro_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\KWVHK.exe [1963920]
[MD5.27B64B09660A434CDF1895968504AD6E] [SPRF][12/10/2014] (.Cinema PlusV11.10 - CinPl-2.5cV11.10 exe.) -- C:\Users\Valentim\AppData\Roaming\SHFADMC.exe [2002856]
[MD5.0A09297C37084FF74660F0390E1E4F9B] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe [315520] [PID.3056]
[MD5.11F6F9216D8F77EAC196B07D66E819EA] - (.Elex do Brasil Participações Ltda - iSafeSvc.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048] [PID.876]
[MD5.A03A95B389479B2ADE3A288FA2EA11D1] - (.Elex do Brasil Participações Ltda - iSafeSvc2.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe [118048] [PID.976]
[MD5.FD73320FF0794A1CD66F27E4359C8016] [APT] [CQV] (.browser.) -- C:\Users\Valentim\AppData\Roaming\CQV.exe [1500048]
[MD5.EB4ED577BD64478FAA737D7F07A33311] [APT] [KWVHK] (.browser.) -- C:\Users\Valentim\AppData\Roaming\KWVHK.exe [1963920]
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A2A93DCF-B9BF-48DF-997F-7294F77932B6}] (...) -- C:\Users\Valentim\AppData\Roaming\omiga-plus\UninstallManager.exe (.not file.) [0]
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys
O23 - Service: YAC Service (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
O39 - APT: CQV - (.browser.) -- C:\Windows\Tasks\CQV.job [1344]
O39 - APT: CQV - (.browser.) -- C:\Windows\System32\Tasks\CQV [1344]
O39 - APT: KWVHK - (.browser.) -- C:\Windows\Tasks\KWVHK.job [1348]
O39 - APT: KWVHK - (.browser.) -- C:\Windows\System32\Tasks\KWVHK [1348]
O41 - Driver: (iSafeKrnl) . (.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys
O41 - Driver: (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys
O41 - Driver: (iSafeKrnlR3) . (.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys
O41 - Driver: (ssnfd) . (. - .) - C:\Windows\System32\drivers\ssnfd.sys (.not file.)
O44 - LFC:[MD5.F7A5EDB11A6BDD2E73FC1DDA4C64A068] - 13/10/2014 - 03:34:18 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [49320]
O44 - LFC:[MD5.4B69222C63E6B804B1013DEAA557DFC0] - 12/10/2014 - 17:26:09 ----- . (...) -- C:\bootsqm.dat [3560]
O58 - SDL:22/09/2014 - 04:13:46 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [49320]
O64 - Services: CurCS - 22/09/2014 - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - LEGACY_ISAFENETFILTER
O64 - Services: CurCS - 08/10/2014 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys (iSafeKrnlKit) .(.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - LEGACY_ISAFEKRNLKIT
O64 - Services: CurCS - 08/10/2014 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys (iSafeKrnlR3) .(.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - LEGACY_ISAFEKRNLR3
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- chrome.exe (.not file.)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASMANCS
SR - | Auto 08/10/2014 118048 | (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService]
[HKCU\Software\InstallCore]
[HKCU\Software\Download4windows]
[HKCU\Software\CQV]
[HKCU\Software\KWVHK]
[HKCU\Software\test]
[HKLM\Software\Wow6432Node\SearchSnacks]
C:\Users\Valentim\AppData\Local\com
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
C:\Program Files (x86)\Elex-tech\YAC
ServiceDemand:McComponentHostService
ServiceStop:iSafeNetFilter
ServiceStop:iSafeService
ServiceStop:iSafeKrnl
ServiceStop:iSafeKrnlKit
ServiceStop:iSafeKrnlR3
ServiceStop:ssnfd
> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!
> Ps: Depois deste,farei o script do completo,que me enviou!
A+
> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.
Script ZHPFix
FirewallRaz
EmptyPrefetch
ShortcutFix
EmptyCLSID
EmptyTemp
EmptyFlash
SS - | Demand 09/04/2014 289256 | (McComponentHostService) . (.McAfee, Inc..) - C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe
M2 - MFEP: RegExtension {e4f94d1e-2f53-401e-8885-681602c0ddd8} . (...) -- C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
[MD5.5EDD5C24A8660EA011DA53EAC43E5634] [SPRF][10/10/2014] (.enter - videos_MediaPlayers_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\ASNYH.exe [1500048]
[MD5.FD73320FF0794A1CD66F27E4359C8016] [SPRF][10/10/2014] (.browser - BrowsersApp_Pro_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\CQV.exe [1500048]
[MD5.EEF6EC36699B2D02EB657FC4AD741FCE] [SPRF][10/10/2014] (.enter - videos_MediaPlayers_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\DVPPK.exe [1963920]
[MD5.288FD9474222B4F281C235E8F66239CD] [SPRF][12/10/2014] (.Cinema PlusV11.10 - CinPl-2.5cV11.10 exe.) -- C:\Users\Valentim\AppData\Roaming\HT.exe [1539496]
[MD5.EB4ED577BD64478FAA737D7F07A33311] [SPRF][10/10/2014] (.browser - BrowsersApp_Pro_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\KWVHK.exe [1963920]
[MD5.27B64B09660A434CDF1895968504AD6E] [SPRF][12/10/2014] (.Cinema PlusV11.10 - CinPl-2.5cV11.10 exe.) -- C:\Users\Valentim\AppData\Roaming\SHFADMC.exe [2002856]
[MD5.0A09297C37084FF74660F0390E1E4F9B] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe [315520] [PID.3056]
[MD5.11F6F9216D8F77EAC196B07D66E819EA] - (.Elex do Brasil Participações Ltda - iSafeSvc.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048] [PID.876]
[MD5.A03A95B389479B2ADE3A288FA2EA11D1] - (.Elex do Brasil Participações Ltda - iSafeSvc2.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe [118048] [PID.976]
[MD5.FD73320FF0794A1CD66F27E4359C8016] [APT] [CQV] (.browser.) -- C:\Users\Valentim\AppData\Roaming\CQV.exe [1500048]
[MD5.EB4ED577BD64478FAA737D7F07A33311] [APT] [KWVHK] (.browser.) -- C:\Users\Valentim\AppData\Roaming\KWVHK.exe [1963920]
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A2A93DCF-B9BF-48DF-997F-7294F77932B6}] (...) -- C:\Users\Valentim\AppData\Roaming\omiga-plus\UninstallManager.exe (.not file.) [0]
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys
O23 - Service: YAC Service (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
O39 - APT: CQV - (.browser.) -- C:\Windows\Tasks\CQV.job [1344]
O39 - APT: CQV - (.browser.) -- C:\Windows\System32\Tasks\CQV [1344]
O39 - APT: KWVHK - (.browser.) -- C:\Windows\Tasks\KWVHK.job [1348]
O39 - APT: KWVHK - (.browser.) -- C:\Windows\System32\Tasks\KWVHK [1348]
O41 - Driver: (iSafeKrnl) . (.Elex do Brasil Participações Ltda - iSafe Kernel Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys
O41 - Driver: (iSafeKrnlKit) . (.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys
O41 - Driver: (iSafeKrnlR3) . (.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys
O41 - Driver: (ssnfd) . (. - .) - C:\Windows\System32\drivers\ssnfd.sys (.not file.)
O44 - LFC:[MD5.F7A5EDB11A6BDD2E73FC1DDA4C64A068] - 13/10/2014 - 03:34:18 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [49320]
O44 - LFC:[MD5.4B69222C63E6B804B1013DEAA557DFC0] - 12/10/2014 - 17:26:09 ----- . (...) -- C:\bootsqm.dat [3560]
O58 - SDL:22/09/2014 - 04:13:46 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [49320]
O64 - Services: CurCS - 22/09/2014 - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - LEGACY_ISAFENETFILTER
O64 - Services: CurCS - 08/10/2014 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys (iSafeKrnlKit) .(.Elex do Brasil Participações Ltda - iSafe Kernel Kit Driver.) - LEGACY_ISAFEKRNLKIT
O64 - Services: CurCS - 08/10/2014 - C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys (iSafeKrnlR3) .(.Elex do Brasil Participações Ltda - iSafe Kernel Ring3 Driver.) - LEGACY_ISAFEKRNLR3
O68 - StartMenuInternet: <Google Chrome> <Google Chrome>[HKLM\..\Shell\open\Command] (...) -- chrome.exe (.not file.)
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASMANCS
SR - | Auto 08/10/2014 118048 | (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService]
[HKCU\Software\InstallCore]
[HKCU\Software\Download4windows]
[HKCU\Software\CQV]
[HKCU\Software\KWVHK]
[HKCU\Software\test]
[HKLM\Software\Wow6432Node\SearchSnacks]
C:\Users\Valentim\AppData\Local\com
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
C:\Program Files (x86)\Elex-tech\YAC
ServiceDemand:McComponentHostService
ServiceStop:iSafeNetFilter
ServiceStop:iSafeService
ServiceStop:iSafeKrnl
ServiceStop:iSafeKrnlKit
ServiceStop:iSafeKrnlR3
ServiceStop:ssnfd
> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!
> Ps: Depois deste,farei o script do completo,que me enviou!
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Desinstalar Malware
por Marcelo Valentim Ter 14 Out 2014, 15:13
Rapport de ZHPFix 2014.10.5.8 par Nicolas Coolman, Update du 05/10/2014
Fichier d'export Registre :
Run by Valentim at 14/10/2014 11:09:54
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 02s)
Prefetcher vazio
Reparação de atalhos do navegador
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
========== Estado dos serviços ==========
ISAFENETFILTER Parado
ISAFEKRNLKIT Parado
ISAFEKRNLR3 Parado
McComponentHostServiceServiço não configurado (demand)
iSafeNetFilter Parado
iSafeService Parado
iSafeKrnl Parado
iSafeKrnlKit Parado
iSafeKrnlR3 Parado
ssnfd Parado
========== Chaves do Registo ==========
ELIMINÉ: Service: McComponentHostService
ELIMINÉ:³ Service: iSafeService
ELIMINÉ Driver Key: ssnfd
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASMANCS
ELIMINÉ:³ HKLM\SYSTEM\CurrentControlSet\Services\iSafeService
ELIMINÉ: HKCU\Software\InstallCore
ELIMINÉ: HKCU\Software\Download4windows
ELIMINÉ: HKCU\Software\test
ELIMINÉ: HKLM\Software\Wow6432Node\SearchSnacks
========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: RegExtension: {e4f94d1e-2f53-401e-8885-681602c0ddd8}
========== Elementos dos dados do Registo ==========
ELIMINÉ: StartMenuInternet: chrome.exe
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (436)
ELIMINÉ Flash Cookies (0)
ELIMINÉ: c:\users\valentim\appdata\local\com
ELIMINA REINICIAR:** c:\program files (x86)\elex-tech\yac
========== Ficheiros ==========
ELIMINÉ Temporários windows (1209) (280.160.847 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: c:\program files\mcafee security scan\3.8.150\mcchsvc.exe
ELIMINA REINICIAR: c:\program files (x86)\elex-tech\yac\isafesvc.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\isafenetfilter.sys
ELIMINÉ: c:\bootsqm.dat
========== Tarefa planificada ==========
ELIMINÉ: LaunchSignup
ELIMINÉ: {A2A93DCF-B9BF-48DF-997F-7294F77932B6}
========== Recapitulativo ==========
3 : Processo memória
10 : Chaves do Registo
3 : Valores do Registo
1 : Elementos dos dados do Registo
5 : Pastas
6 : Ficheiros
10 : Estado dos serviços
2 : Tarefa planificada
Fichier d'export Registre :
Run by Valentim at 14/10/2014 11:09:54
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (00mn 02s)
Prefetcher vazio
Reparação de atalhos do navegador
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
========== Estado dos serviços ==========
ISAFENETFILTER Parado
ISAFEKRNLKIT Parado
ISAFEKRNLR3 Parado
McComponentHostServiceServiço não configurado (demand)
iSafeNetFilter Parado
iSafeService Parado
iSafeKrnl Parado
iSafeKrnlKit Parado
iSafeKrnlR3 Parado
ssnfd Parado
========== Chaves do Registo ==========
ELIMINÉ: Service: McComponentHostService
ELIMINÉ:³ Service: iSafeService
ELIMINÉ Driver Key: ssnfd
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASAPI32
ELIMINÉ: HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASMANCS
ELIMINÉ:³ HKLM\SYSTEM\CurrentControlSet\Services\iSafeService
ELIMINÉ: HKCU\Software\InstallCore
ELIMINÉ: HKCU\Software\Download4windows
ELIMINÉ: HKCU\Software\test
ELIMINÉ: HKLM\Software\Wow6432Node\SearchSnacks
========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: RegExtension: {e4f94d1e-2f53-401e-8885-681602c0ddd8}
========== Elementos dos dados do Registo ==========
ELIMINÉ: StartMenuInternet: chrome.exe
========== Pastas ==========
Nenhuma pasta CLSID local utilizador vazia
ELIMINÉ Temporários windows (436)
ELIMINÉ Flash Cookies (0)
ELIMINÉ: c:\users\valentim\appdata\local\com
ELIMINA REINICIAR:** c:\program files (x86)\elex-tech\yac
========== Ficheiros ==========
ELIMINÉ Temporários windows (1209) (280.160.847 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: c:\program files\mcafee security scan\3.8.150\mcchsvc.exe
ELIMINA REINICIAR: c:\program files (x86)\elex-tech\yac\isafesvc.exe
ELIMINA REINICIAR: c:\windows\system32\drivers\isafenetfilter.sys
ELIMINÉ: c:\bootsqm.dat
========== Tarefa planificada ==========
ELIMINÉ: LaunchSignup
ELIMINÉ: {A2A93DCF-B9BF-48DF-997F-7294F77932B6}
========== Recapitulativo ==========
3 : Processo memória
10 : Chaves do Registo
3 : Valores do Registo
1 : Elementos dos dados do Registo
5 : Pastas
6 : Ficheiros
10 : Estado dos serviços
2 : Tarefa planificada
Marcelo Valentim- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 13/10/2014
Re: Desinstalar Malware
por joram Ter 14 Out 2014, 15:46
Boa Tarde! Marcelo Valentim
> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.
Script ZHPFix
EmptyTemp
SR - | Auto 08/10/2014 118048 | (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
[MD5.0A09297C37084FF74660F0390E1E4F9B] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe [315520] [PID.3056]
[MD5.11F6F9216D8F77EAC196B07D66E819EA] - (.Elex do Brasil Participações Ltda - iSafeSvc.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048] [PID.876]
[MD5.A03A95B389479B2ADE3A288FA2EA11D1] - (.Elex do Brasil Participações Ltda - iSafeSvc2.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe [118048] [PID.976]
[MD5.FD73320FF0794A1CD66F27E4359C8016] [APT] [CQV] (.browser.) -- C:\Users\Valentim\AppData\Roaming\CQV.exe [1500048]
[MD5.EB4ED577BD64478FAA737D7F07A33311] [APT] [KWVHK] (.browser.) -- C:\Users\Valentim\AppData\Roaming\KWVHK.exe [1963920]
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A2A93DCF-B9BF-48DF-997F-7294F77932B6}] (...) -- C:\Users\Valentim\AppData\Roaming\omiga-plus\UninstallManager.exe (.not file.) [0]
[MD5.5EDD5C24A8660EA011DA53EAC43E5634] [SPRF][10/10/2014] (.enter - videos_MediaPlayers_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\ASNYH.exe [1500048]
[MD5.FD73320FF0794A1CD66F27E4359C8016] [SPRF][10/10/2014] (.browser - BrowsersApp_Pro_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\CQV.exe [1500048]
[MD5.EEF6EC36699B2D02EB657FC4AD741FCE] [SPRF][10/10/2014] (.enter - videos_MediaPlayers_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\DVPPK.exe [1963920]
[MD5.288FD9474222B4F281C235E8F66239CD] [SPRF][12/10/2014] (.Cinema PlusV11.10 - CinPl-2.5cV11.10 exe.) -- C:\Users\Valentim\AppData\Roaming\HT.exe [1539496]
[MD5.EB4ED577BD64478FAA737D7F07A33311] [SPRF][10/10/2014] (.browser - BrowsersApp_Pro_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\KWVHK.exe [1963920]
[MD5.27B64B09660A434CDF1895968504AD6E] [SPRF][12/10/2014] (.Cinema PlusV11.10 - CinPl-2.5cV11.10 exe.) -- C:\Users\Valentim\AppData\Roaming\SHFADMC.exe [2002856]
O2 - BHO: MSS+ Identifier [64Bits] - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} . (.McAfee, Inc. - Quick Browser Identifier for MSS+ Tool.) -- C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O23 - Service: YAC Service (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys
O44 - LFC:[MD5.F7A5EDB11A6BDD2E73FC1DDA4C64A068] - 13/10/2014 - 03:34:18 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [49320]
O45 - LFCP:[MD5.E30B1B755011B2286DEBA3F7CF20FE86] - 13/10/2014 - 10:35:47 ---A- - C:\Windows\Prefetch\ISAFE.EXE-5764F461.pf
O45 - LFCP:[MD5.2DB96036B0387FD4ECBF9B79F01EACD1] - 13/10/2014 - 10:07:50 ---A- - C:\Windows\Prefetch\ISAFETHLP.EXE-FB61FB99.pf
O45 - LFCP:[MD5.CB04329C21860CE942E06A3B8410A615] - 13/10/2014 - 10:02:53 ---A- - C:\Windows\Prefetch\ISAFETRAY.EXE-577644B9.pf
O45 - LFCP:[MD5.20E65805F890AE4862AC5E626E2AF81B] - 14/10/2014 - 04:48:58 ---A- - C:\Windows\Prefetch\ISAFEUPDATE.EXE-7DD02C28.pf
O45 - LFCP:[MD5.5B7B5F77DC94C875B0E0B79BF2981AEE] - 13/10/2014 - 05:36:02 ---A- - C:\Windows\Prefetch\ISAFEVIRUSSCANNER.EXE-AD415958.pf
O45 - LFCP:[MD5.A2987510004BAD95FC84DBA0781410C4] - 13/10/2014 - 06:32:15 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA31.EXE-C5554ED8.pf
O45 - LFCP:[MD5.B78D834DC14DA9A921E994F3D44B68A0] - 13/10/2014 - 06:32:20 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA37.EXE-3957ADF6.pf
O45 - LFCP:[MD5.7458D26A0C4D450307F0644A7E5D5DE5] - 13/10/2014 - 05:08:08 ---A- - C:\Windows\Prefetch\YET_ANOTHER_CLEANER_SK_520639-9C0E0F99.pf
O58 - SDL:22/09/2014 - 04:13:46 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [49320]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.18544\GoogleCrashHandler.exe [72872]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.18544\GoogleUpdate.exe [68608]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.18544\GoogleUpdateBroker.exe [46080]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.18544\GoogleUpdateOnDemand.exe [46080]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.18544\goopdate.dll [761856]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.18544\goopdateres_en.dll [26792]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.18544\npGoogleUpdate4.dll [220672]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.18544\psmachine.dll [155648]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.18544\psuser.dll [155648]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.479492\GoogleCrashHandler.exe [72872]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.479492\GoogleUpdate.exe [68608]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.479492\GoogleUpdateBroker.exe [46080]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.479492\GoogleUpdateOnDemand.exe [46080]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.479492\goopdate.dll [761856]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.479492\goopdateres_en.dll [26792]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.479492\npGoogleUpdate4.dll [220672]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.479492\psmachine.dll [155648]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.479492\psuser.dll [155648]
O61 - LFC: 10/10/2014 - 05:58:32 ---A- . (...) -- C:\Users\Valentim\AppData\Local\Temp\F893tmp\vopackage.exe [284866]
O61 - LFC: 10/10/2014 - 05:58:32 ---A- . (.One Syn.) -- C:\Users\Valentim\AppData\Local\Temp\F8ABtmp\lly_omiga-plus.exe [557432]
O61 - LFC: 10/10/2014 - 05:58:32 ---A- . (.Uniblue Systems Limited.) -- C:\Users\Valentim\AppData\Local\Temp\F897tmp\speedupmypc.exe [1294496]
O61 - LFC: 10/10/2014 - 05:58:32 ---A- . (.Uniblue Systems Limited.) -- C:\Users\Valentim\AppData\Local\Temp\is-DOU7E.tmp\SpeedUpMyPC-standalone-setup.exe [18527728]
O61 - LFC: 10/10/2014 - 05:58:34 ---A- . (.browser.) -- C:\Users\Valentim\AppData\Roaming\CQV.exe [1500048]
O61 - LFC: 10/10/2014 - 05:58:34 ---A- . (.browser.) -- C:\Users\Valentim\AppData\Roaming\KWVHK.exe [1963920]
O61 - LFC: 10/10/2014 - 05:58:34 ---A- . (.enter.) -- C:\Users\Valentim\AppData\Roaming\ASNYH.exe [1500048]
O61 - LFC: 10/10/2014 - 05:58:34 ---A- . (.enter.) -- C:\Users\Valentim\AppData\Roaming\DVPPK.exe [1963920]
O61 - LFC: 12/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.4817\GoogleCrashHandler.exe [72872]
O61 - LFC: 12/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.4817\GoogleUpdate.exe [68608]
O61 - LFC: 12/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.4817\GoogleUpdateBroker.exe [46080]
O61 - LFC: 12/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.4817\GoogleUpdateOnDemand.exe [46080]
O61 - LFC: 12/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.4817\goopdate.dll [761856]
O61 - LFC: 12/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.4817\goopdateres_en.dll [26792]
O61 - LFC: 12/10/2014 - 05:58:32 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.4817\npGoogleUpdate4.dll [220672]
O61 - LFC: 12/10/2014 - 05:58:32 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.4817\psmachine.dll [155648]
O61 - LFC: 12/10/2014 - 05:58:32 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.4817\psuser.dll [155648]
O61 - LFC: 12/10/2014 - 05:58:34 ---A- . (.Cinema PlusV11.10.) -- C:\Users\Valentim\AppData\Roaming\HT.exe [1539496]
O61 - LFC: 12/10/2014 - 05:58:34 ---A- . (.Cinema PlusV11.10.) -- C:\Users\Valentim\AppData\Roaming\SHFADMC.exe [2002856]
O61 - LFC: 13/10/2014 - 05:58:33 ---A- . (...) -- C:\Users\Valentim\AppData\Local\Temp\SHSetup.exe [47329360]
O64 - Services: CurCS - 22/09/2014 - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - LEGACY_ISAFENETFILTER
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASMANCS
[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService]
[HKCU\Software\InstallCore]
C:\Users\Valentim\AppData\Local\com
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
ServiceStop:iSafeNetFilter
ServiceStop:iSafeService
ServiceStop:iSafeKrnl
ServiceStop:iSafeKrnlKit
ServiceStop:iSafeKrnlR3
ServiceStop:ssnfd
> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!
A+
> Execute este script na ferramenta ZHPFix.
> Selecione e copie estas informações que estão em vermelho,para o Bloco de Notas.
> Com o Bloco de Notas aberto,faça: ctrl+a >> ctrl+c ( Selecionar e Copiar )
> À seguir,minimize o Bloco de Notas.
Script ZHPFix
EmptyTemp
SR - | Auto 08/10/2014 118048 | (iSafeService) . (.Elex do Brasil Participações Ltda.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
[MD5.0A09297C37084FF74660F0390E1E4F9B] - (.Elex do Brasil Participações Ltda - YACTray.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe [315520] [PID.3056]
[MD5.11F6F9216D8F77EAC196B07D66E819EA] - (.Elex do Brasil Participações Ltda - iSafeSvc.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048] [PID.876]
[MD5.A03A95B389479B2ADE3A288FA2EA11D1] - (.Elex do Brasil Participações Ltda - iSafeSvc2.) -- C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe [118048] [PID.976]
[MD5.FD73320FF0794A1CD66F27E4359C8016] [APT] [CQV] (.browser.) -- C:\Users\Valentim\AppData\Roaming\CQV.exe [1500048]
[MD5.EB4ED577BD64478FAA737D7F07A33311] [APT] [KWVHK] (.browser.) -- C:\Users\Valentim\AppData\Roaming\KWVHK.exe [1963920]
[MD5.00000000000000000000000000000000] [APT] [LaunchSignup] (...) -- C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe (.not file.) [0]
[MD5.00000000000000000000000000000000] [APT] [{A2A93DCF-B9BF-48DF-997F-7294F77932B6}] (...) -- C:\Users\Valentim\AppData\Roaming\omiga-plus\UninstallManager.exe (.not file.) [0]
[MD5.5EDD5C24A8660EA011DA53EAC43E5634] [SPRF][10/10/2014] (.enter - videos_MediaPlayers_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\ASNYH.exe [1500048]
[MD5.FD73320FF0794A1CD66F27E4359C8016] [SPRF][10/10/2014] (.browser - BrowsersApp_Pro_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\CQV.exe [1500048]
[MD5.EEF6EC36699B2D02EB657FC4AD741FCE] [SPRF][10/10/2014] (.enter - videos_MediaPlayers_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\DVPPK.exe [1963920]
[MD5.288FD9474222B4F281C235E8F66239CD] [SPRF][12/10/2014] (.Cinema PlusV11.10 - CinPl-2.5cV11.10 exe.) -- C:\Users\Valentim\AppData\Roaming\HT.exe [1539496]
[MD5.EB4ED577BD64478FAA737D7F07A33311] [SPRF][10/10/2014] (.browser - BrowsersApp_Pro_v1.1 exe.) -- C:\Users\Valentim\AppData\Roaming\KWVHK.exe [1963920]
[MD5.27B64B09660A434CDF1895968504AD6E] [SPRF][12/10/2014] (.Cinema PlusV11.10 - CinPl-2.5cV11.10 exe.) -- C:\Users\Valentim\AppData\Roaming\SHFADMC.exe [2002856]
O2 - BHO: MSS+ Identifier [64Bits] - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} . (.McAfee, Inc. - Quick Browser Identifier for MSS+ Tool.) -- C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
O23 - Service: YAC Service (iSafeService) . (.Elex do Brasil Participações Ltda - iSafeSvc.) - C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
O41 - Driver: (iSafeNetFilter) . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys
O44 - LFC:[MD5.F7A5EDB11A6BDD2E73FC1DDA4C64A068] - 13/10/2014 - 03:34:18 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [49320]
O45 - LFCP:[MD5.E30B1B755011B2286DEBA3F7CF20FE86] - 13/10/2014 - 10:35:47 ---A- - C:\Windows\Prefetch\ISAFE.EXE-5764F461.pf
O45 - LFCP:[MD5.2DB96036B0387FD4ECBF9B79F01EACD1] - 13/10/2014 - 10:07:50 ---A- - C:\Windows\Prefetch\ISAFETHLP.EXE-FB61FB99.pf
O45 - LFCP:[MD5.CB04329C21860CE942E06A3B8410A615] - 13/10/2014 - 10:02:53 ---A- - C:\Windows\Prefetch\ISAFETRAY.EXE-577644B9.pf
O45 - LFCP:[MD5.20E65805F890AE4862AC5E626E2AF81B] - 14/10/2014 - 04:48:58 ---A- - C:\Windows\Prefetch\ISAFEUPDATE.EXE-7DD02C28.pf
O45 - LFCP:[MD5.5B7B5F77DC94C875B0E0B79BF2981AEE] - 13/10/2014 - 05:36:02 ---A- - C:\Windows\Prefetch\ISAFEVIRUSSCANNER.EXE-AD415958.pf
O45 - LFCP:[MD5.A2987510004BAD95FC84DBA0781410C4] - 13/10/2014 - 06:32:15 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA31.EXE-C5554ED8.pf
O45 - LFCP:[MD5.B78D834DC14DA9A921E994F3D44B68A0] - 13/10/2014 - 06:32:20 ---A- - C:\Windows\Prefetch\WISECUSTOMCALLA37.EXE-3957ADF6.pf
O45 - LFCP:[MD5.7458D26A0C4D450307F0644A7E5D5DE5] - 13/10/2014 - 05:08:08 ---A- - C:\Windows\Prefetch\YET_ANOTHER_CLEANER_SK_520639-9C0E0F99.pf
O58 - SDL:22/09/2014 - 04:13:46 ---A- . (.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) -- C:\Windows\System32\Drivers\iSafeNetFilter.sys [49320]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.18544\GoogleCrashHandler.exe [72872]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.18544\GoogleUpdate.exe [68608]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.18544\GoogleUpdateBroker.exe [46080]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.18544\GoogleUpdateOnDemand.exe [46080]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.18544\goopdate.dll [761856]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.18544\goopdateres_en.dll [26792]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.18544\npGoogleUpdate4.dll [220672]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.18544\psmachine.dll [155648]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.18544\psuser.dll [155648]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.479492\GoogleCrashHandler.exe [72872]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.479492\GoogleUpdate.exe [68608]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.479492\GoogleUpdateBroker.exe [46080]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.479492\GoogleUpdateOnDemand.exe [46080]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.479492\goopdate.dll [761856]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.479492\goopdateres_en.dll [26792]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.479492\npGoogleUpdate4.dll [220672]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.479492\psmachine.dll [155648]
O61 - LFC: 10/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.479492\psuser.dll [155648]
O61 - LFC: 10/10/2014 - 05:58:32 ---A- . (...) -- C:\Users\Valentim\AppData\Local\Temp\F893tmp\vopackage.exe [284866]
O61 - LFC: 10/10/2014 - 05:58:32 ---A- . (.One Syn.) -- C:\Users\Valentim\AppData\Local\Temp\F8ABtmp\lly_omiga-plus.exe [557432]
O61 - LFC: 10/10/2014 - 05:58:32 ---A- . (.Uniblue Systems Limited.) -- C:\Users\Valentim\AppData\Local\Temp\F897tmp\speedupmypc.exe [1294496]
O61 - LFC: 10/10/2014 - 05:58:32 ---A- . (.Uniblue Systems Limited.) -- C:\Users\Valentim\AppData\Local\Temp\is-DOU7E.tmp\SpeedUpMyPC-standalone-setup.exe [18527728]
O61 - LFC: 10/10/2014 - 05:58:34 ---A- . (.browser.) -- C:\Users\Valentim\AppData\Roaming\CQV.exe [1500048]
O61 - LFC: 10/10/2014 - 05:58:34 ---A- . (.browser.) -- C:\Users\Valentim\AppData\Roaming\KWVHK.exe [1963920]
O61 - LFC: 10/10/2014 - 05:58:34 ---A- . (.enter.) -- C:\Users\Valentim\AppData\Roaming\ASNYH.exe [1500048]
O61 - LFC: 10/10/2014 - 05:58:34 ---A- . (.enter.) -- C:\Users\Valentim\AppData\Roaming\DVPPK.exe [1963920]
O61 - LFC: 12/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.4817\GoogleCrashHandler.exe [72872]
O61 - LFC: 12/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.4817\GoogleUpdate.exe [68608]
O61 - LFC: 12/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.4817\GoogleUpdateBroker.exe [46080]
O61 - LFC: 12/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.4817\GoogleUpdateOnDemand.exe [46080]
O61 - LFC: 12/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.4817\goopdate.dll [761856]
O61 - LFC: 12/10/2014 - 05:58:31 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.4817\goopdateres_en.dll [26792]
O61 - LFC: 12/10/2014 - 05:58:32 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.4817\npGoogleUpdate4.dll [220672]
O61 - LFC: 12/10/2014 - 05:58:32 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.4817\psmachine.dll [155648]
O61 - LFC: 12/10/2014 - 05:58:32 ---A- . (.globalUpdate.) -- C:\Users\Valentim\AppData\Local\Temp\comh.4817\psuser.dll [155648]
O61 - LFC: 12/10/2014 - 05:58:34 ---A- . (.Cinema PlusV11.10.) -- C:\Users\Valentim\AppData\Roaming\HT.exe [1539496]
O61 - LFC: 12/10/2014 - 05:58:34 ---A- . (.Cinema PlusV11.10.) -- C:\Users\Valentim\AppData\Roaming\SHFADMC.exe [2002856]
O61 - LFC: 13/10/2014 - 05:58:33 ---A- . (...) -- C:\Users\Valentim\AppData\Local\Temp\SHSetup.exe [47329360]
O64 - Services: CurCS - 22/09/2014 - C:\Windows\System32\DRIVERS\iSafeNetFilter.sys (iSafeNetFilter) .(.Elex do Brasil Participações Ltda - iSafeNetFilter SDK WFP Driver (WPP).) - LEGACY_ISAFENETFILTER
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASAPI32
HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\Muvic_RASMANCS
[HKLM\SYSTEM\CurrentControlSet\Services\iSafeService]
[HKCU\Software\InstallCore]
C:\Users\Valentim\AppData\Local\com
C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
ServiceStop:iSafeNetFilter
ServiceStop:iSafeService
ServiceStop:iSafeKrnl
ServiceStop:iSafeKrnlKit
ServiceStop:iSafeKrnlR3
ServiceStop:ssnfd
> Abra a ferramenta ZHPFix. < [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] >
> Clique IMPORTAÇÃO >> OK.
> Ps: Ao clicar "OK",verifique se o campo está limpo para que receba,somente,as informações do script.
> Clique "GO".
> Poste o relatório!
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Desinstalar Malware
por Marcelo Valentim Ter 14 Out 2014, 17:25
Rapport de ZHPFix 2014.10.5.8 par Nicolas Coolman, Update du 05/10/2014
Fichier d'export Registre :
Run by Valentim at 14/10/2014 13:18:48
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (01mn 36s)
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
========== Estado dos serviços ==========
ISAFENETFILTER Parado
iSafeNetFilter Parado
iSafeService Parado
iSafeKrnl Parado
iSafeKrnlKit Parado
iSafeKrnlR3 Parado
ssnfd Parado
========== Chaves do Registo ==========
ELIMINÉ:³ Service: iSafeService
ELIMINÉ: CLSID BHO: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
ELIMINÉ:³ HKLM\SYSTEM\CurrentControlSet\Services\iSafeService
========== Pastas ==========
ELIMINÉ Temporários windows (7)
========== Ficheiros ==========
ELIMINÉ Temporários windows (10) (233.976 octets)
ELIMINA REINICIAR: c:\program files (x86)\elex-tech\yac\isafesvc.exe
ELIMINÉ: c:\program files\mcafee security scan\3.8.150\mcafeemss_ie.dll
ELIMINA REINICIAR: c:\windows\system32\drivers\isafenetfilter.sys
ELIMINÉ: c:\windows\prefetch\isafeupdate.exe-7dd02c28.pf
ELIMINÉ: c:\users\valentim\appdata\roaming\cqv.exe
ELIMINÉ: c:\users\valentim\appdata\roaming\asnyh.exe
ELIMINÉ: c:\users\valentim\appdata\roaming\ht.exe
========== Recapitulativo ==========
3 : Processo memória
4 : Chaves do Registo
1 : Pastas
8 : Ficheiros
7 : Estado dos serviços
End of clean in 01mn 47s
========== Caminho do ficheiro do relatório ==========
C:\Users\Valentim\AppData\Roaming\ZHP\ZHPFix[R1].txt - 14/10/2014 10:09:58 [2816]
C:\Users\Valentim\AppData\Roaming\ZHP\ZHPFix[R2].txt - 14/10/2014 10:38:16 [2573]
C:\Users\Valentim\AppData\Roaming\ZHP\ZHPFix[R3].txt - 14/10/2014 13:20:25 [2003]
Fichier d'export Registre :
Run by Valentim at 14/10/2014 13:18:48
High Elevated Privileges : OK
Windows 7 Ultimate Edition, 64-bit Service Pack 1 (Build 7601)
Reciclagem vazia (01mn 36s)
========== Processo memória ==========
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
ELIMINA REINICIAR: Memory Process: C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
========== Estado dos serviços ==========
ISAFENETFILTER Parado
iSafeNetFilter Parado
iSafeService Parado
iSafeKrnl Parado
iSafeKrnlKit Parado
iSafeKrnlR3 Parado
ssnfd Parado
========== Chaves do Registo ==========
ELIMINÉ:³ Service: iSafeService
ELIMINÉ: CLSID BHO: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01}
ELIMINÉ: [HKLM\SOFTWARE\Classes\CLSID\{0E8A89AD-95D7-40EB-8D9D-083EF7066A01}]
ELIMINÉ:³ HKLM\SYSTEM\CurrentControlSet\Services\iSafeService
========== Pastas ==========
ELIMINÉ Temporários windows (7)
========== Ficheiros ==========
ELIMINÉ Temporários windows (10) (233.976 octets)
ELIMINA REINICIAR: c:\program files (x86)\elex-tech\yac\isafesvc.exe
ELIMINÉ: c:\program files\mcafee security scan\3.8.150\mcafeemss_ie.dll
ELIMINA REINICIAR: c:\windows\system32\drivers\isafenetfilter.sys
ELIMINÉ: c:\windows\prefetch\isafeupdate.exe-7dd02c28.pf
ELIMINÉ: c:\users\valentim\appdata\roaming\cqv.exe
ELIMINÉ: c:\users\valentim\appdata\roaming\asnyh.exe
ELIMINÉ: c:\users\valentim\appdata\roaming\ht.exe
========== Recapitulativo ==========
3 : Processo memória
4 : Chaves do Registo
1 : Pastas
8 : Ficheiros
7 : Estado dos serviços
End of clean in 01mn 47s
========== Caminho do ficheiro do relatório ==========
C:\Users\Valentim\AppData\Roaming\ZHP\ZHPFix[R1].txt - 14/10/2014 10:09:58 [2816]
C:\Users\Valentim\AppData\Roaming\ZHP\ZHPFix[R2].txt - 14/10/2014 10:38:16 [2573]
C:\Users\Valentim\AppData\Roaming\ZHP\ZHPFix[R3].txt - 14/10/2014 13:20:25 [2003]
Marcelo Valentim- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 13/10/2014
Re: Desinstalar Malware
por joram Ter 14 Out 2014, 23:04
Boa Noite! Marcelo Valentim
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Farbar )
> Ou aqui...
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ou aqui,para sistemas 64bit!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste o relatório! (FRST.txt + Addition.txt)
A+
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Baixe: < [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] > ( ... by Farbar )
> Ou aqui...
< [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] >
> Ou aqui,para sistemas 64bit!
> Salve-o no desktop! (Área de trabalho ...)
> Execute a ferramenta! Clique "Yes" >> "Scan".
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
> Antes de clicar "Scan",verifique se as caixinhas em "Whitelist" estão assinaladas.
> Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
> Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
> Poste o relatório! (FRST.txt + Addition.txt)
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Desinstalar Malware
por Marcelo Valentim Qui 16 Out 2014, 11:15
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-10-2014 02
Ran by Valentim (administrator) on VALENTIM-PC on 16-10-2014 07:08:36
Running from C:\Users\Valentim\Desktop
Loaded Profile: Valentim (Available profiles: Valentim)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Valentim\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-930954855-3881057753-137846601-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-23] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Valentim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x97B02A5BF075CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Valentim\AppData\Roaming\Mozilla\Firefox\Profiles\0o2o3zp5.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Valentim\AppData\Roaming\Mozilla\Firefox\Profiles\0o2o3zp5.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: rpnetdownloadhelpergmailcom - C:\Users\Valentim\AppData\Roaming\Mozilla\Firefox\Profiles\0o2o3zp5.default\Extensions\rpnetdownloadhelper@gmail.com [2014-10-14]
FF Extension: EE223D7AF30F11DD8F0AD2AD55D89593 - C:\Users\Valentim\AppData\Roaming\Mozilla\Firefox\Profiles\0o2o3zp5.default\Extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593} [2014-10-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_d4w_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByCyD0ByDyDtDyByCzyzztN0D0Tzu0StCtDtCyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0CtDyB0F0CtCyCtG0CyD0ByCtGyEtBzzyEtGyB0C0B0CtGyEtDyDyCyDtDyByE0D0D0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyBzy0DtA0AzytDtGyEzy0B0FtGyEzztB0DtGzy0FzytBtGtAtA0E0C0B0B0A0B0FtD0DyD2Q&cr=1763968510&ir=", "hxxp://www.google.com.br/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-12]
CHR Extension: (Google Docs) - C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-12]
CHR Extension: (Google Drive) - C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-12]
CHR Extension: (YouTube) - C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-12]
CHR Extension: (Pesquisa do Google) - C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-12]
CHR Extension: (Planilhas do Google) - C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-12]
CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-12]
CHR Extension: (Gmail) - C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-12]
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-10-08] (Elex do Brasil Participações Ltda)
S2 Update Framed Display; "C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-10-14] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [248488 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-09-22] (Elex do Brasil Participações Ltda)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-16 07:08 - 2014-10-16 07:09 - 00011867 _____ () C:\Users\Valentim\Desktop\FRST.txt
2014-10-16 07:08 - 2014-10-16 07:08 - 00000000 ____D () C:\FRST
2014-10-16 07:07 - 2014-10-16 07:07 - 02111488 _____ (Farbar) C:\Users\Valentim\Desktop\FRST64.exe
2014-10-14 13:21 - 2014-10-14 13:21 - 00000000 ____D () C:\ProgramData\bdch
2014-10-14 13:18 - 2014-10-14 13:18 - 02002856 _____ () C:\Users\Valentim\AppData\Roaming\shfadmc.exe.44492.gzquar
2014-10-14 13:17 - 2014-10-14 13:17 - 01963920 _____ () C:\Users\Valentim\AppData\Roaming\kwvhk.exe.44376.gzquar
2014-10-14 13:17 - 2014-10-14 13:17 - 01963920 _____ () C:\Users\Valentim\AppData\Roaming\dvppk.exe.44310.gzquar
2014-10-14 10:58 - 2014-10-14 10:58 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-10-14 06:27 - 2014-10-14 06:27 - 00172603 _____ () C:\ProgramData\1413293093.bdinstall.bin
2014-10-14 06:25 - 2014-10-14 06:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2014-10-14 06:25 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-10-14 06:25 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-10-14 06:25 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-10-14 06:24 - 2014-10-14 06:24 - 00037662 _____ () C:\ProgramData\1413293090.bdinstall.bin
2014-10-14 06:22 - 2014-10-14 06:22 - 00176540 _____ () C:\ProgramData\1413292799.bdinstall.bin
2014-10-14 06:19 - 2014-10-14 06:19 - 00037902 _____ () C:\ProgramData\1413292792.bdinstall.bin
2014-10-14 06:18 - 2014-10-14 06:18 - 00210995 _____ () C:\ProgramData\1413292435.bdinstall.bin
2014-10-14 06:17 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\SET92E1.tmp
2014-10-14 06:15 - 2014-10-14 06:17 - 00000000 ____D () C:\Program Files\Bitdefender
2014-10-14 06:15 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-10-14 06:13 - 2014-10-14 06:15 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\QuickScan
2014-10-14 06:13 - 2014-10-14 06:13 - 10447328 _____ () C:\Users\Valentim\Desktop\Antivirus_Free_Edition_x64.exe
2014-10-14 06:13 - 2014-10-14 06:13 - 00162208 _____ () C:\Users\Valentim\Desktop\Antivirus_BitDefender.exe
2014-10-14 05:33 - 2014-10-14 05:33 - 00001987 _____ () C:\Users\Valentim\Desktop\ZHPFix.lnk
2014-10-14 05:33 - 2014-10-14 05:33 - 00001860 _____ () C:\Users\Valentim\Desktop\ZHPDiag.lnk
2014-10-14 05:33 - 2014-10-14 05:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-10-14 05:32 - 2014-10-14 05:33 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-10-14 05:31 - 2014-10-14 05:32 - 06860116 _____ (Nicolas Coolman ) C:\Users\Valentim\Desktop\ZHPDiag2.exe
2014-10-13 10:55 - 2014-10-13 10:55 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-13 10:55 - 2014-10-13 10:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-13 10:55 - 2014-10-13 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-13 10:55 - 2014-10-13 10:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-13 10:53 - 2014-10-13 10:53 - 04813544 _____ (Piriform Ltd) C:\Users\Valentim\Downloads\CCleaner.exe
2014-10-13 10:52 - 2014-10-13 11:08 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\Systweak
2014-10-13 10:52 - 2014-08-29 17:02 - 00020296 _____ () C:\Windows\system32\roboot64.exe
2014-10-13 07:43 - 2014-10-14 05:59 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-10-13 07:35 - 2014-10-14 13:20 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\ZHP
2014-10-13 07:32 - 2014-10-13 07:32 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-13 07:24 - 2014-10-13 07:24 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\Elex-tech
2014-10-13 06:27 - 2014-10-13 07:21 - 00000000 ____D () C:\AdwCleaner
2014-10-13 05:45 - 2014-10-16 07:00 - 00001756 _____ () C:\Windows\setupact.log
2014-10-13 05:45 - 2014-10-14 13:21 - 00691486 _____ () C:\Windows\PFRO.log
2014-10-13 05:45 - 2014-10-13 05:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-13 04:34 - 2014-10-13 06:35 - 00000000 ____D () C:\Windows\system32\log
2014-10-13 04:34 - 2014-10-13 04:34 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2014-10-13 04:34 - 2014-09-22 05:13 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2014-10-12 19:47 - 2014-10-12 19:47 - 00000000 _____ () C:\autoexec.bat
2014-10-12 19:24 - 2014-10-12 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-12 19:23 - 2014-10-16 07:01 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-12 19:23 - 2014-10-14 12:36 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-12 19:23 - 2014-10-12 19:24 - 00000000 ____D () C:\Users\Valentim\AppData\Local\Google
2014-10-12 19:23 - 2014-10-12 19:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-12 19:23 - 2014-10-12 19:23 - 00004068 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-12 19:23 - 2014-10-12 19:23 - 00003816 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-12 19:19 - 2014-10-12 19:23 - 00000000 ____D () C:\Users\Valentim\AppData\Local\Deployment
2014-10-12 19:19 - 2014-10-12 19:19 - 00000000 ____D () C:\Users\Valentim\AppData\Local\Apps\2.0
2014-10-12 17:01 - 2014-10-12 17:01 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\AVG2015
2014-10-12 17:00 - 2014-10-13 08:25 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-12 17:00 - 2014-10-13 08:23 - 00000000 ___HD () C:\$AVG
2014-10-12 17:00 - 2014-10-12 17:00 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\TuneUp Software
2014-10-12 16:55 - 2014-10-13 08:25 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-12 16:55 - 2014-10-12 17:05 - 00000000 ____D () C:\Users\Valentim\AppData\Local\Avg2015
2014-10-12 16:55 - 2014-10-12 16:55 - 00003164 _____ () C:\Windows\System32\Tasks\{47568C44-1DCA-4D56-A1F3-23A104B644C3}
2014-10-12 16:55 - 2014-10-12 16:55 - 00000000 ____D () C:\Users\Valentim\AppData\Local\MFAData
2014-10-12 16:16 - 2014-10-12 16:16 - 00000020 _____ () C:\ProgramData\bc.ini
2014-10-12 15:48 - 2014-10-12 15:48 - 00139488 _____ () C:\Windows\SysWOW64\XMLOperations.xml
2014-10-11 08:28 - 2014-10-12 16:16 - 00003544 _____ () C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2014-10-11 08:28 - 2014-10-11 08:28 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-10-11 08:28 - 2014-10-11 08:28 - 00000000 ____D () C:\Program Files (x86)\Baidu Security
2014-10-10 20:11 - 2014-10-13 11:06 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-10 19:36 - 2014-10-11 23:45 - 00000000 ___HD () C:\Users\Public\Temp
2014-10-05 07:16 - 2014-10-05 07:16 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-10-05 07:16 - 2014-10-05 07:16 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-10-05 07:16 - 2014-10-05 07:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-05 07:14 - 2014-10-05 07:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-05 07:14 - 2014-10-05 07:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-03 13:26 - 2014-10-03 13:26 - 06286448 _____ (Microsoft Corporation) C:\Users\Valentim\Desktop\Silverlight.exe
2014-09-29 11:27 - 2014-09-29 11:27 - 00895120 _____ (Google Inc.) C:\Users\Valentim\Desktop\GoogleVoiceAndVideoSetup.exe
2014-09-26 07:32 - 2014-10-12 19:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-16 07:06 - 2014-05-05 15:11 - 01212353 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 07:06 - 2009-07-13 22:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 07:03 - 2014-07-16 10:17 - 00000000 ___RD () C:\Users\Valentim\Dropbox
2014-10-16 07:03 - 2014-07-16 10:14 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\Dropbox
2014-10-16 07:01 - 2009-07-13 22:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-16 07:01 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-14 13:27 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-14 13:27 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-14 12:40 - 2014-07-10 10:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 05:34 - 2014-05-22 12:18 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\vlc
2014-10-13 05:34 - 2014-05-05 16:06 - 00000000 ____D () C:\Windows\Panther
2014-10-13 05:34 - 2011-11-17 11:33 - 00000000 ____D () C:\Users\Valentim\Desktop\Todods os Doc. Victor Valentim
2014-10-12 16:00 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-12 16:00 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-11 17:41 - 2009-07-13 19:34 - 00000580 _____ () C:\Windows\win.ini
2014-10-11 17:25 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-10 20:25 - 2014-05-05 15:45 - 00001413 _____ () C:\Users\Valentim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-08 18:02 - 2014-07-09 12:12 - 00000000 ____D () C:\Users\Valentim\Desktop\Marcelo
2014-10-06 13:39 - 2014-05-19 18:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-05 08:21 - 2014-05-25 14:25 - 00109296 _____ () C:\Users\Valentim\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-05 08:08 - 2009-07-13 21:45 - 00410424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-05 08:04 - 2014-05-22 14:13 - 00000000 ____D () C:\Windows\rescache
2014-10-05 08:02 - 2014-05-19 18:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-09-19 14:13 - 2014-07-16 10:17 - 00001029 _____ () C:\Users\Valentim\Desktop\Dropbox.lnk
2014-09-19 14:13 - 2014-07-16 10:15 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-19 14:13 - 2014-06-26 03:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 12:48 - 2014-05-19 18:18 - 00000000 ____D () C:\Users\Valentim\AppData\Local\Microsoft Help
Some content of TEMP:
====================
C:\Users\Valentim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdl1tjl.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-05 07:35
==================== End Of Log ============================
Ran by Valentim (administrator) on VALENTIM-PC on 16-10-2014 07:08:36
Running from C:\Users\Valentim\Desktop
Loaded Profile: Valentim (Available profiles: Valentim)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Dropbox, Inc.) C:\Users\Valentim\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-930954855-3881057753-137846601-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-05-23] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Valentim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => No File
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x97B02A5BF075CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = pt-BR
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
FireFox:
========
FF ProfilePath: C:\Users\Valentim\AppData\Roaming\Mozilla\Firefox\Profiles\0o2o3zp5.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Valentim\AppData\Roaming\Mozilla\Firefox\Profiles\0o2o3zp5.default\user.js
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\omiga-plus.xml
FF Extension: rpnetdownloadhelpergmailcom - C:\Users\Valentim\AppData\Roaming\Mozilla\Firefox\Profiles\0o2o3zp5.default\Extensions\rpnetdownloadhelper@gmail.com [2014-10-14]
FF Extension: EE223D7AF30F11DD8F0AD2AD55D89593 - C:\Users\Valentim\AppData\Roaming\Mozilla\Firefox\Profiles\0o2o3zp5.default\Extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593} [2014-10-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
Chrome:
=======
CHR HomePage: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_d4w_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByCyD0ByDyDtDyByCzyzztN0D0Tzu0StCtDtCyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0CtDyB0F0CtCyCtG0CyD0ByCtGyEtBzzyEtGyB0C0B0CtGyEtDyDyCyDtDyByE0D0D0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyBzy0DtA0AzytDtGyEzy0B0FtGyEzztB0DtGzy0FzytBtGtAtA0E0C0B0B0A0B0FtD0DyD2Q&cr=1763968510&ir=", "hxxp://www.google.com.br/"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:inputType}{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}{google:searchVersion}{google:sessionToken}{google:prefetchQuery}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Apresentações) - C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-12]
CHR Extension: (Google Docs) - C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-12]
CHR Extension: (Google Drive) - C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-12]
CHR Extension: (YouTube) - C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-12]
CHR Extension: (Pesquisa do Google) - C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-12]
CHR Extension: (Planilhas do Google) - C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-12]
CHR Extension: (GBBD Guardião - Itaú 30 horas) - C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Extensions\kgmpojlddncminmkddkpoegdjhojjipg [2014-10-13]
CHR Extension: (Google Wallet) - C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-12]
CHR Extension: (Gmail) - C:\Users\Valentim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-12]
CHR StartMenuInternet: Google Chrome - C:\Program Files\Google\Chrome\Application\chrome.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [69368 2013-10-23] (Bitdefender)
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-10-08] (Elex do Brasil Participações Ltda)
S2 Update Framed Display; "C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe" [X]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [718840 2013-04-17] (BitDefender)
U5 avchv; C:\Windows\System32\Drivers\avchv.sys [261056 2014-10-14] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
R1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [248488 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-09-22] (Elex do Brasil Participações Ltda)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [382536 2013-05-28] (BitDefender S.R.L.)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-16 07:08 - 2014-10-16 07:09 - 00011867 _____ () C:\Users\Valentim\Desktop\FRST.txt
2014-10-16 07:08 - 2014-10-16 07:08 - 00000000 ____D () C:\FRST
2014-10-16 07:07 - 2014-10-16 07:07 - 02111488 _____ (Farbar) C:\Users\Valentim\Desktop\FRST64.exe
2014-10-14 13:21 - 2014-10-14 13:21 - 00000000 ____D () C:\ProgramData\bdch
2014-10-14 13:18 - 2014-10-14 13:18 - 02002856 _____ () C:\Users\Valentim\AppData\Roaming\shfadmc.exe.44492.gzquar
2014-10-14 13:17 - 2014-10-14 13:17 - 01963920 _____ () C:\Users\Valentim\AppData\Roaming\kwvhk.exe.44376.gzquar
2014-10-14 13:17 - 2014-10-14 13:17 - 01963920 _____ () C:\Users\Valentim\AppData\Roaming\dvppk.exe.44310.gzquar
2014-10-14 10:58 - 2014-10-14 10:58 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2014-10-14 06:27 - 2014-10-14 06:27 - 00172603 _____ () C:\ProgramData\1413293093.bdinstall.bin
2014-10-14 06:25 - 2014-10-14 06:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2014-10-14 06:25 - 2013-04-22 13:21 - 00148696 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2014-10-14 06:25 - 2013-04-17 14:59 - 00718840 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2014-10-14 06:25 - 2013-04-17 14:59 - 00593144 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2014-10-14 06:24 - 2014-10-14 06:24 - 00037662 _____ () C:\ProgramData\1413293090.bdinstall.bin
2014-10-14 06:22 - 2014-10-14 06:22 - 00176540 _____ () C:\ProgramData\1413292799.bdinstall.bin
2014-10-14 06:19 - 2014-10-14 06:19 - 00037902 _____ () C:\ProgramData\1413292792.bdinstall.bin
2014-10-14 06:18 - 2014-10-14 06:18 - 00210995 _____ () C:\ProgramData\1413292435.bdinstall.bin
2014-10-14 06:17 - 2012-11-02 14:17 - 00261056 _____ (BitDefender) C:\Windows\system32\Drivers\SET92E1.tmp
2014-10-14 06:15 - 2014-10-14 06:17 - 00000000 ____D () C:\Program Files\Bitdefender
2014-10-14 06:15 - 2013-05-28 12:12 - 00382536 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2014-10-14 06:13 - 2014-10-14 06:15 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\QuickScan
2014-10-14 06:13 - 2014-10-14 06:13 - 10447328 _____ () C:\Users\Valentim\Desktop\Antivirus_Free_Edition_x64.exe
2014-10-14 06:13 - 2014-10-14 06:13 - 00162208 _____ () C:\Users\Valentim\Desktop\Antivirus_BitDefender.exe
2014-10-14 05:33 - 2014-10-14 05:33 - 00001987 _____ () C:\Users\Valentim\Desktop\ZHPFix.lnk
2014-10-14 05:33 - 2014-10-14 05:33 - 00001860 _____ () C:\Users\Valentim\Desktop\ZHPDiag.lnk
2014-10-14 05:33 - 2014-10-14 05:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-10-14 05:32 - 2014-10-14 05:33 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-10-14 05:31 - 2014-10-14 05:32 - 06860116 _____ (Nicolas Coolman ) C:\Users\Valentim\Desktop\ZHPDiag2.exe
2014-10-13 10:55 - 2014-10-13 10:55 - 00002778 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2014-10-13 10:55 - 2014-10-13 10:55 - 00000822 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-10-13 10:55 - 2014-10-13 10:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-10-13 10:55 - 2014-10-13 10:55 - 00000000 ____D () C:\Program Files\CCleaner
2014-10-13 10:53 - 2014-10-13 10:53 - 04813544 _____ (Piriform Ltd) C:\Users\Valentim\Downloads\CCleaner.exe
2014-10-13 10:52 - 2014-10-13 11:08 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\Systweak
2014-10-13 10:52 - 2014-08-29 17:02 - 00020296 _____ () C:\Windows\system32\roboot64.exe
2014-10-13 07:43 - 2014-10-14 05:59 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-10-13 07:35 - 2014-10-14 13:20 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\ZHP
2014-10-13 07:32 - 2014-10-13 07:32 - 00000000 ____D () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-10-13 07:24 - 2014-10-13 07:24 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\Elex-tech
2014-10-13 06:27 - 2014-10-13 07:21 - 00000000 ____D () C:\AdwCleaner
2014-10-13 05:45 - 2014-10-16 07:00 - 00001756 _____ () C:\Windows\setupact.log
2014-10-13 05:45 - 2014-10-14 13:21 - 00691486 _____ () C:\Windows\PFRO.log
2014-10-13 05:45 - 2014-10-13 05:45 - 00000000 _____ () C:\Windows\setuperr.log
2014-10-13 04:34 - 2014-10-13 06:35 - 00000000 ____D () C:\Windows\system32\log
2014-10-13 04:34 - 2014-10-13 04:34 - 00000000 ____D () C:\Program Files (x86)\Elex-tech
2014-10-13 04:34 - 2014-09-22 05:13 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2014-10-12 19:47 - 2014-10-12 19:47 - 00000000 _____ () C:\autoexec.bat
2014-10-12 19:24 - 2014-10-12 19:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-12 19:23 - 2014-10-16 07:01 - 00001068 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-12 19:23 - 2014-10-14 12:36 - 00001072 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-12 19:23 - 2014-10-12 19:24 - 00000000 ____D () C:\Users\Valentim\AppData\Local\Google
2014-10-12 19:23 - 2014-10-12 19:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-10-12 19:23 - 2014-10-12 19:23 - 00004068 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-12 19:23 - 2014-10-12 19:23 - 00003816 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-12 19:19 - 2014-10-12 19:23 - 00000000 ____D () C:\Users\Valentim\AppData\Local\Deployment
2014-10-12 19:19 - 2014-10-12 19:19 - 00000000 ____D () C:\Users\Valentim\AppData\Local\Apps\2.0
2014-10-12 17:01 - 2014-10-12 17:01 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\AVG2015
2014-10-12 17:00 - 2014-10-13 08:25 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-12 17:00 - 2014-10-13 08:23 - 00000000 ___HD () C:\$AVG
2014-10-12 17:00 - 2014-10-12 17:00 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\TuneUp Software
2014-10-12 16:55 - 2014-10-13 08:25 - 00000000 ____D () C:\ProgramData\MFAData
2014-10-12 16:55 - 2014-10-12 17:05 - 00000000 ____D () C:\Users\Valentim\AppData\Local\Avg2015
2014-10-12 16:55 - 2014-10-12 16:55 - 00003164 _____ () C:\Windows\System32\Tasks\{47568C44-1DCA-4D56-A1F3-23A104B644C3}
2014-10-12 16:55 - 2014-10-12 16:55 - 00000000 ____D () C:\Users\Valentim\AppData\Local\MFAData
2014-10-12 16:16 - 2014-10-12 16:16 - 00000020 _____ () C:\ProgramData\bc.ini
2014-10-12 15:48 - 2014-10-12 15:48 - 00139488 _____ () C:\Windows\SysWOW64\XMLOperations.xml
2014-10-11 08:28 - 2014-10-12 16:16 - 00003544 _____ () C:\Windows\System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633
2014-10-11 08:28 - 2014-10-11 08:28 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-10-11 08:28 - 2014-10-11 08:28 - 00000000 ____D () C:\Program Files (x86)\Baidu Security
2014-10-10 20:11 - 2014-10-13 11:06 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-10-10 19:36 - 2014-10-11 23:45 - 00000000 ___HD () C:\Users\Public\Temp
2014-10-05 07:16 - 2014-10-05 07:16 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2014-10-05 07:16 - 2014-10-05 07:16 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2014-10-05 07:16 - 2014-10-05 07:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-10-05 07:14 - 2014-10-05 07:14 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-10-05 07:14 - 2014-10-05 07:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-10-03 13:26 - 2014-10-03 13:26 - 06286448 _____ (Microsoft Corporation) C:\Users\Valentim\Desktop\Silverlight.exe
2014-09-29 11:27 - 2014-09-29 11:27 - 00895120 _____ (Google Inc.) C:\Users\Valentim\Desktop\GoogleVoiceAndVideoSetup.exe
2014-09-26 07:32 - 2014-10-12 19:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2014-10-16 07:06 - 2014-05-05 15:11 - 01212353 _____ () C:\Windows\WindowsUpdate.log
2014-10-16 07:06 - 2009-07-13 22:13 - 00726316 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-16 07:03 - 2014-07-16 10:17 - 00000000 ___RD () C:\Users\Valentim\Dropbox
2014-10-16 07:03 - 2014-07-16 10:14 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\Dropbox
2014-10-16 07:01 - 2009-07-13 22:08 - 00032612 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-10-16 07:01 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-14 13:27 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-14 13:27 - 2009-07-13 21:45 - 00016976 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-14 12:40 - 2014-07-10 10:43 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-13 05:34 - 2014-05-22 12:18 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\vlc
2014-10-13 05:34 - 2014-05-05 16:06 - 00000000 ____D () C:\Windows\Panther
2014-10-13 05:34 - 2011-11-17 11:33 - 00000000 ____D () C:\Users\Valentim\Desktop\Todods os Doc. Victor Valentim
2014-10-12 16:00 - 2009-07-13 20:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-12 16:00 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2014-10-11 17:41 - 2009-07-13 19:34 - 00000580 _____ () C:\Windows\win.ini
2014-10-11 17:25 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-10 20:25 - 2014-05-05 15:45 - 00001413 _____ () C:\Users\Valentim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-08 18:02 - 2014-07-09 12:12 - 00000000 ____D () C:\Users\Valentim\Desktop\Marcelo
2014-10-06 13:39 - 2014-05-19 18:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-05 08:21 - 2014-05-25 14:25 - 00109296 _____ () C:\Users\Valentim\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-05 08:08 - 2009-07-13 21:45 - 00410424 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-05 08:04 - 2014-05-22 14:13 - 00000000 ____D () C:\Windows\rescache
2014-10-05 08:02 - 2014-05-19 18:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-09-19 14:13 - 2014-07-16 10:17 - 00001029 _____ () C:\Users\Valentim\Desktop\Dropbox.lnk
2014-09-19 14:13 - 2014-07-16 10:15 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-19 14:13 - 2014-06-26 03:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-09-16 12:48 - 2014-05-19 18:18 - 00000000 ____D () C:\Users\Valentim\AppData\Local\Microsoft Help
Some content of TEMP:
====================
C:\Users\Valentim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdl1tjl.dll
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-10-05 07:35
==================== End Of Log ============================
Marcelo Valentim- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 13/10/2014
Re: Desinstalar Malware
por Marcelo Valentim Qui 16 Out 2014, 11:16
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-10-2014 02
Ran by Valentim at 2014-10-16 07:10:26
Running from C:\Users\Valentim\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version: - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version: - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version: - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version: - Microsoft)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Suporte para Aplicativos Apple (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{52F3455A-9ADB-41A6-BCE7-8D99F3770590}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-930954855-3881057753-137846601-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-930954855-3881057753-137846601-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-930954855-3881057753-137846601-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-930954855-3881057753-137846601-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-930954855-3881057753-137846601-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-930954855-3881057753-137846601-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-930954855-3881057753-137846601-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-930954855-3881057753-137846601-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-930954855-3881057753-137846601-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
11-09-2014 00:33:34 Windows Update
05-10-2014 14:13:03 Windows Update
05-10-2014 15:00:10 Windows Update
06-10-2014 20:27:15 Windows Update
11-10-2014 02:33:12 Uniblue SpeedUpMyPC installation
11-10-2014 03:10:35 Removed Bonjour
12-10-2014 00:24:35 Windows Update
12-10-2014 23:59:06 Installed AVG 2015
12-10-2014 23:59:38 Installed AVG 2015
13-10-2014 02:41:15 Installed SpyHunter
13-10-2014 14:30:24 Removed SpyHunter
13-10-2014 14:31:27 Removed SpyHunter
13-10-2014 15:22:08 Removed AVG 2015
13-10-2014 15:24:03 Removed AVG 2015
13-10-2014 17:35:36 Revo Uninstaller's restore point - Muvic Smartbar Engine
13-10-2014 17:36:54 Revo Uninstaller's restore point - Muvic Smartbar
13-10-2014 17:47:59 Revo Uninstaller's restore point - ZHPDiag 2014
13-10-2014 18:05:26 Removed Visual Studio 2012 x64 Redistributables
13-10-2014 18:06:08 Removed Visual Studio 2012 x86 Redistributables
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1D7C72CF-E312-4333-9062-193C2F62ECE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-12] (Google Inc.)
Task: {54680FF7-0CF2-48D3-B7EF-E5EE218E8516} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {680CA7BE-B958-4931-B521-15B1E5A13A85} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {8ECD38B3-1FDC-4529-875F-E1F09EB41079} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-12] (Google Inc.)
Task: {BE06E5F5-2626-45AF-8E55-F4F8DBD4DF25} - System32\Tasks\{47568C44-1DCA-4D56-A1F3-23A104B644C3} => C:\Users\Valentim\Desktop\Todods os Doc. Victor Valentim\Meu\Pastas\Office 2007 PORTUGUES.BR\Office 2007 PORTUGUES.BR\OFFICE.PT-BR\DWTRIG20.EXE [2006-11-17] (Microsoft Corporation)
Task: {C587C2CC-EB20-4762-B3A3-EA987298F485} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D34EA7EA-8E58-441B-AEBA-63CDB5399F9E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-10-14 06:17 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2014-10-14 06:17 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2014-10-13 04:34 - 2014-10-08 03:10 - 00065696 ____N () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2014-10-13 04:34 - 2014-10-08 03:10 - 00092320 ____N () C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll
2014-10-13 04:34 - 2014-09-22 05:13 - 00176976 ____N () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
2014-10-13 04:34 - 2014-09-22 05:13 - 00087744 ____N () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-13 04:34 - 2014-10-08 03:09 - 00179200 ____N () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2014-10-16 07:03 - 2014-10-16 07:03 - 00043008 _____ () c:\users\valentim\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdl1tjl.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Valentim\AppData\Roaming\Dropbox\bin\libcef.dll
2014-10-12 19:24 - 2014-09-30 22:54 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libglesv2.dll
2014-10-12 19:24 - 2014-09-30 22:54 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libegl.dll
2014-10-12 19:24 - 2014-09-30 22:54 - 08911176 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\pdf.dll
2014-10-12 19:24 - 2014-09-30 22:54 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Valentim\Desktop\FRST64.exe:BDU
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-930954855-3881057753-137846601-500 - Administrator - Disabled)
Guest (S-1-5-21-930954855-3881057753-137846601-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-930954855-3881057753-137846601-1002 - Limited - Enabled)
Valentim (S-1-5-21-930954855-3881057753-137846601-1000 - Administrator - Enabled) => C:\Users\Valentim
==================== Faulty Device Manager Devices =============
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/14/2014 11:40:54 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.
Error: (10/14/2014 11:40:54 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x80070422
Error: (10/14/2014 06:28:57 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.
Error: (10/14/2014 06:28:57 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x80070422
Error: (10/14/2014 06:23:27 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.
Error: (10/14/2014 06:23:23 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x80070422
Error: (10/13/2014 08:43:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21613705
Error: (10/13/2014 08:43:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21613705
Error: (10/13/2014 08:43:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/13/2014 00:52:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3043
System errors:
=============
Error: (10/16/2014 07:01:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bitdefender Antivirus Free Edition service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Error: (10/16/2014 07:01:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Framed Display service failed to start due to the following error:
%%2
Error: (10/14/2014 01:22:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bitdefender Antivirus Free Edition service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Error: (10/14/2014 01:22:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Framed Display service failed to start due to the following error:
%%2
Error: (10/14/2014 11:41:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Framed Display service failed to start due to the following error:
%%2
Error: (10/14/2014 10:53:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X64 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (10/14/2014 10:53:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
Error: (10/14/2014 07:30:00 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (10/14/2014 07:30:00 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (10/14/2014 07:30:00 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 40%
Total physical RAM: 3893.86 MB
Available physical RAM: 2321.84 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 5874.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:285.23 GB) (Free:82.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.56 GB) (Free:2.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or
(Size: 298.1 GB) (Disk ID: 34A97794)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
==================== End Of Log ============================
Ran by Valentim at 2014-10-16 07:10:26
Running from C:\Users\Valentim\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Bitdefender Antivirus Free Edition (Enabled - Up to date) {9B5F5313-CAF9-DD97-C460-E778420237B4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antivirus Free Edition (Enabled - Up to date) {203EB2F7-ECC3-D219-FED0-DC0A39857D09}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) - Português (HKLM-x32\...\{AC76BA86-7AD7-1046-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atualização do produto Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0416-0000-0000000FF1CE}_ENTERPRISE_{717C9095-8AAE-41CB-B046-BD6E8399F4F3}) (Version: - Microsoft)
Atualização do produto Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{5016CB22-B9A7-44FB-AA72-AF28B27B15EA}) (Version: - Microsoft)
Atualização do produto Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0416-0000-0000000FF1CE}_ENTERPRISE_{BE3A7C0C-0081-4694-B5F9-980DD66BDDF8}) (Version: - Microsoft)
Atualização do produto Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0416-0000-0000000FF1CE}_ENTERPRISE_{7297E3A9-FCD4-4E0E-A306-7A90359E50E3}) (Version: - Microsoft)
Bitdefender Antivirus Free Edition (HKLM\...\BitDefender Gonzales) (Version: 1.0.21.1099 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.16 - Piriform)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (Portuguese (Brazil)) 2007 (x32 Version: 12.0.4518.1019 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (Portuguese (Brazil)) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (Portuguese (Brazil)) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Suporte para Aplicativos Apple (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (HKLM-x32\...\{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}.KB2836939v3) (Version: 3 - Microsoft Corporation)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0416-0000-0000000FF1CE}_ENTERPRISE_{52F3455A-9ADB-41A6-BCE7-8D99F3770590}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2889914) 32-Bit Edition (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{F3F83933-75FC-4B60-84F2-3F8FA63D042E}) (Version: - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
ZHPDiag 2014 (HKLM-x32\...\ZHPDiag_is1) (Version: 2014 - Nicolas Coolman)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-1-5-21-930954855-3881057753-137846601-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-930954855-3881057753-137846601-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-930954855-3881057753-137846601-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-930954855-3881057753-137846601-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-930954855-3881057753-137846601-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-930954855-3881057753-137846601-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-930954855-3881057753-137846601-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-930954855-3881057753-137846601-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-930954855-3881057753-137846601-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Valentim\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
11-09-2014 00:33:34 Windows Update
05-10-2014 14:13:03 Windows Update
05-10-2014 15:00:10 Windows Update
06-10-2014 20:27:15 Windows Update
11-10-2014 02:33:12 Uniblue SpeedUpMyPC installation
11-10-2014 03:10:35 Removed Bonjour
12-10-2014 00:24:35 Windows Update
12-10-2014 23:59:06 Installed AVG 2015
12-10-2014 23:59:38 Installed AVG 2015
13-10-2014 02:41:15 Installed SpyHunter
13-10-2014 14:30:24 Removed SpyHunter
13-10-2014 14:31:27 Removed SpyHunter
13-10-2014 15:22:08 Removed AVG 2015
13-10-2014 15:24:03 Removed AVG 2015
13-10-2014 17:35:36 Revo Uninstaller's restore point - Muvic Smartbar Engine
13-10-2014 17:36:54 Revo Uninstaller's restore point - Muvic Smartbar
13-10-2014 17:47:59 Revo Uninstaller's restore point - ZHPDiag 2014
13-10-2014 18:05:26 Removed Visual Studio 2012 x64 Redistributables
13-10-2014 18:06:08 Removed Visual Studio 2012 x86 Redistributables
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {1D7C72CF-E312-4333-9062-193C2F62ECE1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-12] (Google Inc.)
Task: {54680FF7-0CF2-48D3-B7EF-E5EE218E8516} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-09] (Adobe Systems Incorporated)
Task: {680CA7BE-B958-4931-B521-15B1E5A13A85} - System32\Tasks\060184C3-9766-46a0-B258-F4518A0B2633 => Cscript.exe "C:\ProgramData\Baidu Security\Duplicaterecord.js"
Task: {8ECD38B3-1FDC-4529-875F-E1F09EB41079} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-12] (Google Inc.)
Task: {BE06E5F5-2626-45AF-8E55-F4F8DBD4DF25} - System32\Tasks\{47568C44-1DCA-4D56-A1F3-23A104B644C3} => C:\Users\Valentim\Desktop\Todods os Doc. Victor Valentim\Meu\Pastas\Office 2007 PORTUGUES.BR\Office 2007 PORTUGUES.BR\OFFICE.PT-BR\DWTRIG20.EXE [2006-11-17] (Microsoft Corporation)
Task: {C587C2CC-EB20-4762-B3A3-EA987298F485} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {D34EA7EA-8E58-441B-AEBA-63CDB5399F9E} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-07-23] (Piriform Ltd)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-10-14 06:17 - 2013-03-19 12:07 - 00696632 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\sqlite3.dll
2014-10-14 06:17 - 2013-09-03 14:29 - 00101328 _____ () C:\Program Files\Bitdefender\Antivirus Free Edition\BDMetrics.dll
2014-10-13 04:34 - 2014-10-08 03:10 - 00065696 ____N () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2014-10-13 04:34 - 2014-10-08 03:10 - 00092320 ____N () C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll
2014-10-13 04:34 - 2014-09-22 05:13 - 00176976 ____N () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
2014-10-13 04:34 - 2014-09-22 05:13 - 00087744 ____N () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-13 04:34 - 2014-10-08 03:09 - 00179200 ____N () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
2014-10-16 07:03 - 2014-10-16 07:03 - 00043008 _____ () c:\users\valentim\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdl1tjl.dll
2013-08-23 12:01 - 2013-08-23 12:01 - 25100288 _____ () C:\Users\Valentim\AppData\Roaming\Dropbox\bin\libcef.dll
2014-10-12 19:24 - 2014-09-30 22:54 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libglesv2.dll
2014-10-12 19:24 - 2014-09-30 22:54 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\libegl.dll
2014-10-12 19:24 - 2014-09-30 22:54 - 08911176 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\pdf.dll
2014-10-12 19:24 - 2014-09-30 22:54 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.101\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
AlternateDataStreams: C:\Users\Valentim\Desktop\FRST64.exe:BDU
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
========================= Accounts: ==========================
Administrator (S-1-5-21-930954855-3881057753-137846601-500 - Administrator - Disabled)
Guest (S-1-5-21-930954855-3881057753-137846601-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-930954855-3881057753-137846601-1002 - Limited - Enabled)
Valentim (S-1-5-21-930954855-3881057753-137846601-1000 - Administrator - Enabled) => C:\Users\Valentim
==================== Faulty Device Manager Devices =============
Name: PCI Simple Communications Controller
Description: PCI Simple Communications Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
==================== Event log errors: =========================
Application errors:
==================
Error: (10/14/2014 11:40:54 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.
Error: (10/14/2014 11:40:54 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x80070422
Error: (10/14/2014 06:28:57 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.
Error: (10/14/2014 06:28:57 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x80070422
Error: (10/14/2014 06:23:27 AM) (Source: Winlogon) (EventID: 4103) (User: )
Description: Windows license activation failed. Error 0x00000000.
Error: (10/14/2014 06:23:23 AM) (Source: Software Protection Platform Service) (EventID: 8198) (User: )
Description: License Activation (slui.exe) failed with the following error code:
0x80070422
Error: (10/13/2014 08:43:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 21613705
Error: (10/13/2014 08:43:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 21613705
Error: (10/13/2014 08:43:12 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (10/13/2014 00:52:47 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3043
System errors:
=============
Error: (10/16/2014 07:01:13 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bitdefender Antivirus Free Edition service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Error: (10/16/2014 07:01:13 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Framed Display service failed to start due to the following error:
%%2
Error: (10/14/2014 01:22:07 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Bitdefender Antivirus Free Edition service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.
Error: (10/14/2014 01:22:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Framed Display service failed to start due to the following error:
%%2
Error: (10/14/2014 11:41:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Update Framed Display service failed to start due to the following error:
%%2
Error: (10/14/2014 10:53:12 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X64 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.
Error: (10/14/2014 10:53:04 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
Error: (10/14/2014 07:30:00 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (10/14/2014 07:30:00 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Error: (10/14/2014 07:30:00 AM) (Source: atapi) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Ide\IdePort0.
Microsoft Office Sessions:
=========================
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i3 CPU M 330 @ 2.13GHz
Percentage of memory in use: 40%
Total physical RAM: 3893.86 MB
Available physical RAM: 2321.84 MB
Total Pagefile: 7785.9 MB
Available Pagefile: 5874.89 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:285.23 GB) (Free:82.75 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:12.56 GB) (Free:2.34 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or
(Size: 298.1 GB) (Disk ID: 34A97794)Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=285.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=12.6 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
==================== End Of Log ============================
Marcelo Valentim- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 13/10/2014
Re: Desinstalar Malware
por joram Qui 16 Out 2014, 11:44
Bom Dia! Marcelo Valentim
> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-a com o nome fixlist.txt
> Salve-a no desktop! ( Área de trabalho ... ) ( C:\Users\Valentim\Desktop )
start
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: EE223D7AF30F11DD8F0AD2AD55D89593 - C:\Users\Valentim\AppData\Roaming\Mozilla\Firefox\Profiles\0o2o3zp5.default\Extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593} [2014-10-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HomePage: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_d4w_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByCyD0ByDyDtDyByCzyzztN0D0Tzu0StCtDtCyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0CtDyB0F0CtCyCtG0CyD0ByCtGyEtBzzyEtGyB0C0B0CtGyEtDyDyCyDtDyByE0D0D0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyBzy0DtA0AzytDtGyEzy0B0FtGyEzztB0DtGzy0FzytBtGtAtA0E0C0B0B0A0B0FtD0DyD2Q&cr=1763968510&ir=", "hxxp://www.google.com.br/"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-10-08] (Elex do Brasil Participações Ltda)
S2 Update Framed Display; "C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe" [X]
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [248488 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-09-22] (Elex do Brasil Participações Ltda)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
2014-10-14 05:33 - 2014-10-14 05:33 - 00001987 _____ () C:\Users\Valentim\Desktop\ZHPFix.lnk
2014-10-14 05:33 - 2014-10-14 05:33 - 00001860 _____ () C:\Users\Valentim\Desktop\ZHPDiag.lnk
2014-10-14 05:33 - 2014-10-14 05:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-10-14 05:32 - 2014-10-14 05:33 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-10-14 05:31 - 2014-10-14 05:32 - 06860116 _____ (Nicolas Coolman ) C:\Users\Valentim\Desktop\ZHPDiag2.exe
2014-10-13 07:43 - 2014-10-14 05:59 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-10-13 07:35 - 2014-10-14 13:20 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\ZHP
2014-10-13 06:27 - 2014-10-13 07:21 - 00000000 ____D () C:\AdwCleaner
2014-10-13 04:34 - 2014-09-22 05:13 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2014-10-12 17:01 - 2014-10-12 17:01 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\AVG2015
2014-10-12 17:00 - 2014-10-13 08:25 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-12 17:00 - 2014-10-13 08:23 - 00000000 ___HD () C:\$AVG
2014-10-12 16:55 - 2014-10-12 17:05 - 00000000 ____D () C:\Users\Valentim\AppData\Local\Avg2015
2014-10-11 08:28 - 2014-10-11 08:28 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-10-11 08:28 - 2014-10-11 08:28 - 00000000 ____D () C:\Program Files (x86)\Baidu Security
2014-10-13 04:34 - 2014-10-08 03:10 - 00065696 ____N () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2014-10-13 04:34 - 2014-10-08 03:10 - 00092320 ____N () C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll
2014-10-13 04:34 - 2014-09-22 05:13 - 00176976 ____N () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
2014-10-13 04:34 - 2014-09-22 05:13 - 00087744 ____N () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
2014-10-13 04:34 - 2014-10-08 03:09 - 00179200 ____N () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
C:\Users\Valentim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdl1tjl.dll
C:\Program Files\Enigma Software Group\SpyHunter
C:\Program Files (x86)\Elex-tech\YAC
end
> Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
> Poste o relatório! (Fixlog.txt)
A+
> Copie estas informações que estão em vermelho,para o Bloco de Notas.
> Salve-a com o nome fixlist.txt
> Salve-a no desktop! ( Área de trabalho ... ) ( C:\Users\Valentim\Desktop )
start
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc2.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\Elex-tech\YAC\iSafeTray.exe
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
ShellIconOverlayIdentifiers: [BaiduAntivirusIconLock] -> {0A93904A-BB1E-4a0c-9753-B57B9AE272CC} => No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Extension: EE223D7AF30F11DD8F0AD2AD55D89593 - C:\Users\Valentim\AppData\Roaming\Mozilla\Firefox\Profiles\0o2o3zp5.default\Extensions\{EE223D7A-F30F-11DD-8F0A-D2AD55D89593} [2014-10-14]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [Not Found]
CHR HomePage: Default -> [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
CHR StartupUrls: Default -> "hxxp://astromenda.com/?f=7&a=ast_d4w_14_42_ch&cd=2XzuyEtN2Y1L1Qzu0FtDyB0B0C0ByCyD0ByDyDtDyByCzyzztN0D0Tzu0StCtDtCyBtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyEtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2StA0CtDyB0F0CtCyCtG0CyD0ByCtGyEtBzzyEtGyB0C0B0CtGyEtDyDyCyDtDyByE0D0D0AyC2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzyyBzy0DtA0AzytDtGyEzy0B0FtGyEzztB0DtGzy0FzytBtGtAtA0E0C0B0B0A0B0FtD0DyD2Q&cr=1763968510&ir=", "hxxp://www.google.com.br/"
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
R2 iSafeService; C:\Program Files (x86)\Elex-tech\YAC\iSafeSvc.exe [118048 2014-10-08] (Elex do Brasil Participações Ltda)
S2 Update Framed Display; "C:\Program Files (x86)\Framed Display\updateFramedDisplay.exe" [X]
R1 iSafeKrnl; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnl.sys [248488 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlKit.sys [99496 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\Elex-tech\YAC\iSafeKrnlR3.sys [65704 2014-10-08] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Windows\System32\DRIVERS\iSafeNetFilter.sys [49320 2014-09-22] (Elex do Brasil Participações Ltda)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 iSafeKrnlBoot; system32\DRIVERS\iSafeKrnlBoot.sys [X]
2014-10-14 05:33 - 2014-10-14 05:33 - 00001987 _____ () C:\Users\Valentim\Desktop\ZHPFix.lnk
2014-10-14 05:33 - 2014-10-14 05:33 - 00001860 _____ () C:\Users\Valentim\Desktop\ZHPDiag.lnk
2014-10-14 05:33 - 2014-10-14 05:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2014-10-14 05:32 - 2014-10-14 05:33 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2014-10-14 05:31 - 2014-10-14 05:32 - 06860116 _____ (Nicolas Coolman ) C:\Users\Valentim\Desktop\ZHPDiag2.exe
2014-10-13 07:43 - 2014-10-14 05:59 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2014-10-13 07:35 - 2014-10-14 13:20 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\ZHP
2014-10-13 06:27 - 2014-10-13 07:21 - 00000000 ____D () C:\AdwCleaner
2014-10-13 04:34 - 2014-09-22 05:13 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2014-10-12 17:01 - 2014-10-12 17:01 - 00000000 ____D () C:\Users\Valentim\AppData\Roaming\AVG2015
2014-10-12 17:00 - 2014-10-13 08:25 - 00000000 ____D () C:\ProgramData\AVG2015
2014-10-12 17:00 - 2014-10-13 08:23 - 00000000 ___HD () C:\$AVG
2014-10-12 16:55 - 2014-10-12 17:05 - 00000000 ____D () C:\Users\Valentim\AppData\Local\Avg2015
2014-10-11 08:28 - 2014-10-11 08:28 - 00000000 ____D () C:\ProgramData\Baidu Security
2014-10-11 08:28 - 2014-10-11 08:28 - 00000000 ____D () C:\Program Files (x86)\Baidu Security
2014-10-13 04:34 - 2014-10-08 03:10 - 00065696 ____N () C:\Program Files (x86)\Elex-tech\YAC\zlib1.dll
2014-10-13 04:34 - 2014-10-08 03:10 - 00092320 ____N () C:\Program Files (x86)\Elex-tech\YAC\curlpp.dll
2014-10-13 04:34 - 2014-09-22 05:13 - 00176976 ____N () C:\Program Files (x86)\Elex-tech\YAC\tws\unrar.dll
2014-10-13 04:34 - 2014-09-22 05:13 - 00087744 ____N () C:\Program Files (x86)\Elex-tech\YAC\tws\unacev2.dll
2014-10-13 04:34 - 2014-10-08 03:09 - 00179200 ____N () C:\Program Files (x86)\Elex-tech\YAC\libpng.dll
C:\Users\Valentim\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpdl1tjl.dll
C:\Program Files\Enigma Software Group\SpyHunter
C:\Program Files (x86)\Elex-tech\YAC
end
> Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
> Poste o relatório! (Fixlog.txt)
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Desinstalar Malware
por Marcelo Valentim Qui 16 Out 2014, 12:19
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Marcelo Valentim- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 13/10/2014
Re: Desinstalar Malware
por joram Qui 16 Out 2014, 12:27
Boa Tarde! Marcelo ValentimMarcelo Valentim escreveu:[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
> A YAC está protegida e,em Modo Normal,seus processos e entradas não são fixados.
> Repita o script,mas em Modo de Segurança.
> Poste o log! Pode ser em MyFile.tk.
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Desinstalar Malware
por Marcelo Valentim Qui 16 Out 2014, 20:06
Irmão, não entendi como proceder.
Obrigado!
Abraços.
Obrigado!
Abraços.
Marcelo Valentim- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 13/10/2014
Re: Desinstalar Malware
por joram Qui 16 Out 2014, 20:14
Boa Noite! Marcelo ValentimMarcelo Valentim escreveu:Irmão, não entendi como proceder.
Obrigado!
Abraços.
> Repetir o procedimento anterior,mas em Modo de Segurança.
> Poste o relatório!
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Re: Desinstalar Malware
por Marcelo Valentim Sex 17 Out 2014, 15:40
Caro Joram, não vai de jeito nenhum... pois não consigo acessar à rede... não sei se é por causa de ser wifi (liguei e desliguei)...
E o código de erro é que está aparecendo é:
DNS_PROBE_FINISHED_NO_INTERNET
Abraços!
E o código de erro é que está aparecendo é:
DNS_PROBE_FINISHED_NO_INTERNET
Abraços!
Marcelo Valentim- Iniciante
- Mensagens : 14
Reputação : 0
Data de inscrição : 13/10/2014
Re: Desinstalar Malware
por joram Sex 17 Out 2014, 16:15
Boa Tarde! Marcelo ValentimMarcelo Valentim escreveu:Caro Joram, não vai de jeito nenhum... pois não consigo acessar à rede... não sei se é por causa de ser wifi (liguei e desliguei)...
E o código de erro é que está aparecendo é:
DNS_PROBE_FINISHED_NO_INTERNET
Abraços!
Vc terá que acessar o Modo de Segurança sem rede!
< http://windows.microsoft.com/pt-br/windows/start-computer-safe-mode#start-computer-safe-mode=windows-7 >
Leia,àcima,como proceder!
A+
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Página 1 de 2 • 1, 2
Tópicos semelhantes» Desinstalar BlueStacks
» Desinstalar Bobrowser
» Desinstalar Baidu
» Desinstalar Baidu
» NBT, como desinstalar?
» Desinstalar Bobrowser
» Desinstalar Baidu
» Desinstalar Baidu
» NBT, como desinstalar?
Página 1 de 2
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|