Flux 
Social bookmarking
Conservar e compartilhar o endereço de PC Seguro em seu site de social bookmarking
Conservar e compartilhar o endereço de Fórum PC Brasil em seu site de social bookmarking
Estatísticas
Temos 14810 usuários registradosO último membro registrado é Josevinil
Os nossos membros postaram um total de 36047 mensagens em 3685 assuntos
Quem está conectado?
Há 21 usuários online :: 0 registrados, 0 invisíveis e 21 visitantes Nenhum
O recorde de usuários online foi de 301 em Ter 26 Out 2021, 15:28
Procurar
Top dos mais postadores
| Power Max |
| |||
| joram |
| |||
| Wings [In Memoriam] |
| |||
| caedurodrigues |
| |||
| Amigo Brasileiro |
| |||
| luizvilarinho |
| |||
| Danii |
| |||
| Admin |
| |||
| Danilo Marsaro |
| |||
| Andreata |
|
Problemas com remoção de vírus
3 participantes
Página 1 de 1
Problemas com remoção de vírus
por Mokona Seg 26 Jan 2015, 11:53
Gente, Boa noite.
Começou com o aparecimento de parâmetros de configuração , como o desktop.ini, em todo o pc, logo depois eu instalei o Bit defender, mas agora estão aparecendo muitas ameaças. Fiz até uma análise no HijackThis:
e no Malwarebytes:
Se vocês puderem me ajudar gostaria de ter uma boa dica pra um anti vírus bom.
Começou com o aparecimento de parâmetros de configuração , como o desktop.ini, em todo o pc, logo depois eu instalei o Bit defender, mas agora estão aparecendo muitas ameaças. Fiz até uma análise no HijackThis:
- HijackThis:
- Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:30:03, on 26/01/2015
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\OEM\iBrightness 1.0.2\iBrightness.exe
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\cmd.exe
C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe
C:\DLMReserva 2.0\DMLReserva.exe
C:\Users\MarciaCristina\Downloads\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = <-loopback>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
O4 - HKLM\..\Run: [mcpltui_exe] "C:\Program Files\Common~1\McAfee\Platform\mcuicnt.exe" /platui /runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_AE584EA0B788765A29F07F158D7FAB4D] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-21-1627063352-2294030405-2080357755-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\..\Run: [GoogleChromeAutoLaunch_AE584EA0B788765A29F07F158D7FAB4D] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window (User '?')
O4 - Global Startup: iBrightness.lnk = ?
O8 - Extra context menu item: &Enviar para o OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: E&xport to Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportar para o Microsoft Excel - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
O8 - Extra context menu item: Se&nd to OneNote - [Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
O9 - Extra button: Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Enviar para o OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Anotações Vinculadas do OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\PROGRA~2\mcafee\msc\mcsniepl.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Serviço do Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Serviço do Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Bitdefender Antivirus Free Edition (gzserv) - Bitdefender - C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: McAfee Home Network (HomeNetSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: Intel(R) Integrated Clock Controller Service - Intel(R) ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel(R) Capability Licensing Service Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel(R) Capability Licensing Service TCP IP Interface - Intel(R) Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel(R) ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel(R) Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LMIGuardianSvc - LogMeIn, Inc. - C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee AP Service (McAPExe) - McAfee, Inc. - C:\Program Files\McAfee\MSC\McAPExe.exe
O23 - Service: McAfee Activation Service (McAWFwk) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\actwiz\mcawfwk.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\mcafee\VirusScan\mcods.exe
O23 - Service: McAfee Platform Services (mcpltsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
O23 - Service: McAfee Anti-Malware Core (mfecore) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - Unknown owner - C:\Windows\system32\mfevtps.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Xbmc Control Path (psvxbmc) - Unknown owner - C:\Fabricante\psvxbmc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12223 bytes
e no Malwarebytes:
- Malwarebytes:
- Data da Verificação: 26/01/2015
Hora da Verificação: 09:50:11
Arquivo de Log: malwarebites.txt
Administrador: Sim
Versão: 2.00.4.1028
Base de Dados de Malware: v2015.01.26.05
Base de Dados de Rootkit: v2015.01.14.01
Licença: Avaliação Gratuita
Proteção de Malware: Habilitado
Proteção de Site Malicioso: Habilitado
Auto-Proteção: Desabilitado
SO: Windows 8.1
Processador: x64
Sistema de Arquivos: NTFS
Usuário: MarciaCristina
Tipo da Verificação: Verificação Personalizada
Resultado: Terminado
Objetos Verificados: 507130
Tempo Decorrido: 1 hr, 50 min, 5 seg
Memória: Habilitado
Inicialização: Habilitado
Sistema de Arquivos: Habilitado
Arquivos Compactados: Habilitado
Rootkits: Habilitado
Heurística: Habilitado
PUP: Habilitado
PUM: Habilitado
Processos: 0
(Nenhum item malicioso detectado)
Módulos: 0
(Nenhum item malicioso detectado)
Chaves de Registro: 2
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\GAMESDESKTOP, , [57fa0ceb8009ed490b58e49c35ceb749],
PUP.Optional.Tuto4PC.A, HKU\S-1-5-21-1627063352-2294030405-2080357755-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\TutoTag, , [9fb23eb9bbce0f27af79d42606feb44c],
Valores de Registro: 1
PUP.Optional.GamesDesktop.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|gmsd_br_82, , [ca87dd1a66236accf8e47d039d666d93],
Dados de Registro: 0
(Nenhum item malicioso detectado)
Pastas: 0
(Nenhum item malicioso detectado)
Arquivos: 18
PUP.Optional.CrossRider.A, C:\Users\MarciaCristina\AppData\Local\Temp\n1008\PlusHD-BRInstaller.exe, , [da776f88a0e9db5b4dc87075bf4260a0],
PUP.Optional.Delimax, C:\Users\MarciaCristina\AppData\Local\Temp\n1008\s1008.exe, , [5df48c6b226769cd1c9f8e81ec195fa1],
PUP.Optional.Delimax, C:\Users\MarciaCristina\AppData\Local\Temp\n1580\s1580.exe, , [e17030c7d6b33006e1dac04f31d4718f],
PUP.Optional.Firseria, C:\Windows\Temp\tmp000016d4\tmp00000d40, , [123f0dead5b46cca470c6667d62f9967],
PUP.Optional.Firseria, C:\Windows\Temp\tmp0000600e\tmp0003b04f.48462.gzquar, , [4b06a255890042f4094a5578699cc937],
PUP.Optional.Firseria, C:\Windows\Temp\tmp0000600e\tmp0003b050, , [f06138bf9feae05661f2e7e6f90c38c8],
PUP.Optional.Firseria, C:\Windows\Temp\tmp0000600e\tmp0003b051.142920.gzquar, , [55fc74831b6e1c1a2330a12c57ae25db],
PUP.Optional.Firseria, C:\Windows\Temp\tmp0000600e\tmp0003b052.466.gzquar, , [c091f304a1e81b1b361dd8f5ab5a5aa6],
PUP.Optional.Firseria, C:\Windows\Temp\tmp0000600e\tmp0003cdfc.143434.gzquar, , [c58c778060296bcbd47f6c61cb3ae41c],
PUP.Optional.Firseria, C:\Windows\Temp\tmp0000600e\tmp0003cdfe.131977.gzquar, , [1b3633c4791040f6aea5824b31d4748c],
PUP.Optional.Firseria, C:\Windows\Temp\tmp0000600e\tmp0003cdff.19466.gzquar, , [7ad79d5ad8b169cdd57ee6e70bfa51af],
PUP.Optional.Firseria, C:\Windows\Temp\tmp0000600e\tmp0003ce00.149664.gzquar, , [83cea1569bee43f3cc87626b11f4b34d],
PUP.Optional.Firseria, C:\Windows\Temp\tmp0000600e\tmp0003ce01, , [d67b9a5d43462a0c8bc8e3ea28dd6e92],
PUP.Optional.Firseria, C:\Windows\Temp\tmp0000600e\tmp0003ce03.27772.gzquar, , [be938077d3b671c5d08369649471966a],
PUP.Optional.Conduit.A, E:\Documentos\Downloads\FileConverter_1.1CH.exe, , [6ce5cd2a9eeb43f37bf15ad1639e817f],
PUP.Optional.SuperCool, E:\Documentos\Downloads\JavaSetup.exe, , [7dd4b245d7b296a007ae4c671fe25da3],
PUP.Optional.Softonic, E:\Documentos\Downloads\SoftonicDownloader_para_a-biblia-sagrada-versao-digital.exe, , [0b466b8cc0c94fe73bd1e94040c15aa6],
PUP.Optional.Firseria, E:\Documentos\Downloads\avast! free antivirus.exe.118972064.gzquar, , [99b81add2564c6701241ba1352b32ed2],
Setores Físicos: 0
(Nenhum item malicioso detectado)
(end)
Se vocês puderem me ajudar gostaria de ter uma boa dica pra um anti vírus bom.
Mokona- Iniciante
- Mensagens : 17
Reputação : 0
Data de inscrição : 24/01/2015
Re: Problemas com remoção de vírus
por caedurodrigues Seg 26 Jan 2015, 12:08
Boa tarde mokona,
Um grande abraço.
- Baixe: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...par Xplode)
- Ou aqui >>[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]<<
- Salve-a na sua Desktop (área de trabalho).
- Feche todos os programas e navegadores de internet abertos.
- Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo AdwCleaner.exe,depois clique em:
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] - Clique em Examinar, para iniciar o escaneamento!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] - Ao término, clique em limpar
- Copie o log ou clique "Relatório".
- Poste: >>C:\AdwCleaner\AdwCleaner [S0].txt<<
- Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> <(...by Oleg N. Scherbakov)>
- Salve-o no desktop!
- Desabilite seu antivírus!
- Para Windows 7, clique direito em JRT.exe e execute-o como [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] - Aguarde a conclusão e poste o relatório. ( JRT.txt )
Um grande abraço.
caedurodrigues- Analista
- Mensagens : 947
Reputação : 161
Data de inscrição : 21/10/2013
Idade : 54
Localização : Apiacá
Re: Problemas com remoção de vírus
por Mokona Seg 26 Jan 2015, 13:27
Aqui seguem os relatórios:
AdwCleaner:
e JRT:
AdwCleaner:
- AdwCleaner:
- # AdwCleaner v4.109 - Relatório criado 26/01/2015 às 12:58:21
# Atualizado 24/01/2015 por Xplode
# Database : 2015-01-25.1 [Live]
# Sistema Operacional : Windows 8.1 Single Language (64 bits)
# Usuário : MarciaCristina - MAJU
# Executando de : C:\Users\MarciaCristina\Desktop\AdwCleaner.exe
# Opção : Limpar
***** [ Serviços ] *****
***** [ Arquivos / Pastas ] *****
Pasta Deletada : C:\ProgramData\apn
Pasta Deletada : C:\ProgramData\baidu
Pasta Deletada : C:\Program Files (x86)\predm
Arquivo Deletada : C:\Users\MarciaCristina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
***** [ Tarefas ] *****
***** [ Atalhos ] *****
***** [ Registro ] *****
Chave Deletedo : HKCU\Software\TutoTag
Chave Deletedo : HKLM\SOFTWARE\Tutorials
Chave Deletedo : HKLM\SOFTWARE\GAMESDESKTOP
Dados Deletedo : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
***** [ Navegadores ] *****
-\\ Internet Explorer v11.0.9600.17416
-\\ Google Chrome v40.0.2214.91
*************************
AdwCleaner[R0].txt - [1335 octets] - [26/01/2015 12:54:53]
AdwCleaner[S0].txt - [1189 octets] - [26/01/2015 12:58:21]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1249 octets] ##########
e JRT:
- JRT:
- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 8.1 Single Language x64
Ran by MarciaCristina on 26/01/2015 at 13:11:22,62
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
~~~ Files
Successfully deleted: [File] C:\Windows\prefetch\DRIVERCTRL.EXE-B775C56C.pf
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\baidu security"
Successfully deleted: [Folder] "C:\Users\MarciaCristina\AppData\Roaming\baidu security"
Successfully deleted: [Folder] "C:\Program Files (x86)\baidu security"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 26/01/2015 at 13:19:18,67
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Mokona- Iniciante
- Mensagens : 17
Reputação : 0
Data de inscrição : 24/01/2015
Re: Problemas com remoção de vírus
por caedurodrigues Seg 26 Jan 2015, 13:35
Boa tarde mokona,
Um grande abraço.
- Baixe: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] ><[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]> ( ...Nicolas Coolman)
- Salve-o no Disco local (C ou D).
- Desabilite seu antivírus, e execute ZHPDiag.exe para instalar.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] - Execute o ícone do pergaminho!
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] - Clique na opção "COMPLETA" e aguarde a conclusão.
- Clique OK e,ao concluir, poste o relatório! ( ZHPDiag.txt )
- Obs: O relatório por ser extenso deve ser postado em um desses sites:
- Acesse: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
- Ou acesse:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
- Ou anexe-o <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Link
- Maiores informações:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Hospedagem !
Um grande abraço.
caedurodrigues- Analista
- Mensagens : 947
Reputação : 161
Data de inscrição : 21/10/2013
Idade : 54
Localização : Apiacá
Re: Problemas com remoção de vírus
por Mokona Seg 26 Jan 2015, 14:02
Segue o link: http://cjoint.com/?EAArkmIQbUT
Mokona- Iniciante
- Mensagens : 17
Reputação : 0
Data de inscrição : 24/01/2015
Re: Problemas com remoção de vírus
por caedurodrigues Seg 26 Jan 2015, 19:20
Boa noite mokona, você possui 2 antivírus instalados. Por favor desinstale um dos antivírus, pois os mesmos podem gerar conflitos entre si tornando o seu equipamento inseguro.
Bitdefender Antivirus Free Edition v1.0.21.1099
McAfee LiveSafe – Internet Security v13.6.1248
Um grande abraço.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >
Bitdefender Antivirus Free Edition v1.0.21.1099 McAfee LiveSafe – Internet Security v13.6.1248- Execute este script na ferramenta ZHPFix.
- Copie estas informações que estão em vermelho para o Bloco de notas.
- Com o Bloco de notas aberto, faça: ctrl+a >> ctrl+c.
- À seguir, minimize o Bloco de notas.
Script ZHPFix
FirewallRaz
EmptyPrefetch
EmptyTemp
EmptyFlash
ShortcutFix
O4 - HKLM\..\Wow6432Node\Run: [gmsd_br_82] Chave orfã
[HKCU\Software\Baidu Security]
[HKLM\Software\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu Security]
[HKLM\Software\Wow6432Node\Baidu_Drp_pos]
O44 - LFC:[MD5.48A77273E8C545DCB70EEE3866CD2123] - 21/01/2015 - 11:17:00 ---A- . (...) -- C:\Windows\AutoKMS.ini [135] =>Trojan.AutoKMS
O44 - LFC:[MD5.154526E08E098669E0CE212EBA622760] - 21/01/2015 - 11:20:59 ---A- . (...) -- C:\Windows\AutoKMS.log [349] =>Trojan.AutoKMS
O45 - LFCP:[MD5.DCE37B742D1B1DD403943163B8166019] - 12/01/2015 - 09:41:59 ---A- - C:\Windows\Prefetch\GAMESDESKTOP-BRINSTALLER.TMP-6C212634.pf =>Adware.GamesDesktop
O45 - LFCP:[MD5.76DBAF1AFFC5AC898C1F967DD730158C] - 12/01/2015 - 09:46:03 ---A- - C:\Windows\Prefetch\PREDM.TMP-98782768.pf =>Adware.Downware
O45 - LFCP:[MD5.130FA034D5D712A02EFC267A46029D0D] - 12/01/2015 - 09:41:58 ---A- - C:\Windows\Prefetch\VOPACKAGE.EXE-542A26D1.pf =>Adware.Downware
O45 - LFCP:[MD5.A8055E92ACB9325B675AF658F204023A] - 12/01/2015 - 09:45:24 ---A- - C:\Windows\Prefetch\WINCHECKWRAPPER.EXE-B89AEA24.pf =>PUP.Wincheck
O61 - LFC: 24/01/2015 - 13:52:03 ---A- . (...) -- C:\Users\MarciaCristina\AppData\Local\Temp\nsdA6C1.tmp\UAC.dll [30208]
O61 - LFC: 24/01/2015 - 13:52:03 ---A- . (...) -- C:\Users\MarciaCristina\AppData\Local\Temp\nswCC29.tmp\UAC.dll [30208]
[MD5.8957A23F4777431059B7BD879160327D] [SPRF][24/01/2015] (...) -- C:\ProgramData\1422115864.132.bin [2060]
[HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}] =>Toolbar.Ask
Proxyfix
sysrestore - Abra a ferramenta ZHPFix. <[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]>
- Clique em IMPORTAÇÃO > OK
- Clique "GO".
- Poste o Relatório!
Um grande abraço.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >
caedurodrigues- Analista
- Mensagens : 947
Reputação : 161
Data de inscrição : 21/10/2013
Idade : 54
Localização : Apiacá
Re: Problemas com remoção de vírus
por Mokona Ter 27 Jan 2015, 11:52
Bom dia, aqui segue o relatório:
ELIMINÉ Flash Cookies (0)
========== Ficheiros ==========
ELIMINÉ Temporários windows (1297) (296.182.633 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: c:\windows\autokms.ini
ELIMINÉ: c:\windows\autokms.log
ELIMINÉ: c:\windows\prefetch\gamesdesktop-brinstaller.tmp-6c212634.pf
ELIMINÉ: c:\windows\prefetch\vopackage.exe-542a26d1.pf
ELIMINÉ: c:\windows\prefetch\wincheckwrapper.exe-b89aea24.pf
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
4 : Chaves do Registo
21 : Valores do Registo
2 : Pastas
7 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 53s
========== Caminho do ficheiro do relatório ==========
C:\Users\MarciaCristina\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/01/2015 11:40:33 [2449]
ELIMINÉ Flash Cookies (0)
========== Ficheiros ==========
ELIMINÉ Temporários windows (1297) (296.182.633 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: c:\windows\autokms.ini
ELIMINÉ: c:\windows\autokms.log
ELIMINÉ: c:\windows\prefetch\gamesdesktop-brinstaller.tmp-6c212634.pf
ELIMINÉ: c:\windows\prefetch\vopackage.exe-542a26d1.pf
ELIMINÉ: c:\windows\prefetch\wincheckwrapper.exe-b89aea24.pf
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
4 : Chaves do Registo
21 : Valores do Registo
2 : Pastas
7 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 53s
========== Caminho do ficheiro do relatório ==========
C:\Users\MarciaCristina\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/01/2015 11:40:33 [2449]
Mokona- Iniciante
- Mensagens : 17
Reputação : 0
Data de inscrição : 24/01/2015
Re: Problemas com remoção de vírus
por caedurodrigues Ter 27 Jan 2015, 12:08
Boa tarde Mokona, o relatório está incompleto. Poste por favor o relatório na íntegra.
Um grande abraço.
- Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem][Tens de ter uma conta e sessão iniciada para poderes visualizar este link]><(...by Smeenk)>
- Salve na sua área de trabalho!
- Execute o arquivo Zoek.exe.
- Usuários do Windows Vista ou Windows 7 clique com o direito sobre o arquivo Zoek.exe, depois clique em
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] - Selecione as linhas em vermelho, clique com o direito sobre a seleção e escolha a opção copiar!
autoclean;
emptyalltemp;
quickscan;
emptyfolderscheck;delete
ipconfig /flushdns;b - Clique com o direito em qualquer parte branca do Zoek e escolha a opção colar.
- Clique Run Script!
- Aguarde o scan. Ao final abrirá o bloco de notas com o relatório.
- Uma cópia também será salva no seu disco local com o nome zoek-results.txt.
- Anexe o zoek-results.txt na sua próxima resposta.
Um grande abraço.
caedurodrigues- Analista
- Mensagens : 947
Reputação : 161
Data de inscrição : 21/10/2013
Idade : 54
Localização : Apiacá
Re: Problemas com remoção de vírus
por Mokona Ter 27 Jan 2015, 13:01
Peço desculpas por ter enviado o relatório incompleto. Seguem os relatórios:
ZHPFixReport:
ZHPFixReport:
- ZHPFixReport:
- Rapport de ZHPFix 2015.1.15.1 par Nicolas Coolman, Update du 15/01/2015
Fichier d'export Registre :
Run by MarciaCristina at 27/01/2015 11:40:26
High Elevated Privileges : OK
Windows 8 Home Premium Edition, 64-bit Service Pack 1 (9600)
Reciclagem vazia (00mn 05s)
Prefetcher vazio
Reparação de atalhos do navegador
========== Chaves do Registo ==========
ELIMINÉ: HKCU\Software\Baidu Security
ELIMINÉ:* HKLM\Software\Baidu Security
ELIMINÉ: HKLM\Software\Wow6432Node\Baidu_Drp_pos
ELIMINÉ: HKLM\Software\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
========== Valores do Registo ==========
Ausente Valor Perfil Padrão: FirewallRaz :
Ausente Valor Perfil Domínio FirewallRaz :
ELIMINÉ: FirewallRaz (Domain) : {9E3D57FC-7C37-4424-9352-4831E97D029D}
ELIMINÉ: FirewallRaz (Domain) : {548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}
ELIMINÉ: FirewallRaz (Domain) : NetPres-In-TCP-NoScope
ELIMINÉ: FirewallRaz (Domain) : NetPres-Out-TCP-NoScope
ELIMINÉ: FirewallRaz (None) : NetPres-WSD-In-UDP
ELIMINÉ: FirewallRaz (None) : NetPres-WSD-Out-UDP
ELIMINÉ: FirewallRaz (Public) : NetPres-In-TCP
ELIMINÉ: FirewallRaz (Public) : NetPres-Out-TCP
ELIMINÉ: FirewallRaz (None) : MCX-Prov-Out-TCP
ELIMINÉ: FirewallRaz (None) : MCX-McrMgr-Out-TCP
ELIMINÉ: FirewallRaz (Private) : {E5961C3A-3D11-4BC8-875D-71B039781EF5}
ELIMINÉ: FirewallRaz (Private) : {7A087203-48E0-4A43-98BC-51AE8B0760E7}
ELIMINÉ RunValue: gmsd_br_82
ProxyFix : Configuração proxy removida com sucesso
ELIMINÉ ProxyServer Value
ELIMINÉ ProxyEnable Value
ELIMINÉ EnableHttp1_1 Value
ELIMINÉ ProxyHttp1.1 Value
ELIMINÉ ProxyOverride Value
========== Pastas ==========
ELIMINÉ Temporários windows (194)
ELIMINÉ Flash Cookies (0)
========== Ficheiros ==========
ELIMINÉ Temporários windows (1297) (296.182.633 octets)
ELIMINÉ Flash Cookies (0) (0 octets)
ELIMINÉ: c:\windows\autokms.ini
ELIMINÉ: c:\windows\autokms.log
ELIMINÉ: c:\windows\prefetch\gamesdesktop-brinstaller.tmp-6c212634.pf
ELIMINÉ: c:\windows\prefetch\vopackage.exe-542a26d1.pf
ELIMINÉ: c:\windows\prefetch\wincheckwrapper.exe-b89aea24.pf
========== Restauração Sistema ==========
Ponto de restauro do sistema criado com sucesso
========== Recapitulativo ==========
4 : Chaves do Registo
21 : Valores do Registo
2 : Pastas
7 : Ficheiros
1 : Restauração Sistema
End of clean in 00mn 53s
========== Caminho do ficheiro do relatório ==========
C:\Users\MarciaCristina\AppData\Roaming\ZHP\ZHPFix[R1].txt - 27/01/2015 11:40:33 [2449]
- Zoek Results:
Zoek.exe v5.0.0.0 Updated 27-01-2015
Tool run by MarciaCristina on 27/01/2015 at 12:23:04,63.
Microsoft Windows 8.1 Single Language 6.3.9600 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\MarciaCristina\Desktop\zoek.exe [Scan all users] [Script inserted]
==== System Restore Info ======================
27/01/2015 12:23:51 Zoek.exe System Restore Point Created Succesfully.
==== Empty Folders Check ======================
C:\PROGRA~2\VideoLAN deleted successfully
C:\PROGRA~2\WinRAR deleted successfully
C:\Users\MarciaCristina\AppData\Roaming\Positivo deleted successfully
C:\Users\MarciaCristina\AppData\Roaming\TeamViewer deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Deleting Services ======================
==== Batch Command(s) Run By Tool======================
==== Deleting Files \ Folders ======================
C:\ZHPDiag2.exe deleted
C:\PROGRA~3\DRV10.tmp deleted
C:\PROGRA~3\E1010.tmp deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
==== Files Recently Created / Modified ======================
====== C:\Windows ====
2015-01-08 17:38:49 C399D0313B6BDC7EE72AD114A97E6F2C 123 ----a-w- C:\Windows\ODBC.INI
====== C:\Users\MARCIA~1\AppData\Local\Temp ====
2015-01-24 16:18:44 DADF458CDA563109C5E53B2B7669C2F8 16922360 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\ThreatScanner.exe
2015-01-24 16:17:29 2CFC225988F4932DF538CF5F4BED3C8B 17348032 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\installerpackage.exe
2015-01-24 16:15:49 A51C2369EEF4FC159B9A9DA695A7E990 970088 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\lang\pt-BR.exe
2015-01-24 16:15:49 5B230017B04914B12070552EC5419867 1043000 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\lang\ro-RO.exe
2015-01-24 16:15:49 574E467C75840E19D3196C52947B6081 1837096 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\lang\en-US.exe
2015-01-24 16:15:49 34F92C8A489F04D401A8E3E5A49F7959 969400 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\lang\it-IT.exe
2015-01-24 16:15:48 FE8986D39CF82FF9ED856571E64F4843 223344 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\wspack.dll
2015-01-24 16:15:48 EB1E6129696EE881DE94F383BEE0B117 131552 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\core\bdcore.dll
2015-01-24 16:15:48 E2316D482BCD6CADD878500D132BCEF5 815600 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\setuplauncher.exe
2015-01-24 16:15:48 DBB5106CEE548C085FC2D33E9AB59BE7 297016 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\wsutils.dll
2015-01-24 16:15:48 D9621F7E1DC3E40AAD4A7D0736A33A3B 567888 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\Installer.exe
2015-01-24 16:15:48 95B779329680265CE36BDFA0BC953A13 216664 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\unrar64.dll
2015-01-24 16:15:48 804A78FF4F68125B5D4E4EEECA642FEA 126560 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\npcomm.dll
2015-01-24 16:15:48 6034B71DC75CB71635181457EE8EBE24 1524288 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\wslib.dll
2015-01-24 16:15:48 132C0E39AF0312E6B9611E2E1B344D41 382536 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\trufos.sys
2015-01-24 16:15:48 0A7FC87768E1C181D3F903DF19F34A80 511232 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\trufos.dll
2015-01-24 16:15:47 8477FB1D573CE8F8B92E71302308D399 14720 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\WPFKickstarter.exe
2015-01-24 16:15:47 74AB0D9CB6EC7B9E796C0A4FED20C766 3762472 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\htmlayout.dll
2015-01-24 16:15:47 6505373F3B9261A536EF402F55B5DE79 190384 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\bdardrv.dll
2015-01-24 16:15:47 5BB8E15835F5D0A5BD99492C5D85A672 101328 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\bdmetrics.dll
2015-01-24 16:15:47 509A03DFFBB3FEC4B2BCCADCAB903C4B 76584 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\gzfltum.dll
2015-01-24 16:15:47 408B664926675C270D911160F1631D6B 148696 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\gzflt.sys
2015-01-24 16:15:47 377DBA1E531CD11EBC45B907B454D247 156304 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\avcheck.exe
2015-01-24 16:15:47 28C9690641CC746F778AB94EED54C4B0 2360064 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\additional.dll
2015-01-24 16:15:47 199F11A6FC6689BFCCF1A9E7832C3B63 15232 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\WPFKickstarter4.exe
2015-01-24 16:15:47 01726E53C80083F4C02CDB834266C68C 148160 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\bdnc.dll
====== Java Cache =====
====== C:\Windows\SysWOW64 =====
2015-01-24 16:28:38 3E62CF18441A03A440B280182E4B6935 129872 ----a-w- C:\Windows\SysWOW64\MSSTDFMT.DLL
2015-01-23 12:38:17 F344D6066EA270AABABA83E2A6B6428F 723968 ----a-w- C:\Windows\SysWOW64\wuapi.dll
2015-01-23 12:38:17 DC523277A7EC2336A654960E08EB5BDC 81920 ----a-w- C:\Windows\SysWOW64\wudriver.dll
2015-01-23 12:38:17 C17F3F1EE09758CF9D234B22B80A1006 25600 ----a-w- C:\Windows\SysWOW64\wups.dll
2015-01-23 12:38:17 529122F3ADC548F0CCBB6164D86FA116 124928 ----a-w- C:\Windows\SysWOW64\wuwebv.dll
2015-01-23 12:38:17 514AEA6CF4B70FAA30A2BC4B4CC10A39 29696 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2015-01-23 12:36:53 A042349B7208BF8BED858B1E9B48B06D 98216 ----a-w- C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-01-14 12:24:53 DCE9FD22B136C127C85F285E083B928B 65536 ----a-w- C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 12:24:52 D9F17FC61102D89A67A2AA3DD21231F5 33584 ----a-w- C:\Windows\SysWOW64\WerFaultSecure.exe
2015-01-14 12:24:52 BFFD9961B29DAB8084278DB2314D6027 33280 ----a-w- C:\Windows\SysWOW64\werdiagcontroller.dll
2015-01-14 12:24:52 B5867FF96CD0F7712CB4985EAC9F9147 370424 ----a-w- C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 12:24:52 7C36A441C73F079781ABA8F3DAEDFB37 136296 ----a-w- C:\Windows\SysWOW64\wermgr.exe
2015-01-14 12:24:52 7B2643AE85322EA168B0E760B73258FF 424544 ----a-w- C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 12:24:52 4B07B24705A9225EB565650569BDA26B 344536 ----a-w- C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 12:24:52 1F9C1925A85C6CC592C2FF612A610412 372408 ----a-w- C:\Windows\SysWOW64\Faultrep.dll
2015-01-14 12:24:52 1EB1C1E43C1901865C5AE34A9771C069 448792 ----a-w- C:\Windows\SysWOW64\wer.dll
2015-01-14 12:24:52 1275462A4337DBC5518859316BEF262C 413136 ----a-w- C:\Windows\SysWOW64\WerFault.exe
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2015-01-23 12:38:17 EA2DF5520D3623F353F43809A2F88086 55776 ----a-w- C:\Windows\Sysnative\wuauclt.exe
2015-01-23 12:38:17 E67B019D23320AA0C5F1E6DE5D30546A 407552 ----a-w- C:\Windows\Sysnative\WUSettingsProvider.dll
2015-01-23 12:38:17 DCD090318EC800CF6275C6835900B0C6 3557376 ----a-w- C:\Windows\Sysnative\wuaueng.dll
2015-01-23 12:38:17 CCE7F88AD038494253B485EC1B144EB3 60416 ----a-w- C:\Windows\Sysnative\wups.dll
2015-01-23 12:38:17 BCC10D47920E83EAC8F2E7E2D414692E 894976 ----a-w- C:\Windows\Sysnative\wuapi.dll
2015-01-23 12:38:17 70AC0FA699C9420CB282CCF72993C2E1 51712 ----a-w- C:\Windows\Sysnative\wups2.dll
2015-01-23 12:38:17 5D67074419BBFDCA587C2E2A93743E8A 140288 ----a-w- C:\Windows\Sysnative\wuwebv.dll
2015-01-23 12:38:17 4D94560FD4982BB52C1FE64AE38E1A9F 35840 ----a-w- C:\Windows\Sysnative\wuapp.exe
2015-01-23 12:38:17 4A112AD7D9C7289FE9945D05E97019D0 17408 ----a-w- C:\Windows\Sysnative\wuaext.dll
2015-01-23 12:38:17 2E66E7D4F1E39F7048A231AA60FD2532 95744 ----a-w- C:\Windows\Sysnative\wudriver.dll
2015-01-23 12:38:17 2585412FC573F298FCBFD6759F8C4C0F 1714176 ----a-w- C:\Windows\Sysnative\wucltux.dll
2015-01-14 12:24:55 19424364D8C03B990C4281BE53963FD0 225280 ----a-w- C:\Windows\Sysnative\profsvc.dll
2015-01-14 12:24:54 29A888F3136B2643E22113B5422B46F9 87040 ----a-w- C:\Windows\Sysnative\TSWbPrxy.exe
2015-01-14 12:24:53 FE11972797DED38CA55E88BD3579F6A2 360448 ----a-w- C:\Windows\Sysnative\ncsi.dll
2015-01-14 12:24:53 E94EB2A95D7D016E119C4D6868788831 391680 ----a-w- C:\Windows\Sysnative\nlasvc.dll
2015-01-14 12:24:53 6319232C1CE39AC35316CF51910EEEB5 86016 ----a-w- C:\Windows\Sysnative\nlaapi.dll
2015-01-14 12:24:52 E24D3259769A0218FE19BB306821C2E5 394120 ----a-w- C:\Windows\Sysnative\AUDIOKSE.dll
2015-01-14 12:24:52 D1E3B8D9130C70F6A3D4FDB52373FF34 37888 ----a-w- C:\Windows\Sysnative\werdiagcontroller.dll
2015-01-14 12:24:52 A41B72F81B389786805CC4D5767B5FBC 531616 ----a-w- C:\Windows\Sysnative\ci.dll
2015-01-14 12:24:52 9404704666256045F5BA9B290953B4D0 38264 ----a-w- C:\Windows\Sysnative\WerFaultSecure.exe
2015-01-14 12:24:52 8EBC741DDE9409038262E2F317ED7CCE 535640 ----a-w- C:\Windows\Sysnative\wer.dll
2015-01-14 12:24:52 8779FDAE68BC948B0FE152E758CC8DA7 229888 ----a-w- C:\Windows\Sysnative\AudioEndpointBuilder.dll
2015-01-14 12:24:52 770BAA636F3B61DA7E414421444F84FD 272248 ----a-w- C:\Windows\Sysnative\audiodg.exe
2015-01-14 12:24:52 6F237EE5DDA34EAF3D9C79D4A283E250 482872 ----a-w- C:\Windows\Sysnative\AudioEng.dll
2015-01-14 12:24:52 6DCD12586353DC6307AC781045CA13A4 465320 ----a-w- C:\Windows\Sysnative\WerFault.exe
2015-01-14 12:24:52 61EA45A645854FE81D8A924E2D93DFFE 911360 ----a-w- C:\Windows\Sysnative\audiosrv.dll
2015-01-14 12:24:52 428F083690D7AAA012338FD5A0663EE3 500016 ----a-w- C:\Windows\Sysnative\AudioSes.dll
2015-01-14 12:24:52 41C501FD9D42F3F04A8532C73E09F356 108944 ----a-w- C:\Windows\Sysnative\EncDump.dll
2015-01-14 12:24:52 2C354FA91EF605007FD11BB89EED2266 413248 ----a-w- C:\Windows\Sysnative\Faultrep.dll
2015-01-14 12:24:52 0BCDEB035B9346D3C3C6C8BB1AA7F38C 139984 ----a-w- C:\Windows\Sysnative\wermgr.exe
====== C:\Windows\Sysnative\drivers =====
2015-01-24 16:18:48 3B9549FEF98AB1768A1D6A919F355B70 261056 ----a-w- C:\Windows\Sysnative\drivers\avchv.sys
2015-01-24 16:18:46 AAE1DAE483DD57D0E267FCA42FCB5133 718840 ----a-w- C:\Windows\Sysnative\drivers\avc3.sys
2015-01-24 16:18:46 8183B715BD56561C27BEBB68B1192B7A 593144 ----a-w- C:\Windows\Sysnative\drivers\avckf.sys
2015-01-24 16:16:15 408B664926675C270D911160F1631D6B 148696 ----a-w- C:\Windows\Sysnative\drivers\gzflt.sys
2015-01-24 16:16:15 132C0E39AF0312E6B9611E2E1B344D41 382536 ----a-w- C:\Windows\Sysnative\drivers\trufos.sys
2015-01-24 14:32:23 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\Sysnative\drivers\MBAMSwissArmy.sys
2015-01-24 14:31:39 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\Sysnative\drivers\mbam.sys
2015-01-24 14:31:39 9D7BFFDB5FA62B600DF1FCB4919D9D79 64216 ----a-w- C:\Windows\Sysnative\drivers\mwac.sys
2015-01-24 14:31:39 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\Sysnative\drivers\mbamchameleon.sys
2015-01-19 13:48:08 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\Windows\Sysnative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-01-14 12:24:54 F0CB6DB513CAC393D04A0FCE0A59E1BF 75776 ----a-w- C:\Windows\Sysnative\drivers\ahcache.sys
2015-01-14 12:24:53 DB32958F0E704EFBF7F15161A569E39F 140800 ----a-w- C:\Windows\Sysnative\drivers\mrxdav.sys
====== C:\Windows\Tasks ======
2015-01-21 13:52:32 -------- d-----w- C:\Windows\Sysnative\Tasks\OfficeSoftwareProtectionPlatform
====== C:\Windows\Temp ======
======= C:\Program Files =====
2015-01-24 16:16:19 -------- d-----w- C:\Program Files\Bitdefender
2015-01-21 13:51:21 -------- d-----w- C:\Program Files\Microsoft Office
2015-01-08 17:31:05 -------- d-----w- C:\Program Files\Microsoft SQL Server
======= C:\PROGRA~2 =====
2015-01-26 15:49:23 -------- d-----w- C:\PROGRA~2\ZHPDiag
2015-01-24 16:28:37 -------- d-----w- C:\PROGRA~2\SpywareBlaster
2015-01-23 12:36:54 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2015-01-21 13:54:01 -------- d-----w- C:\PROGRA~2\Microsoft Synchronization Services
2015-01-21 13:54:00 -------- d-----w- C:\PROGRA~2\COMMON~1\DESIGNER
2015-01-21 13:51:53 -------- d-----w- C:\PROGRA~2\Microsoft Visual Studio 8
2015-01-21 13:51:10 -------- d-----w- C:\PROGRA~2\Microsoft Analysis Services
2015-01-12 12:39:26 -------- d-----w- C:\PROGRA~2\office 2010
2015-01-08 17:31:05 -------- d-----w- C:\PROGRA~2\Microsoft SQL Server
2015-01-08 17:24:08 -------- d-----w- C:\PROGRA~2\TeamViewer
======= C: =====
2015-01-26 15:54:18 83E8404283203D690F274D9CD2D59712 512 ----a-w- C:\PhysicalDisk0_MBR.bin
====== C:\Users\MarciaCristina\AppData\Roaming ======
2015-01-26 15:49:23 -------- d-----w- C:\Users\MarciaCristina\AppData\Roaming\ZHP
2015-01-24 16:34:41 -------- d-----w- C:\Windows\SysNative\config\systemprofile\AppData\Roaming\QuickScan
2015-01-24 16:04:41 -------- d-----w- C:\Users\MarciaCristina\AppData\Roaming\QuickScan
2015-01-24 15:53:07 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Avg2015
2015-01-24 15:53:06 -------- d-----w- C:\Users\MarciaCristina\AppData\Roaming\TuneUp Software
2015-01-24 12:38:52 -------- d-----w- C:\Users\MarciaCristina\AppData\Roaming\Dropbox
2015-01-23 12:36:53 -------- d-----w- C:\Users\MarciaCristina\AppData\Locallow\Oracle
2015-01-22 19:39:51 -------- d-----w- C:\Users\MarciaCristina\AppData\Roaming\uTorrent
2015-01-21 13:50:55 -------- d-----w- C:\Users\MarciaCristina\AppData\Local\Microsoft Help
2015-01-12 12:53:34 -------- d-----w- C:\Users\MarciaCristina\AppData\Roaming\WinRAR
2015-01-12 12:44:46 -------- d-----w- C:\Windows\sysWoW64\config\systemprofile\AppData\Roaming\Microsoft
====== C:\Users\MarciaCristina ======
2015-01-26 15:49:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-01-26 14:48:56 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\MarciaCristina\Desktop\JRT.exe
2015-01-26 14:45:04 FC77986C2F2B9752EE344FACA1880BA2 2194432 ----a-w- C:\Users\MarciaCristina\Desktop\AdwCleaner.exe
2015-01-24 16:28:45 -------- d-----w- C:\Users\TODOSO~1\Licenses
2015-01-24 16:28:45 -------- d-----w- C:\ProgramData\Licenses
2015-01-24 16:28:44 -------- d---a-w- C:\Users\TODOSO~1\TEMP
2015-01-24 16:28:44 -------- d---a-w- C:\ProgramData\TEMP
2015-01-24 16:28:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-01-24 16:28:12 78130949095E6721B40B50E77C1F1BBC 4095448 ----a-w- C:\Users\MarciaCristina\Downloads\spywareblastersetup50.exe
2015-01-24 16:19:19 6B86B3585EFA22EB79F32B7E74BFBF5B 245645 ----a-w- C:\Users\TODOSO~1\1422116150.bdinstall.bin
2015-01-24 16:19:19 6B86B3585EFA22EB79F32B7E74BFBF5B 245645 ----a-w- C:\ProgramData\1422116150.bdinstall.bin
2015-01-24 16:18:57 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antivirus Free Edition
2015-01-24 16:11:12 1464DA88ED914FDB7E4A54714F003D6C 887 ----a-w- C:\Users\TODOSO~1\1422115864.7328.bin
2015-01-24 16:11:12 1464DA88ED914FDB7E4A54714F003D6C 887 ----a-w- C:\ProgramData\1422115864.7328.bin
2015-01-24 16:11:11 8957A23F4777431059B7BD879160327D 2060 ----a-w- C:\Users\TODOSO~1\1422115864.132.bin
2015-01-24 16:11:11 8957A23F4777431059B7BD879160327D 2060 ----a-w- C:\ProgramData\1422115864.132.bin
2015-01-24 16:11:04 FCB395836D6E486EE954EA2CC114CC6E 44598 ----a-w- C:\Users\TODOSO~1\1422115864.5660.bin
2015-01-24 16:11:04 FCB395836D6E486EE954EA2CC114CC6E 44598 ----a-w- C:\ProgramData\1422115864.5660.bin
2015-01-24 16:05:19 D846886E0F057E1DF50406245323FC6B 45602 ----a-w- C:\Users\TODOSO~1\1422115482.bdinstall.bin
2015-01-24 16:05:19 D846886E0F057E1DF50406245323FC6B 45602 ----a-w- C:\ProgramData\1422115482.bdinstall.bin
2015-01-24 16:03:45 23A5AF749C6EFB330387CA4E88227BDA 10447328 ----a-w- C:\Users\MarciaCristina\Downloads\Antivirus_Free_Edition_x64.exe
2015-01-24 16:03:27 DE1F74C3471F2C9A8C0B3969E692F7B2 162208 ----a-w- C:\Users\MarciaCristina\Downloads\Antivirus_Free_Edition.exe
2015-01-24 15:52:37 -------- d-----w- C:\Users\TODOSO~1\AVG2015
2015-01-24 15:52:37 -------- d-----w- C:\ProgramData\AVG2015
2015-01-24 15:44:56 -------- d--h--w- C:\Users\TODOSO~1\Common Files
2015-01-24 15:44:56 -------- d--h--w- C:\ProgramData\Common Files
2015-01-24 14:29:32 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\MarciaCristina\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-23 12:36:41 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-01-21 13:56:01 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-01-21 13:56:00 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-01-21 13:50:46 -------- d-----w- C:\Users\TODOSO~1\Microsoft Help
2015-01-21 13:50:46 -------- d-----w- C:\ProgramData\Microsoft Help
2015-01-12 12:44:17 -------- d-----w- C:\Users\Public\Documents\Baidu
====== C: exe-files ==
2015-01-27 12:26:32 220A0B7B557EFEF7C399CDC1E9DBDA2D 875088 ----a-w- C:\Program Files (x86)\Google\Update\Install\{07F7948B-B744-48A3-96C1-8BCB4037765C}\40.0.2214.93_40.0.2214.91_chrome_updater.exe
2015-01-27 12:26:22 220A0B7B557EFEF7C399CDC1E9DBDA2D 875088 ----a-w- C:\Program Files (x86)\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\40.0.2214.93\40.0.2214.93_40.0.2214.91_chrome_updater.exe
2015-01-26 15:49:27 CB2D120A4B72422A8141192831B1F500 80384 ----a-w- C:\Program Files (x86)\ZHPDiag\mbrcheck.exe
2015-01-26 15:49:27 5DAF7081A4BB112FA3F1915819330A3E 61440 ----a-w- C:\Program Files (x86)\ZHPDiag\pv.exe
2015-01-26 15:49:26 F3A37421DBD1AAA36558C97572C91C5A 147456 ----a-w- C:\Program Files (x86)\ZHPDiag\catchme.exe
2015-01-26 15:49:26 9DAA7218961710008D7385B01BD3F386 89088 ----a-w- C:\Program Files (x86)\ZHPDiag\mbr.exe
2015-01-26 15:49:26 53CDBB093B0AEE9FD6CF1CBD25A95077 290304 ----a-w- C:\Program Files (x86)\ZHPDiag\subinacl.exe
2015-01-26 15:49:26 451AE03D3C92777F09840CA56F08AB62 454056 ----a-w- C:\Program Files (x86)\ZHPDiag\setacl32.exe
2015-01-26 15:49:26 3E350EB5DF15C06DEC400A39DD1C6F29 559528 ----a-w- C:\Program Files (x86)\ZHPDiag\setacl64.exe
2015-01-26 15:49:26 2312A38B8B003330DB919FA818C48449 231048 ----a-w- C:\Program Files (x86)\ZHPDiag\sigcheck.exe
2015-01-26 15:49:25 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPhep.exe
2015-01-26 15:49:25 6B8AF3A2A3D9059008B55C444461CA00 61952 ----a-w- C:\Program Files (x86)\ZHPDiag\Lads.exe
2015-01-26 15:49:24 3972143EE1A3AD5C732BE7B96A239BC1 3060224 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPFix\ZHPFix.exe
2015-01-26 15:49:23 C155A13687144076286989EF078112C2 1917440 ----a-w- C:\Program Files (x86)\ZHPDiag\ZHPhep.exe
2015-01-26 15:49:23 8AE13B97BFCAD6C7D3B8C8A1C298EFB4 694736 ----a-w- C:\Program Files (x86)\ZHPDiag\unins000.exe
2015-01-26 15:08:29 0F901EE41FF20347C106D663F24931F9 679752 ----a-w- C:\Users\MarciaCristina\AppData\Local\Google\Chrome\User Data\SwReporter\2.6.2\software_reporter_tool.exe
2015-01-26 14:48:56 B9E1BF24EF01A82701B09BE75D294085 1707939 ----a-w- C:\Users\MarciaCristina\Desktop\JRT.exe
2015-01-26 14:45:04 FC77986C2F2B9752EE344FACA1880BA2 2194432 ----a-w- C:\Users\MarciaCristina\Desktop\AdwCleaner.exe
2015-01-24 16:28:38 BE2EE9C219B016AEC95F604FBFFEE171 2115192 ----a-w- C:\Program Files (x86)\SpywareBlaster\sbautoupdate.exe
2015-01-24 16:28:38 0EED9CD892F88435BFD1AE41EF6ED60D 119976 ----a-w- C:\Program Files (x86)\SpywareBlaster\sburlhelper.exe
2015-01-24 16:28:37 AE13FB6BD8086465217F6A063EC3FCC3 715038 ----a-w- C:\Program Files (x86)\SpywareBlaster\unins000.exe
2015-01-24 16:28:37 1BE8001D5C4EEE56A97980CD6987EB40 2557544 ----a-w- C:\Program Files (x86)\SpywareBlaster\spywareblaster.exe
2015-01-24 16:28:12 78130949095E6721B40B50E77C1F1BBC 4095448 ----a-w- C:\Users\MarciaCristina\Downloads\spywareblastersetup50.exe
2015-01-24 16:19:02 199F11A6FC6689BFCCF1A9E7832C3B63 15232 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\WPFKickstarter4.exe
2015-01-24 16:19:01 8477FB1D573CE8F8B92E71302308D399 14720 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\WPFKickstarter.exe
2015-01-24 16:18:59 E2316D482BCD6CADD878500D132BCEF5 815600 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\setuplauncher.exe
2015-01-24 16:18:59 DADF458CDA563109C5E53B2B7669C2F8 16922360 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\ThreatScanner.exe
2015-01-24 16:18:59 A51C2369EEF4FC159B9A9DA695A7E990 970088 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\lang\pt-BR.exe
2015-01-24 16:18:59 5B230017B04914B12070552EC5419867 1043000 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\lang\ro-RO.exe
2015-01-24 16:18:59 34F92C8A489F04D401A8E3E5A49F7959 969400 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\lang\it-IT.exe
2015-01-24 16:18:58 D9621F7E1DC3E40AAD4A7D0736A33A3B 567888 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\Installer.exe
2015-01-24 16:18:58 574E467C75840E19D3196C52947B6081 1837096 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\lang\en-US.exe
2015-01-24 16:18:58 377DBA1E531CD11EBC45B907B454D247 156304 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\avcheck.exe
2015-01-24 16:18:58 2CFC225988F4932DF538CF5F4BED3C8B 17348032 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\installerpackage.exe
2015-01-24 16:18:49 B8E08510721D367F1330F6A0B9CA9F99 1312072 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\update.exe
2015-01-24 16:18:49 5BC79AC4470CF45BFE3DEFD5520D63E9 50328 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\ThreatScanner\gc.exe
2015-01-24 16:18:49 33205C6D38A2A4B3766230A489B56396 218736 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\bdreinit.exe
2015-01-24 16:18:48 DE6C895E14E7D7D45A1A7276754BDB92 19944 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\gzifaceexec.exe
2015-01-24 16:18:48 C426283AD9FAD74726C961373E5B9E4A 254280 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
2015-01-24 16:18:48 B5CBEB9EB25A8230463037A647BC1469 69368 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
2015-01-24 16:18:48 B34E17D28EB63DE8C5AD60539AF421A4 602872 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\gztray4.exe
2015-01-24 16:18:48 9CB162599CBA2CD46090A3CB093FE6E5 74000 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\driverctrl.exe
2015-01-24 16:18:48 82C67B91F26DE0CB7315E2CE622433E2 524032 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\gztray.exe
2015-01-24 16:18:48 6F070125C784EAB1F602E19005BC2D25 78144 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\avchvinst.exe
2015-01-24 16:18:48 5A9C5CE8BDCA8568D798259A31991893 70928 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\setloadorder.exe
2015-01-24 16:18:48 3F5DD8A7CA79C562AF939067E8B07764 153280 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\ifacemodel4.exe
2015-01-24 16:18:48 1D5559AB66613ED08A639C342F44D207 17896 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\elevator.exe
2015-01-24 16:18:48 12806F9E1F69F73D6EAF1E2F172E3E12 153232 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\ifacemodel.exe
2015-01-24 16:18:44 DADF458CDA563109C5E53B2B7669C2F8 16922360 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\ThreatScanner.exe
2015-01-24 16:17:30 DADF458CDA563109C5E53B2B7669C2F8 16922360 ----a-w- C:\Users\MarciaCristina\AppData\Local\Microsoft\Windows\INetCache\IE\FZUMZ1JU\ThreatScanner[1].exe
2015-01-24 16:17:29 2CFC225988F4932DF538CF5F4BED3C8B 17348032 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\installerpackage.exe
2015-01-24 16:16:17 2CFC225988F4932DF538CF5F4BED3C8B 17348032 ----a-w- C:\Users\MarciaCristina\AppData\Local\Microsoft\Windows\INetCache\IE\6A8CDRNO\installerpackage[1].exe
2015-01-24 16:15:49 A51C2369EEF4FC159B9A9DA695A7E990 970088 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\lang\pt-BR.exe
2015-01-24 16:15:49 5B230017B04914B12070552EC5419867 1043000 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\lang\ro-RO.exe
2015-01-24 16:15:49 574E467C75840E19D3196C52947B6081 1837096 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\lang\en-US.exe
2015-01-24 16:15:49 34F92C8A489F04D401A8E3E5A49F7959 969400 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\lang\it-IT.exe
2015-01-24 16:15:48 E2316D482BCD6CADD878500D132BCEF5 815600 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\setuplauncher.exe
2015-01-24 16:15:48 D9621F7E1DC3E40AAD4A7D0736A33A3B 567888 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\Installer.exe
2015-01-24 16:15:47 8477FB1D573CE8F8B92E71302308D399 14720 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\WPFKickstarter.exe
2015-01-24 16:15:47 377DBA1E531CD11EBC45B907B454D247 156304 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\avcheck.exe
2015-01-24 16:15:47 199F11A6FC6689BFCCF1A9E7832C3B63 15232 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\WPFKickstarter4.exe
2015-01-24 16:03:45 23A5AF749C6EFB330387CA4E88227BDA 10447328 ----a-w- C:\Users\MarciaCristina\Downloads\Antivirus_Free_Edition_x64.exe
2015-01-24 16:03:45 23A5AF749C6EFB330387CA4E88227BDA 10447328 ----a-w- C:\Users\MarciaCristina\AppData\Local\Microsoft\Windows\INetCache\IE\PPAFSCRS\Antivirus_Free_Edition_x64[1].exe
2015-01-24 16:03:27 DE1F74C3471F2C9A8C0B3969E692F7B2 162208 ----a-w- C:\Users\MarciaCristina\Downloads\Antivirus_Free_Edition.exe
2015-01-24 14:29:32 3BD59D6C407AB1F6DDD7C5D9BD727469 20447072 ----a-w- C:\Users\MarciaCristina\Downloads\mbam-setup-2.0.4.1028.exe
2015-01-24 12:41:03 B50DD901DDC6E62DBAA026094650F672 44537352 ----a-w- C:\Users\MarciaCristina\AppData\Local\Microsoft\Windows\INetCache\IE\FZUMZ1JU\Dropbox%203.0.5data[1].exe
2015-01-23 12:38:17 EA2DF5520D3623F353F43809A2F88086 55776 ----a-w- C:\Windows\System32\wuauclt.exe
2015-01-23 12:38:17 514AEA6CF4B70FAA30A2BC4B4CC10A39 29696 ----a-w- C:\Windows\SysWOW64\wuapp.exe
2015-01-23 12:38:17 4D94560FD4982BB52C1FE64AE38E1A9F 35840 ----a-w- C:\Windows\System32\wuapp.exe
2015-01-23 12:36:42 AA3520FB0133A56BEE1DB34D74DBEF64 0 ----a-we C:\Users\Todos os Usuários\Oracle\Java\javapath\java.exe
2015-01-23 12:36:42 AA3520FB0133A56BEE1DB34D74DBEF64 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe
2015-01-23 12:36:42 75D477E868CA51EC1B09D730570F322B 0 ----a-we C:\Users\Todos os Usuários\Oracle\Java\javapath\javaw.exe
2015-01-23 12:36:42 75D477E868CA51EC1B09D730570F322B 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe
2015-01-23 12:36:42 691D49FB44EDE9788288CABE4F7E0DAF 0 ----a-we C:\Users\Todos os Usuários\Oracle\Java\javapath\javaws.exe
2015-01-23 12:36:42 691D49FB44EDE9788288CABE4F7E0DAF 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe
2015-01-23 12:36:29 E3E6B18458FFB07CB24D7A0BA77C9FDF 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\pack200.exe
2015-01-23 12:36:29 DC197DCE6325CBAC905DE0D0E3BA3E8E 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmid.exe
2015-01-23 12:36:29 BB8C890E3E6372F2720709262BD42BF4 30632 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jabswitch.exe
2015-01-23 12:36:29 B719E0F43166037DF46B5CFBE60A5118 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jjs.exe
2015-01-23 12:36:29 AA3520FB0133A56BEE1DB34D74DBEF64 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java.exe
2015-01-23 12:36:29 A458E2535E46151690E53E2A03FAA711 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\keytool.exe
2015-01-23 12:36:29 9BFAEF308D50779F6B255CB7BA7DCA5A 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\kinit.exe
2015-01-23 12:36:29 7AB1F1B3FB6C3DACA34EA2F988CDF5AC 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\orbd.exe
2015-01-23 12:36:29 75EE99C7F0038C746D82C76221ECA4EF 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\policytool.exe
2015-01-23 12:36:29 75D477E868CA51EC1B09D730570F322B 176552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaw.exe
2015-01-23 12:36:29 74713E9C1B01B152DDD3A1A3519A3647 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\java-rmi.exe
2015-01-23 12:36:29 70E67429D2C011FD0419AF899A8D0D70 68520 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javacpl.exe
2015-01-23 12:36:29 691D49FB44EDE9788288CABE4F7E0DAF 272296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\javaws.exe
2015-01-23 12:36:29 67F763B09F4BC8689E6FA9761E068D74 159656 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\unpack200.exe
2015-01-23 12:36:29 57E1F756FAA787623DFCD2C1B2AACC68 51112 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssvagent.exe
2015-01-23 12:36:29 4367C05B0CF5553E71B34F51003D0615 76200 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2launcher.exe
2015-01-23 12:36:29 4109C4DB4BD48F5BF8115C7523A6B6F8 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\klist.exe
2015-01-23 12:36:29 33D2AF53E209DA3E2BA939EB89801DC0 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\rmiregistry.exe
2015-01-23 12:36:29 29E65AC6AFD8A0A9CAA361FF6F7B4886 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\servertool.exe
2015-01-23 12:36:29 28FC00F89631B0F6E1E9CA386FADD566 16296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\tnameserv.exe
2015-01-23 12:36:29 26C7F32186B1F0364CD06EA69227A79D 15784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\bin\ktab.exe
2015-01-22 19:40:44 AB36140B64F98426AFAD9E495463C25D 1678928 ----a-w- C:\Users\MarciaCristina\AppData\Roaming\uTorrent\updates\3.4.2_37951.exe
2015-01-22 09:47:37 770270DF3543A0B6EBF811D0DCABF275 30431144 ----a-w- C:\Windows\Temp\avast_ash\Java Runtime Environment 8 (32 Bit)\jre-8u31-windows-i586.exe
2015-01-20 23:06:34 9D10F99A6712E28F8ACD5641E3A7EA6B 149352 ----a-w- C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\ose.exe
2015-01-20 23:06:15 C87E561258F2F8650CEF999BF643A731 519584 ----a-w- C:\MSOCache\All Users\{90140000-006E-0416-0000-0000000FF1CE}-C\dwtrig20.exe
2015-01-20 23:06:14 A41E524F8D45F0074FD07805FF0C9B12 838536 ----a-w- C:\MSOCache\All Users\{90140000-006E-0416-0000-0000000FF1CE}-C\DW20.EXE
2015-01-20 23:06:01 4D92F518527353C0DB88A70FDDCFD390 1100664 ----a-w- C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\setup.exe
=== C: other files ==
2015-01-24 16:18:59 132C0E39AF0312E6B9611E2E1B344D41 382536 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\trufos.sys
2015-01-24 16:18:58 408B664926675C270D911160F1631D6B 148696 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\Install\gzflt.sys
2015-01-24 16:18:48 C0247341C1BCD7FF2742821D0AD7AFBC 121928 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys
2015-01-24 16:18:48 AAE1DAE483DD57D0E267FCA42FCB5133 718840 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\avc3.sys
2015-01-24 16:18:48 8183B715BD56561C27BEBB68B1192B7A 593144 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\avckf.sys
2015-01-24 16:18:48 3B9549FEF98AB1768A1D6A919F355B70 261056 ----a-w- C:\Windows\System32\drivers\avchv.sys
2015-01-24 16:18:48 3B9549FEF98AB1768A1D6A919F355B70 261056 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\avchv.sys
2015-01-24 16:18:48 140FE153F556D543EBFD5B751DC89EE5 138920 ----a-w- C:\Program Files\Bitdefender\Antivirus Free Edition\bdftdif.sys
2015-01-24 16:18:46 AAE1DAE483DD57D0E267FCA42FCB5133 718840 ----a-w- C:\Windows\System32\drivers\avc3.sys
2015-01-24 16:18:46 8183B715BD56561C27BEBB68B1192B7A 593144 ----a-w- C:\Windows\System32\drivers\avckf.sys
2015-01-24 16:16:15 408B664926675C270D911160F1631D6B 148696 ----a-w- C:\Windows\System32\drivers\gzflt.sys
2015-01-24 16:16:15 132C0E39AF0312E6B9611E2E1B344D41 382536 ----a-w- C:\Windows\System32\drivers\trufos.sys
2015-01-24 16:15:48 132C0E39AF0312E6B9611E2E1B344D41 382536 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\trufos.sys
2015-01-24 16:15:47 408B664926675C270D911160F1631D6B 148696 ----a-w- C:\Users\MarciaCristina\AppData\Local\Temp\RarSFX2\gzflt.sys
2015-01-24 14:32:23 26C43960C99EE861A5D0EDC4DCF3B1C3 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-01-24 14:31:39 CA43F8904E24BBE49982E4C0B29E6579 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-01-24 14:31:39 9D7BFFDB5FA62B600DF1FCB4919D9D79 64216 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-01-24 14:31:39 478CC94C937D235CB0A96AB8F2359D81 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-01-24 12:30:42 CCED99682127E8582E5F716ECE775EF8 147584 ----a-w- C:\Windows\System32\vbox\E1G6032E.sys
2015-01-24 12:30:39 6EC1453C5049470D4E7EE0402D7DD9CA 368048 ----a-w- C:\Windows\System32\vbox\VBoxVideoWddm.sys
2015-01-24 12:30:39 5F81A8BD7D6BBD599A34315AF48154DC 146080 ----a-w- C:\Windows\System32\vbox\VBoxVideo.sys
2015-01-24 12:30:39 5E0F78391D5A93592FEB62B56DFE8A3B 372680 ----a-w- C:\Windows\System32\vbox\VBoxVideoW8.sys
2015-01-24 12:30:39 2F2C8D72AF8B502BF23E970EB23724DE 123432 ----a-w- C:\Windows\System32\vbox\VBoxMouse.sys
2015-01-24 12:30:39 07399D74C7FE4D087FDBB6D3143ED007 155880 ----a-w- C:\Windows\System32\vbox\VBoxGuest.sys
2015-01-23 12:36:30 CE44A9D4918DCDC7CCCF5503BF4D7A3D 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_25\lib\deploy\ffjcext.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-21-1627063352-2294030405-2080357755-1001\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_AE584EA0B788765A29F07F158D7FAB4D"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
[HKEY_USERS\S-1-5-21-1627063352-2294030405-2080357755-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_AE584EA0B788765A29F07F158D7FAB4D"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"LogMeIn Hamachi Ui"="C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe --auto-start"
"BCSSync"="C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe /DelayServices"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_AE584EA0B788765A29F07F158D7FAB4D"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe --no-startup-window"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"StartUpManagerPositivo"="C:\Program Files\Positivo Inform tica\Mundo Positivo Gerenciador de Inicializa‡Æo\ManagerWindows.exe"
==== Startup Folders ======================
2014-10-22 13:31:56 2639 ----a-w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iBrightness.lnk
==== Task Scheduler Jobs ======================
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job --a-------- [Undetermined Task]
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job --a-------- [Undetermined Task]
==== Other Scheduled Tasks ======================
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineCore" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\GoogleUpdateTaskMachineUA" [C:\Program Files (x86)\Google\Update\GoogleUpdate.exe]
"C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d" ["C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe"]
"C:\Windows\SysNative\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon" ["C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe"]
"C:\Windows\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor" [14/01/2015 11:43]
==== Chromium Look ======================
Google Chrome Version: 40.0.2214.93 (Up to date, latest Stable version: 40.0.2214.93)
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - No path found[]
Google Slides - MarciaCristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek
Google Docs - MarciaCristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake
Google Drive - MarciaCristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf
YouTube - MarciaCristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo
Google Search - MarciaCristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf
Google Sheets - MarciaCristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap
SiteAdvisor - MarciaCristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
Star Gazer - MarciaCristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\mblmlcbknbnfebdfjnolmcapmdofhmme
Google Wallet - MarciaCristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Gmail - MarciaCristina\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia
==== Chromium Fix ======================
C:\Users\MarciaCristina\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.olark.com_0.localstorage deleted successfully
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://go.microsoft.com/fwlink/?LinkId=69157"
==== All HKCU SearchScopes ======================
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
{012E1000-F331-11DB-8314-0800200C9A66} Google Url="http://www.google.com/search?q={searchTerms}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6B0A2B06-D2A3-40C3-B4D1-64900D097847} Unknown Url="Not_Found"
==== Deleting CLSID Registry Keys ======================
HKEY_USERS\S-1-5-21-1627063352-2294030405-2080357755-1001\Software\Microsoft\Internet Explorer\SearchScopes\{6B0A2B06-D2A3-40C3-B4D1-64900D097847} deleted successfully
HKEY_USERS\S-1-5-21-1627063352-2294030405-2080357755-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{6B0A2B06-D2A3-40C3-B4D1-64900D097847} deleted successfully
==== Deleting CLSID Registry Values ======================
==== Deleting Registry Keys ======================
HKEY_LOCAL_MACHINE\Software\wow6432node\Policies\Google deleted successfully
==== Empty IE Cache ======================
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\MarciaCristina\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\MarciaCristina\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\MarciaCristina\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\MarciaCristina\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
C:\Users\MarciaCristina\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
==== Empty All Flash Cache ======================
Flash Cache Emptied Successfully
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=11 folders=8 18230459 bytes)
==== Empty Temp Folders ======================
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\MarciaCristina\AppData\Local\Temp will be emptied at reboot
C:\Users\USURIO~1\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\Windows\Temp successfully emptied
C:\Users\MARCIA~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on 27/01/2015 at 12:55:58,40 ======================
Mokona- Iniciante
- Mensagens : 17
Reputação : 0
Data de inscrição : 24/01/2015
Re: Problemas com remoção de vírus
por caedurodrigues Ter 27 Jan 2015, 13:19
Boa tarde Mokona, não precisa se desculpar. Como está o PC ?
- Baixe:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> <(...by Farbar)>
- Ou aqui:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
- Salve-a na Área de trabalho !
- Execute a ferramenta ! Clique "Yes" >> "Scan".
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem] - Verifique se as caixinhas em "Whitelist" estão assinaladas.
- Em "Optional Scan",deixe marcada a checkbox "Addition.txt".
- Será gerado o relatório! (FRST.txt)
- Ps: Será gerado,também,o relatório "Addition.txt" que estará disponibilizado na 1ª execução da ferramenta.
- Acesse: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
- Ou acesse:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]>
- Ou anexe-o <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Link
- Maiores informações:<[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> << Hospedagem !
caedurodrigues- Analista
- Mensagens : 947
Reputação : 161
Data de inscrição : 21/10/2013
Idade : 54
Localização : Apiacá
Re: Problemas com remoção de vírus
por Mokona Ter 27 Jan 2015, 15:29
Seguem os links: FRST 
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Addition [Tens de ter uma conta e sessão iniciada para poderes visualizar este link]
Sobre o pc, aparentemente esta um pouco lento e o Bitdefender esta constando um arquivo como infectado: C:\Program Files (x86)\ZHPDiag\zhpdiag.exe (Trojan.Generic.12652856)
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link] Addition
[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]Sobre o pc, aparentemente esta um pouco lento e o Bitdefender esta constando um arquivo como infectado: C:\Program Files (x86)\ZHPDiag\zhpdiag.exe (Trojan.Generic.12652856)
Mokona- Iniciante
- Mensagens : 17
Reputação : 0
Data de inscrição : 24/01/2015
Re: Problemas com remoção de vírus
por caedurodrigues Ter 27 Jan 2015, 15:45
Boa tarde Mokona, a detecção por parte do Bitdefender trata-se de um falso positivo, pois a ferramenta ZHPDiag é segura.
Um grande abraço.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >
- Copie estas informações que estão em vermelho,para o Bloco de Notas.
- Salve-a com o nome fixlist.txt
- Salve-a no mesmo local em que se encontra a FRST
start
CloseProcesses:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
S4 McOobeSv2; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
2015-01-27 12:53 - 2015-01-27 12:22 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-01-27 12:23 - 2015-01-27 12:55 - 00041991 _____ () C:\zoek-results.log
2015-01-27 12:22 - 2015-01-27 12:50 - 00000000 ____D () C:\zoek_backup
2015-01-27 12:22 - 2015-01-27 12:22 - 01295360 _____ () C:\Users\MarciaCristina\Desktop\zoek.exe
2015-01-27 11:40 - 2015-01-27 11:40 - 00002538 _____ () C:\Users\MarciaCristina\Desktop\ZHPFixReport.txt
2015-01-26 13:54 - 2015-01-26 13:54 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2015-01-26 13:49 - 2015-01-27 13:23 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2015-01-26 13:49 - 2015-01-27 11:40 - 00000000 ____D () C:\Users\MarciaCristina\AppData\Roaming\ZHP
2015-01-26 13:49 - 2015-01-26 13:49 - 00002014 _____ () C:\Users\MarciaCristina\Desktop\ZHPFix.lnk
2015-01-26 13:49 - 2015-01-26 13:49 - 00001883 _____ () C:\Users\MarciaCristina\Desktop\ZHPDiag.lnk
2015-01-26 13:49 - 2015-01-26 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-01-26 12:54 - 2015-01-27 12:16 - 00000000 ____D () C:\AdwCleaner
2015-01-26 12:48 - 2015-01-26 12:48 - 01707939 _____ (Thisisu) C:\Users\MarciaCristina\Desktop\JRT.exe
2015-01-26 12:45 - 2015-01-26 12:45 - 02194432 _____ () C:\Users\MarciaCristina\Desktop\AdwCleaner.exe
2015-01-26 10:30 - 2015-01-26 10:30 - 00012225 _____ () C:\Users\MarciaCristina\Downloads\hijackthis.log
2015-01-26 10:20 - 2015-01-26 10:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\MarciaCristina\Downloads\HijackThis.exe
2015-01-12 10:44 - 2015-01-12 11:01 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2015-01-12 10:44 - 2015-01-12 10:44 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2015-01-27 12:54 - 2014-08-27 12:36 - 00507186 _____ () C:\Windows\PFRO.log
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:5C321E34
HOSTS:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
emptytemp:
end - Execute FRST/FRST64 >> Clique "Fix". << Aguarde!
- Poste o relatório! (Fixlog.txt)
Um grande abraço.
[Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
< Peço aos visitantes que não utilizem este script em outros computadores,sob risco de danos irreparáveis aos mesmos! >
caedurodrigues- Analista
- Mensagens : 947
Reputação : 161
Data de inscrição : 21/10/2013
Idade : 54
Localização : Apiacá
Re: Problemas com remoção de vírus
por Mokona Ter 27 Jan 2015, 16:13
Olá, segue o relatório:
FixLog:
FixLog:
- Fixlog:
- Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2015 01
Ran by MarciaCristina at 2015-01-27 15:57:55 Run:1
Running from C:\Users\MarciaCristina\Desktop
Loaded Profiles: MarciaCristina (Available profiles: MarciaCristina)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
start
CloseProcesses:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - No Path
S4 McOobeSv2; "C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe" /McCoreSvc [X]
2015-01-27 12:53 - 2015-01-27 12:22 - 00024064 _____ () C:\Windows\zoek-delete.exe
2015-01-27 12:23 - 2015-01-27 12:55 - 00041991 _____ () C:\zoek-results.log
2015-01-27 12:22 - 2015-01-27 12:50 - 00000000 ____D () C:\zoek_backup
2015-01-27 12:22 - 2015-01-27 12:22 - 01295360 _____ () C:\Users\MarciaCristina\Desktop\zoek.exe
2015-01-27 11:40 - 2015-01-27 11:40 - 00002538 _____ () C:\Users\MarciaCristina\Desktop\ZHPFixReport.txt
2015-01-26 13:54 - 2015-01-26 13:54 - 00000512 _____ () C:\PhysicalDisk0_MBR.bin
2015-01-26 13:49 - 2015-01-27 13:23 - 00000000 ____D () C:\Program Files (x86)\ZHPDiag
2015-01-26 13:49 - 2015-01-27 11:40 - 00000000 ____D () C:\Users\MarciaCristina\AppData\Roaming\ZHP
2015-01-26 13:49 - 2015-01-26 13:49 - 00002014 _____ () C:\Users\MarciaCristina\Desktop\ZHPFix.lnk
2015-01-26 13:49 - 2015-01-26 13:49 - 00001883 _____ () C:\Users\MarciaCristina\Desktop\ZHPDiag.lnk
2015-01-26 13:49 - 2015-01-26 13:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP
2015-01-26 12:54 - 2015-01-27 12:16 - 00000000 ____D () C:\AdwCleaner
2015-01-26 12:48 - 2015-01-26 12:48 - 01707939 _____ (Thisisu) C:\Users\MarciaCristina\Desktop\JRT.exe
2015-01-26 12:45 - 2015-01-26 12:45 - 02194432 _____ () C:\Users\MarciaCristina\Desktop\AdwCleaner.exe
2015-01-26 10:30 - 2015-01-26 10:30 - 00012225 _____ () C:\Users\MarciaCristina\Downloads\hijackthis.log
2015-01-26 10:20 - 2015-01-26 10:20 - 00388608 _____ (Trend Micro Inc.) C:\Users\MarciaCristina\Downloads\HijackThis.exe
2015-01-12 10:44 - 2015-01-12 11:01 - 00000000 ____D () C:\Users\Public\Documents\Baidu Security
2015-01-12 10:44 - 2015-01-12 10:44 - 00000000 ____D () C:\Users\Public\Documents\Baidu
2015-01-27 12:54 - 2014-08-27 12:36 - 00507186 _____ () C:\Windows\PFRO.log
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\Users\Todos os Usuários\TEMP:5C321E34
HOSTS:
CMD: bitsadmin /reset /allusers
CMD: ipconfig /flushdns
emptytemp:
end
*****************
Processes closed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => Key deleted successfully.
McOobeSv2 => Service deleted successfully.
C:\Windows\zoek-delete.exe => Moved successfully.
C:\zoek-results.log => Moved successfully.
C:\zoek_backup => Moved successfully.
C:\Users\MarciaCristina\Desktop\zoek.exe => Moved successfully.
C:\Users\MarciaCristina\Desktop\ZHPFixReport.txt => Moved successfully.
C:\PhysicalDisk0_MBR.bin => Moved successfully.
C:\Program Files (x86)\ZHPDiag => Moved successfully.
C:\Users\MarciaCristina\AppData\Roaming\ZHP => Moved successfully.
C:\Users\MarciaCristina\Desktop\ZHPFix.lnk => Moved successfully.
C:\Users\MarciaCristina\Desktop\ZHPDiag.lnk => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ZHP => Moved successfully.
C:\AdwCleaner => Moved successfully.
C:\Users\MarciaCristina\Desktop\JRT.exe => Moved successfully.
C:\Users\MarciaCristina\Desktop\AdwCleaner.exe => Moved successfully.
C:\Users\MarciaCristina\Downloads\hijackthis.log => Moved successfully.
C:\Users\MarciaCristina\Downloads\HijackThis.exe => Moved successfully.
C:\Users\Public\Documents\Baidu Security => Moved successfully.
C:\Users\Public\Documents\Baidu => Moved successfully.
C:\Windows\PFRO.log => Moved successfully.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
"C:\Users\Todos os Usuários\TEMP" => ":5C321E34" ADS not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
========= bitsadmin /reset /allusers =========
BITSADMIN version 3.0 [ 7.7.9600 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
0 out of 0 jobs canceled.
========= End of CMD: =========
========= ipconfig /flushdns =========
Configura��o de IP do Windows
Libera��o do Cache do DNS Resolver bem-sucedida.
========= End of CMD: =========
EmptyTemp: => Removed 89.5 MB temporary data.
The system needed a reboot.
==== End of Fixlog 15:58:04 ====
Mokona- Iniciante
- Mensagens : 17
Reputação : 0
Data de inscrição : 24/01/2015
Re: Problemas com remoção de vírus
por caedurodrigues Ter 27 Jan 2015, 23:55
Bom noite Mokona, as ferramentas que foram removidas, foi devido ao fix com a FRST. Ainda há algum problema com o PC ? Caso não, siga os passos abaixo para encerrar o tópico.
Agora vamos remover as ferramentas utilizadas na desinfecção.
Um grande abraço.
Agora vamos remover as ferramentas utilizadas na desinfecção.- Baixe: <[Tens de ter uma conta e sessão iniciada para poderes visualizar este link]> (...par Xplode)
- Salve-a na sua área de trabalho.
- Dê dois cliques no delfix.exe para executá-lo.
- Usuários do Windows Vista ou Windows 7,clique com o direito do mouse sobre o arquivo delfix.exe,depois clique em: [Tens de ter uma conta e sessão iniciada para poderes visualizar esta imagem]
- Marque as caixinhas, de acordo com a imagem.
- Clique no botão Executar.
- Reinicie o computador!
- Tudo OK ?
Um grande abraço.
caedurodrigues- Analista
- Mensagens : 947
Reputação : 161
Data de inscrição : 21/10/2013
Idade : 54
Localização : Apiacá
Re: Problemas com remoção de vírus
por Mokona Qua 28 Jan 2015, 10:58
Olá, bom dia.
O pc está funcionando perfeitamente, muito obrigada pela ajuda. :rindo_atoa:
Segue o relatório:
DelFix:
O pc está funcionando perfeitamente, muito obrigada pela ajuda. :rindo_atoa:
Segue o relatório:
DelFix:
- Delfix:
- # DelFix v10.8 - Relatório criado 28/01/2015 às 10:50:27
# Atualizado 29/07/2014 por Xplode
# Usuário : MarciaCristina - MAJU
# Sistema Operacional : Windows 8.1 Single Language (64 bits)
~ Removendo ferramentas de desinfecção ...
Removido : C:\FRST
Removido : C:\Users\MarciaCristina\Desktop\Addition.txt
Removido : C:\Users\MarciaCristina\Desktop\Fixlog.txt
Removido : C:\Users\MarciaCristina\Desktop\FRST.txt
Removido : C:\Users\MarciaCristina\Desktop\FRST64.exe
Removido : HKLM\SOFTWARE\AdwCleaner
~ Criando backup do registro ... OK
~ Limpando pontos da restauração do sistema ...
Removido : RP #5 [Installed Microsoft SQL Server Native Client | 01/08/2015 17:30:42]
Removido : RP #6 [Windows Update | 01/14/2015 12:44:35]
Removido : RP #7 [Windows Update | 01/19/2015 12:07:47]
Removido : RP #8 [Installed Microsoft Office Professional Plus 2010 | 01/21/2015 13:50:13]
Removido : RP #9 [McAfee Vulnerability Scanner | 01/23/2015 12:29:53]
Removido : RP #10 [avast! antivirus system restore point | 01/24/2015 15:34:35]
Removido : RP #11 [ZHPFix Restore System Point | 01/27/2015 13:40:08]
Novo ponto de restauração criado !
~ Redefinindo configurações do sistema ... OK
########## - EOF - ##########
Mokona- Iniciante
- Mensagens : 17
Reputação : 0
Data de inscrição : 24/01/2015
Re: Problemas com remoção de vírus
por caedurodrigues Qua 28 Jan 2015, 12:14
Fico feliz que o problema tenha sido solucionado. Precisando de ajuda pode recorrer ao fórum. Um grande abraço.
caedurodrigues- Analista
- Mensagens : 947
Reputação : 161
Data de inscrição : 21/10/2013
Idade : 54
Localização : Apiacá
Re: Problemas com remoção de vírus
por joram Sex 30 Jan 2015, 15:26
Caso Resolvido
Necessitando nova verificação para este computador,basta abrir "Novo Tópico" e relatar o problema.
Necessitando nova verificação para este computador,basta abrir "Novo Tópico" e relatar o problema.
joram- Administrador
- Mensagens : 4162
Reputação : 471
Data de inscrição : 26/01/2014
Localização : Rio de Janeiro
Tópicos semelhantes» Problemas com remoção de vírus.
» Remoção de problemas do PC
» Problemas na remoção do Search Protect
» Problemas com varios virus.
» Remoçao de virus indesejaveis
» Remoção de problemas do PC
» Problemas na remoção do Search Protect
» Problemas com varios virus.
» Remoçao de virus indesejaveis
Página 1 de 1
Permissões neste sub-fórum
Não podes responder a tópicos|
|
|